From 5148ded7268b569fd5e720f90b44645c83ac3e9e Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Mon, 16 Aug 2021 15:47:01 +0200
Subject: fincy new scanner/parser for config rules + fixed a few bugs along
 the way + fixed related unittests

---
 src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt        | 2 +-
 src/tests/cookies_encryption_warning/encrypt_cookies_no_key.phpt        | 2 +-
 src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt | 2 +-
 src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_key.phpt | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/tests/cookies_encryption_warning')

diff --git a/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt b/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt
index 015c159..a01c352 100644
--- a/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt
+++ b/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt
@@ -18,4 +18,4 @@ EOF;
 --EXPECT--
 Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0
 
-Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0
+Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0
diff --git a/src/tests/cookies_encryption_warning/encrypt_cookies_no_key.phpt b/src/tests/cookies_encryption_warning/encrypt_cookies_no_key.phpt
index 42f5509..c47389c 100644
--- a/src/tests/cookies_encryption_warning/encrypt_cookies_no_key.phpt
+++ b/src/tests/cookies_encryption_warning/encrypt_cookies_no_key.phpt
@@ -18,4 +18,4 @@ EOF;
 --EXPECT--
 Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0
 
-Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.encryption_key` option in`sp.global`: please set it first in Unknown on line 0
+Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0
diff --git a/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt b/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt
index 163cb26..1fe4074 100644
--- a/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt
+++ b/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt
@@ -18,4 +18,4 @@ EOF;
 --EXPECT--
 Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0
 
-Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0
+Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0
diff --git a/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_key.phpt b/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_key.phpt
index df31f2e..0da0dbe 100644
--- a/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_key.phpt
+++ b/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_key.phpt
@@ -18,4 +18,4 @@ EOF;
 --EXPECT--
 Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0
 
-Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.encryption_key` option in`sp.global`: please set it first in Unknown on line 0
+Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0
-- 
cgit v1.3


From b4dcbe2dd11efda09adc934fa2563eafc12e9b55 Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Thu, 2 Sep 2021 13:58:01 +0200
Subject: fixed compiler warnings + test cases

---
 src/sp_config_keywords.c                                   |  2 +-
 src/sp_config_scanner.cached.c                             | 14 +++++++-------
 src/sp_config_scanner.re                                   | 14 +++++++-------
 .../broken_conf_cookie_encryption_without_env_var.phpt     |  2 +-
 .../cookies_encryption_warning/encrypt_cookies_no_env.phpt |  2 +-
 .../encrypt_regexp_cookies_no_env.phpt                     |  2 +-
 6 files changed, 18 insertions(+), 18 deletions(-)

(limited to 'src/tests/cookies_encryption_warning')

diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index fd90453..3b6bc0b 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -183,7 +183,7 @@ SP_PARSE_FN(parse_cookie) {
   if (cookie->encrypt) {
     if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var) {
       sp_log_err("config", "You're trying to use the cookie encryption feature on line %zu "
-                            "without having set the `." SP_TOKEN_ENV_VAR "` option in`sp.global`: please set it first", parsed_rule->lineno);
+                            "without having set the `." SP_TOKEN_ENV_VAR "` option in `sp.global`: please set it first", parsed_rule->lineno);
       goto err;
     } else if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) {
       sp_log_err("config", "You're trying to use the cookie encryption feature "
diff --git a/src/sp_config_scanner.cached.c b/src/sp_config_scanner.cached.c
index 26a6652..868d271 100644
--- a/src/sp_config_scanner.cached.c
+++ b/src/sp_config_scanner.cached.c
@@ -154,7 +154,7 @@ const char *yyt4;
   zend_hash_str_add_ptr(&vars, ZEND_STRL("PHP_VERSION_ID"), zend_string_init(ZEND_STRL(ZEND_TOSTR(PHP_VERSION_ID)), 1));
 
