From d9d82377ccdffcacd4da719fe496791430f26f31 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Sat, 28 Sep 2024 20:51:05 +0200 Subject: [PATCH 1/2] Update Windows CI to use php-sdk-2.3.0 php-sdk-2.2.0 still fetches dependencies from the no longer up to date , and as such won't be tested with any security updates we provide for Windows. Given that PHP 8.1 is going to receive security updates for further 15 months, we should should not ignore these dependency updates. Closes GH-16097. --- .github/workflows/push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index ddb4ee0aaf1..966bdea5937 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -135,7 +135,7 @@ jobs: PHP_BUILD_CACHE_BASE_DIR: C:\build-cache PHP_BUILD_OBJ_DIR: C:\obj PHP_BUILD_CACHE_SDK_DIR: C:\build-cache\sdk - PHP_BUILD_SDK_BRANCH: php-sdk-2.2.0 + PHP_BUILD_SDK_BRANCH: php-sdk-2.3.0 PHP_BUILD_CRT: vs16 PLATFORM: x64 THREAD_SAFE: "1" From 53cc92c85c17e5178b27bae51ca7d146d40468c1 Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Sun, 10 Mar 2024 20:51:22 +0000 Subject: [PATCH 2/2] Fix failing openssl_private_decrypt tests We backport 11caf094f1af6b47ea2138c5fa907838911ebe01[1] as a step to get back to a green CI. [1] --- ext/openssl/tests/openssl_error_string_basic.phpt | 8 ++++---- .../tests/openssl_error_string_basic_openssl3.phpt | 8 ++++---- ext/openssl/tests/openssl_private_decrypt_basic.phpt | 12 ++++++------ 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/ext/openssl/tests/openssl_error_string_basic.phpt b/ext/openssl/tests/openssl_error_string_basic.phpt index e4ea264b3bf..4b5ca9fd9c0 100644 --- a/ext/openssl/tests/openssl_error_string_basic.phpt +++ b/ext/openssl/tests/openssl_error_string_basic.phpt @@ -118,12 +118,12 @@ expect_openssl_errors('openssl_pkey_get_public', [$err_pem_no_start_line]); @openssl_private_encrypt("data", $crypted, $private_key_file, 1000); expect_openssl_errors('openssl_private_encrypt', ['0408F090']); // private decrypt with failed padding check -@openssl_private_decrypt("data", $crypted, $private_key_file); -expect_openssl_errors('openssl_private_decrypt', ['04065072']); +@openssl_private_decrypt("data", $crypted, $private_key_file, OPENSSL_PKCS1_OAEP_PADDING); +expect_openssl_errors('openssl_private_decrypt', ['04099079']); // public encrypt and decrypt with failed padding check and padding @openssl_public_encrypt("data", $crypted, $public_key_file, 1000); -@openssl_public_decrypt("data", $crypted, $public_key_file); -expect_openssl_errors('openssl_private_(en|de)crypt padding', [$err_pem_no_start_line, '0408F090', '04067072']); +@openssl_public_decrypt("data", $crypted, $public_key_file, OPENSSL_PKCS1_OAEP_PADDING); +expect_openssl_errors('openssl_private_(en|de)crypt padding', [$err_pem_no_start_line, '0408F090', '06089093']); // X509 echo "X509 errors\n"; diff --git a/ext/openssl/tests/openssl_error_string_basic_openssl3.phpt b/ext/openssl/tests/openssl_error_string_basic_openssl3.phpt index d435a53e304..2de36d6af06 100644 --- a/ext/openssl/tests/openssl_error_string_basic_openssl3.phpt +++ b/ext/openssl/tests/openssl_error_string_basic_openssl3.phpt @@ -121,12 +121,12 @@ expect_openssl_errors('openssl_pkey_get_public', [$err_pem_no_start_line]); @openssl_private_encrypt("data", $crypted, $private_key_file, 1000); expect_openssl_errors('openssl_private_encrypt', ['1C8000A5']); // private decrypt with failed padding check -@openssl_private_decrypt("data", $crypted, $private_key_file); -expect_openssl_errors('openssl_private_decrypt', ['0200009F', '02000072']); +@openssl_private_decrypt("data", $crypted, $private_key_file, OPENSSL_PKCS1_OAEP_PADDING); +expect_openssl_errors('openssl_private_decrypt', ['02000079']); // public encrypt and decrypt with failed padding check and padding @openssl_public_encrypt("data", $crypted, $public_key_file, 1000); -@openssl_public_decrypt("data", $crypted, $public_key_file); -expect_openssl_errors('openssl_private_(en|de)crypt padding', [$err_pem_no_start_line, '02000076', '0200008A', '02000072', '1C880004']); +@openssl_public_decrypt("data", $crypted, $public_key_file, OPENSSL_PKCS1_OAEP_PADDING); +expect_openssl_errors('openssl_private_(en|de)crypt padding', [$err_pem_no_start_line, '1C8000A5']); // X509 echo "X509 errors\n"; diff --git a/ext/openssl/tests/openssl_private_decrypt_basic.phpt b/ext/openssl/tests/openssl_private_decrypt_basic.phpt index ec37aea1614..44101d580c0 100644 --- a/ext/openssl/tests/openssl_private_decrypt_basic.phpt +++ b/ext/openssl/tests/openssl_private_decrypt_basic.phpt @@ -9,22 +9,22 @@ $privkey = "file://" . __DIR__ . "/private_rsa_1024.key"; $pubkey = "file://" . __DIR__ . "/public.key"; $wrong = "wrong"; -openssl_public_encrypt($data, $encrypted, $pubkey); -var_dump(openssl_private_decrypt($encrypted, $output, $privkey)); +openssl_public_encrypt($data, $encrypted, $pubkey, OPENSSL_PKCS1_OAEP_PADDING); +var_dump(openssl_private_decrypt($encrypted, $output, $privkey, OPENSSL_PKCS1_OAEP_PADDING)); var_dump($output); -var_dump(openssl_private_decrypt($encrypted, $output2, $wrong)); +var_dump(openssl_private_decrypt($encrypted, $output2, $wrong, OPENSSL_PKCS1_OAEP_PADDING)); var_dump($output2); -var_dump(openssl_private_decrypt($wrong, $output3, $privkey)); +var_dump(openssl_private_decrypt($wrong, $output3, $privkey, OPENSSL_PKCS1_OAEP_PADDING)); var_dump($output3); try { - var_dump(openssl_private_decrypt($encrypted, $output4, array($privkey))); + var_dump(openssl_private_decrypt($encrypted, $output4, array($privkey), OPENSSL_PKCS1_OAEP_PADDING)); var_dump($output4); } catch (\ValueError $e) { echo $e->getMessage() . \PHP_EOL; } -var_dump(openssl_private_decrypt($encrypted, $output5, array($privkey, ""))); +var_dump(openssl_private_decrypt($encrypted, $output5, array($privkey, ""), OPENSSL_PKCS1_OAEP_PADDING)); var_dump($output5); ?> --EXPECTF--