1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
|
From 03a4ccd9120e5816e5f9f134f63b76e89558658f Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 31 May 2022 09:59:58 +0200
Subject: [PATCH] use sha256 in openssl test suite
---
ext/openssl/tests/bug41033.phpt | 4 ++--
ext/openssl/tests/bug61930.phpt | 11 ++++++-----
ext/openssl/tests/bug66501.phpt | 2 +-
ext/openssl/tests/ecc.phpt | 2 +-
ext/openssl/tests/openssl.cnf | 1 +
ext/openssl/tests/openssl_csr_export_basic.phpt | 2 +-
.../tests/openssl_csr_export_to_file_basic.phpt | 14 +++++++-------
.../tests/openssl_csr_get_public_key_basic.phpt | 2 +-
.../tests/openssl_csr_get_subject_basic.phpt | 2 +-
ext/openssl/tests/openssl_csr_sign_basic.phpt | 2 +-
ext/openssl/tests/openssl_sign_basic.phpt | 2 +-
.../tests/openssl_spki_export_challenge_basic.phpt | 14 --------------
ext/openssl/tests/openssl_spki_new_basic.phpt | 8 --------
ext/openssl/tests/openssl_spki_verify_basic.phpt | 14 --------------
ext/openssl/tests/openssl_verify_basic.phpt | 12 ++++++------
15 files changed, 29 insertions(+), 63 deletions(-)
diff --git a/ext/openssl/tests/bug41033.phpt b/ext/openssl/tests/bug41033.phpt
index ff30d8b266d0..73cca19506af 100644
--- a/ext/openssl/tests/bug41033.phpt
+++ b/ext/openssl/tests/bug41033.phpt
@@ -10,11 +10,11 @@ $pub = 'file://' . __DIR__ . '/' . 'bug41033pub.pem';
$prkeyid = openssl_get_privatekey($prv, "1234");
$ct = "Hello I am some text!";
-openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_SHA1);
+openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_SHA256);
echo "Signature: ".base64_encode($signature) . "\n";
$pukeyid = openssl_get_publickey($pub);
-$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_SHA1);
+$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_SHA256);
echo "Signature validity: " . $valid . "\n";
diff --git a/ext/openssl/tests/bug61930.phpt b/ext/openssl/tests/bug61930.phpt
index 862c6a07bfd0..d97f4990173a 100644
--- a/ext/openssl/tests/bug61930.phpt
+++ b/ext/openssl/tests/bug61930.phpt
@@ -4,19 +4,20 @@ Bug #61930: openssl corrupts ssl key resource when using openssl_get_publickey()
openssl
--FILE--
<?php
-$cert = file_get_contents(__DIR__.'/cert.crt');
+$cert = file_get_contents(__DIR__.'/public.crt');
$data = <<<DATA
Please verify me
DATA;
-$sig = 'f9Gyb6NV/ENn7GUa37ygTLcF93XHf5fbFTnoYF/O+fXbq3iChGUbET0RuhOsptl' .
- 'AODi6JsDLnJO4ikcVZo0tC1fFTj3LyCuPy3ZdgJbbVxQ/rviROCmuMFTqUW/Xa2' .
- 'LQYiapeCCgLQeWTLg7TM/BoHEkKbKLG/XT5jHvep1758A=';
+$sig = 'w45LtLoRY/WPk/kcmP6CwGysOMuxuLbD35xMB/iAe5IMiBJjz2D1WGEY7Vz+rLZmYqOo58qNC3VtTg6ge9+UhfQHplvs6cXGKm' .
+ 'SkQlYv4EeFoByqYfPU9k2dE/WEItOJUUyqu9pHaCmRtLpxoLnJcdQVdiXfT0t8KwxUzZYDjrSfhp7rbKhhCc4jZMwo9PvBuPAT' .
+ 'MEfZbRNaVpwCFpjmmJczZCHFZFm7JYzR2jU0sjJMGALXidNBs9p0Fi1TGz3pZkxnQ5lwI5DX5ZSY0jiOcoVFt7k29GVFd0DPjm' .