 
-  int cond_res[100] = {0};
+  int cond_res[100] = {1};
   int cond_res_i = 0;
   char cond_op[100] = {0};
   int cond_op_i = 0;
@@ -883,7 +883,7 @@ yy111:
       if (cond_op_i == 0 || sy_op_peek() != '(') {
         cs_error_log("unbalanced parathesis on line %d", lineno); goto out;
       }
-      sy_op_pop();
+      cond_op_i--;
       goto yyc_cond_op;
     }
 yy113:
@@ -910,12 +910,12 @@ yy116:
           case '>': op1 = 'G'; break; // >=
         }
       }
-      while (cond_op_i && sy_op_peek() != '(' && ((sy_op_precedence(sy_op_peek()) > sy_op_precedence(*t1)) || (sy_op_precedence(sy_op_peek()) == sy_op_precedence(*t1)) && sy_op_is_left_assoc(*t1))) {
-          SY_APPLY_OP_FROM_STACK();
-        }
-        sy_op_push(*t1);
-        goto yyc_cond;
+      while (cond_op_i && sy_op_peek() != '(' && ((sy_op_precedence(sy_op_peek()) > sy_op_precedence(*t1)) || (sy_op_precedence(sy_op_peek()) == sy_op_precedence(*t1) && sy_op_is_left_assoc(*t1)))) {
+        SY_APPLY_OP_FROM_STACK();
       }
+      sy_op_push(*t1);
+      goto yyc_cond;
+    }
 yy117:
 		yych = *++YYCURSOR;
 		if (yych == '=') goto yy119;
diff --git a/src/sp_config_scanner.re b/src/sp_config_scanner.re
index f911df3..5fd1928 100644
--- a/src/sp_config_scanner.re
+++ b/src/sp_config_scanner.re
@@ -143,7 +143,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key
   zend_hash_str_add_ptr(&vars, ZEND_STRL("PHP_VERSION_ID"), zend_string_init(ZEND_STRL(ZEND_TOSTR(PHP_VERSION_ID)), 1));
 
 
-  int cond_res[100] = {0};
+  int cond_res[100] = {1};
   int cond_res_i = 0;
   char cond_op[100] = {0};
   int cond_op_i = 0;
@@ -220,12 +220,12 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key
           case '>': op1 = 'G'; break; // >=
         }
       }
-      while (cond_op_i && sy_op_peek() != '(' && ((sy_op_precedence(sy_op_peek()) > sy_op_precedence(*t1)) || (sy_op_precedence(sy_op_peek()) == sy_op_precedence(*t1)) && sy_op_is_left_assoc(*t1))) {
-          SY_APPLY_OP_FROM_STACK();
-        }
-        sy_op_push(*t1);
-        goto yyc_cond;
+      while (cond_op_i && sy_op_peek() != '(' && ((sy_op_precedence(sy_op_peek()) > sy_op_precedence(*t1)) || (sy_op_precedence(sy_op_peek()) == sy_op_precedence(*t1) && sy_op_is_left_assoc(*t1)))) {
+        SY_APPLY_OP_FROM_STACK();
       }
+      sy_op_push(*t1);
+      goto yyc_cond;
+    }
     <cond_op> ")" {
       while (cond_op_i && sy_op_peek() != '(') {
         SY_APPLY_OP_FROM_STACK();
@@ -233,7 +233,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key
       if (cond_op_i == 0 || sy_op_peek() != '(') {
         cs_error_log("unbalanced parathesis on line %d", lineno); goto out;
       }
-      sy_op_pop();
+      cond_op_i--;
       goto yyc_cond_op;
     }
     <cond_op> ";" {
diff --git a/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt b/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt
index 25371dd..99e391e 100644
--- a/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt
+++ b/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt
@@ -7,7 +7,7 @@ Broken configuration - encrypted cookie with without cookie env var
 sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_env_var.ini
 --FILE--
 --EXPECT--
-Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0
+Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0
 
 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0
 Could not startup.
diff --git a/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt b/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt
index a01c352..b31bf78 100644
--- a/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt
+++ b/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt
@@ -18,4 +18,4 @@ EOF;
 --EXPECT--
 Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0
 
-Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0
+Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0
diff --git a/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt b/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt
index 1fe4074..d4b7e6a 100644
--- a/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt
+++ b/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt
@@ -18,4 +18,4 @@ EOF;
 --EXPECT--
 Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0
 
-Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0
+Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0
-- 
cgit v1.3


From 9111fdf5e6332923a5faf9f8a7e6b428eb91795a Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Thu, 11 Nov 2021 12:02:07 +0100
Subject: detect dummy or short encryption key

---
 src/sp_config_keywords.c                           | 13 ++++++++++++
 .../config/broken_conf_cookie_name_and_regexp.ini  |  2 +-
 .../config/config_encrypted_cookies_noname.ini     |  2 +-
 .../config_encrypted_regexp_cookies_bad_regexp.ini |  2 +-
 .../config/config_encryption_key_short.ini         |  1 +
 .../encrypt_key_too_short.phpt                     | 23 ++++++++++++++++++++++
 .../encrypt_regexp_cookies_bad_regexp.phpt         |  3 ++-
 .../broken_conf_cookie_name_and_regexp.phpt        |  2 +-
 .../config/broken_conf_cookie_name_and_regexp.ini  |  2 +-
 .../config/config_encrypted_cookies_noname.ini     |  2 +-
 .../config_encrypted_regexp_cookies_bad_regexp.ini |  2 +-
 .../encrypt_key_too_short.phpt                     | 22 +++++++++++++++++++++
 .../encrypt_regexp_cookies_bad_regexp.phpt         |  2 +-
 src/tests/config/config_samesite_cookies.ini       |  2 +-
 src/tests/config/phplog.ini                        |  2 +-
 src/tests/config/sid_length_limit.ini              |  1 +
 src/tests/config/syslog.ini                        |  2 +-
 src/tests/config/syslog_simulation.ini             |  2 +-
 .../config/config_encrypted_cookies.ini            |  2 +-
 .../config/config_encrypted_cookies_empty_env.ini  |  2 +-
 .../config/config_encrypted_cookies_simulation.ini |  2 +-
 .../config/config_encrypted_regexp_cookies.ini     |  2 +-
 .../config_encrypted_regexp_cookies_empty_env.ini  |  2 +-
 .../config/encryption_key_only.ini                 |  2 +-
 src/tests/cookies_encryption/encrypt_cookies.phpt  |  2 +-
 src/tests/cookies_encryption/encrypt_cookies3.phpt |  2 +-
 .../cookies_encryption/encrypt_regexp_cookies.phpt |  2 +-
 .../encrypt_regexp_cookies3.phpt                   |  2 +-
 .../config/encrypt_cookies_no_env.ini              |  2 +-
 .../config/encrypt_regexp_cookies_no_env.ini       |  2 +-
 .../config/config_encrypted_cookies.ini            |  2 +-
 .../config/config_crypt_session.ini                |  2 +-
 .../config/config_crypt_session_simul.ini          |  2 +-
 src/tests/unserialize/config/config_serialize.ini  |  2 +-
 .../unserialize/config/config_serialize_sim.ini    |  2 +-
 src/tests/unserialize/config/dump_unserialize.ini  |  2 +-
 src/tests/unserialize/serialize.phpt               |  2 +-
 src/tests/unserialize/unserialize_sim.phpt         |  5 +++--
 .../unserialize_php8/config/config_serialize.ini   |  2 +-
 39 files changed, 97 insertions(+), 35 deletions(-)
 create mode 100644 src/tests/broken_configuration/config/config_encryption_key_short.ini
 create mode 100644 src/tests/broken_configuration/encrypt_key_too_short.phpt
 create mode 100644 src/tests/broken_configuration_php8/encrypt_key_too_short.phpt
 create mode 100644 src/tests/config/sid_length_limit.ini

(limited to 'src/tests/cookies_encryption_warning')

diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index f6af86b..cf44ed9 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -136,6 +136,19 @@ SP_PARSE_FN(parse_global) {
       {0, 0, 0}};
 
