php
diff --git a/‎ext/openssl/openssl.c
+160-146 b/‎ext/openssl/openssl.c
+160-146
diff --git a/‎ext/openssl/openssl.stub.php
+1-1 b/‎ext/openssl/openssl.stub.php
+1-1
diff --git a/‎ext/openssl/openssl_arginfo.h
+2-2 b/‎ext/openssl/openssl_arginfo.h
+2-2
diff --git a/‎ext/openssl/tests/bug38255.phpt
+20-14 b/‎ext/openssl/tests/bug38255.phpt
+20-14
diff --git a/‎ext/openssl/tests/bug38261.phpt
+13-5 b/‎ext/openssl/tests/bug38261.phpt
+13-5
diff --git a/‎ext/openssl/tests/bug60632.phpt
+8-5 b/‎ext/openssl/tests/bug60632.phpt
+8-5
diff --git a/‎ext/openssl/tests/bug70438.phpt
+14-6 b/‎ext/openssl/tests/bug70438.phpt
+14-6
diff --git a/‎ext/openssl/tests/cve-2013-6420.phpt
+3-3 b/‎ext/openssl/tests/cve-2013-6420.phpt
+3-3
diff --git a/‎ext/openssl/tests/ecc.phpt
+6-2 b/‎ext/openssl/tests/ecc.phpt
+6-2
diff --git a/‎ext/openssl/tests/openssl_csr_export_basic.phpt
+2-4 b/‎ext/openssl/tests/openssl_csr_export_basic.phpt
+2-4
diff --git a/‎ext/openssl/tests/openssl_csr_export_to_file_basic.phpt
+6-4 b/‎ext/openssl/tests/openssl_csr_export_to_file_basic.phpt
+6-4
diff --git a/‎ext/openssl/tests/openssl_csr_new_basic.phpt
+8-7 b/‎ext/openssl/tests/openssl_csr_new_basic.phpt
+8-7
diff --git a/‎ext/openssl/tests/openssl_csr_sign_basic.phpt
+31-20 b/‎ext/openssl/tests/openssl_csr_sign_basic.phpt
+31-20
diff --git a/‎ext/openssl/tests/openssl_decrypt_error.phpt
+29-16 b/‎ext/openssl/tests/openssl_decrypt_error.phpt
+29-16
@@ -204,7 +204,7 @@ function openssl_encrypt(string $data, string $method, string $password, int $op
 
 function openssl_decrypt(string $data, string $method, string $password, int $options = 0, string $iv = '', string $tag = UNKNOWN, string $aad = ''): string|false {}
 
-function openssl_cipher_iv_length(string $method): int|false {}
+function openssl_cipher_iv_length(string $method): int {}
 
 function openssl_dh_compute_key(string $pub_key, OpenSSLAsymmetricKey $dh_key): string|false {}
 
 
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: ed45da0e8786db9b20fd33d574b20f3d41304e0a */
+ * Stub hash: 2b91efa4238630826cc61cd4afe996e31a647a55 */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_x509_export_to_file, 0, 2, _IS_BOOL, 0)
 	ZEND_ARG_OBJ_TYPE_MASK(0, x509, OpenSSLCertificate, MAY_BE_STRING, NULL)
@@ -328,7 +328,7 @@ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_openssl_decrypt, 0, 3, MAY_BE_ST
 	ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, aad, IS_STRING, 0, "\'\'")
 ZEND_END_ARG_INFO()
 
-ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_openssl_cipher_iv_length, 0, 1, MAY_BE_LONG|MAY_BE_FALSE)
+ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_cipher_iv_length, 0, 1, IS_LONG, 0)
 	ZEND_ARG_TYPE_INFO(0, method, IS_STRING, 0)
 ZEND_END_ARG_INFO()
 
 
@@ -8,7 +8,12 @@ if (!extension_loaded("openssl")) die("skip");
 <?php
 $pub_key_id = false;
 $signature = '';
-$ok = openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5);
+
+try {
+    $ok = openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5);
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 
 class test {
     function __toString() {
@@ -18,18 +23,19 @@ class test {
 $t = new test;
 
