PHP :: Bug #73833 :: null character not allowed in openssl_pkey_get

Bug #73833

null character not allowed in openssl_pkey_get_private

Submitted:

2016-12-29 15:33 UTC

Modified:

2017-04-24 16:01 UTC

Votes:	1
Avg. Score:	1.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

mfaust at usinternet dot com

Assigned:

bukka (profile)

Status:

Closed

Package:

OpenSSL related

PHP Version:

5.6.29

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

[2016-12-29 15:33 UTC] mfaust at usinternet dot com

Description:
------------
When encrypting a private key for export you are allowed to have a null character as part of the password key, but when decrypting with openssl_pkey_get_private it fails to decrypt with the same key.

PHP is compiled against OpenSSL 1.0.1e-fips 11 Feb 2013

Test script:
---------------
//This will fail to decrypt using the first password due to the null byte (\x00)
$passwords = ["abc\x00defghijkl", "abcdefghikjl"];

foreach($passwords as $password){
    $key = openssl_pkey_new();

    if(openssl_pkey_export($key, $privatePEM, $password) === FALSE){
        echo "Failed to encrypt.\n";
    }else{
        echo "Encrypted!\n";
    }

    //This will throw a warning and fail to decrypt.
    if(openssl_pkey_get_private($privatePEM, $password) === FALSE){
        echo "Failed to decrypt.\n";
    }else{
        echo "Decrypted!\n";
    }

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-12-29 15:34 UTC] mfaust at usinternet dot com

missing trailing }, sorry.

[2017-04-24 16:01 UTC] bukka@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: bukka

[2017-04-24 16:11 UTC] bukka@php.net

Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9fa347997a47d5b44515a701b695e47696cba04b
Log: Fix bug #73833 (null character not allowed in openssl_pkey_get_private)

[2017-04-24 16:11 UTC] bukka@php.net

-Status: Assigned +Status: Closed

[2017-04-24 16:13 UTC] bukka@php.net

Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9fa347997a47d5b44515a701b695e47696cba04b
Log: Fix bug #73833 (null character not allowed in openssl_pkey_get_private)

[2017-04-24 16:14 UTC] bukka@php.net

Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9fa347997a47d5b44515a701b695e47696cba04b
Log: Fix bug #73833 (null character not allowed in openssl_pkey_get_private)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 09:01:32 2024 UTC