PHP :: Bug #74700 :: Faulty returned values openssl_pkey_get

Bug #74700

Faulty returned values openssl_pkey_get_details

Submitted:

2017-06-06 09:53 UTC

Modified:

2017-06-11 16:49 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

nothingam at protonmail dot com

Assigned:

bukka (profile)

Status:

Not a bug

Package:

OpenSSL related

PHP Version:

5.6.30

OS:

Debian

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	nothingam at protonmail dot com
New email:
PHP Version:		OS:

New Comment:

[2017-06-06 09:53 UTC] nothingam at protonmail dot com

Description:
------------
The 'openssl_pkey_get_details' function for OPENSSL_KEYTYPE_DH typed keys seems to return faulty 'pub_key's (probably 'priv_key's too).
If the last byte is zero byte (0x00), the returned value in the $ret['dh']['pub_key'] is shorter than expected (obviously with one byte in this case).

I've successfully reproduced the problem on:
- Windows: PHP 5.5.12 (cli) (built: Apr 30 2014 11:20:58)
- Debian: PHP 5.6.30-0+deb8u1 (cli) (built: Feb  8 2017 08:50:21)



---
From manual page: http://www.php.net/function.openssl-pkey-get-details
---


Test script:
---------------
$DH_DEFAULT_PRIME = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF";
$DH_DEFAULT_GENERATOR = '02';
for($i=0; $i < 500; $i++) {
	$details = array();
	$details['p'] = pack('H*', $DH_DEFAULT_PRIME);
	$details['g'] = pack('H*', $DH_DEFAULT_GENERATOR);
	$res = openssl_pkey_new(array("dh" => $details));
	$details = openssl_pkey_get_details($res);
	$privateKey = $details['dh']['priv_key'];
	$publicKey = $details['dh']['pub_key'];
	if (strlen($publicKey) != $details['bits']/8) {
		echo "Whooaa!";
	}
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-06-11 16:49 UTC] bukka@php.net

-Status: Open +Status: Not a bug -Assigned To: +Assigned To: bukka

[2017-06-11 16:49 UTC] bukka@php.net

This is expected and it's what we get from BN_bin2bn. Just to correct you, it won't happen for the last byte but the first byte.

[2017-06-12 09:01 UTC] nothingam at protonmail dot com

Thanks for the correction, i've tested it and really is the first byte missing. 
If i get it correctly, it happens because the highest bits are not always set, so the bit length of the bignum can differ from the key length. The BN_bn2bin stores the value in big endian format, hence the left most byte is the most significant one.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jul 03 19:01:35 2025 UTC