From 325096042341325b2eb57dd9c994499a1223a32c Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Fri, 3 Jun 2022 13:44:31 +0200
Subject: add upstream patch ti use more sha256 in openssl tests

---
 php-openssl.patch | 317 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 php.spec          |   5 +-
 2 files changed, 321 insertions(+), 1 deletion(-)
 create mode 100644 php-openssl.patch

diff --git a/php-openssl.patch b/php-openssl.patch
new file mode 100644
index 0000000..403f979
--- /dev/null
+++ b/php-openssl.patch
@@ -0,0 +1,317 @@
+From 03a4ccd9120e5816e5f9f134f63b76e89558658f Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Tue, 31 May 2022 09:59:58 +0200
+Subject: [PATCH] use sha256 in openssl test suite
+
+---
+ ext/openssl/tests/bug41033.phpt                    |  4 ++--
+ ext/openssl/tests/bug61930.phpt                    | 11 ++++++-----
+ ext/openssl/tests/bug66501.phpt                    |  2 +-
+ ext/openssl/tests/ecc.phpt                         |  2 +-
+ ext/openssl/tests/openssl.cnf                      |  1 +
+ ext/openssl/tests/openssl_csr_export_basic.phpt    |  2 +-
+ .../tests/openssl_csr_export_to_file_basic.phpt    | 14 +++++++-------
+ .../tests/openssl_csr_get_public_key_basic.phpt    |  2 +-
+ .../tests/openssl_csr_get_subject_basic.phpt       |  2 +-
+ ext/openssl/tests/openssl_csr_sign_basic.phpt      |  2 +-
+ ext/openssl/tests/openssl_sign_basic.phpt          |  2 +-
+ .../tests/openssl_spki_export_challenge_basic.phpt | 14 --------------
+ ext/openssl/tests/openssl_spki_new_basic.phpt      |  8 --------
+ ext/openssl/tests/openssl_spki_verify_basic.phpt   | 14 --------------
+ ext/openssl/tests/openssl_verify_basic.phpt        | 12 ++++++------
+ 15 files changed, 29 insertions(+), 63 deletions(-)
+
+diff --git a/ext/openssl/tests/bug41033.phpt b/ext/openssl/tests/bug41033.phpt
+index ff30d8b266d0..73cca19506af 100644
+--- a/ext/openssl/tests/bug41033.phpt
++++ b/ext/openssl/tests/bug41033.phpt
+@@ -10,11 +10,11 @@ $pub = 'file://' . __DIR__ . '/' . 'bug41033pub.pem';
+ 
+ $prkeyid = openssl_get_privatekey($prv, "1234");
+ $ct = "Hello I am some text!";
+-openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_SHA1);
++openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_SHA256);
+ echo "Signature: ".base64_encode($signature) . "\n";
+ 
+ $pukeyid = openssl_get_publickey($pub);
+-$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_SHA1);
++$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_SHA256);
+ echo "Signature validity: " . $valid . "\n";
+ 
+ 
+diff --git a/ext/openssl/tests/bug61930.phpt b/ext/openssl/tests/bug61930.phpt
+index 862c6a07bfd0..d97f4990173a 100644
+--- a/ext/openssl/tests/bug61930.phpt
++++ b/ext/openssl/tests/bug61930.phpt
+@@ -4,19 +4,20 @@ Bug #61930: openssl corrupts ssl key resource when using openssl_get_publickey()
+ openssl
