Promote various OpenSSL warnings into Errors

Author: Girgias

ext/openssl/openssl.c

@@ -194,7 +194,7 @@ function openssl_encrypt(string $data, string $method, string $password, int $op
 
 function openssl_decrypt(string $data, string $method, string $password, int $options = 0, string $iv = '', string $tag = UNKNOWN, string $aad = ''): string|false {}
 
-function openssl_cipher_iv_length(string $method): int|false {}
+function openssl_cipher_iv_length(string $method): int {}
 
 /** @param resource $dh_key */
 function openssl_dh_compute_key(string $pub_key, $dh_key): string|false {}

ext/openssl/openssl.stub.php

@@ -325,7 +325,7 @@ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_openssl_decrypt, 0, 3, MAY_BE_ST
 	ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, aad, IS_STRING, 0, "\'\'")
 ZEND_END_ARG_INFO()
 
-ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_openssl_cipher_iv_length, 0, 1, MAY_BE_LONG|MAY_BE_FALSE)
+ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_cipher_iv_length, 0, 1, IS_LONG, 0)
 	ZEND_ARG_TYPE_INFO(0, method, IS_STRING, 0)
 ZEND_END_ARG_INFO()
 

ext/openssl/openssl_arginfo.h

@@ -8,7 +8,12 @@ if (!extension_loaded("openssl")) die("skip");
 <?php
 $pub_key_id = false;
 $signature = '';
-$ok = openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5);
+
+try {
+    $ok = openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5);
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 
 class test {
     function __toString() {
@@ -18,18 +23,19 @@ class test {
 $t = new test;
 
 
-var_dump(openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5));
-var_dump(openssl_verify("foo", $t, $pub_key_id, OPENSSL_ALGO_MD5));
-
-echo "Done\n";
+try {
+    var_dump(openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5));
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+try {
+    var_dump(openssl_verify("foo", $t, $pub_key_id, OPENSSL_ALGO_MD5));
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 
 ?>
---EXPECTF--
-Warning: openssl_verify(): Supplied key param cannot be coerced into a public key in %s on line %d
-
-Warning: openssl_verify(): Supplied key param cannot be coerced into a public key in %s on line %d
-bool(false)
-
-Warning: openssl_verify(): Supplied key param cannot be coerced into a public key in %s on line %d
-bool(false)
-Done
+--EXPECT--
+openssl_verify(): Argument #3 ($key) cannot be coerced into a public key
+openssl_verify(): Argument #3 ($key) cannot be coerced into a public key
+openssl_verify(): Argument #3 ($key) cannot be coerced into a public key

ext/openssl/tests/bug38255.phpt

@@ -14,20 +14,36 @@ class test {
 }
 $t = new test;
 
-var_dump(openssl_x509_parse("foo"));
-var_dump(openssl_x509_parse($t));
-var_dump(openssl_x509_parse(array()));
-var_dump(openssl_x509_parse($cert));
+try {
+    var_dump(openssl_x509_parse("foo"));
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+try {
+    var_dump(openssl_x509_parse($t));
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+try {
+    var_dump(openssl_x509_parse(array()));
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+try {
+    var_dump(openssl_x509_parse($cert));
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 try {
     var_dump(openssl_x509_parse(new stdClass));
 } catch (Error $e) {
-    echo $e->getMessage(), "\n";
+    echo get_class($e) . ': ' . $e->getMessage() . \PHP_EOL;
 }
 
 ?>
---EXPECTF--
-bool(false)
-bool(false)
-bool(false)
-bool(false)
-Object of class stdClass could not be converted to string
+--EXPECT--
+openssl_x509_parse(): Argument #1 ($x509) cannot be coerced into an X509 certificate
+openssl_x509_parse(): Argument #1 ($x509) cannot be coerced into an X509 certificate
+openssl_x509_parse(): Argument #1 ($x509) cannot be coerced into an X509 certificate
+openssl_x509_parse(): Argument #1 ($x509) cannot be coerced into an X509 certificate
+Error: Object of class stdClass could not be converted to string

ext/openssl/tests/bug38261.phpt

@@ -19,9 +19,12 @@ $test_pubkey = $details['key'];
 $pubkey = openssl_pkey_get_public($test_pubkey);
 $encrypted = null;
 $ekeys = array();
-$result = openssl_seal('test phrase', $encrypted, $ekeys, array($pubkey), 'AES-256-CBC');
-echo "Done";
+
+try {
+    $result = openssl_seal('test phrase', $encrypted, $ekeys, array($pubkey), 'AES-256-CBC');
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 ?>
---EXPECTF--
-Warning: openssl_seal(): Cipher algorithm requires an IV to be supplied as a sixth parameter in %s on line %d
-Done
+--EXPECT--
+openssl_seal(): Argument #6 ($iv) must provide an IV for chosen cipher algorithm

ext/openssl/tests/bug60632.phpt

@@ -14,14 +14,22 @@ $cipher = 'AES-128-CBC';
 $pub_key = "file://" . __DIR__ . "/public.key";
 $priv_key = "file://" . __DIR__ . "/private_rsa_1024.key";
 
-openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), $cipher);
-openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), 'sparkles', $iv);
+try {
+    openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), $cipher);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+try {
+    openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), 'sparkles', $iv);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
 openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), $cipher, $iv);
 openssl_open($sealed, $decrypted, $ekeys[0], $priv_key, $cipher, $iv);
 echo $decrypted;
 ?>
---EXPECTF--
-Warning: openssl_seal(): Cipher algorithm requires an IV to be supplied as a sixth parameter in %s on line %d
-
-Warning: openssl_seal(): Unknown signature algorithm. in %s on line %d
+--EXPECT--
+openssl_seal(): Argument #6 ($iv) must provide an IV for chosen cipher algorithm
+openssl_seal(): Argument #5 ($method) must be a valid signature algorithm
 openssl_seal() test

ext/openssl/tests/bug70438.phpt

@@ -5,12 +5,16 @@ CVE-2013-6420
 --FILE--
 <?php
 $crt = substr(__FILE__, 0, -4).'.crt';
-$info = openssl_x509_parse("file://$crt");
-var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]);
+
+try {
+    $info = openssl_x509_parse("file://$crt");
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
+@var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]);
 ?>
-Done
---EXPECTF--
-%s openssl_x509_parse(): Illegal length in timestamp in %s%ecve-2013-6420.php on line 3
-string(27) "[email protected]"
-int(-1)
-Done
+--EXPECT--
+Illegal length in timestamp
+NULL
+NULL

ext/openssl/tests/cve-2013-6420.phpt

@@ -17,8 +17,12 @@ $argsFailed = array(
     "private_key_type" => OPENSSL_KEYTYPE_EC,
 );
 
-$keyFailed = openssl_pkey_new($argsFailed);
-var_dump($keyFailed);
+try {
+    $keyFailed = openssl_pkey_new($argsFailed);
+    var_dump($keyFailed);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 
 $d1 = openssl_pkey_get_details($key1);
 var_dump($d1["bits"]);
@@ -82,9 +86,7 @@ foreach ($curve_names as $curve_name) {
 --EXPECTF--
 Testing openssl_pkey_new
 resource(%d) of type (OpenSSL key)
-
-Warning: openssl_pkey_new(): Unknown elliptic curve (short) name invalid_cuve_name in %s on line %d
-bool(false)
+Unknown elliptic curve (short) name invalid_cuve_name
 int(384)
 int(215)
 string(9) "secp384r1"

ext/openssl/tests/ecc.phpt

@@ -8,7 +8,13 @@ openssl_csr_new() tests
 $a = array();
 
 $conf = array('config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf');
-var_dump(openssl_csr_new(array(), $a, $conf, array()));
+
+try {
+    var_dump(openssl_csr_new(array(), $a, $conf, array()));
+    var_dump($keyFailed);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 
 // this leaks
 $a = array(1,2);
@@ -19,14 +25,9 @@ var_dump(openssl_csr_new($a, $b, $conf));
 $x = openssl_pkey_new($conf);
 var_dump(openssl_csr_new(["countryName" => "DE"], $x, $conf + ["x509_extensions" => 0xDEADBEEF]));
 
-
-echo "Done\n";
 ?>
 --EXPECTF--
-Warning: openssl_csr_new(): Key array must be of the form array(0 => key, 1 => phrase) in %s on line %d
-
 Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min -> 4 (failed; check error queue and value of string_mask OpenSSL option if illegal characters are reported) in %s on line %d
-bool(false)
+Key array must be of the form array(0 => key, 1 => phrase)
 resource(%d) of type (OpenSSL X.509 CSR)
 resource(%d) of type (OpenSSL X.509 CSR)
-Done

