More reverts

Author: Girgias

ext/openssl/openssl.c

@@ -1553,12 +1553,6 @@ PHP_FUNCTION(openssl_spki_new)
 
 	PHP_OPENSSL_CHECK_SIZE_T_TO_INT(challenge_len, challenge, 2);
 
-	mdtype = php_openssl_get_evp_md_from_algo(algo);
-	if (!mdtype) {
-		zend_argument_value_error(3, "must be a valid signature algorithm");
-		RETURN_THROWS();
-	}
-
 	pkey = php_openssl_pkey_from_zval(zpkey, 0, challenge, challenge_len, &free_pkey);
 	if (pkey == NULL) {
 		if (!EG(exception)) {
@@ -1567,6 +1561,13 @@ PHP_FUNCTION(openssl_spki_new)
 		goto cleanup;
 	}
 
+	mdtype = php_openssl_get_evp_md_from_algo(algo);
+
+	if (!mdtype) {
+		php_error_docref(NULL, E_WARNING, "Unknown signature algorithm");
+		goto cleanup;
+	}
+
 	if ((spki = NETSCAPE_SPKI_new()) == NULL) {
 		php_openssl_store_errors();
 		php_error_docref(NULL, E_WARNING, "Unable to create new SPKAC");
@@ -1851,7 +1852,7 @@ zend_string* php_openssl_x509_fingerprint(X509 *peer, const char *method, zend_b
 	zend_string *ret;
 
 	if (!(mdtype = EVP_get_digestbyname(method))) {
-		zend_value_error("Unknown signature algorithm");
+		php_error_docref(NULL, E_WARNING, "Unknown signature algorithm");
 		return NULL;
 	} else if (!X509_digest(peer, mdtype, md, &n)) {
 		php_openssl_store_errors();
@@ -3820,7 +3821,7 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req
 				break;
 #endif
 			default:
-				zend_value_error("Unsupported private key type");
+				php_error_docref(NULL, E_WARNING, "Unsupported private key type");
 		}
 	} else {
 		php_openssl_store_errors();
@@ -4212,7 +4213,7 @@ PHP_FUNCTION(openssl_pkey_new)
 					}
 
 					if (group == NULL) {
-						zend_argument_value_error(1, "must be a valid curve name");
+						php_error_docref(NULL, E_WARNING, "Unknown curve name");
 						goto clean_exit;
 					}
 
@@ -4342,10 +4343,9 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
 	key = php_openssl_pkey_from_zval(zpkey, 0, passphrase, passphrase_len, &free_pkey);
 	if (key == NULL) {
 		if (!EG(exception)) {
-			// TypeError?
-			zend_argument_value_error(1, "cannot retrieve key");
+			php_error_docref(NULL, E_WARNING, "Cannot get key from parameter 1");
 		}
-		RETURN_THROWS();
+		RETURN_FALSE;
 	}
 
 	if (php_openssl_open_base_dir_chk(filename)) {
@@ -4429,9 +4429,9 @@ PHP_FUNCTION(openssl_pkey_export)
 	key = php_openssl_pkey_from_zval(zpkey, 0, passphrase, passphrase_len, &free_pkey);
 	if (key == NULL) {
 		if (!EG(exception)) {
-			zend_argument_value_error(1, "cannot retrieve key");
+			php_error_docref(NULL, E_WARNING, "Cannot get key from parameter 1");
 		}
-		RETURN_THROWS();
+		RETURN_FALSE;
 	}
 
