1+ --TEST--
2+ openssl: test key type and bit length enforcement in php_openssl_generate_private_key
3+ --EXTENSIONS--
4+ openssl
5+ --SKIPIF--
6+ <?php
7+ if (!defined ("OPENSSL_KEYTYPE_RSA " )) die ("skip RSA disabled " );
8+ if (!defined ("OPENSSL_KEYTYPE_DSA " )) die ("skip DSA disabled " );
9+ if (!defined ("OPENSSL_KEYTYPE_DH " )) die ("skip DH disabled " );
10+ if (!defined ("OPENSSL_KEYTYPE_EC " )) die ("skip EC disabled " );
11+ ?>
12+ --FILE--
13+ <?php
14+ function test_key ($ type$ bitsnull ) {
15+ $ args
16+ switch ($ type
17+ case OPENSSL_KEYTYPE_RSA :
18+ $ args'private_key_type ' ] = OPENSSL_KEYTYPE_RSA ;
19+ if ($ bitsnull ) $ args'private_key_bits ' ] = $ bits
20+ break ;
21+ case OPENSSL_KEYTYPE_DSA :
22+ $ args'private_key_type ' ] = OPENSSL_KEYTYPE_DSA ;
23+ if ($ bitsnull ) $ args'private_key_bits ' ] = $ bits
24+ break ;
25+ case OPENSSL_KEYTYPE_DH :
26+ $ args'private_key_type ' ] = OPENSSL_KEYTYPE_DH ;
27+ if ($ bitsnull ) $ args'private_key_bits ' ] = $ bits
28+ break ;
29+ case OPENSSL_KEYTYPE_EC :
30+ $ args'curve_name ' ] = 'prime256v1 ' ;
31+ $ args'private_key_type ' ] = OPENSSL_KEYTYPE_EC ;
32+ break ;
33+ }
34+ $ keyopenssl_pkey_new ($ args
35+ var_dump ($ keyfalse );
36+ }
37+
38+ // Should fail: RSA, DSA, DH with bits < MIN_KEY_LENGTH
39+ foreach ([OPENSSL_KEYTYPE_RSA , OPENSSL_KEYTYPE_DSA , OPENSSL_KEYTYPE_DH ] as $ type
40+ test_key ($ type256 ); // too short
41+ }
42+ // Should succeed: RSA, DSA, DH with bits >= MIN_KEY_LENGTH
43+ foreach ([OPENSSL_KEYTYPE_RSA , OPENSSL_KEYTYPE_DSA , OPENSSL_KEYTYPE_DH ] as $ type
44+ test_key ($ type2048 ); // valid
45+ }
46+ // Should succeed: EC with curve only
47+ test_key (OPENSSL_KEYTYPE_EC );
48+ // Should succeed: EC with bits too low
49+ test_key (OPENSSL_KEYTYPE_EC , 256 );
50+ ?>
51+ --EXPECT--
52+ bool(false)
53+ bool(false)
54+ bool(false)
55+ bool(true)
56+ bool(true)
57+ bool(true)
58+ bool(true)
59+ bool(true)
0 commit comments