   SP_PROCESS_CONFIG_KEYWORDS_ERR();
+
+  if (SPCFG(encryption_key)) {
+    if (ZSTR_LEN(SPCFG(encryption_key)) < 10) {
+      sp_log_err("config", "The encryption key set on line %zu is too short. please use at least 10 bytes", parsed_rule->lineno);
+      return SP_PARSER_ERROR;
+    }
+    if (zend_string_equals_literal(SPCFG(encryption_key), "YOU _DO_ NEED TO CHANGE THIS WITH SOME RANDOM CHARACTERS.") ||
+        zend_string_equals_literal(SPCFG(encryption_key), "c6a0e02b3b818f7559d5f85303d8fe44")) {
+      sp_log_err("config", "The encryption key set on line %zu is an unchanged dummy value. please use a unique secret.", parsed_rule->lineno);
+      return SP_PARSER_ERROR;
+    }
+  }
+
   return SP_PARSER_STOP;
 }
 
diff --git a/src/tests/broken_configuration/config/broken_conf_cookie_name_and_regexp.ini b/src/tests/broken_configuration/config/broken_conf_cookie_name_and_regexp.ini
index 503889b..6b43b71 100644
--- a/src/tests/broken_configuration/config/broken_conf_cookie_name_and_regexp.ini
+++ b/src/tests/broken_configuration/config/broken_conf_cookie_name_and_regexp.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("my_cookie_name").name_r("my_cookie_regexp").encrypt();
diff --git a/src/tests/broken_configuration/config/config_encrypted_cookies_noname.ini b/src/tests/broken_configuration/config/config_encrypted_cookies_noname.ini
index 048e404..43a4284 100644
--- a/src/tests/broken_configuration/config/config_encrypted_cookies_noname.ini
+++ b/src/tests/broken_configuration/config/config_encrypted_cookies_noname.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/broken_configuration/config/config_encrypted_regexp_cookies_bad_regexp.ini b/src/tests/broken_configuration/config/config_encrypted_regexp_cookies_bad_regexp.ini
index 4fe92fd..817de14 100644
--- a/src/tests/broken_configuration/config/config_encrypted_regexp_cookies_bad_regexp.ini
+++ b/src/tests/broken_configuration/config/config_encrypted_regexp_cookies_bad_regexp.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name_r("^super_co[a-z+$").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/broken_configuration/config/config_encryption_key_short.ini b/src/tests/broken_configuration/config/config_encryption_key_short.ini
new file mode 100644
index 0000000..7de4438
--- /dev/null
+++ b/src/tests/broken_configuration/config/config_encryption_key_short.ini
@@ -0,0 +1 @@
+sp.global.secret_key("abcdef");
diff --git a/src/tests/broken_configuration/encrypt_key_too_short.phpt b/src/tests/broken_configuration/encrypt_key_too_short.phpt
new file mode 100644
index 0000000..fe80be1
--- /dev/null
+++ b/src/tests/broken_configuration/encrypt_key_too_short.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Cookie encryption key too short
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encryption_key_short.ini
+--COOKIE--
+--ENV--
+return <<<EOF
+REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329
+HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
+HTTPS=1
+EOF;
+--FILE--
+<?php
+?>
+--EXPECT--
+PHP Fatal error:  [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] The encryption key set on line 1 is too short. please use at least 10 bytes in Unknown on line 0
+
+Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] The encryption key set on line 1 is too short. please use at least 10 bytes in Unknown on line 0
+
+Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] Invalid configuration file in Unknown on line 0
+Could not startup.
\ No newline at end of file
diff --git a/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt b/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt
index 5383df6..ef83154 100644
--- a/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt
+++ b/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt
@@ -2,11 +2,12 @@
 Cookie decryption in ipv4
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+<?php if (PHP_VERSION_ID >= 80000) print "skip"; ?>
 --INI--
 sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies_bad_regexp.ini
 error_reporting=1
 --COOKIE--
-super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3gV9YJZL/pUeNAjCKFW0U2ywmf1CwHzwd2pWM=;awful_cookie=awful_cookie_value;
+super_cookie=IpRZV4rivSjANrEOSxINd%2FdFe17giJgaAAAAAAAAAAAAAAAAAAAAALnmBVs%2BTILKxauHeGcUyJpR%2BX2UiZ6OamUTaWc=;awful_cookie=awful_cookie_value;
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
diff --git a/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt b/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt
index 8648b4f..c02d67a 100644
--- a/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt
+++ b/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt
@@ -4,7 +4,7 @@ Broken configuration - encrypted cookie with name and regexp
 <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
 <?php if (PHP_VERSION_ID < 80000) print "skip"; ?>
 --INI--
-sp.configuration_file={PWD}/config/broken_conf_cookie_name_and_regexp.ini
+sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_cookie_name_and_regexp.ini
 --FILE--
 --EXPECT--
 