+ --FILE--
+ <?php
+-$cert = file_get_contents(__DIR__.'/cert.crt');
++$cert = file_get_contents(__DIR__.'/public.crt');
+ 
+ $data = <<<DATA
+ Please verify me
+ DATA;
+ 
+-$sig = 'f9Gyb6NV/ENn7GUa37ygTLcF93XHf5fbFTnoYF/O+fXbq3iChGUbET0RuhOsptl' .
+-        'AODi6JsDLnJO4ikcVZo0tC1fFTj3LyCuPy3ZdgJbbVxQ/rviROCmuMFTqUW/Xa2' .
+-        'LQYiapeCCgLQeWTLg7TM/BoHEkKbKLG/XT5jHvep1758A=';
++$sig = 'w45LtLoRY/WPk/kcmP6CwGysOMuxuLbD35xMB/iAe5IMiBJjz2D1WGEY7Vz+rLZmYqOo58qNC3VtTg6ge9+UhfQHplvs6cXGKm' .
++       'SkQlYv4EeFoByqYfPU9k2dE/WEItOJUUyqu9pHaCmRtLpxoLnJcdQVdiXfT0t8KwxUzZYDjrSfhp7rbKhhCc4jZMwo9PvBuPAT' .
++       'MEfZbRNaVpwCFpjmmJczZCHFZFm7JYzR2jU0sjJMGALXidNBs9p0Fi1TGz3pZkxnQ5lwI5DX5ZSY0jiOcoVFt7k29GVFd0DPjm' .
++       '1NyieYU6tpnanG+ZqHIT8Um3FajYh0x1iMMe2lLETjklqYiw==';
+ 
+ $key = openssl_get_publickey($cert);
+ var_dump(openssl_get_publickey($key));
+-var_dump(openssl_verify($data, base64_decode($sig), $key));
++var_dump(openssl_verify($data, base64_decode($sig), $key, OPENSSL_ALGO_SHA256));
+ ?>
+ --EXPECTF--
+ object(OpenSSLAsymmetricKey)#%d (0) {
+diff --git a/ext/openssl/tests/bug66501.phpt b/ext/openssl/tests/bug66501.phpt
+index 4a7bfbf1361b..56d391032f7e 100644
+--- a/ext/openssl/tests/bug66501.phpt
++++ b/ext/openssl/tests/bug66501.phpt
+@@ -18,7 +18,7 @@ AwEHoUQDQgAEPq4hbIWHvB51rdWr8ejrjWo4qVNWVugYFtPg/xLQw0mHkIPZ4DvK
+ sqOTOnMoezkbSmVVMuwz9flvnqHGmQvmug==
+ -----END EC PRIVATE KEY-----';
+ $key = openssl_pkey_get_private($pkey);
+-$res = openssl_sign($data ='alpha', $sign, $key, 'SHA1');
++$res = openssl_sign($data ='alpha', $sign, $key, 'SHA256');
+ var_dump($res);
+ ?>
+ --EXPECT--
+diff --git a/ext/openssl/tests/ecc.phpt b/ext/openssl/tests/ecc.phpt
+index a18651dc5e4b..297af1dccd0c 100644
+--- a/ext/openssl/tests/ecc.phpt
++++ b/ext/openssl/tests/ecc.phpt
+@@ -64,7 +64,7 @@ $csr = openssl_csr_new($dn, $keyGenerate, $args);
+ 
+ var_dump($keyGenerate);
+ 
+-$args["digest_alg"] = "sha1";
++$args["digest_alg"] = "sha256";
+ echo "Testing openssl_csr_new with existing ecc key\n";
+ $csr = openssl_csr_new($dn, $key1, $args);
+ var_dump($csr);
+diff --git a/ext/openssl/tests/openssl.cnf b/ext/openssl/tests/openssl.cnf
+index f3025aeb5caa..6146b93142cc 100644
+--- a/ext/openssl/tests/openssl.cnf
++++ b/ext/openssl/tests/openssl.cnf
+@@ -7,6 +7,7 @@ tsa_policy2 = 1.2.3.4.5.6
+ 
+ [ req ]
+ default_bits		= 1024
++default_md          = sha256
+ default_keyfile 	= privkey.pem
+ distinguished_name	= req_distinguished_name
+ attributes		= req_attributes
+diff --git a/ext/openssl/tests/openssl_csr_export_basic.phpt b/ext/openssl/tests/openssl_csr_export_basic.phpt
+index 559befe23c92..95bf741e9ec1 100644
+--- a/ext/openssl/tests/openssl_csr_export_basic.phpt
++++ b/ext/openssl/tests/openssl_csr_export_basic.phpt
+@@ -17,7 +17,7 @@ $dn = array(
+ );
+ 
+ $args = array(
+-    "digest_alg" => "sha1",
