Merge branch 'PHP-7.1' into PHP-7.2

Author: bukka

ext/openssl/openssl.c

@@ -1676,10 +1676,11 @@ static X509 * php_openssl_x509_from_zval(zval * val, int makeresource, zend_reso
 		if (!what) {
 			return NULL;
 		}
-		/* this is so callers can decide if they should free the X509 */
 		if (resourceval) {
 			*resourceval = res;
-			Z_ADDREF_P(val);
+			if (makeresource) {
+				Z_ADDREF_P(val);
+			}
 		}
 		return (X509*)what;
 	}
@@ -3225,7 +3226,9 @@ static X509_REQ * php_openssl_csr_from_zval(zval * val, int makeresource, zend_r
 		if (what) {
 			if (resourceval) {
 				*resourceval = res;
-				Z_ADDREF_P(val);
+				if (makeresource) {
+					Z_ADDREF_P(val);
+				}
 			}
 			return (X509_REQ*)what;
 		}

ext/openssl/tests/001.phpt

@@ -9,15 +9,6 @@ if (!@openssl_pkey_new()) die("skip cannot create private key");
 <?php
 echo "Creating private key\n";
 
-/* stack up some entropy; performance is not critical,
- * and being slow will most likely even help the test.
- */
-for ($z = "", $i = 0; $i < 1024; $i++) {
-	$z .= $i * $i;
-	if (function_exists("usleep"))
-		usleep($i);
-}
-
 $conf = array('config' => dirname(__FILE__) . DIRECTORY_SEPARATOR . 'openssl.cnf');
 $privkey = openssl_pkey_new($conf);
 
@@ -32,6 +23,7 @@ if ($key_file_name === false)
 echo "Export key to file\n";
 
 openssl_pkey_export_to_file($privkey, $key_file_name, $passphrase, $conf) or die("failed to export to file $key_file_name");
+var_dump(is_resource($privkey));
 
 echo "Load key from file - array syntax\n";
 
@@ -69,6 +61,7 @@ echo "OK!\n";
 --EXPECT--
 Creating private key
 Export key to file
+bool(true)
 Load key from file - array syntax
 Load key using direct syntax
 Load key manually and use string syntax