 
-var_dump(openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5));
-var_dump(openssl_verify("foo", $t, $pub_key_id, OPENSSL_ALGO_MD5));
-
-echo "Done\n";
+try {
+    var_dump(openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5));
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+try {
+    var_dump(openssl_verify("foo", $t, $pub_key_id, OPENSSL_ALGO_MD5));
+} catch (\TypeError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 
 ?>
---EXPECTF--
-Warning: openssl_verify(): Supplied key param cannot be coerced into a public key in %s on line %d
-
-Warning: openssl_verify(): Supplied key param cannot be coerced into a public key in %s on line %d
-bool(false)
-
-Warning: openssl_verify(): Supplied key param cannot be coerced into a public key in %s on line %d
-bool(false)
-Done
+--EXPECT--
+openssl_verify(): Argument #3 ($key) cannot be coerced into a public key
+openssl_verify(): Argument #3 ($key) cannot be coerced into a public key
+openssl_verify(): Argument #3 ($key) cannot be coerced into a public key
@@ -14,7 +14,11 @@ class test {
 }
 $t = new test;
 
-var_dump(openssl_x509_parse("foo"));
+try {
+    var_dump(openssl_x509_parse("foo"));
+} catch (TypeError $e) {
+    echo $e->getMessage(), "\n";
+}
 
 try {
     var_dump(openssl_x509_parse($t));
@@ -28,7 +32,11 @@ try {
     echo $e->getMessage(), "\n";
 }
 
-var_dump(openssl_x509_parse($cert));
+try {
+    var_dump(openssl_x509_parse($cert));
+} catch (TypeError $e) {
+    echo $e->getMessage(), "\n";
+}
 
 try {
     openssl_x509_parse(new stdClass);
@@ -38,8 +46,8 @@ try {
 
 ?>
 --EXPECT--
-bool(false)
-bool(false)
+openssl_x509_parse(): Argument #1 ($x509) cannot be coerced into an X509 certificate
+openssl_x509_parse(): Argument #1 ($x509) cannot be coerced into an X509 certificate
 openssl_x509_parse(): Argument #1 ($x509) must be of type OpenSSLCertificate|string, array given
-bool(false)
+openssl_x509_parse(): Argument #1 ($x509) cannot be coerced into an X509 certificate
 openssl_x509_parse(): Argument #1 ($x509) must be of type OpenSSLCertificate|string, stdClass given
@@ -19,9 +19,12 @@ $test_pubkey = $details['key'];
 $pubkey = openssl_pkey_get_public($test_pubkey);
 $encrypted = null;
 $ekeys = array();
-$result = openssl_seal('test phrase', $encrypted, $ekeys, array($pubkey), 'AES-256-CBC');
-echo "Done";
+
+try {
+    $result = openssl_seal('test phrase', $encrypted, $ekeys, array($pubkey), 'AES-256-CBC');
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 ?>
---EXPECTF--
-Warning: openssl_seal(): Cipher algorithm requires an IV to be supplied as a sixth parameter in %s on line %d
-Done
+--EXPECT--
+openssl_seal(): Argument #6 ($iv) must provide an IV for chosen cipher algorithm
@@ -14,14 +14,22 @@ $cipher = 'AES-128-CBC';
 $pub_key = "file://" . __DIR__ . "/public.key";
 $priv_key = "file://" . __DIR__ . "/private_rsa_1024.key";
 
-openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), $cipher);
-openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), 'sparkles', $iv);
+try {
+    openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), $cipher);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+try {
+    openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), 'sparkles', $iv);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
 openssl_seal($data, $sealed, $ekeys, array($pub_key, $pub_key), $cipher, $iv);
 openssl_open($sealed, $decrypted, $ekeys[0], $priv_key, $cipher, $iv);
 echo $decrypted;
 ?>
---EXPECTF--
-Warning: openssl_seal(): Cipher algorithm requires an IV to be supplied as a sixth parameter in %s on line %d
-
-Warning: openssl_seal(): Unknown signature algorithm. in %s on line %d
+--EXPECT--
+openssl_seal(): Argument #6 ($iv) must provide an IV for chosen cipher algorithm
+openssl_seal(): Argument #5 ($method) must be a valid signature algorithm
 openssl_seal() test
@@ -5,12 +5,12 @@ CVE-2013-6420
 --FILE--
 <?php
 $crt = substr(__FILE__, 0, -4).'.crt';
+
 $info = openssl_x509_parse("file://$crt");
+
 var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]);
 ?>
-Done
 --EXPECTF--
-%s openssl_x509_parse(): Illegal length in timestamp in %s%ecve-2013-6420.php on line 3
+Warning: openssl_x509_parse(): Illegal length in timestamp in %s on line %d
 string(27) "[email protected]"
 int(-1)
-Done
@@ -17,8 +17,12 @@ $argsFailed = array(
     "private_key_type" => OPENSSL_KEYTYPE_EC,
 );
 