 	PHP_SSL_REQ_INIT(&req);
@@ -4859,8 +4859,8 @@ PHP_FUNCTION(openssl_pbkdf2)
 	}
 
 	if (!digest) {
-		zend_argument_value_error(5, "must be a valid signature algorithm");
-		RETURN_THROWS();
+		php_error_docref(NULL, E_WARNING, "Unknown signature algorithm");
+		RETURN_FALSE;
 	}
 
 	out_buffer = zend_string_alloc(key_length, 0);
@@ -6545,9 +6545,9 @@ PHP_FUNCTION(openssl_sign)
 	pkey = php_openssl_pkey_from_zval(key, 0, "", 0, &free_pkey);
 	if (pkey == NULL) {
 		if (!EG(exception)) {
-			zend_argument_type_error(3, "cannot be coerced into a private key");
+			php_error_docref(NULL, E_WARNING, "Supplied key param cannot be coerced into a private key");
 		}
-		RETURN_THROWS();
+		RETURN_FALSE;
 	}
 
 	if (method == NULL || Z_TYPE_P(method) == IS_LONG) {
@@ -6563,8 +6563,8 @@ PHP_FUNCTION(openssl_sign)
 		RETURN_THROWS();
 	}
 	if (!mdtype) {
-		zend_argument_value_error(4, "must be a valid signature algorithm");
-		RETURN_THROWS();
+		php_error_docref(NULL, E_WARNING, "Unknown signature algorithm");
+		RETURN_FALSE;
 	}
 
 	siglen = EVP_PKEY_size(pkey);
@@ -6613,15 +6613,6 @@ PHP_FUNCTION(openssl_verify)
 
 	PHP_OPENSSL_CHECK_SIZE_T_TO_UINT(signature_len, signature, 2);
 
-	pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0, &free_pkey);
-	if (pkey == NULL) {
-		if (!EG(exception)) {
-			zend_argument_type_error(3, "cannot be coerced into a public key");
-		}
-		RETURN_THROWS();
-	}
-
-
 	if (method == NULL || Z_TYPE_P(method) == IS_LONG) {
 		if (method != NULL) {
 			signature_algo = Z_LVAL_P(method);
@@ -6635,8 +6626,16 @@ PHP_FUNCTION(openssl_verify)
 		RETURN_THROWS();
 	}
 	if (!mdtype) {
-		zend_argument_value_error(4, "must be a valid signature algorithm");
-		RETURN_THROWS();
+		php_error_docref(NULL, E_WARNING, "Unknown signature algorithm");
+		RETURN_FALSE;
+	}
+
+	pkey = php_openssl_pkey_from_zval(key, 1, NULL, 0, &free_pkey);
+	if (pkey == NULL) {
+		if (!EG(exception)) {
+			php_error_docref(NULL, E_WARNING, "Supplied key param cannot be coerced into a public key");
+		}
+		RETURN_FALSE;
 	}
 
 	md_ctx = EVP_MD_CTX_create();
@@ -6688,8 +6687,8 @@ PHP_FUNCTION(openssl_seal)
 	if (method) {
 		cipher = EVP_get_cipherbyname(method);
 		if (!cipher) {
-			zend_argument_value_error(5, "must be a valid signature algorithm");
-			RETURN_THROWS();
+			php_error_docref(NULL, E_WARNING, "Unknown signature algorithm");
+			RETURN_FALSE;
 		}
 	} else {
 		cipher = EVP_rc4();
@@ -6816,16 +6815,16 @@ PHP_FUNCTION(openssl_open)
 	pkey = php_openssl_pkey_from_zval(privkey, 0, "", 0, &free_pkey);
 	if (pkey == NULL) {
 		if (!EG(exception)) {
-			zend_argument_type_error(4, "cannot coerce into a private key");
+			php_error_docref(NULL, E_WARNING, "Unable to coerce parameter 4 into a private key");
 		}
-		RETURN_THROWS();
+		RETURN_FALSE;
 	}
 
 	if (method) {
 		cipher = EVP_get_cipherbyname(method);
 		if (!cipher) {
-			zend_argument_value_error(5, "must be a valid signature algorithm");
-			RETURN_THROWS();
+			php_error_docref(NULL, E_WARNING, "Unknown signature algorithm");
+			RETURN_FALSE;
 		}
 	} else {
 		cipher = EVP_rc4();
@@ -6958,8 +6957,8 @@ PHP_FUNCTION(openssl_digest)
 	}
 	mdtype = EVP_get_digestbyname(method);
 	if (!mdtype) {
-		zend_argument_value_error(2, "must be a valid signature algorithm");
-		RETURN_THROWS();
+		php_error_docref(NULL, E_WARNING, "Unknown signature algorithm");
+		RETURN_FALSE;
 	}
 
 	siglen = EVP_MD_size(mdtype);
@@ -7218,7 +7217,7 @@ PHP_OPENSSL_API zend_string* php_openssl_encrypt(
 
 	cipher_type = EVP_get_cipherbyname(method);
 	if (!cipher_type) {
-		zend_value_error("Unknown cipher algorithm");
+		php_error_docref(NULL, E_WARNING, "Unknown cipher algorithm");
 		return NULL;
 	}
 
