php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69524 openssl-pkey-get-public() kill mysql(i) connection with ssl
Submitted: 2015-04-24 14:06 UTC Modified: 2017-01-26 20:42 UTC
Votes:8
Avg. Score:4.5 ± 0.7
Reproduced:7 of 7 (100.0%)
Same Version:1 (14.3%)
Same OS:3 (42.9%)
From: js at xim dot de Assigned: bukka (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.6.8 OS: Linux Debian
Private report: No CVE-ID: None
 [2015-04-24 14:06 UTC] js at xim dot de
Description:
------------
mysqli => Uptime: 453701  Threads: 2  Questions: 34649  Slow queries: 0  Opens: 299  Flush tables: 1  Open tables: 151  Queries per second avg: 0.076
mysqli => Resource id #10

Warning: mysqli::stat(): SSL operation failed with code 1. OpenSSL Error messages:
error:0906D06C:PEM routines:PEM_read_bio:no start line in ~/test.php on line 17

Warning: mysqli::stat(): MySQL server has gone away in ~/test.php on line 17
mysqli =>

---------------------

php version 5.6.6 works but not after :(

Test script:
---------------
$mysqli = mysqli_init();
if(!$mysqli) { exit(1);}
if(!$mysqli->real_connect('host', 'user', '*********', 'information_schema', 3306, NULL, MYSQLI_CLIENT_SSL)) { exit(2); }

echo 'mysqli => ' . $mysqli->stat() . "\n";

$openssl_pkey_get_public = openssl_pkey_get_public('-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZkX4HXSiL5YPdaHeAIZ
IsE+jOTdQQzl2R8geQuOB2ODtlSUzMSWEH1o4AQtdTdoQljdiUfoUQQUaMAVj4K9
QsPV8I+by3nhR2kkgjkobspnxfTbMnVkhNlAAeBOrVDO1OF32r/SWrHH1W+WnjRp
g+60bAFvO06OEfVjOTlc4jJAuQq1BCuHalU88yb6wED6A9iP9FLQrQDtKUhTNXRe
v/iBpCKTDGzakao6hJspNrw8sS2FsdzQ8TZdlJ4jTaT8DjMGYsu29Mrov0ybUk0D
zG1Uk+os/0Bz1BnNcCIqRNuNQo5zjOOTE3DkK1Q9wse1TjEi/cCn74H9OWpSlYY3
CQIDAQAB
-----END PUBLIC KEY-----');

echo 'mysqli => ' . print_r($openssl_pkey_get_public,true) . "\n";
echo 'mysqli => ' . $mysqli->stat() . "\n";

$mysqli->close();


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-05-02 16:36 UTC] roy at chameleon dot ad
I can confirm a similar issue when using openssl_public_encrypt

If the mysql_conn has been opened before (and is using ssl) calling failing $mysqli->query() will fail with error 

PHP Warning:  mysqli::query(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:0906D06C:PEM routines:PEM_read_bio:no start line in XXXX on line 35\nPHP message: PHP Warning:  mysqli::query(): MySQL server has gone away in XXXX on line 35\nPHP message: PHP Warning:  mysqli::query(): Error reading result set's header in XXXX on line 35\n', referer: http://chameleon.ad/signup.php

I am using php 5.6.18
 [2016-06-10 05:33 UTC] samm at net-art dot cz
I can confirm the issue with pdo-mysql:

This is a test script:
<?php
$pdo = new PDO(
    'mysql:host=dbhost.com;dbname=db',
    'dbuser',
    'dbpass',
    array(
       /* PDO::MYSQL_ATTR_SSL_KEY    =>'/path/to/client-key.pem',
        PDO::MYSQL_ATTR_SSL_CERT=>'/path/to/client-cert.pem', */
       PDO::MYSQL_ATTR_SSL_CA    =>'/etc/rds-combined-ca-bundle.pem'
    ));
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$query="SELECT 1+1";
$query = $pdo->prepare($query);
$query->execute();
$row = $query->fetch(PDO::FETCH_ASSOC);
var_dump($row);