diff --git a/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini b/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini
index 503889b..6b43b71 100644
--- a/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini
+++ b/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("my_cookie_name").name_r("my_cookie_regexp").encrypt();
diff --git a/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini b/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini
index 048e404..43a4284 100644
--- a/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini
+++ b/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini b/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini
index 4fe92fd..817de14 100644
--- a/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini
+++ b/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name_r("^super_co[a-z+$").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt b/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt
new file mode 100644
index 0000000..c14785e
--- /dev/null
+++ b/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Cookie encryption key too short
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+<?php if (PHP_VERSION_ID < 80000) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/../broken_configuration/config/config_encryption_key_short.ini
+--COOKIE--
+--ENV--
+return <<<EOF
+REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329
+HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
+HTTPS=1
+EOF;
+--FILE--
+<?php
+?>
+--EXPECT--
+Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] The encryption key set on line 1 is too short. please use at least 10 bytes in Unknown on line 0
+
+Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] Invalid configuration file in Unknown on line 0
+Could not startup.
\ No newline at end of file
diff --git a/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt b/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt
index 5383df6..6796c5b 100644
--- a/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt
+++ b/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt
@@ -6,7 +6,7 @@ Cookie decryption in ipv4
 sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies_bad_regexp.ini
 error_reporting=1
 --COOKIE--
-super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3gV9YJZL/pUeNAjCKFW0U2ywmf1CwHzwd2pWM=;awful_cookie=awful_cookie_value;
+super_cookie=IpRZV4rivSjANrEOSxINd%2FdFe17giJgaAAAAAAAAAAAAAAAAAAAAALnmBVs%2BTILKxauHeGcUyJpR%2BX2UiZ6OamUTaWc=;awful_cookie=awful_cookie_value;
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
diff --git a/src/tests/config/config_samesite_cookies.ini b/src/tests/config/config_samesite_cookies.ini
index 1ca498a..627ff3e 100644
--- a/src/tests/config/config_samesite_cookies.ini
+++ b/src/tests/config/config_samesite_cookies.ini
@@ -1,4 +1,4 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("super_cookie").samesite("Lax");
 sp.cookie.name("awful_cookie").samesite("strict").encrypt();
 sp.cookie.name("nice_cookie").samesite("STRICT").encrypt();
diff --git a/src/tests/config/phplog.ini b/src/tests/config/phplog.ini
index 4eaa287..7126996 100644
--- a/src/tests/config/phplog.ini
+++ b/src/tests/config/phplog.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.unserialize_hmac.enable();
 sp.log_media("php");
diff --git a/src/tests/config/sid_length_limit.ini b/src/tests/config/sid_length_limit.ini
new file mode 100644
index 0000000..f6ef335
--- /dev/null
+++ b/src/tests/config/sid_length_limit.ini
@@ -0,0 +1 @@
+sp.session.sid_min_length("10").sid_max_length("32");
\ No newline at end of file
diff --git a/src/tests/config/syslog.ini b/src/tests/config/syslog.ini
index 17dce05..2210975 100644
--- a/src/tests/config/syslog.ini
+++ b/src/tests/config/syslog.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.unserialize_hmac.enable();
 sp.log_media("syslog");
diff --git a/src/tests/config/syslog_simulation.ini b/src/tests/config/syslog_simulation.ini
index bb52850..4100444 100644
--- a/src/tests/config/syslog_simulation.ini
+++ b/src/tests/config/syslog_simulation.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.unserialize_hmac.enable().simulation();
 sp.log_media("syslog");
diff --git a/src/tests/cookies_encryption/config/config_encrypted_cookies.ini b/src/tests/cookies_encryption/config/config_encrypted_cookies.ini
index 4b50440..2d82478 100644
--- a/src/tests/cookies_encryption/config/config_encrypted_cookies.ini