@@ -7334,7 +7333,7 @@ PHP_OPENSSL_API zend_string* php_openssl_decrypt(
 
 	cipher_type = EVP_get_cipherbyname(method);
 	if (!cipher_type) {
-		zend_value_error("Unknown cipher algorithm");
+		php_error_docref(NULL, E_WARNING, "Unknown cipher algorithm");
 		return NULL;
 	}
 
@@ -7420,6 +7419,7 @@ PHP_OPENSSL_API zend_long php_openssl_cipher_iv_length(const char *method)
 
 	cipher_type = EVP_get_cipherbyname(method);
 	if (!cipher_type) {
+		php_error_docref(NULL, E_WARNING, "Unknown cipher algorithm");
 		return -1;
 	}
 
@@ -7442,9 +7442,9 @@ PHP_FUNCTION(openssl_cipher_iv_length)
 		RETURN_THROWS();
 	}
 
+	/* Warning is emitted in php_openssl_cipher_iv_length */
 	if ((ret = php_openssl_cipher_iv_length(method)) == -1) {
-		zend_argument_value_error(1, "must be a valid cipher algorithm");
-		RETURN_THROWS();
+		RETURN_FALSE;
 	}
 
 	RETURN_LONG(ret);

ext/openssl/tests/bug38255.phpt

@@ -8,12 +8,7 @@ if (!extension_loaded("openssl")) die("skip");
 <?php
 $pub_key_id = false;
 $signature = '';
-
-try {
-    $ok = openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5);
-} catch (\TypeError $e) {
-    echo $e->getMessage() . \PHP_EOL;
-}
+$ok = openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5);
 
 class test {
     function __toString() {
@@ -23,19 +18,18 @@ class test {
 $t = new test;
 
 
-try {
-    var_dump(openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5));
-} catch (\TypeError $e) {
-    echo $e->getMessage() . \PHP_EOL;
-}
-try {
-    var_dump(openssl_verify("foo", $t, $pub_key_id, OPENSSL_ALGO_MD5));
-} catch (\TypeError $e) {
-    echo $e->getMessage() . \PHP_EOL;
-}
+var_dump(openssl_verify("foo", $signature, $pub_key_id, OPENSSL_ALGO_MD5));
+var_dump(openssl_verify("foo", $t, $pub_key_id, OPENSSL_ALGO_MD5));
+
+echo "Done\n";
 
 ?>
---EXPECT--
-openssl_verify(): Argument #3 ($key) cannot be coerced into a public key
-openssl_verify(): Argument #3 ($key) cannot be coerced into a public key
-openssl_verify(): Argument #3 ($key) cannot be coerced into a public key
+--EXPECTF--
+Warning: openssl_verify(): Supplied key param cannot be coerced into a public key in %s on line %d
+
+Warning: openssl_verify(): Supplied key param cannot be coerced into a public key in %s on line %d
+bool(false)
+
+Warning: openssl_verify(): Supplied key param cannot be coerced into a public key in %s on line %d
+bool(false)
+Done

ext/openssl/tests/cve-2013-6420.phpt

@@ -8,7 +8,9 @@ $crt = substr(__FILE__, 0, -4).'.crt';
 $info = openssl_x509_parse("file://$crt");
 var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]);
 ?>
+Done
 --EXPECTF--
-Warning: openssl_x509_parse(): Illegal length in timestamp in %s on line %d
+Warning: openssl_x509_parse(): Illegal length in timestamp in %s on line 3
 string(27) "stefan.esser@sektioneins.de"
 int(-1)
+Done

ext/openssl/tests/openssl_decrypt_error.phpt

@@ -12,34 +12,13 @@ $iv = str_repeat("\0", openssl_cipher_iv_length($method));
 