-$keyFailed = openssl_pkey_new($argsFailed);
-var_dump($keyFailed);
+try {
+    $keyFailed = openssl_pkey_new($argsFailed);
+    var_dump($keyFailed);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 
 $d1 = openssl_pkey_get_details($key1);
 var_dump($d1["bits"]);
 
@@ -39,10 +39,8 @@ try {
 }
 var_dump(openssl_csr_export($csr, $output, false));
 ?>
---EXPECTF--
+--EXPECT--
 bool(true)
-
-Warning: openssl_csr_export(): X.509 Certificate Signing Request cannot be retrieved in %s on line %d
-bool(false)
+openssl_csr_export(): Argument #1 ($csr) X.509 Certificate Signing Request cannot be retrieved
 openssl_csr_export(): Argument #1 ($csr) must be of type OpenSSLCertificateSigningRequest|string, OpenSSLAsymmetricKey given
 bool(true)
@@ -37,7 +37,11 @@ $csr = openssl_csr_new($dn, $privkey_file, $args);
 var_dump(openssl_csr_export_to_file($csr, $csrfile));
 var_dump(file_get_contents($csrfile));
 
-var_dump(openssl_csr_export_to_file($wrong, $csrfile));
+try {
+    var_dump(openssl_csr_export_to_file($wrong, $csrfile));
+} catch (TypeError $e) {
+    echo $e->getMessage(), "\n";
+}
 
 try {
     openssl_csr_export_to_file($dh, $csrfile);
@@ -74,8 +78,6 @@ sfBgVeqg0P4SWez5fHXqBNcjMdMI5f0bikcDZSIfTHS8FX+PMurLBC8UPB0YNIOl
 JViHkCA9x6m8RJXAFvqmgLlWlUzbDv/cRrDfjWjR
 -----END CERTIFICATE REQUEST-----
 "
-
-Warning: openssl_csr_export_to_file(): X.509 Certificate Signing Request cannot be retrieved in %s on line %d
-bool(false)
+openssl_csr_export_to_file(): Argument #1 ($csr) X.509 Certificate Signing Request cannot be retrieved
 openssl_csr_export_to_file(): Argument #1 ($csr) must be of type OpenSSLCertificateSigningRequest|string, OpenSSLAsymmetricKey given
 bool(true)
@@ -8,7 +8,13 @@ openssl_csr_new() tests
 $a = array();
 
 $conf = array('config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf');
-var_dump(openssl_csr_new(array(), $a, $conf, array()));
+
+try {
+    var_dump(openssl_csr_new(array(), $a, $conf, array()));
+    var_dump($keyFailed);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 
 // this leaks
 $a = array(1,2);
@@ -19,16 +25,11 @@ var_dump(openssl_csr_new($a, $b, $conf));
 $x = openssl_pkey_new($conf);
 var_dump(openssl_csr_new(["countryName" => "DE"], $x, $conf + ["x509_extensions" => 0xDEADBEEF]));
 
-
-echo "Done\n";
 ?>
 --EXPECTF--
-Warning: openssl_csr_new(): Key array must be of the form array(0 => key, 1 => phrase) in %s on line %d
-
 Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min -> 4 (failed; check error queue and value of string_mask OpenSSL option if illegal characters are reported) in %s on line %d
-bool(false)
+Key array must be of the form array(0 => key, 1 => phrase)
 object(OpenSSLCertificateSigningRequest)#%d (0) {
 }
 object(OpenSSLCertificateSigningRequest)#%d (0) {
 }
-Done
 
@@ -34,9 +34,24 @@ var_dump(openssl_csr_sign($csr, null, $privkey, 365, $args));
 var_dump(openssl_csr_sign($csr, null, $privkey, 365, $config_arg));
 var_dump(openssl_csr_sign($csr, $cert, $priv, 365, $config_arg));
 var_dump(openssl_csr_sign($csr, openssl_x509_read($cert), $priv, 365, $config_arg));
-var_dump(openssl_csr_sign($csr, $wrong, $privkey, 365));
-var_dump(openssl_csr_sign($csr, null, $wrong, 365));
-var_dump(openssl_csr_sign($wrong, null, $privkey, 365));
+
+try {
+    var_dump(openssl_csr_sign($csr, $wrong, $privkey, 365));
+} catch (TypeError $exception) {
+    echo $exception->getMessage() . "\n";
+}
+
+try {
+    var_dump(openssl_csr_sign($csr, null, $wrong, 365));
+} catch (TypeError $exception) {
+    echo $exception->getMessage() . "\n";
+}
+
+try {
+    var_dump(openssl_csr_sign($wrong, null, $privkey, 365));
+} catch (TypeError $exception) {
+    echo $exception->getMessage() . "\n";
+}
 
 try {
     openssl_csr_sign(array(), null, $privkey, 365);
@@ -50,33 +65,29 @@ try {
     echo $exception->getMessage() . "\n";
 }
 