+++ b/src/tests/cookies_encryption/config/config_encrypted_cookies.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("super_cookie").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/cookies_encryption/config/config_encrypted_cookies_empty_env.ini b/src/tests/cookies_encryption/config/config_encrypted_cookies_empty_env.ini
index 8368d65..311e0ca 100644
--- a/src/tests/cookies_encryption/config/config_encrypted_cookies_empty_env.ini
+++ b/src/tests/cookies_encryption/config/config_encrypted_cookies_empty_env.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef").cookie_env_var("SUPER_ENV_VAR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("SUPER_ENV_VAR");
 sp.cookie.name("super_cookie").encrypt();
diff --git a/src/tests/cookies_encryption/config/config_encrypted_cookies_simulation.ini b/src/tests/cookies_encryption/config/config_encrypted_cookies_simulation.ini
index 32e24a1..f4f9acc 100644
--- a/src/tests/cookies_encryption/config/config_encrypted_cookies_simulation.ini
+++ b/src/tests/cookies_encryption/config/config_encrypted_cookies_simulation.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("super_cookie").encrypt().simulation();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies.ini b/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies.ini
index 8ea77f7..b6fc8b7 100644
--- a/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies.ini
+++ b/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name_r("^super_co[a-z]+$").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies_empty_env.ini b/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies_empty_env.ini
index da84df7..43f6f94 100644
--- a/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies_empty_env.ini
+++ b/src/tests/cookies_encryption/config/config_encrypted_regexp_cookies_empty_env.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name_r("^super_coo[a-z]+$").encrypt();
diff --git a/src/tests/cookies_encryption/config/encryption_key_only.ini b/src/tests/cookies_encryption/config/encryption_key_only.ini
index 7de4438..e107f15 100644
--- a/src/tests/cookies_encryption/config/encryption_key_only.ini
+++ b/src/tests/cookies_encryption/config/encryption_key_only.ini
@@ -1 +1 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
diff --git a/src/tests/cookies_encryption/encrypt_cookies.phpt b/src/tests/cookies_encryption/encrypt_cookies.phpt
index 49587b7..21ec0ed 100644
--- a/src/tests/cookies_encryption/encrypt_cookies.phpt
+++ b/src/tests/cookies_encryption/encrypt_cookies.phpt
@@ -5,7 +5,7 @@ Cookie decryption in ipv4
 --INI--
 sp.configuration_file={PWD}/config/config_encrypted_cookies.ini
 --COOKIE--
-super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3gV9YJZL/pUeNAjCKFW0U2ywmf1CwHzwd2pWM=;awful_cookie=awful_cookie_value;
+super_cookie=IpRZV4rivSjANrEOSxINd%2FdFe17giJgaAAAAAAAAAAAAAAAAAAAAALnmBVs%2BTILKxauHeGcUyJpR%2BX2UiZ6OamUTaWc=;awful_cookie=awful_cookie_value;
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
diff --git a/src/tests/cookies_encryption/encrypt_cookies3.phpt b/src/tests/cookies_encryption/encrypt_cookies3.phpt
index beb4efb..f5cadcb 100644
--- a/src/tests/cookies_encryption/encrypt_cookies3.phpt
+++ b/src/tests/cookies_encryption/encrypt_cookies3.phpt
@@ -5,7 +5,7 @@ Cookie decryption with ipv6
 --INI--
 sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
 --COOKIE--
-super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABM84SCotZTpP6b27Lr5lavORPMvqaKpcUahvxw=;awful_cookie=awful_cookie_value;
+super_cookie=eFXrR4GCQtT4Q7%2FLRVtDBH44aMC4hI33AAAAAAAAAAAAAAAAAAAAAGrtoM2Mltxj8%2B9dELwitKN42C8ZE1kYX%2BKWwjM%3D;awful_cookie=awful_cookie_value;
 --ENV--
 return <<<EOF
 REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329
diff --git a/src/tests/cookies_encryption/encrypt_regexp_cookies.phpt b/src/tests/cookies_encryption/encrypt_regexp_cookies.phpt
index da44855..41c4f2a 100644
--- a/src/tests/cookies_encryption/encrypt_regexp_cookies.phpt
+++ b/src/tests/cookies_encryption/encrypt_regexp_cookies.phpt
@@ -5,7 +5,7 @@ Cookie decryption in ipv4
 --INI--
 sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
 --COOKIE--
-super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3gV9YJZL/pUeNAjCKFW0U2ywmf1CwHzwd2pWM=;awful_cookie=awful_cookie_value;
+super_cookie=IpRZV4rivSjANrEOSxINd%2FdFe17giJgaAAAAAAAAAAAAAAAAAAAAALnmBVs%2BTILKxauHeGcUyJpR%2BX2UiZ6OamUTaWc=;awful_cookie=awful_cookie_value;
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