++    "digest_alg" => "sha256",
+     "private_key_bits" => 2048,
+     "private_key_type" => OPENSSL_KEYTYPE_DSA,
+     "encrypt_key" => true,
+diff --git a/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt b/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt
+index dfa533b729cb..5b0920888163 100644
+--- a/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt
++++ b/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt
+@@ -25,7 +25,7 @@ $dn = array(
+ );
+ 
+ $args = array(
+-    "digest_alg" => "sha1",
++    "digest_alg" => "sha256",
+     "private_key_bits" => 2048,
+     "private_key_type" => OPENSSL_KEYTYPE_DSA,
+     "encrypt_key" => true,
+@@ -66,12 +66,12 @@ BggTncBh9ozkVQGS/P1m0zn/SKSgDO+6DdeLHLMjpUASaoYfsay4PJLAdnTqLOeM
+ g6qNE6u0ebZXVfmpSmV1pSZ6kQnxbsb6rX1iOZxkwHnVWYb40Hy0EILo31x6BVqB
+ m159m7s38ChiRHqlj20DmRfxXjiT5YDgYYQ29wQBTVQrTN5O9UW5Y+eKTXd8r6te
+ dsbIBXdKN7NeX7ksGYHq1I3hLsP8EyvZO78qfjKyEB0Jj3UCAwEAAaAAMA0GCSqG
+-SIb3DQEBBQUAA4IBAQCamzVmIbElkiDQKzQpkfU5tHjrWPrHDSB186NI0sQ8i6GQ
+-1YT6yPAXBPTQ1aER/6uAZJL5HfWEX8V1rKbe8GkPAPCHHQzmHyWlaO2EHS57zJhk
+-sRrhqkhhkSNiDg4OrsguhRtbB2VMGeDbqHGI89uGqqGHUiZc/Bh8N7WFXZkUU/A0
+-sfBgVeqg0P4SWez5fHXqBNcjMdMI5f0bikcDZSIfTHS8FX+PMurLBC8UPB0YNIOl
+-1r2Lvo+6YUHOziG1OwQd3K0xxu/JzzOE+lMB73ynz4V6DY5Qv3qVno1GpupvgmQA
+-JViHkCA9x6m8RJXAFvqmgLlWlUzbDv/cRrDfjWjR
++SIb3DQEBCwUAA4IBAQCNtCIfMHBDRvNqHmrDfR/+A7ZJ+n/XzA2uQhvjEq91DeT8
++IE7gjUtmj2sqKmHGIDO4uN4F9ZHYzcNk23n6CMljYqJLbB2dHC0V6vkDB7qod1TH
++/SK39Yj0ji2AT45LD5rLH3vd1bjxdwwhyPyGhshKOIdnmBv4mwTRANIsiISMQV4Y
++ZPAXJ5DTKkgdsY14hqhyWct1bWMPpj2MCLQGjKxK8vmbiKaNL1XxAS7chTXoy7un
++NvBKc82Wy3XEuC9AkNFEytD6kA9gu8nFydvYTOvvhaQrf9RzwSitgi9Vj3mbujsN
++f1JMPX0/eHrKvG9wBZu28FdS54xoWGeD1NGraW24
+ -----END CERTIFICATE REQUEST-----
+ "
+ 
+diff --git a/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt b/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt
+index 7faaf2f23454..9f128c200bea 100644
+--- a/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt
++++ b/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt
+@@ -23,7 +23,7 @@ $dn = array(
+ );
+ 
+ $args = array(
+-    "digest_alg" => "sha1",
++    "digest_alg" => "sha256",
+     "private_key_bits" => 2048,
+     "private_key_type" => OPENSSL_KEYTYPE_DSA,
+     "encrypt_key" => true,
+diff --git a/ext/openssl/tests/openssl_csr_get_subject_basic.phpt b/ext/openssl/tests/openssl_csr_get_subject_basic.phpt
+index 6fe63e971775..79baeb65b8a5 100644
+--- a/ext/openssl/tests/openssl_csr_get_subject_basic.phpt
++++ b/ext/openssl/tests/openssl_csr_get_subject_basic.phpt
+@@ -23,7 +23,7 @@ $dn = array(
+ );
+ 
+ $args = array(
+-    "digest_alg" => "sha1",
++    "digest_alg" => "sha256",
+     "private_key_bits" => 2048,
+     "private_key_type" => OPENSSL_KEYTYPE_DSA,
+     "encrypt_key" => true,
+diff --git a/ext/openssl/tests/openssl_csr_sign_basic.phpt b/ext/openssl/tests/openssl_csr_sign_basic.phpt