ext/openssl/tests/openssl_csr_export_to_file_basic.phpt

@@ -0,0 +1,83 @@
+--TEST--
+openssl_csr_export_to_file() tests
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) print "skip"; ?>
+--FILE--
+<?php
+$csrfile = dirname(__FILE__) . "/openssl_csr_export_to_file_csr.tmp";
+$wrong = "wrong";
+$config = __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf';
+$phex = 'dcf93a0b883972ec0e19989ac5a2ce310e1d37717e8d9571bb7623731866e61e' .
+		'f75a2e27898b057f9891c2e27a639c3f29b60814581cd3b2ca3986d268370557' .
+		'7d45c2e7e52dc81c7a171876e5cea74b1448bfdfaf18828efd2519f14e45e382' .
+		'6634af1949e5b535cc829a483b8a76223e5d490a257f05bdff16f2fb22c583ab';
+$dh_details = array('p' => $phex, 'g' => '2');
+$dh = openssl_pkey_new(array(
+	'dh'=> array('p' => hex2bin($phex), 'g' => '2'))
+);
+
+$dn = array(
+	"countryName" => "BR",
+	"stateOrProvinceName" => "Rio Grande do Sul",
+	"localityName" => "Porto Alegre",
+	"commonName" => "Henrique do N. Angelo",
+	"emailAddress" => "[email protected]"
+);
+
+$args = array(
+	"digest_alg" => "sha1",
+	"private_key_bits" => 2048,
+	"private_key_type" => OPENSSL_KEYTYPE_DSA,
+	"encrypt_key" => true,
+	"config" => $config,
+);
+
+$privkey_file = 'file://' . dirname(__FILE__) . '/private_rsa_2048.key';
+$csr = openssl_csr_new($dn, $privkey_file, $args);
+var_dump(openssl_csr_export_to_file($csr, $csrfile));
+var_dump(file_get_contents($csrfile));
+var_dump(openssl_csr_export_to_file($wrong, $csrfile));
+var_dump(openssl_csr_export_to_file($dh, $csrfile));
+var_dump(openssl_csr_export_to_file(array(), $csrfile));
+var_dump(openssl_csr_export_to_file($csr, $csrfile, false));
+?>
+--CLEAN--
+<?php
+$csrfile = dirname(__FILE__) . "/openssl_csr_export_to_file_csr.tmp";
+if (file_exists($csrfile)) {
+	unlink($csrfile);
+}
+?>
+--EXPECTF--
+bool(true)
+string(1086) "-----BEGIN CERTIFICATE REQUEST-----
+MIIC6jCCAdICAQAwgaQxCzAJBgNVBAYTAkJSMRowGAYDVQQIExFSaW8gR3JhbmRl
+IGRvIFN1bDEVMBMGA1UEBxMMUG9ydG8gQWxlZ3JlMR4wHAYDVQQDExVIZW5yaXF1
+ZSBkbyBOLiBBbmdlbG8xHzAdBgkqhkiG9w0BCQEWEGhuYW5nZWxvQHBocC5uZXQx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAK21JlVtWPqyc2UQtw2AdJHSIL5OzAHWsu/Mmxjz
+w4VZWwG+Ao1m2j7OJ8lAkxLfSlRtB+6Vx8Q21krAtve+M3b6pT9C9qKdfzNkrXk3
+BggTncBh9ozkVQGS/P1m0zn/SKSgDO+6DdeLHLMjpUASaoYfsay4PJLAdnTqLOeM
+g6qNE6u0ebZXVfmpSmV1pSZ6kQnxbsb6rX1iOZxkwHnVWYb40Hy0EILo31x6BVqB
+m159m7s38ChiRHqlj20DmRfxXjiT5YDgYYQ29wQBTVQrTN5O9UW5Y+eKTXd8r6te
+dsbIBXdKN7NeX7ksGYHq1I3hLsP8EyvZO78qfjKyEB0Jj3UCAwEAAaAAMA0GCSqG
+SIb3DQEBBQUAA4IBAQCamzVmIbElkiDQKzQpkfU5tHjrWPrHDSB186NI0sQ8i6GQ
+1YT6yPAXBPTQ1aER/6uAZJL5HfWEX8V1rKbe8GkPAPCHHQzmHyWlaO2EHS57zJhk
+sRrhqkhhkSNiDg4OrsguhRtbB2VMGeDbqHGI89uGqqGHUiZc/Bh8N7WFXZkUU/A0
+sfBgVeqg0P4SWez5fHXqBNcjMdMI5f0bikcDZSIfTHS8FX+PMurLBC8UPB0YNIOl
+1r2Lvo+6YUHOziG1OwQd3K0xxu/JzzOE+lMB73ynz4V6DY5Qv3qVno1GpupvgmQA
+JViHkCA9x6m8RJXAFvqmgLlWlUzbDv/cRrDfjWjR
+-----END CERTIFICATE REQUEST-----
+"
+
+Warning: openssl_csr_export_to_file() expects parameter 1 to be resource, string given in %s on line %d
+NULL
+
+Warning: openssl_csr_export_to_file(): supplied resource is not a valid OpenSSL X.509 CSR resource in %s on line %d
+
+Warning: openssl_csr_export_to_file(): cannot get CSR from parameter 1 in %s on line %d
+bool(false)
+
+Warning: openssl_csr_export_to_file() expects parameter 1 to be resource, array given in %s on line %d
+NULL
+bool(true)