+ '1NyieYU6tpnanG+ZqHIT8Um3FajYh0x1iMMe2lLETjklqYiw==';
$key = openssl_get_publickey($cert);
var_dump(openssl_get_publickey($key));
-var_dump(openssl_verify($data, base64_decode($sig), $key));
+var_dump(openssl_verify($data, base64_decode($sig), $key, OPENSSL_ALGO_SHA256));
?>
--EXPECTF--
object(OpenSSLAsymmetricKey)#%d (0) {
diff --git a/ext/openssl/tests/bug66501.phpt b/ext/openssl/tests/bug66501.phpt
index 4a7bfbf1361b..56d391032f7e 100644
--- a/ext/openssl/tests/bug66501.phpt
+++ b/ext/openssl/tests/bug66501.phpt
@@ -18,7 +18,7 @@ AwEHoUQDQgAEPq4hbIWHvB51rdWr8ejrjWo4qVNWVugYFtPg/xLQw0mHkIPZ4DvK
sqOTOnMoezkbSmVVMuwz9flvnqHGmQvmug==
-----END EC PRIVATE KEY-----';
$key = openssl_pkey_get_private($pkey);
-$res = openssl_sign($data ='alpha', $sign, $key, 'SHA1');
+$res = openssl_sign($data ='alpha', $sign, $key, 'SHA256');
var_dump($res);
?>
--EXPECT--
diff --git a/ext/openssl/tests/ecc.phpt b/ext/openssl/tests/ecc.phpt
index a18651dc5e4b..297af1dccd0c 100644
--- a/ext/openssl/tests/ecc.phpt
+++ b/ext/openssl/tests/ecc.phpt
@@ -64,7 +64,7 @@ $csr = openssl_csr_new($dn, $keyGenerate, $args);
var_dump($keyGenerate);
-$args["digest_alg"] = "sha1";
+$args["digest_alg"] = "sha256";
echo "Testing openssl_csr_new with existing ecc key\n";
$csr = openssl_csr_new($dn, $key1, $args);
var_dump($csr);
diff --git a/ext/openssl/tests/openssl.cnf b/ext/openssl/tests/openssl.cnf
index f3025aeb5caa..6146b93142cc 100644
--- a/ext/openssl/tests/openssl.cnf
+++ b/ext/openssl/tests/openssl.cnf
@@ -7,6 +7,7 @@ tsa_policy2 = 1.2.3.4.5.6
[ req ]
default_bits = 1024
+default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
diff --git a/ext/openssl/tests/openssl_csr_export_basic.phpt b/ext/openssl/tests/openssl_csr_export_basic.phpt
index 559befe23c92..95bf741e9ec1 100644
--- a/ext/openssl/tests/openssl_csr_export_basic.phpt
+++ b/ext/openssl/tests/openssl_csr_export_basic.phpt
@@ -17,7 +17,7 @@ $dn = array(
);
$args = array(
- "digest_alg" => "sha1",
+ "digest_alg" => "sha256",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_DSA,
"encrypt_key" => true,
diff --git a/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt b/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt
index dfa533b729cb..5b0920888163 100644
--- a/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt
+++ b/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt
@@ -25,7 +25,7 @@ $dn = array(
);
$args = array(
- "digest_alg" => "sha1",
+ "digest_alg" => "sha256",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_DSA,
"encrypt_key" => true,
@@ -66,12 +66,12 @@ BggTncBh9ozkVQGS/P1m0zn/SKSgDO+6DdeLHLMjpUASaoYfsay4PJLAdnTqLOeM
g6qNE6u0ebZXVfmpSmV1pSZ6kQnxbsb6rX1iOZxkwHnVWYb40Hy0EILo31x6BVqB
m159m7s38ChiRHqlj20DmRfxXjiT5YDgYYQ29wQBTVQrTN5O9UW5Y+eKTXd8r6te
dsbIBXdKN7NeX7ksGYHq1I3hLsP8EyvZO78qfjKyEB0Jj3UCAwEAAaAAMA0GCSqG
-SIb3DQEBBQUAA4IBAQCamzVmIbElkiDQKzQpkfU5tHjrWPrHDSB186NI0sQ8i6GQ