 $encrypted = openssl_encrypt($data, $method, $password);
 var_dump($encrypted); /* Not passing $iv should be the same as all-NULL iv, but with a warning */
-
 var_dump(openssl_encrypt($data, $method, $password, 0, $iv));
-
 var_dump(openssl_decrypt($encrypted, $method, $wrong));
-
-try {
-    var_dump(openssl_decrypt($encrypted, $wrong, $password));
-} catch (\ValueError $e) {
-    echo $e->getMessage() . \PHP_EOL;
-}
-
+var_dump(openssl_decrypt($encrypted, $wrong, $password));
 var_dump(openssl_decrypt($wrong, $method, $password));
-
-try {
-    var_dump(openssl_decrypt($wrong, $wrong, $password));
-} catch (\ValueError $e) {
-    echo $e->getMessage() . \PHP_EOL;
-}
-try {
-    var_dump(openssl_decrypt($encrypted, $wrong, $wrong));
-} catch (\ValueError $e) {
-    echo $e->getMessage() . \PHP_EOL;
-}
-try {
-    var_dump(openssl_decrypt($wrong, $wrong, $wrong));
-} catch (\ValueError $e) {
-    echo $e->getMessage() . \PHP_EOL;
-}
+var_dump(openssl_decrypt($wrong, $wrong, $password));
+var_dump(openssl_decrypt($encrypted, $wrong, $wrong));
+var_dump(openssl_decrypt($wrong, $wrong, $wrong));
 
 // invalid using of an authentication tag
 var_dump(openssl_encrypt($data, $method, $password, 0, $iv, $wrong));
@@ -49,11 +28,19 @@ Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potenti
 string(44) "yof6cPPH4mLee6TOc0YQSrh4dvywMqxGUyjp0lV6+aM="
 string(44) "yof6cPPH4mLee6TOc0YQSrh4dvywMqxGUyjp0lV6+aM="
 bool(false)
-Unknown cipher algorithm
+
+Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d
+bool(false)
+bool(false)
+
+Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d
+bool(false)
+
+Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d
+bool(false)
+
+Warning: openssl_decrypt(): Unknown cipher algorithm in %s on line %d
 bool(false)
-Unknown cipher algorithm
-Unknown cipher algorithm
-Unknown cipher algorithm
 
 Warning: openssl_encrypt(): The authenticated tag cannot be provided for cipher that doesn not support AEAD in %s on line %d
 string(44) "yof6cPPH4mLee6TOc0YQSrh4dvywMqxGUyjp0lV6+aM="

ext/openssl/tests/openssl_encrypt_error.phpt

@@ -13,11 +13,7 @@ $object = new stdclass;
 $arr = array(1);
 
 // wrong parameters tests
-try {
-    var_dump(openssl_encrypt($data, $wrong, $password));
-} catch (\ValueError $e) {
-    echo $e->getMessage() . \PHP_EOL;
-}
+var_dump(openssl_encrypt($data, $wrong, $password));
 
 // invalid using of an authentication tag
 var_dump(openssl_encrypt($data, $method, $password, 0, $iv, $wrong));
@@ -26,7 +22,8 @@ var_dump(openssl_encrypt($data, $method, $password, 0, $iv, $wrong));
 var_dump(openssl_encrypt($data, $method, $password, OPENSSL_DONT_ZERO_PAD_KEY, $iv));
 ?>
 --EXPECTF--
-Unknown cipher algorithm
+Warning: openssl_encrypt(): Unknown cipher algorithm in %s on line %d
+bool(false)
 
 Warning: openssl_encrypt(): The authenticated tag cannot be provided for cipher that doesn not support AEAD in %s on line %d
 string(44) "iPR4HulskuaP5Z6me5uImk6BqVyJG73+63tkPauVZYk="