diff --git a/src/tests/cookies_encryption/encrypt_regexp_cookies3.phpt b/src/tests/cookies_encryption/encrypt_regexp_cookies3.phpt
index beb4efb..09f0a75 100644
--- a/src/tests/cookies_encryption/encrypt_regexp_cookies3.phpt
+++ b/src/tests/cookies_encryption/encrypt_regexp_cookies3.phpt
@@ -5,7 +5,7 @@ Cookie decryption with ipv6
 --INI--
 sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
 --COOKIE--
-super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABM84SCotZTpP6b27Lr5lavORPMvqaKpcUahvxw=;awful_cookie=awful_cookie_value;
+super_cookie=mzOxoJ9o9Y83iYX15DkJmYrW%2FrJfyB2SAAAAAAAAAAAAAAAAAAAAAKe5DegjtjwoFZirOY4LO6jSlqtZdF%2FUMriwn8w=;awful_cookie=awful_cookie_value;
 --ENV--
 return <<<EOF
 REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329
diff --git a/src/tests/cookies_encryption_warning/config/encrypt_cookies_no_env.ini b/src/tests/cookies_encryption_warning/config/encrypt_cookies_no_env.ini
index 845bd02..b72b311 100644
--- a/src/tests/cookies_encryption_warning/config/encrypt_cookies_no_env.ini
+++ b/src/tests/cookies_encryption_warning/config/encrypt_cookies_no_env.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.cookie.name("super_cookie").encrypt();
diff --git a/src/tests/cookies_encryption_warning/config/encrypt_regexp_cookies_no_env.ini b/src/tests/cookies_encryption_warning/config/encrypt_regexp_cookies_no_env.ini
index 0e1fa30..d4c4535 100644
--- a/src/tests/cookies_encryption_warning/config/encrypt_regexp_cookies_no_env.ini
+++ b/src/tests/cookies_encryption_warning/config/encrypt_regexp_cookies_no_env.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.cookie.name_r("^super_co[a-z]+$").encrypt();
diff --git a/src/tests/cookies_php8/config/config_encrypted_cookies.ini b/src/tests/cookies_php8/config/config_encrypted_cookies.ini
index 4b50440..2d82478 100644
--- a/src/tests/cookies_php8/config/config_encrypted_cookies.ini
+++ b/src/tests/cookies_php8/config/config_encrypted_cookies.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.cookie.name("super_cookie").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/session_encryption/config/config_crypt_session.ini b/src/tests/session_encryption/config/config_crypt_session.ini
index 14b0c2c..054f0f8 100644
--- a/src/tests/session_encryption/config/config_crypt_session.ini
+++ b/src/tests/session_encryption/config/config_crypt_session.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.session.encrypt();
\ No newline at end of file
diff --git a/src/tests/session_encryption/config/config_crypt_session_simul.ini b/src/tests/session_encryption/config/config_crypt_session_simul.ini
index fbd43eb..5e3433b 100644
--- a/src/tests/session_encryption/config/config_crypt_session_simul.ini
+++ b/src/tests/session_encryption/config/config_crypt_session_simul.ini
@@ -1,3 +1,3 @@
-sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
 sp.session.encrypt();
 sp.session.simulation();
\ No newline at end of file
diff --git a/src/tests/unserialize/config/config_serialize.ini b/src/tests/unserialize/config/config_serialize.ini
index f2c1699..30e8fba 100644
--- a/src/tests/unserialize/config/config_serialize.ini
+++ b/src/tests/unserialize/config/config_serialize.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.unserialize_hmac.enable();
\ No newline at end of file
diff --git a/src/tests/unserialize/config/config_serialize_sim.ini b/src/tests/unserialize/config/config_serialize_sim.ini
index 7f015e0..c20013f 100644
--- a/src/tests/unserialize/config/config_serialize_sim.ini
+++ b/src/tests/unserialize/config/config_serialize_sim.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.unserialize_hmac.enable().simulation();
diff --git a/src/tests/unserialize/config/dump_unserialize.ini b/src/tests/unserialize/config/dump_unserialize.ini
index 4352a3e..09480cc 100644
--- a/src/tests/unserialize/config/dump_unserialize.ini
+++ b/src/tests/unserialize/config/dump_unserialize.ini
@@ -1,2 +1,2 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
 sp.unserialize_hmac.enable().dump("/tmp/dump_result/");
diff --git a/src/tests/unserialize/serialize.phpt b/src/tests/unserialize/serialize.phpt
index e93dbaf..8b7c0bc 100644
--- a/src/tests/unserialize/serialize.phpt
+++ b/src/tests/unserialize/serialize.phpt
@@ -9,5 +9,5 @@ sp.configuration_file={PWD}/config/config_serialize.ini
 echo serialize("a");
 ?>
 --EXPECT--
-s:1:"a";650609b417904d0d9bbf1fc44a975d13ecdf6b02b715c1a06271fb3b673f25b1
+s:1:"a";cdbc93e593656164d448db33e4668a3f30fa794d6658016365f7eb453d48b022
 
