From 9111fdf5e6332923a5faf9f8a7e6b428eb91795a Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Thu, 11 Nov 2021 12:02:07 +0100
Subject: detect dummy or short encryption key

---
 src/sp_config_keywords.c                           | 13 ++++++++++++
 .../config/broken_conf_cookie_name_and_regexp.ini  |  2 +-
 .../config/config_encrypted_cookies_noname.ini     |  2 +-
 .../config_encrypted_regexp_cookies_bad_regexp.ini |  2 +-
 .../config/config_encryption_key_short.ini         |  1 +
 .../encrypt_key_too_short.phpt                     | 23 ++++++++++++++++++++++
 .../encrypt_regexp_cookies_bad_regexp.phpt         |  3 ++-
 .../broken_conf_cookie_name_and_regexp.phpt        |  2 +-
 .../config/broken_conf_cookie_name_and_regexp.ini  |  2 +-
 .../config/config_encrypted_cookies_noname.ini     |  2 +-
 .../config_encrypted_regexp_cookies_bad_regexp.ini |  2 +-
 .../encrypt_key_too_short.phpt                     | 22 +++++++++++++++++++++
 .../encrypt_regexp_cookies_bad_regexp.phpt         |  2 +-
 src/tests/config/config_samesite_cookies.ini       |  2 +-
 src/tests/config/phplog.ini                        |  2 +-
 src/tests/config/sid_length_limit.ini              |  1 +
 src/tests/config/syslog.ini                        |  2 +-
 src/tests/config/syslog_simulation.ini             |  2 +-
 .../config/config_encrypted_cookies.ini            |  2 +-
 .../config/config_encrypted_cookies_empty_env.ini  |  2 +-
 .../config/config_encrypted_cookies_simulation.ini |  2 +-
 .../config/config_encrypted_regexp_cookies.ini     |  2 +-
 .../config_encrypted_regexp_cookies_empty_env.ini  |  2 +-
 .../config/encryption_key_only.ini                 |  2 +-
 src/tests/cookies_encryption/encrypt_cookies.phpt  |  2 +-
 src/tests/cookies_encryption/encrypt_cookies3.phpt |  2 +-
 .../cookies_encryption/encrypt_regexp_cookies.phpt |  2 +-
 .../encrypt_regexp_cookies3.phpt                   |  2 +-
 .../config/encrypt_cookies_no_env.ini              |  2 +-
 .../config/encrypt_regexp_cookies_no_env.ini       |  2 +-
 .../config/config_encrypted_cookies.ini            |  2 +-
 .../config/config_crypt_session.ini                |  2 +-
 .../config/config_crypt_session_simul.ini          |  2 +-
 src/tests/unserialize/config/config_serialize.ini  |  2 +-
 .../unserialize/config/config_serialize_sim.ini    |  2 +-
 src/tests/unserialize/config/dump_unserialize.ini  |  2 +-
 src/tests/unserialize/serialize.phpt               |  2 +-
 src/tests/unserialize/unserialize_sim.phpt         |  5 +++--
 .../unserialize_php8/config/config_serialize.ini   |  2 +-
 39 files changed, 97 insertions(+), 35 deletions(-)
 create mode 100644 src/tests/broken_configuration/config/config_encryption_key_short.ini
 create mode 100644 src/tests/broken_configuration/encrypt_key_too_short.phpt
 create mode 100644 src/tests/broken_configuration_php8/encrypt_key_too_short.phpt
 create mode 100644 src/tests/config/sid_length_limit.ini

diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index f6af86b..cf44ed9 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -136,6 +136,19 @@ SP_PARSE_FN(parse_global) {
       {0, 0, 0}};
 
   SP_PROCESS_CONFIG_KEYWORDS_ERR();
+
+  if (SPCFG(encryption_key)) {
+    if (ZSTR_LEN(SPCFG(encryption_key)) < 10) {