-1YT6yPAXBPTQ1aER/6uAZJL5HfWEX8V1rKbe8GkPAPCHHQzmHyWlaO2EHS57zJhk
-sRrhqkhhkSNiDg4OrsguhRtbB2VMGeDbqHGI89uGqqGHUiZc/Bh8N7WFXZkUU/A0
-sfBgVeqg0P4SWez5fHXqBNcjMdMI5f0bikcDZSIfTHS8FX+PMurLBC8UPB0YNIOl
-1r2Lvo+6YUHOziG1OwQd3K0xxu/JzzOE+lMB73ynz4V6DY5Qv3qVno1GpupvgmQA
-JViHkCA9x6m8RJXAFvqmgLlWlUzbDv/cRrDfjWjR
+SIb3DQEBCwUAA4IBAQCNtCIfMHBDRvNqHmrDfR/+A7ZJ+n/XzA2uQhvjEq91DeT8
+IE7gjUtmj2sqKmHGIDO4uN4F9ZHYzcNk23n6CMljYqJLbB2dHC0V6vkDB7qod1TH
+/SK39Yj0ji2AT45LD5rLH3vd1bjxdwwhyPyGhshKOIdnmBv4mwTRANIsiISMQV4Y
+ZPAXJ5DTKkgdsY14hqhyWct1bWMPpj2MCLQGjKxK8vmbiKaNL1XxAS7chTXoy7un
+NvBKc82Wy3XEuC9AkNFEytD6kA9gu8nFydvYTOvvhaQrf9RzwSitgi9Vj3mbujsN
+f1JMPX0/eHrKvG9wBZu28FdS54xoWGeD1NGraW24
-----END CERTIFICATE REQUEST-----
"
diff --git a/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt b/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt
index 7faaf2f23454..9f128c200bea 100644
--- a/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt
+++ b/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt
@@ -23,7 +23,7 @@ $dn = array(
);
$args = array(
- "digest_alg" => "sha1",
+ "digest_alg" => "sha256",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_DSA,
"encrypt_key" => true,
diff --git a/ext/openssl/tests/openssl_csr_get_subject_basic.phpt b/ext/openssl/tests/openssl_csr_get_subject_basic.phpt
index 6fe63e971775..79baeb65b8a5 100644
--- a/ext/openssl/tests/openssl_csr_get_subject_basic.phpt
+++ b/ext/openssl/tests/openssl_csr_get_subject_basic.phpt
@@ -23,7 +23,7 @@ $dn = array(
);
$args = array(
- "digest_alg" => "sha1",
+ "digest_alg" => "sha256",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_DSA,
"encrypt_key" => true,
diff --git a/ext/openssl/tests/openssl_csr_sign_basic.phpt b/ext/openssl/tests/openssl_csr_sign_basic.phpt
index a7030b392145..0cf678cc2944 100644
--- a/ext/openssl/tests/openssl_csr_sign_basic.phpt
+++ b/ext/openssl/tests/openssl_csr_sign_basic.phpt
@@ -20,7 +20,7 @@ $dn = array(
);
$args = array(
- "digest_alg" => "sha1",
+ "digest_alg" => "sha256",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_DSA,
"encrypt_key" => true,
diff --git a/ext/openssl/tests/openssl_sign_basic.phpt b/ext/openssl/tests/openssl_sign_basic.phpt
index 48deac9337c1..047028101893 100644
--- a/ext/openssl/tests/openssl_sign_basic.phpt
+++ b/ext/openssl/tests/openssl_sign_basic.phpt
@@ -8,7 +8,7 @@ $data = "Testing openssl_sign()";
$privkey = "file://" . __DIR__ . "/private_rsa_1024.key";
$wrong = "wrong";
-var_dump(openssl_sign($data, $sign, $privkey)); // no output
+var_dump(openssl_sign($data, $sign, $privkey, OPENSSL_ALGO_SHA256)); // no output
var_dump(openssl_sign($data, $sign, $wrong));
?>
--EXPECTF--
diff --git a/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt b/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
index ab9076791be4..2fadc30e6810 100644
--- a/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