diff --git a/src/tests/unserialize/unserialize_sim.phpt b/src/tests/unserialize/unserialize_sim.phpt
index 9bff2c1..1256c23 100644
--- a/src/tests/unserialize/unserialize_sim.phpt
+++ b/src/tests/unserialize/unserialize_sim.phpt
@@ -7,12 +7,13 @@ sp.configuration_file={PWD}/config/config_serialize_sim.ini
 --FILE--
 <?php 
 $a=serialize("a");
-echo $a;
+echo $a . PHP_EOL;
 var_dump(unserialize($a));
 var_dump(unserialize('s:1:"a";alyualskdufyhalkdjsfhalkjdhflaksjdfhlkasdhflkahdawkuerylksjdfhlkssjgdflaksjdh1337sjdf'));
 ?>
 --EXPECTF--
-s:1:"a";650609b417904d0d9bbf1fc44a975d13ecdf6b02b715c1a06271fb3b673f25b1string(1) "a"
+s:1:"a";cdbc93e593656164d448db33e4668a3f30fa794d6658016365f7eb453d48b022
+string(1) "a"
 
 Warning: [snuffleupagus][0.0.0.0][unserialize][simulation] Invalid HMAC for s:1:"a";alyualskdufyhalkdjsfh in %a/unserialize_sim.php on line 5
 string(1) "a"
diff --git a/src/tests/unserialize_php8/config/config_serialize.ini b/src/tests/unserialize_php8/config/config_serialize.ini
index 7de4438..e107f15 100644
--- a/src/tests/unserialize_php8/config/config_serialize.ini
+++ b/src/tests/unserialize_php8/config/config_serialize.ini
@@ -1 +1 @@
-sp.global.secret_key("abcdef");
+sp.global.secret_key("abcdefGHIJ");
-- 
cgit v1.3