PHP :: Bug #69556 :: openssl_verify() dumps core when curl.so is loaded before openssl.so

Bug #69556	openssl_verify() dumps core when curl.so is loaded before openssl.so
Submitted:	2015-04-30 21:43 UTC	Modified:	2021-04-06 12:51 UTC
From:	rk at redb dot cz	Assigned:	cmb (profile)
Status:	Closed	Package:	OpenSSL related
PHP Version:	5.6.8	OS:	FreeBSD
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	rk at redb dot cz
New email:
PHP Version:		OS:

New Comment:

[2015-04-30 21:43 UTC] rk at redb dot cz

Description:
------------
When openssl.so is loaded before curl.so, everything is working as expected. Reversed order causes Abort (core dumped).

PHP 5.5.24 gives Warnings (no core dumped):
PHP Warning:  openssl_verify(): Don't know how to get public key from this private key in ...
PHP Warning:  openssl_verify(): supplied key param cannot be coerced into a public key in ...

PHP 5.5.22 works fine.

Test script:
---------------
https://gist.github.com/xert/6da7736f4f7e5ff22177

Expected result:
----------------
int(0)

Actual result:
--------------
Assertion failed: (pkey->pkey.rsa != NULL), function php_openssl_is_private_key, file /wrkdirs/usr/ports/security/php56-openssl/work/php-5.6.8/ext/openssl/openssl.c, line 3447.
Abort (core dumped)

Backtrace:

#0  0x0000000801e2664c in thr_kill () from /lib/libc.so.7
#1  0x0000000801ecac4b in abort () from /lib/libc.so.7
#2  0x0000000801eae315 in __assert () from /lib/libc.so.7
#3  0x00000008044060ad in zif_openssl_csr_get_public_key () from /usr/local/lib/php/20131226-debug/openssl.so
#4  0x000000080440583c in zif_openssl_csr_get_public_key () from /usr/local/lib/php/20131226-debug/openssl.so
#5  0x000000080440b0ce in zif_openssl_verify () from /usr/local/lib/php/20131226-debug/openssl.so
#6  0x000000000069253b in zend_do_fcall_common_helper_SPEC (execute_data=0x802440260) at zend_vm_execute.h:558
#7  0x0000000000698592 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x802440260)
    at zend_vm_execute.h:2599
#8  0x0000000000691af4 in execute_ex (execute_data=0x802440260) at zend_vm_execute.h:363
#9  0x0000000000691b73 in zend_execute (op_array=0x802474b18) at zend_vm_execute.h:388
#10 0x0000000000652e46 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /wrkdirs/usr/ports/lang/php56/work/php-5.6.8/Zend/zend.c:1341
#11 0x00000000005c63df in php_execute_script (primary_file=0x7fffffffe480)
    at /wrkdirs/usr/ports/lang/php56/work/php-5.6.8/main/main.c:2597
#12 0x00000000006fdb7e in do_cli (argc=2, argv=0x7fffffffebe0)
    at /wrkdirs/usr/ports/lang/php56/work/php-5.6.8/sapi/cli/php_cli.c:994
#13 0x00000000006feadd in main (argc=2, argv=0x7fffffffebe0)
    at /wrkdirs/usr/ports/lang/php56/work/php-5.6.8/sapi/cli/php_cli.c:1378

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-04-06 10:51 UTC] cmb@php.net

-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb

[2021-04-06 10:51 UTC] cmb@php.net

Does that still happen to you with any of the actively supported
PHP versions[1]?

[1] <https://www.php.net/supported-versions.php>

[2021-04-06 12:48 UTC] rk at redb dot cz

-Status: Feedback +Status: Assigned

[2021-04-06 12:48 UTC] rk at redb dot cz

It's working fine on 7.4.16 and 8.0.3

[2021-04-06 12:51 UTC] cmb@php.net

-Status: Assigned +Status: Closed

[2021-04-06 12:51 UTC] cmb@php.net

Great, so this ticket can be closed.

Thanks for the swift reply!

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jul 02 10:01:38 2025 UTC