PHP :: Bug #22809 :: OpenSSL fails to compute internal private key from string but works on file

Bug #22809

OpenSSL fails to compute internal private key from string but works on file

Submitted:

2003-03-20 17:52 UTC

Modified:

2003-03-22 20:03 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

php-bugs at liwing dot de

Assigned:

Status:

Closed

Package:

OpenSSL related

PHP Version:

4.3.1

OS:

FreeBSD (4.8RC and 5.0)

Private report:

CVE-ID:

None

View Developer Edit

[2003-03-20 17:52 UTC] php-bugs at liwing dot de

In PHP 4.3.1 the use of OpenSSL fails when the private key comes from a string instead of a file. The test case for openssl fails, too.

To reproduce the bug, simply run the "make test" on a current build FreeBSD system. I don't know about others, but I assume either an incompatibility with OpenSSL 0.9.7a (because the d2i_PrivateKey method used by the php wrapper seems to have a problem).

Using the OpenSSL commandline tools I can use my private/public keys to sign and verify files. Because I don't know much about OpenSSL I cannot verify the reason of the failure. The occurance seems somewhere around line 1747 in file ext/openssl/openssl.c

If the script in the test case isn't enough (what it should), I can attach an own one.

Kind Regards,
Jens

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-03-20 17:53 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2003-03-20 18:04 UTC] php-bugs at liwing dot de

The patch looks good. I'll try to build in in next few days and reply whether it works as expected or not. Did the tests run fine?

[2003-03-20 18:09 UTC] sniper@php.net

The openssl tests do not fail for me at least, but I tested 
this on Linux. (using openSSL 0.9.7a) 

So please give it a go on FreeBSD, it should work now.

[2003-03-21 10:36 UTC] php-bugs at liwing dot de

What I have forgotten. I have replaced the source of PHP-4.3.2RC1 with the stable sources you've recommented. So this is not the error in RC1 (where is it, too) but in yesterdays(?) stable.

[2003-03-21 17:01 UTC] sniper@php.net

DO NOT ADD SUCH LONG PARTS OF TEXT IN HERE!!!!!!

I deleted that comment. Please attach MAXIMUM of 15-20 lines. And preferrably text that actually includes the ERROR
you get.

[2003-03-22 07:01 UTC] php-bugs at liwing dot de

/bin/sh /usr/ports/www/mod_php4/work/php-4.3.2RC1/libtool --silent --preserve-dup-deps --mode=compile cc  -Iext/openssl/ -I/usr/ports/www/mod_php4/work/php-4.3.2RC1/ext/openssl/ -DPHP_ATOM_INC -I/usr/ports/www/mod_php4/work/php-4.3.2RC1/include -I/usr/ports/www/mod_php4/work/php-4.3.2RC1/main -I/usr/ports/www/mod_php4/work/php-4.3.2RC1 -I/usr/ports/www/mod_php4/work/php-4.3.2RC1/Zend -I/usr/local/include/libxml2 -I/usr/local/include -I/usr/local/include/freetype2 -I/usr/local/include/mysql  -I/usr/ports/www/mod_php4/work/php-4.3.2RC1/TSRM  -O -pipe -DNO_WERROR -march=pentium2 -I/usr/local/include  -prefer-pic -c /usr/ports/www/mod_php4/work/php-4.3.2RC1/ext/openssl/openssl.c -o ext/openssl/openssl.lo
/usr/ports/www/mod_php4/work/php-4.3.2RC1/ext/openssl/openssl.c: In function `zif_openssl_pkey_export_to_file':
/usr/ports/www/mod_php4/work/php-4.3.2RC1/ext/openssl/openssl.c:1911: warning: assignment discards qualifiers from pointer target type
/usr/ports/www/mod_php4/work/php-4.3.2RC1/ext/openssl/openssl.c: In function `zif_openssl_pkey_export':
/usr/ports/www/mod_php4/work/php-4.3.2RC1/ext/openssl/openssl.c:1962: warning: assignment discards qualifiers from pointer target type
/usr/ports/www/mod_php4/work/php-4.3.2RC1/ext/openssl/openssl.c: In function `zif_openssl_pkcs7_encrypt':
/usr/ports/www/mod_php4/work/php-4.3.2RC1/ext/openssl/openssl.c:2222: warning: assignment discards qualifiers from pointer target type


Except those warnings openssl works fine

[2003-03-22 18:35 UTC] sniper@php.net

Just ignore those warnings.

[2003-03-22 20:03 UTC] php-bugs at liwing dot de

You should never ignore such warnings. They can became critical one fine day. If you want, I send you a patch, but I don't think 'ignore' is a good way :-(

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Nov 23 13:01:29 2024 UTC