+      sp_log_err("config", "The encryption key set on line %zu is too short. please use at least 10 bytes", parsed_rule->lineno);
+      return SP_PARSER_ERROR;
+    }
+    if (zend_string_equals_literal(SPCFG(encryption_key), "YOU _DO_ NEED TO CHANGE THIS WITH SOME RANDOM CHARACTERS.") ||
+        zend_string_equals_literal(SPCFG(encryption_key), "c6a0e02b3b818f7559d5f85303d8fe44")) {
+      sp_log_err("config", "The encryption key set on line %zu is an unchanged dummy value. please use a unique secret.", parsed_rule->lineno);
+      return SP_PARSER_ERROR;
+    }
+  }
+
   return SP_PARSER_STOP;
 }
 
diff --git a/src/tests/broken_configuration/config/broken_conf_cookie_name_and_regexp.ini b/src/tests/broken_configuration/config/broken_conf_cookie_name_and_regexp.ini
index 503889b..6b43b71 100644
--- a/src/tests/broken_configuration/config/broken_conf_cookie_name_and_regexp.ini
+++ b/src/tests/broken_configuration/config/broken_conf_cookie_name_and_regexp.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("my_cookie_name").name_r("my_cookie_regexp").encrypt();
diff --git a/src/tests/broken_configuration/config/config_encrypted_cookies_noname.ini b/src/tests/broken_configuration/config/config_encrypted_cookies_noname.ini
index 048e404..43a4284 100644
--- a/src/tests/broken_configuration/config/config_encrypted_cookies_noname.ini
+++ b/src/tests/broken_configuration/config/config_encrypted_cookies_noname.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/broken_configuration/config/config_encrypted_regexp_cookies_bad_regexp.ini b/src/tests/broken_configuration/config/config_encrypted_regexp_cookies_bad_regexp.ini
index 4fe92fd..817de14 100644
--- a/src/tests/broken_configuration/config/config_encrypted_regexp_cookies_bad_regexp.ini
+++ b/src/tests/broken_configuration/config/config_encrypted_regexp_cookies_bad_regexp.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name_r("^super_co[a-z+$").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/broken_configuration/config/config_encryption_key_short.ini b/src/tests/broken_configuration/config/config_encryption_key_short.ini
new file mode 100644
index 0000000..7de4438
--- /dev/null
+++ b/src/tests/broken_configuration/config/config_encryption_key_short.ini
@@ -0,0 +1 @@
+sp.global.secret_key("abcdef");
diff --git a/src/tests/broken_configuration/encrypt_key_too_short.phpt b/src/tests/broken_configuration/encrypt_key_too_short.phpt
new file mode 100644
index 0000000..fe80be1
--- /dev/null
+++ b/src/tests/broken_configuration/encrypt_key_too_short.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Cookie encryption key too short
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encryption_key_short.ini
+--COOKIE--
+--ENV--
+return <<<EOF
+REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329
+HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
+HTTPS=1
+EOF;
+--FILE--
+<?php
+?>
+--EXPECT--
+PHP Fatal error:  [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] The encryption key set on line 1 is too short. please use at least 10 bytes in Unknown on line 0
+
+Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] The encryption key set on line 1 is too short. please use at least 10 bytes in Unknown on line 0
+
+Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] Invalid configuration file in Unknown on line 0
+Could not startup.