-var_dump(openssl_csr_sign($csr, null, array(), 365));
+try {
+    var_dump(openssl_csr_sign($csr, null, array(), 365));
+} catch (ValueError $exception) {
+    echo $exception->getMessage() . "\n";
+}
 var_dump(openssl_csr_sign($csr, null, $privkey, 365, $config_arg));
 ?>
 --EXPECTF--
-object(OpenSSLCertificate)#%d (0) {
+object(OpenSSLCertificate)#3 (0) {
 }
-object(OpenSSLCertificate)#%d (0) {
+object(OpenSSLCertificate)#3 (0) {
 }
-object(OpenSSLCertificate)#%d (0) {
+object(OpenSSLCertificate)#3 (0) {
 }
-object(OpenSSLCertificate)#%d (0) {
+object(OpenSSLCertificate)#4 (0) {
 }
-
-Warning: openssl_csr_sign(): X.509 Certificate cannot be retrieved in %s on line %d
-bool(false)
+openssl_csr_sign(): Argument #2 ($cacert) X.509 Certificate cannot be retrieved
 
 Warning: openssl_csr_sign(): Cannot get private key from parameter 3 in %s on line %d
 bool(false)
-
-Warning: openssl_csr_sign(): X.509 Certificate Signing Request cannot be retrieved in %s on line %d
-bool(false)
+openssl_csr_sign(): Argument #1 ($csr) X.509 Certificate Signing Request cannot be retrieved
 openssl_csr_sign(): Argument #1 ($csr) must be of type OpenSSLCertificateSigningRequest|string, array given
 openssl_csr_sign(): Argument #2 ($cacert) must be of type OpenSSLCertificate|string|null, array given
-
-Warning: openssl_csr_sign(): Key array must be of the form array(0 => key, 1 => phrase) in %s on line %d
-
-Warning: openssl_csr_sign(): Cannot get private key from parameter 3 in %s on line %d
-bool(false)
-object(OpenSSLCertificate)#%d (0) {
+Key array must be of the form array(0 => key, 1 => phrase)
+object(OpenSSLCertificate)#3 (0) {
 }
@@ -12,13 +12,34 @@ $iv = str_repeat("\0", openssl_cipher_iv_length($method));
 
 $encrypted = openssl_encrypt($data, $method, $password);
 var_dump($encrypted); /* Not passing $iv should be the same as all-NULL iv, but with a warning */
+
 var_dump(openssl_encrypt($data, $method, $password, 0, $iv));
+
 var_dump(openssl_decrypt($encrypted, $method, $wrong));
-var_dump(openssl_decrypt($encrypted, $wrong, $password));
+
+try {
+    var_dump(openssl_decrypt($encrypted, $wrong, $password));
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+
 var_dump(openssl_decrypt($wrong, $method, $password));
-var_dump(openssl_decrypt($wrong, $wrong, $password));
-var_dump(openssl_decrypt($encrypted, $wrong, $wrong));
-var_dump(openssl_decrypt($wrong, $wrong, $wrong));
+
+try {
+    var_dump(openssl_decrypt($wrong, $wrong, $password));
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+try {
+    var_dump(openssl_decrypt($encrypted, $wrong, $wrong));
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
+try {
+    var_dump(openssl_decrypt($wrong, $wrong, $wrong));
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 
 // invalid using of an authentication tag
 var_dump(openssl_encrypt($data, $method, $password, 0, $iv, $wrong));
@@ -28,19 +49,11 @@ Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potenti
 string(44) "yof6cPPH4mLee6TOc0YQSrh4dvywMqxGUyjp0lV6+aM="
 string(44) "yof6cPPH4mLee6TOc0YQSrh4dvywMqxGUyjp0lV6+aM="
 bool(false)
-
-Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d
-bool(false)
-bool(false)
-
-Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d
-bool(false)
-
-Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d
-bool(false)
-
-Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d
+Unknown cipher algorithm
 bool(false)
+Unknown cipher algorithm
+Unknown cipher algorithm
+Unknown cipher algorithm
 
 Warning: openssl_encrypt(): The authenticated tag cannot be provided for cipher that doesn not support AEAD in %s on line %d
 string(44) "yof6cPPH4mLee6TOc0YQSrh4dvywMqxGUyjp0lV6+aM="