+++ b/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
@@ -22,8 +22,6 @@ foreach ($key_sizes as $key_size) {
/* array of available hashings to test */
$algo = array(
- OPENSSL_ALGO_MD5,
- OPENSSL_ALGO_SHA1,
OPENSSL_ALGO_SHA224,
OPENSSL_ALGO_SHA256,
OPENSSL_ALGO_SHA384,
@@ -76,15 +74,3 @@ string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
bool\(false\)
string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
diff --git a/ext/openssl/tests/openssl_spki_new_basic.phpt b/ext/openssl/tests/openssl_spki_new_basic.phpt
index 1d29fe05bd81..6b661afde36f 100644
--- a/ext/openssl/tests/openssl_spki_new_basic.phpt
+++ b/ext/openssl/tests/openssl_spki_new_basic.phpt
@@ -16,8 +16,6 @@ foreach ($key_sizes as $key_size) {
/* array of available hashings to test */
$algo = array(
- OPENSSL_ALGO_MD5,
- OPENSSL_ALGO_SHA1,
OPENSSL_ALGO_SHA224,
OPENSSL_ALGO_SHA256,
OPENSSL_ALGO_SHA384,
@@ -47,16 +45,10 @@ string(478) "%s"
string(478) "%s"
string(478) "%s"
string(478) "%s"
-string(478) "%s"
-string(478) "%s"
-string(830) "%s"
string(830) "%s"
string(830) "%s"
string(830) "%s"
string(830) "%s"
-string(830) "%s"
-string(1510) "%s"
-string(1510) "%s"
string(1510) "%s"
string(1510) "%s"
string(1510) "%s"
diff --git a/ext/openssl/tests/openssl_spki_verify_basic.phpt b/ext/openssl/tests/openssl_spki_verify_basic.phpt
index 9b624a7a5f72..19704b4a4fa8 100644
--- a/ext/openssl/tests/openssl_spki_verify_basic.phpt
+++ b/ext/openssl/tests/openssl_spki_verify_basic.phpt
@@ -18,8 +18,6 @@ foreach ($key_sizes as $key_size) {
/* array of available hashings to test */
$algo = array(
- OPENSSL_ALGO_SHA1,
- OPENSSL_ALGO_SHA224,
OPENSSL_ALGO_SHA256,
OPENSSL_ALGO_SHA384,
OPENSSL_ALGO_SHA512,
@@ -65,15 +63,3 @@ bool(true)
bool(false)
bool(true)
bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
diff --git a/ext/openssl/tests/openssl_verify_basic.phpt b/ext/openssl/tests/openssl_verify_basic.phpt
index 0e93a21319d9..674a3c58a9ea 100644
--- a/ext/openssl/tests/openssl_verify_basic.phpt
+++ b/ext/openssl/tests/openssl_verify_basic.phpt
@@ -9,12 +9,12 @@ $privkey = "file://" . __DIR__ . "/private_rsa_1024.key";
$pubkey = "file://" . __DIR__ . "/public.key";
$wrong = "wrong";
-openssl_sign($data, $sign, $privkey);
-var_dump(openssl_verify($data, $sign, $pubkey));
-var_dump(openssl_verify($data, $sign, $privkey));
-var_dump(openssl_verify($data, $sign, $wrong));
-var_dump(openssl_verify($data, $wrong, $pubkey));
-var_dump(openssl_verify($wrong, $sign, $pubkey));
+openssl_sign($data, $sign, $privkey, OPENSSL_ALGO_SHA256);
+var_dump(openssl_verify($data, $sign, $pubkey, OPENSSL_ALGO_SHA256));
+var_dump(openssl_verify($data, $sign, $privkey, OPENSSL_ALGO_SHA256));
+var_dump(openssl_verify($data, $sign, $wrong, OPENSSL_ALGO_SHA256));
+var_dump(openssl_verify($data, $wrong, $pubkey, OPENSSL_ALGO_SHA256));
+var_dump(openssl_verify($wrong, $sign, $pubkey, OPENSSL_ALGO_SHA256));
?>
--EXPECTF--
int(1)
|