\ No newline at end of file
diff --git a/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt b/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt
index 5383df6..ef83154 100644
--- a/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt
+++ b/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt
@@ -2,11 +2,12 @@
 Cookie decryption in ipv4
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+<?php if (PHP_VERSION_ID >= 80000) print "skip"; ?>
 --INI--
 sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies_bad_regexp.ini
 error_reporting=1
 --COOKIE--
-super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3gV9YJZL/pUeNAjCKFW0U2ywmf1CwHzwd2pWM=;awful_cookie=awful_cookie_value;
+super_cookie=IpRZV4rivSjANrEOSxINd%2FdFe17giJgaAAAAAAAAAAAAAAAAAAAAALnmBVs%2BTILKxauHeGcUyJpR%2BX2UiZ6OamUTaWc=;awful_cookie=awful_cookie_value;
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
diff --git a/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt b/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt
index 8648b4f..c02d67a 100644
--- a/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt
+++ b/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt
@@ -4,7 +4,7 @@ Broken configuration - encrypted cookie with name and regexp
 <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
 <?php if (PHP_VERSION_ID < 80000) print "skip"; ?>
 --INI--
-sp.configuration_file={PWD}/config/broken_conf_cookie_name_and_regexp.ini
+sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_cookie_name_and_regexp.ini
 --FILE--
 --EXPECT--
 
diff --git a/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini b/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini
index 503889b..6b43b71 100644
--- a/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini
+++ b/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("my_cookie_name").name_r("my_cookie_regexp").encrypt();
diff --git a/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini b/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini
index 048e404..43a4284 100644
--- a/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini
+++ b/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini b/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini
index 4fe92fd..817de14 100644
--- a/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini
+++ b/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name_r("^super_co[a-z+$").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt b/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt
new file mode 100644
index 0000000..c14785e
--- /dev/null
+++ b/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Cookie encryption key too short
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+<?php if (PHP_VERSION_ID < 80000) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/../broken_configuration/config/config_encryption_key_short.ini
+--COOKIE--
+--ENV--
+return <<<EOF
+REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329
+HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
+HTTPS=1
+EOF;
+--FILE--
+<?php
+?>
+--EXPECT--
+Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] The encryption key set on line 1 is too short. please use at least 10 bytes in Unknown on line 0
+
+Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] Invalid configuration file in Unknown on line 0
+Could not startup.
\ No newline at end of file
diff --git a/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt b/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt
index 5383df6..6796c5b 100644
--- a/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt
+++ b/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt
@@ -6,7 +6,7 @@ Cookie decryption in ipv4
 sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies_bad_regexp.ini
 error_reporting=1
 --COOKIE--
-super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3gV9YJZL/pUeNAjCKFW0U2ywmf1CwHzwd2pWM=;awful_cookie=awful_cookie_value;
+super_cookie=IpRZV4rivSjANrEOSxINd%2FdFe17giJgaAAAAAAAAAAAAAAAAAAAAALnmBVs%2BTILKxauHeGcUyJpR%2BX2UiZ6OamUTaWc=;awful_cookie=awful_cookie_value;