+index a7030b392145..0cf678cc2944 100644
+--- a/ext/openssl/tests/openssl_csr_sign_basic.phpt
++++ b/ext/openssl/tests/openssl_csr_sign_basic.phpt
+@@ -20,7 +20,7 @@ $dn = array(
+ );
+ 
+ $args = array(
+-    "digest_alg" => "sha1",
++    "digest_alg" => "sha256",
+     "private_key_bits" => 2048,
+     "private_key_type" => OPENSSL_KEYTYPE_DSA,
+     "encrypt_key" => true,
+diff --git a/ext/openssl/tests/openssl_sign_basic.phpt b/ext/openssl/tests/openssl_sign_basic.phpt
+index 48deac9337c1..047028101893 100644
+--- a/ext/openssl/tests/openssl_sign_basic.phpt
++++ b/ext/openssl/tests/openssl_sign_basic.phpt
+@@ -8,7 +8,7 @@ $data = "Testing openssl_sign()";
+ $privkey = "file://" . __DIR__ . "/private_rsa_1024.key";
+ $wrong = "wrong";
+ 
+-var_dump(openssl_sign($data, $sign, $privkey));                 // no output
++var_dump(openssl_sign($data, $sign, $privkey, OPENSSL_ALGO_SHA256));                 // no output
+ var_dump(openssl_sign($data, $sign, $wrong));
+ ?>
+ --EXPECTF--
+diff --git a/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt b/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
+index ab9076791be4..2fadc30e6810 100644
+--- a/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
++++ b/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
+@@ -22,8 +22,6 @@ foreach ($key_sizes as $key_size) {
+ 
+ /* array of available hashings to test */
+ $algo = array(
+-    OPENSSL_ALGO_MD5,
+-    OPENSSL_ALGO_SHA1,
+     OPENSSL_ALGO_SHA224,
+     OPENSSL_ALGO_SHA256,
+     OPENSSL_ALGO_SHA384,
+@@ -76,15 +74,3 @@ string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
+ bool\(false\)
+ string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
+ bool\(false\)
+-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
+-bool\(false\)
+-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
+-bool\(false\)
+-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
+-bool\(false\)
+-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
+-bool\(false\)
+-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
+-bool\(false\)
+-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
+-bool\(false\)
+diff --git a/ext/openssl/tests/openssl_spki_new_basic.phpt b/ext/openssl/tests/openssl_spki_new_basic.phpt
+index 1d29fe05bd81..6b661afde36f 100644
+--- a/ext/openssl/tests/openssl_spki_new_basic.phpt
++++ b/ext/openssl/tests/openssl_spki_new_basic.phpt
+@@ -16,8 +16,6 @@ foreach ($key_sizes as $key_size) {
+ 
+ /* array of available hashings to test */
+ $algo = array(
+-    OPENSSL_ALGO_MD5,
+-    OPENSSL_ALGO_SHA1,
+     OPENSSL_ALGO_SHA224,
+     OPENSSL_ALGO_SHA256,
+     OPENSSL_ALGO_SHA384,
+@@ -47,16 +45,10 @@ string(478) "%s"
+ string(478) "%s"
+ string(478) "%s"
+ string(478) "%s"
+-string(478) "%s"
+-string(478) "%s"
+-string(830) "%s"
+ string(830) "%s"
+ string(830) "%s"
