PHP :: Bug #73833 :: null character not allowed in openssl_pkey_get

Bug #73833

null character not allowed in openssl_pkey_get_private

Submitted:

2016-12-29 15:33 UTC

Modified:

2017-04-24 16:01 UTC

Votes:	1
Avg. Score:	1.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

mfaust at usinternet dot com

Assigned:

bukka (profile)

Status:

Closed

Package:

OpenSSL related

PHP Version:

5.6.29

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mfaust at usinternet dot com
New email:
PHP Version:		OS:

New Comment:

[2016-12-29 15:33 UTC] mfaust at usinternet dot com

Description:
------------
When encrypting a private key for export you are allowed to have a null character as part of the password key, but when decrypting with openssl_pkey_get_private it fails to decrypt with the same key.

PHP is compiled against OpenSSL 1.0.1e-fips 11 Feb 2013

Test script:
---------------
//This will fail to decrypt using the first password due to the null byte (\x00)
$passwords = ["abc\x00defghijkl", "abcdefghikjl"];

foreach($passwords as $password){
    $key = openssl_pkey_new();

    if(openssl_pkey_export($key, $privatePEM, $password) === FALSE){
        echo "Failed to encrypt.\n";
    }else{
        echo "Encrypted!\n";
    }

    //This will throw a warning and fail to decrypt.
    if(openssl_pkey_get_private($privatePEM, $password) === FALSE){
        echo "Failed to decrypt.\n";
    }else{
        echo "Decrypted!\n";
    }

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-12-29 15:34 UTC] mfaust at usinternet dot com

missing trailing }, sorry.

[2017-04-24 16:01 UTC] bukka@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: bukka

[2017-04-24 16:11 UTC] bukka@php.net

Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9fa347997a47d5b44515a701b695e47696cba04b
Log: Fix bug #73833 (null character not allowed in openssl_pkey_get_private)

[2017-04-24 16:11 UTC] bukka@php.net

-Status: Assigned +Status: Closed

[2017-04-24 16:13 UTC] bukka@php.net

Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9fa347997a47d5b44515a701b695e47696cba04b
Log: Fix bug #73833 (null character not allowed in openssl_pkey_get_private)

[2017-04-24 16:14 UTC] bukka@php.net

Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9fa347997a47d5b44515a701b695e47696cba04b
Log: Fix bug #73833 (null character not allowed in openssl_pkey_get_private)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 11:01:29 2024 UTC