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
diff --git a/src/tests/config/config_samesite_cookies.ini b/src/tests/config/config_samesite_cookies.ini
index 1ca498a..627ff3e 100644
--- a/src/tests/config/config_samesite_cookies.ini
+++ b/src/tests/config/config_samesite_cookies.ini
@@ -1,4 +1,4 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("super_cookie").samesite("Lax");
 sp.cookie.name("awful_cookie").samesite("strict").encrypt();
 sp.cookie.name("nice_cookie").samesite("STRICT").encrypt();
diff --git a/src/tests/config/phplog.ini b/src/tests/config/phplog.ini
index 4eaa287..7126996 100644
--- a/src/tests/config/phplog.ini
+++ b/src/tests/config/phplog.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.unserialize_hmac.enable();
 sp.log_media("php");
diff --git a/src/tests/config/sid_length_limit.ini b/src/tests/config/sid_length_limit.ini
new file mode 100644
index 0000000..f6ef335
--- /dev/null
+++ b/src/tests/config/sid_length_limit.ini
@@ -0,0 +1 @@
+sp.session.sid_min_length("10").sid_max_length("32");
\ No newline at end of file
diff --git a/src/tests/config/syslog.ini b/src/tests/config/syslog.ini
index 17dce05..2210975 100644
--- a/src/tests/config/syslog.ini
+++ b/src/tests/config/syslog.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.unserialize_hmac.enable();
 sp.log_media("syslog");
diff --git a/src/tests/config/syslog_simulation.ini b/src/tests/config/syslog_simulation.ini
index bb52850..4100444 100644
--- a/src/tests/config/syslog_simulation.ini
+++ b/src/tests/config/syslog_simulation.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.unserialize_hmac.enable().simulation();
 sp.log_media("syslog");
diff --git a/src/tests/cookies_encryption/config/config_encrypted_cookies.ini b/src/tests/cookies_encryption/config/config_encrypted_cookies.ini
index 4b50440..2d82478 100644
--- a/src/tests/cookies_encryption/config/config_encrypted_cookies.ini
+++ b/src/tests/cookies_encryption/config/config_encrypted_cookies.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("super_cookie").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/cookies_encryption/config/config_encrypted_cookies_empty_env.ini b/src/tests/cookies_encryption/config/config_encrypted_cookies_empty_env.ini
index 8368d65..311e0ca 100644
--- a/src/tests/cookies_encryption/config/config_encrypted_cookies_empty_env.ini
+++ b/src/tests/cookies_encryption/config/config_encrypted_cookies_empty_env.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef").cookie_env_var("SUPER_ENV_VAR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("SUPER_ENV_VAR");
 sp.cookie.name("super_cookie").encrypt();
diff --git a/src/tests/cookies_encryption/config/config_encrypted_cookies_simulation.ini b/src/tests/cookies_encryption/config/config_encrypted_cookies_simulation.ini
index 32e24a1..f4f9acc 100644
--- a/src/tests/cookies_encryption/config/config_encrypted_cookies_simulation.ini
+++ b/src/tests/cookies_encryption/config/config_encrypted_cookies_simulation.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("super_cookie").encrypt().simulation();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies.ini b/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies.ini
index 8ea77f7..b6fc8b7 100644
--- a/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies.ini
+++ b/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name_r("^super_co[a-z]+$").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies_empty_env.ini b/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies_empty_env.ini
index da84df7..43f6f94 100644
--- a/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies_empty_env.ini
+++ b/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies_empty_env.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name_r("^super_coo[a-z]+$").encrypt();
diff --git a/src/tests/cookies_encryption/config/encryption_key_only.ini b/src/tests/cookies_encryption/config/encryption_key_only.ini
index 7de4438..e107f15 100644