ext/openssl/tests/openssl_csr_get_public_key_basic.phpt

@@ -0,0 +1,44 @@
+--TEST--
+openssl_csr_get_public_key() tests
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+?>
+--FILE--
+<?php
+$config = __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf';
+$phex = 'dcf93a0b883972ec0e19989ac5a2ce310e1d37717e8d9571bb7623731866e61e' .
+		'f75a2e27898b057f9891c2e27a639c3f29b60814581cd3b2ca3986d268370557' .
+		'7d45c2e7e52dc81c7a171876e5cea74b1448bfdfaf18828efd2519f14e45e382' .
+		'6634af1949e5b535cc829a483b8a76223e5d490a257f05bdff16f2fb22c583ab';
+$dh_details = array('p' => $phex, 'g' => '2');
+$dh = openssl_pkey_new(array(
+	'dh'=> array('p' => hex2bin($phex), 'g' => '2'))
+);
+
+$dn = array(
+	"countryName" => "BR",
+	"stateOrProvinceName" => "Rio Grande do Sul",
+	"localityName" => "Porto Alegre",
+	"commonName" => "Henrique do N. Angelo",
+	"emailAddress" => "[email protected]"
+);
+
+$args = array(
+	"digest_alg" => "sha1",
+	"private_key_bits" => 2048,
+	"private_key_type" => OPENSSL_KEYTYPE_DSA,
+	"encrypt_key" => true,
+	"config" => $config,
+);
+
+$privkey_file = 'file://' . dirname(__FILE__) . '/private_rsa_2048.key';
+$csr = openssl_csr_new($dn, $privkey_file, $args);
+$csr_file = file_get_contents(dirname(__FILE__) . '/cert.csr');
+
+var_dump(openssl_csr_get_public_key($csr));
+var_dump(openssl_csr_get_public_key($csr_file));
+?>
+--EXPECTF--
+resource(%d) of type (OpenSSL key)
+resource(%d) of type (OpenSSL key)

ext/openssl/tests/openssl_csr_get_subject_basic.phpt

@@ -2,19 +2,43 @@
 openssl_csr_get_subject() tests
 --SKIPIF--
 <?php 
-if (!extension_loaded("openssl")) die("skip"); 
-if (!function_exists("utf8_decode")) die("skip");
+if (!extension_loaded("openssl")) die("skip");
 ?>
 --FILE--
 <?php
+$config = __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf';
+$phex = 'dcf93a0b883972ec0e19989ac5a2ce310e1d37717e8d9571bb7623731866e61e' .
+		'f75a2e27898b057f9891c2e27a639c3f29b60814581cd3b2ca3986d268370557' .
+		'7d45c2e7e52dc81c7a171876e5cea74b1448bfdfaf18828efd2519f14e45e382' .
+		'6634af1949e5b535cc829a483b8a76223e5d490a257f05bdff16f2fb22c583ab';
+$dh_details = array('p' => $phex, 'g' => '2');
+$dh = openssl_pkey_new(array(
+	'dh'=> array('p' => hex2bin($phex), 'g' => '2'))
+);
 
-$csr = file_get_contents(dirname(__FILE__) . '/cert.csr');
-if ($out = openssl_csr_get_subject($csr, 1)) {
-	var_dump($out);
-}
-echo "\n";
-$cn = utf8_decode($out['CN']);
-var_dump($cn);
+$dn = array(
+	"countryName" => "BR",
+	"stateOrProvinceName" => "Rio Grande do Sul",
+	"localityName" => "Porto Alegre",
+	"commonName" => "Henrique do N. Angelo",
+	"emailAddress" => "[email protected]"
+);
+
+$args = array(
+	"digest_alg" => "sha1",
+	"private_key_bits" => 2048,
+	"private_key_type" => OPENSSL_KEYTYPE_DSA,
+	"encrypt_key" => true,
+	"config" => $config,
+);
+
+$privkey_file = 'file://' . dirname(__FILE__) . '/private_rsa_2048.key';
+$csr = openssl_csr_new($dn, $privkey_file, $args);
+$csr_file = file_get_contents(dirname(__FILE__) . '/cert.csr');
+
+var_dump(openssl_csr_get_subject($csr_file));
+var_dump(openssl_csr_get_subject($csr, false));
+?>
 --EXPECTF--	
 array(6) {
   ["C"]=>
@@ -30,5 +54,17 @@ array(6) {
   ["CN"]=>
   string(15) "*.triconnect.nl"
 }
-
-string(15) "*.triconnect.nl"
+array(6) {
+  ["countryName"]=>
+  string(2) "BR"
+  ["stateOrProvinceName"]=>
+  string(17) "Rio Grande do Sul"
+  ["localityName"]=>
+  string(12) "Porto Alegre"
+  ["commonName"]=>
+  string(21) "Henrique do N. Angelo"
+  ["emailAddress"]=>
+  string(16) "[email protected]"
+  ["organizationName"]=>
+  string(24) "Internet Widgits Pty Ltd"
+}