+ string(830) "%s"
+ string(830) "%s"
+-string(830) "%s"
+-string(1510) "%s"
+-string(1510) "%s"
+ string(1510) "%s"
+ string(1510) "%s"
+ string(1510) "%s"
+diff --git a/ext/openssl/tests/openssl_spki_verify_basic.phpt b/ext/openssl/tests/openssl_spki_verify_basic.phpt
+index 9b624a7a5f72..19704b4a4fa8 100644
+--- a/ext/openssl/tests/openssl_spki_verify_basic.phpt
++++ b/ext/openssl/tests/openssl_spki_verify_basic.phpt
+@@ -18,8 +18,6 @@ foreach ($key_sizes as $key_size) {
+ 
+ /* array of available hashings to test */
+ $algo = array(
+-    OPENSSL_ALGO_SHA1,
+-    OPENSSL_ALGO_SHA224,
+     OPENSSL_ALGO_SHA256,
+     OPENSSL_ALGO_SHA384,
+     OPENSSL_ALGO_SHA512,
+@@ -65,15 +63,3 @@ bool(true)
+ bool(false)
+ bool(true)
+ bool(false)
+-bool(true)
+-bool(false)
+-bool(true)
+-bool(false)
+-bool(true)
+-bool(false)
+-bool(true)
+-bool(false)
+-bool(true)
+-bool(false)
+-bool(true)
+-bool(false)
+diff --git a/ext/openssl/tests/openssl_verify_basic.phpt b/ext/openssl/tests/openssl_verify_basic.phpt
+index 0e93a21319d9..674a3c58a9ea 100644
+--- a/ext/openssl/tests/openssl_verify_basic.phpt
++++ b/ext/openssl/tests/openssl_verify_basic.phpt
+@@ -9,12 +9,12 @@ $privkey = "file://" . __DIR__ . "/private_rsa_1024.key";
+ $pubkey = "file://" . __DIR__ . "/public.key";
+ $wrong = "wrong";
+ 
+-openssl_sign($data, $sign, $privkey);
+-var_dump(openssl_verify($data, $sign, $pubkey));
+-var_dump(openssl_verify($data, $sign, $privkey));
+-var_dump(openssl_verify($data, $sign, $wrong));
+-var_dump(openssl_verify($data, $wrong, $pubkey));
+-var_dump(openssl_verify($wrong, $sign, $pubkey));
++openssl_sign($data, $sign, $privkey, OPENSSL_ALGO_SHA256);
++var_dump(openssl_verify($data, $sign, $pubkey, OPENSSL_ALGO_SHA256));
++var_dump(openssl_verify($data, $sign, $privkey, OPENSSL_ALGO_SHA256));
++var_dump(openssl_verify($data, $sign, $wrong, OPENSSL_ALGO_SHA256));
++var_dump(openssl_verify($data, $wrong, $pubkey, OPENSSL_ALGO_SHA256));
++var_dump(openssl_verify($wrong, $sign, $pubkey, OPENSSL_ALGO_SHA256));
+ ?>
+ --EXPECTF--
+ int(1)
diff --git a/php.spec b/php.spec
index a7c50ea..fa629b3 100644
--- a/php.spec
+++ b/php.spec
@@ -193,6 +193,7 @@ Patch91: php-7.2.0-oci8conf.patch
 
 # Upstream fixes (100+)
 Patch100: php-mbstring.patch
+Patch101: php-openssl.patch
 
 # Security fixes (200+)
 
@@ -966,7 +967,8 @@ sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in
 %patch91 -p1 -b .remi-oci8
 
 # upstream patches
-%patch100 -p1 -b .up
+%patch100 -p1 -b .pcre
+%patch101 -p1 -b .sha
 
 # security patches
 
@@ -1844,6 +1846,7 @@ fi
 %changelog
 * Fri Jun  3 2022 Remi Collet <remi@remirepo.net> - 8.1.7~RC1-2
 - add upstream patch to initialize pcre before mbstring
+- add upstream patch ti use more sha256 in openssl tests
 
 * Wed May 25 2022 Remi Collet <remi@remirepo.net> - 8.1.7~RC1-1
 - update to 8.1.7RC1
-- 
cgit