--- a/src/tests/cookies_encryption/config/encryption_key_only.ini
+++ b/src/tests/cookies_encryption/config/encryption_key_only.ini
@@ -1 +1 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
diff --git a/src/tests/cookies_encryption/encrypt_cookies.phpt b/src/tests/cookies_encryption/encrypt_cookies.phpt
index 49587b7..21ec0ed 100644
--- a/src/tests/cookies_encryption/encrypt_cookies.phpt
+++ b/src/tests/cookies_encryption/encrypt_cookies.phpt
@@ -5,7 +5,7 @@ Cookie decryption in ipv4
 --INI--
 sp.configuration_file={PWD}/config/config_encrypted_cookies.ini
 --COOKIE--
-super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3gV9YJZL/pUeNAjCKFW0U2ywmf1CwHzwd2pWM=;awful_cookie=awful_cookie_value;
+super_cookie=IpRZV4rivSjANrEOSxINd%2FdFe17giJgaAAAAAAAAAAAAAAAAAAAAALnmBVs%2BTILKxauHeGcUyJpR%2BX2UiZ6OamUTaWc=;awful_cookie=awful_cookie_value;
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
diff --git a/src/tests/cookies_encryption/encrypt_cookies3.phpt b/src/tests/cookies_encryption/encrypt_cookies3.phpt
index beb4efb..f5cadcb 100644
--- a/src/tests/cookies_encryption/encrypt_cookies3.phpt
+++ b/src/tests/cookies_encryption/encrypt_cookies3.phpt
@@ -5,7 +5,7 @@ Cookie decryption with ipv6
 --INI--
 sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
 --COOKIE--
-super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABM84SCotZTpP6b27Lr5lavORPMvqaKpcUahvxw=;awful_cookie=awful_cookie_value;
+super_cookie=eFXrR4GCQtT4Q7%2FLRVtDBH44aMC4hI33AAAAAAAAAAAAAAAAAAAAAGrtoM2Mltxj8%2B9dELwitKN42C8ZE1kYX%2BKWwjM%3D;awful_cookie=awful_cookie_value;
 --ENV--
 return <<<EOF
 REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329
diff --git a/src/tests/cookies_encryption/encrypt_regexp_cookies.phpt b/src/tests/cookies_encryption/encrypt_regexp_cookies.phpt
index da44855..41c4f2a 100644
--- a/src/tests/cookies_encryption/encrypt_regexp_cookies.phpt
+++ b/src/tests/cookies_encryption/encrypt_regexp_cookies.phpt
@@ -5,7 +5,7 @@ Cookie decryption in ipv4
 --INI--
 sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
 --COOKIE--
-super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3gV9YJZL/pUeNAjCKFW0U2ywmf1CwHzwd2pWM=;awful_cookie=awful_cookie_value;
+super_cookie=IpRZV4rivSjANrEOSxINd%2FdFe17giJgaAAAAAAAAAAAAAAAAAAAAALnmBVs%2BTILKxauHeGcUyJpR%2BX2UiZ6OamUTaWc=;awful_cookie=awful_cookie_value;
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
diff --git a/src/tests/cookies_encryption/encrypt_regexp_cookies3.phpt b/src/tests/cookies_encryption/encrypt_regexp_cookies3.phpt
index beb4efb..09f0a75 100644
--- a/src/tests/cookies_encryption/encrypt_regexp_cookies3.phpt
+++ b/src/tests/cookies_encryption/encrypt_regexp_cookies3.phpt
@@ -5,7 +5,7 @@ Cookie decryption with ipv6
 --INI--
 sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
 --COOKIE--
-super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABM84SCotZTpP6b27Lr5lavORPMvqaKpcUahvxw=;awful_cookie=awful_cookie_value;
+super_cookie=mzOxoJ9o9Y83iYX15DkJmYrW%2FrJfyB2SAAAAAAAAAAAAAAAAAAAAAKe5DegjtjwoFZirOY4LO6jSlqtZdF%2FUMriwn8w=;awful_cookie=awful_cookie_value;
 --ENV--
 return <<<EOF
 REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329
diff --git a/src/tests/cookies_encryption_warning/config/encrypt_cookies_no_env.ini b/src/tests/cookies_encryption_warning/config/encrypt_cookies_no_env.ini
index 845bd02..b72b311 100644
--- a/src/tests/cookies_encryption_warning/config/encrypt_cookies_no_env.ini
+++ b/src/tests/cookies_encryption_warning/config/encrypt_cookies_no_env.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.cookie.name("super_cookie").encrypt();
diff --git a/src/tests/cookies_encryption_warning/config/encrypt_regexp_cookies_no_env.ini b/src/tests/cookies_encryption_warning/config/encrypt_regexp_cookies_no_env.ini
index 0e1fa30..d4c4535 100644
--- a/src/tests/cookies_encryption_warning/config/encrypt_regexp_cookies_no_env.ini
+++ b/src/tests/cookies_encryption_warning/config/encrypt_regexp_cookies_no_env.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.cookie.name_r("^super_co[a-z]+$").encrypt();