ext/openssl/tests/openssl_csr_sign_basic.phpt

@@ -32,6 +32,7 @@ $csr = openssl_csr_new($dn, $privkey, $args);
 var_dump(openssl_csr_sign($csr, null, $privkey, 365, $args));
 var_dump(openssl_csr_sign($csr, null, $privkey, 365, $config_arg));
 var_dump(openssl_csr_sign($csr, $cert, $priv, 365, $config_arg));
+var_dump(openssl_csr_sign($csr, openssl_x509_read($cert), $priv, 365, $config_arg));
 var_dump(openssl_csr_sign($csr, $wrong, $privkey, 365));
 var_dump(openssl_csr_sign($csr, null, $wrong, 365));
 var_dump(openssl_csr_sign($csr, null, $privkey, $wrong));
@@ -47,6 +48,7 @@ var_dump(openssl_csr_sign($csr, null, $privkey, 365, $config_arg));
 resource(%d) of type (OpenSSL X.509)
 resource(%d) of type (OpenSSL X.509)
 resource(%d) of type (OpenSSL X.509)
+resource(%d) of type (OpenSSL X.509)
 
 Warning: openssl_csr_sign(): cannot get cert from parameter 2 in %s on line %d
 bool(false)

ext/openssl/tests/openssl_pkcs12_export_basic.phpt

@@ -14,7 +14,7 @@ $cert_res = openssl_x509_read($cert);
 $priv_res = openssl_pkey_get_private($priv);
 $pass = "test";
 $invalid = "";
-$invalid_path = "file:///tmp/php";
+$invalid_path = dirname(__FILE__) . "/invalid_path";
 $opts = [];
 
 var_dump(openssl_pkcs12_export($cert, $output, $priv, $pass)); // read certs as a string

ext/openssl/tests/openssl_pkcs7_decrypt_basic.phpt

@@ -22,6 +22,7 @@ $empty = "";
 
 openssl_pkcs7_encrypt($infile, $encrypted, $single_cert, $headers);
 var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $privkey));
+var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, openssl_x509_read($single_cert), $privkey));
 var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $single_cert, $wrong));
 var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, $wrong, $privkey));
 var_dump(openssl_pkcs7_decrypt($encrypted, $outfile, null, $privkey));
@@ -42,6 +43,7 @@ if (file_exists($outfile)) {
 ?>
 --EXPECTF--
 bool(true)
+bool(true)
 
 Warning: openssl_pkcs7_decrypt(): unable to get private key in %s on line %d
 bool(false)

ext/openssl/tests/openssl_pkcs7_encrypt_basic.phpt

@@ -22,6 +22,7 @@ $wrong = "wrong";
 $empty = "";
 
 var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $headers));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, openssl_x509_read($single_cert), $headers));
 var_dump(openssl_pkcs7_decrypt($outfile, $outfile2, $single_cert, $privkey));
 var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $assoc_headers));
 var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty_headers));
@@ -33,6 +34,7 @@ var_dump(openssl_pkcs7_encrypt($infile, $outfile, $wrong, $headers));
 var_dump(openssl_pkcs7_encrypt($infile, $outfile, $empty, $headers));
 var_dump(openssl_pkcs7_encrypt($infile, $outfile, $single_cert, $empty));
 var_dump(openssl_pkcs7_encrypt($infile, $outfile, $multi_certs, $headers));
+var_dump(openssl_pkcs7_encrypt($infile, $outfile, array_map('openssl_x509_read', $multi_certs) , $headers));
 
 if (file_exists($outfile)) {
 	echo "true\n";
@@ -48,6 +50,7 @@ bool(true)
 bool(true)
 bool(true)
 bool(true)
+bool(true)
 
 Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, string given in %s on line %d
 bool(false)
@@ -60,5 +63,6 @@ bool(false)
 Warning: openssl_pkcs7_encrypt() expects parameter 4 to be array, string given in %s on line %d
 bool(false)
 bool(true)
+bool(true)
 true
 true

ext/openssl/tests/openssl_pkcs7_sign_basic.phpt

@@ -18,6 +18,7 @@ $empty_headers = array();
 $wrong = "wrong";
 $empty = "";
 
+var_dump(openssl_pkcs7_sign($infile, $outfile, openssl_x509_read($single_cert), $privkey, $headers));
 var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $headers));
 var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $assoc_headers));
 var_dump(openssl_pkcs7_sign($infile, $outfile, $single_cert, $privkey, $empty_headers));
@@ -39,6 +40,7 @@ if (file_exists($outfile)) {
 bool(true)
 bool(true)
 bool(true)
+bool(true)
 
 Warning: openssl_pkcs7_sign() expects parameter 5 to be array, string given in %s on line %d
 NULL

ext/openssl/tests/openssl_pkey_export_basic.phpt

@@ -39,7 +39,7 @@ $tempname = tempnam(sys_get_temp_dir(), 'openssl_ec');
 var_dump(openssl_pkey_export_to_file($key, $tempname, NULL, $config_arg));
 $details = openssl_pkey_get_details(openssl_pkey_get_private('file://' . $tempname));
 var_dump(OPENSSL_KEYTYPE_EC === $details['type']);
-
+var_dump(is_resource($key));
 // Clean the temporary file
 @unlink($tempname);
 ?>
@@ -56,3 +56,4 @@ array(1) {
 }
 bool(true)
 bool(true)
+bool(true)

ext/openssl/tests/openssl_x509_check_private_key_basic.phpt

@@ -19,7 +19,7 @@ var_dump(openssl_x509_check_private_key($cert, $key));
 var_dump(openssl_x509_check_private_key("", $key));
 var_dump(openssl_x509_check_private_key($cert, ""));
 var_dump(openssl_x509_check_private_key("", ""));
-var_dump(openssl_x509_check_private_key($a, $b));
+var_dump(openssl_x509_check_private_key(openssl_x509_read($a), $b));
 ?>
 --EXPECT--
 bool(true)

ext/openssl/tests/openssl_x509_checkpurpose.phpt renamed to ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt

@@ -13,6 +13,7 @@ $bert = "file://" . dirname(__FILE__) . "/bug41033.pem";
 $sert = "file://" . dirname(__FILE__) . "/san-cert.pem";
 $cpca = dirname(__FILE__) . "/san-ca.pem";
 $utfl = dirname(__FILE__) . "/sni_server_domain1.pem";
+$rcrt = openssl_x509_read($cert);
 
 /*  int openssl_x509_checkpurpose ( mixed $x509cert , int $purpose);   */
 var_dump(openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_CLIENT));
@@ -44,7 +45,7 @@ var_dump(openssl_x509_checkpurpose($cert, X509_PURPOSE_NS_SSL_SERVER, array($cpc
 var_dump(openssl_x509_checkpurpose($cert, X509_PURPOSE_SMIME_SIGN, array($cpca)));
 var_dump(openssl_x509_checkpurpose($cert, X509_PURPOSE_SMIME_ENCRYPT, array($cpca)));
 var_dump(openssl_x509_checkpurpose($cert, X509_PURPOSE_CRL_SIGN, array($cpca)));
-var_dump(openssl_x509_checkpurpose($cert, X509_PURPOSE_ANY, array($cpca)));
+var_dump(openssl_x509_checkpurpose($rcrt, X509_PURPOSE_ANY, array($cpca)));
 var_dump(openssl_x509_checkpurpose($bert, X509_PURPOSE_SSL_CLIENT, array($cpca)));
 var_dump(openssl_x509_checkpurpose($bert, X509_PURPOSE_SSL_SERVER, array($cpca)));
 var_dump(openssl_x509_checkpurpose($bert, X509_PURPOSE_NS_SSL_SERVER, array($cpca)));