ext/openssl/tests/openssl_csr_new_basic.phpt

@@ -33,37 +33,56 @@ var_dump(openssl_csr_sign($csr, null, $privkey, 365, $args));
 var_dump(openssl_csr_sign($csr, null, $privkey, 365, $config_arg));
 var_dump(openssl_csr_sign($csr, $cert, $priv, 365, $config_arg));
 var_dump(openssl_csr_sign($csr, openssl_x509_read($cert), $priv, 365, $config_arg));
-var_dump(openssl_csr_sign($csr, $wrong, $privkey, 365));
-var_dump(openssl_csr_sign($csr, null, $wrong, 365));
-var_dump(openssl_csr_sign($wrong, null, $privkey, 365));
-var_dump(openssl_csr_sign(array(), null, $privkey, 365));
-var_dump(openssl_csr_sign($csr, array(), $privkey, 365));
-var_dump(openssl_csr_sign($csr, null, array(), 365));
+
+try {
+    var_dump(openssl_csr_sign($csr, $wrong, $privkey, 365));
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
+try {
+    var_dump(openssl_csr_sign($csr, null, $wrong, 365));
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
+try {
+    var_dump(openssl_csr_sign($wrong, null, $privkey, 365));
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
+try {
+    var_dump(openssl_csr_sign(array(), null, $privkey, 365));
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
+try {
+    var_dump(openssl_csr_sign($csr, array(), $privkey, 365));
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
+try {
+    var_dump(openssl_csr_sign($csr, null, array(), 365));
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
 var_dump(openssl_csr_sign($csr, null, $privkey, 365, $config_arg));
 ?>
 --EXPECTF--
 resource(%d) of type (OpenSSL X.509)
 resource(%d) of type (OpenSSL X.509)
 resource(%d) of type (OpenSSL X.509)
 resource(%d) of type (OpenSSL X.509)
-
-Warning: openssl_csr_sign(): Cannot get cert from parameter 2 in %s on line %d
-bool(false)
-
-Warning: openssl_csr_sign(): Cannot get private key from parameter 3 in %s on line %d
-bool(false)
-
-Warning: openssl_csr_sign(): Cannot get CSR from parameter 1 in %s on line %d
-bool(false)
-
-Warning: openssl_csr_sign(): Cannot get CSR from parameter 1 in %s on line %d
-bool(false)
-
-Warning: openssl_csr_sign(): Cannot get cert from parameter 2 in %s on line %d
-bool(false)
-
-Warning: openssl_csr_sign(): Key array must be of the form array(0 => key, 1 => phrase) in %s on line %d
+openssl_csr_sign(): Argument #2 ($cacert) cannot be coerced into an X509 certificate
 
 Warning: openssl_csr_sign(): Cannot get private key from parameter 3 in %s on line %d
 bool(false)
+openssl_csr_sign(): Argument #1 ($csr) cannot be coerced into a Certificate Signing Request (CSR)
+openssl_csr_sign(): Argument #1 ($csr) cannot be coerced into a Certificate Signing Request (CSR)
+openssl_csr_sign(): Argument #2 ($cacert) cannot be coerced into an X509 certificate
+Key array must be of the form array(0 => key, 1 => phrase)
 resource(%d) of type (OpenSSL X.509)

ext/openssl/tests/openssl_csr_sign_basic.phpt

@@ -12,13 +12,34 @@ $iv = str_repeat("\0", openssl_cipher_iv_length($method));
 
 $encrypted = openssl_encrypt($data, $method, $password);
 var_dump($encrypted); /* Not passing $iv should be the same as all-NULL iv, but with a warning */
+
 var_dump(openssl_encrypt($data, $method, $password, 0, $iv));
+
 var_dump(openssl_decrypt($encrypted, $method, $wrong));
-var_dump(openssl_decrypt($encrypted, $wrong, $password));
+
+try {
+    var_dump(openssl_decrypt($encrypted, $wrong, $password));
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
 var_dump(openssl_decrypt($wrong, $method, $password));
-var_dump(openssl_decrypt($wrong, $wrong, $password));
-var_dump(openssl_decrypt($encrypted, $wrong, $wrong));
-var_dump(openssl_decrypt($wrong, $wrong, $wrong));
+
+try {
+    var_dump(openssl_decrypt($wrong, $wrong, $password));
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+try {
+    var_dump(openssl_decrypt($encrypted, $wrong, $wrong));
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+try {
+    var_dump(openssl_decrypt($wrong, $wrong, $wrong));
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 
 // invalid using of an authentication tag
 var_dump(openssl_encrypt($data, $method, $password, 0, $iv, $wrong));
@@ -28,19 +49,11 @@ Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potenti
 string(44) "yof6cPPH4mLee6TOc0YQSrh4dvywMqxGUyjp0lV6+aM="
 string(44) "yof6cPPH4mLee6TOc0YQSrh4dvywMqxGUyjp0lV6+aM="
 bool(false)
-
-Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d
-bool(false)
-bool(false)
-
-Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d
-bool(false)
-
-Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d
-bool(false)
-
-Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d
+Unknown cipher algorithm
 bool(false)
+Unknown cipher algorithm
+Unknown cipher algorithm
+Unknown cipher algorithm
 
 Warning: openssl_encrypt(): The authenticated tag cannot be provided for cipher that doesn not support AEAD in %s on line %d
 string(44) "yof6cPPH4mLee6TOc0YQSrh4dvywMqxGUyjp0lV6+aM="