diff --git a/src/tests/cookies_php8/config/config_encrypted_cookies.ini b/src/tests/cookies_php8/config/config_encrypted_cookies.ini
index 4b50440..2d82478 100644
--- a/src/tests/cookies_php8/config/config_encrypted_cookies.ini
+++ b/src/tests/cookies_php8/config/config_encrypted_cookies.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("super_cookie").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/session_encryption/config/config_crypt_session.ini b/src/tests/session_encryption/config/config_crypt_session.ini
index 14b0c2c..054f0f8 100644
--- a/src/tests/session_encryption/config/config_crypt_session.ini
+++ b/src/tests/session_encryption/config/config_crypt_session.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.session.encrypt();
\ No newline at end of file
diff --git a/src/tests/session_encryption/config/config_crypt_session_simul.ini b/src/tests/session_encryption/config/config_crypt_session_simul.ini
index fbd43eb..5e3433b 100644
--- a/src/tests/session_encryption/config/config_crypt_session_simul.ini
+++ b/src/tests/session_encryption/config/config_crypt_session_simul.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.session.encrypt();
 sp.session.simulation();
\ No newline at end of file
diff --git a/src/tests/unserialize/config/config_serialize.ini b/src/tests/unserialize/config/config_serialize.ini
index f2c1699..30e8fba 100644
--- a/src/tests/unserialize/config/config_serialize.ini
+++ b/src/tests/unserialize/config/config_serialize.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.unserialize_hmac.enable();
\ No newline at end of file
diff --git a/src/tests/unserialize/config/config_serialize_sim.ini b/src/tests/unserialize/config/config_serialize_sim.ini
index 7f015e0..c20013f 100644
--- a/src/tests/unserialize/config/config_serialize_sim.ini
+++ b/src/tests/unserialize/config/config_serialize_sim.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.unserialize_hmac.enable().simulation();
diff --git a/src/tests/unserialize/config/dump_unserialize.ini b/src/tests/unserialize/config/dump_unserialize.ini
index 4352a3e..09480cc 100644
--- a/src/tests/unserialize/config/dump_unserialize.ini
+++ b/src/tests/unserialize/config/dump_unserialize.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.unserialize_hmac.enable().dump("/tmp/dump_result/");
diff --git a/src/tests/unserialize/serialize.phpt b/src/tests/unserialize/serialize.phpt
index e93dbaf..8b7c0bc 100644
--- a/src/tests/unserialize/serialize.phpt
+++ b/src/tests/unserialize/serialize.phpt
@@ -9,5 +9,5 @@ sp.configuration_file={PWD}/config/config_serialize.ini
 echo serialize("a");
 ?>
 --EXPECT--
-s:1:"a";650609b417904d0d9bbf1fc44a975d13ecdf6b02b715c1a06271fb3b673f25b1
+s:1:"a";cdbc93e593656164d448db33e4668a3f30fa794d6658016365f7eb453d48b022
 
diff --git a/src/tests/unserialize/unserialize_sim.phpt b/src/tests/unserialize/unserialize_sim.phpt
index 9bff2c1..1256c23 100644
--- a/src/tests/unserialize/unserialize_sim.phpt
+++ b/src/tests/unserialize/unserialize_sim.phpt
@@ -7,12 +7,13 @@ sp.configuration_file={PWD}/config/config_serialize_sim.ini
 --FILE--
 <?php 
 $a=serialize("a");
-echo $a;
+echo $a . PHP_EOL;
 var_dump(unserialize($a));
 var_dump(unserialize('s:1:"a";alyualskdufyhalkdjsfhalkjdhflaksjdfhlkasdhflkahdawkuerylksjdfhlkssjgdflaksjdh1337sjdf'));
 ?>
 --EXPECTF--
-s:1:"a";650609b417904d0d9bbf1fc44a975d13ecdf6b02b715c1a06271fb3b673f25b1string(1) "a"
+s:1:"a";cdbc93e593656164d448db33e4668a3f30fa794d6658016365f7eb453d48b022
+string(1) "a"
 
 Warning: [snuffleupagus][0.0.0.0][unserialize][simulation] Invalid HMAC for s:1:"a";alyualskdufyhalkdjsfh in %a/unserialize_sim.php on line 5
 string(1) "a"
diff --git a/src/tests/unserialize_php8/config/config_serialize.ini b/src/tests/unserialize_php8/config/config_serialize.ini
index 7de4438..e107f15 100644
--- a/src/tests/unserialize_php8/config/config_serialize.ini
+++ b/src/tests/unserialize_php8/config/config_serialize.ini
@@ -1 +1 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
-- 
cgit v1.3