$openssl_pkey_get_public = openssl_pkey_get_public('-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZkX4HXSiL5YPdaHeAIZ
IsE+jOTdQQzl2R8geQuOB2ODtlSUzMSWEH1o4AQtdTdoQljdiUfoUQQUaMAVj4K9
QsPV8I+by3nhR2kkgjkobspnxfTbMnVkhNlAAeBOrVDO1OF32r/SWrHH1W+WnjRp
g+60bAFvO06OEfVjOTlc4jJAuQq1BCuHalU88yb6wED6A9iP9FLQrQDtKUhTNXRe
v/iBpCKTDGzakao6hJspNrw8sS2FsdzQ8TZdlJ4jTaT8DjMGYsu29Mrov0ybUk0D
zG1Uk+os/0Bz1BnNcCIqRNuNQo5zjOOTE3DkK1Q9wse1TjEi/cCn74H9OWpSlYY3
CQIDAQAB
-----END PUBLIC KEY-----');

$query="SELECT 2+2";
$query = $pdo->prepare($query);
$query->execute();
$row = $query->fetch(PDO::FETCH_ASSOC);
var_dump($row);
?>

This is a return:
# php sqltest.php
array(1) {
  ["1+1"]=>
  string(1) "2"
}
PHP Warning:  PDOStatement::execute(): SSL operation failed with code 1. OpenSSL Error messages:
error:0906D06C:PEM routines:PEM_read_bio:no start line in /home/ubuntu/sqltest.php on line 31
PHP Warning:  PDOStatement::execute(): MySQL server has gone away in /home/ubuntu/sqltest.php on line 31
PHP Warning:  PDOStatement::execute(): Error reading result set's header in /home/ubuntu/sqltest.php on line 31
PHP Fatal error:  Uncaught PDOException: SQLSTATE[HY000]: General error: 2006 MySQL server has gone away in /home/ubuntu/sqltest.php:31
Stack trace:
#0 /home/ubuntu/sqltest.php(31): PDOStatement->execute()
#1 {main}
  thrown in /home/ubuntu/sqltest.php on line 31

As you could see - second query failed, right after openssl_pkey_get_public call.


root@ip-172-32-2-133:~# php -v
PHP 7.0.7-4+deb.sury.org~wily+1 (cli) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
 [2017-01-25 07:17 UTC] jarkkohyvarinen at hotmail dot com
I have also experienced the same issue with pdo-mysql.

PHP 5.6.28
CentOS 6.8
OpenSSL 1.0.1e
 [2017-01-25 07:39 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2017-01-25 07:39 UTC] requinix@php.net
https://bugs.php.net/bug.php?id=73978 looks like the same issue.

@jarkkohyvarinen or anyone: What happens if you put
  openssl_error_string();
after your call to openssl_pkey_get_public or whatever other OpenSSL function?
 [2017-01-25 14:30 UTC] jarkkohyvarinen at hotmail dot com
If I call openssl_error_string() after openssl_pkey_get_public() the issue does not occur and queries through PDO object works fine. But if I put an invalid string to openssl_pkey_get_public the issue still occurs even if I call openssl_error_string.
 [2017-01-25 19:59 UTC] bukka@php.net
-Status: Feedback +Status: Closed -Package: MySQLi related +Package: OpenSSL related -Assigned To: +Assigned To: bukka
 [2017-01-25 19:59 UTC] bukka@php.net
This has been resolved in PHP 7.1 and should not be longer a problem.
 [2017-01-26 03:57 UTC] jarkkohyvarinen at hotmail dot com
Is this patch going to be merged to 5.6 also?
 [2017-01-26 20:42 UTC] bukka@php.net
5.6 is closed and only security bugs are accepted so no it won't be merged to 5.6

In addition the patch was quite big and required some refactoring so there is no plan to port it to 7.0 either atm. Only 7.1 has the fix though.

As a workaround for older versions, please call openssl_error_string() after openssl_pkey_get_public in your app / script.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Jun 24 13:01:26 2019 UTC