php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72336 openssl_pkey_new does not properly fail with ivalid DSA params
Submitted: 2016-06-05 14:44 UTC Modified: 2016-06-05 14:48 UTC
From: bukka@php.net Assigned: bukka
Status: Closed Package: OpenSSL related
PHP Version: 5.6.22 OS: Unrelated
Private report: No CVE-ID:
 [2016-06-05 14:44 UTC] bukka@php.net
Description:
------------
There is an issue with failing openssl_pkey_new when DSA is invalid. The example below doesn't use bin2hex which means that the keys are invalid. However due to bug in OpenSSL the function creates a new key that however doesn't have a private part. The reason is that DSA_generate_key doesn't fail because the BN_mod_exp can also return -1 which is not checked.

Test script:
---------------
<?php
$p = '00f8000ae45b2dacb47dd977d58b719d097bdf07cb2c17660ad898518c08' .
	'1a61659a16daadfaa406a0a994c743df5eda07e36bd0adcad921b77432ff' .
	'24ccc31e782d647e66768122b578857e9293df78387dc8b44af2a4a3f305' .
	'1f236b1000a3e31da489c6681b0031f7ec37c2e1091bdb698e7660f135b6' .
	'996def90090303b7ad';

$q = '009b3734fc9f7a4a9d6437ec314e0a78c2889af64b';

$g = '00b320300a0bc55b8f0ec6edc218e2185250f38fbb8291db8a89227f6e41' .
	'00d47d6ccb9c7d42fc43280ecc2ed386e81ff65bc5d6a2ae78db7372f5dc' .
	'f780f4558e7ed3dd0c96a1b40727ac56c5165aed700a3b63997893a1fb21' .
	'4e882221f0dd9604820dc34e2725dd6901c93e0ca56f6d76d495c332edc5' .
	'b81747c4c447a941f3';

openssl_pkey_new(array('dsa' => array('p' => $p, 'q' => $q, 'g' => $g)));
var_dump($dsa === false);

Expected result:
----------------
bool(false)

Actual result:
--------------
bool(true)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-06-05 14:45 UTC] bukka@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: bukka
 [2016-06-05 14:46 UTC] bukka@php.net
Expected result and actual result is actually opposite :)
 [2016-06-05 14:48 UTC] bukka@php.net
And it should be

- openssl_pkey_new(array('dsa' => array('p' => $p, 'q' => $q, 'g' => $g)));
+ $dsa = openssl_pkey_new(array('dsa' => array('p' => $p, 'q' => $q, 'g' => $g)));
 [2016-06-12 17:16 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=54310d95f91bcd286e4bae67891402f782c1e767
Log: Fix bug #72336 (openssl_pkey_new does not fail for invalid DSA params)
 [2016-06-12 17:16 UTC] bukka@php.net
-Status: Assigned +Status: Closed
 [2016-06-12 17:39 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=54310d95f91bcd286e4bae67891402f782c1e767
Log: Fix bug #72336 (openssl_pkey_new does not fail for invalid DSA params)
 [2016-06-12 17:40 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=54310d95f91bcd286e4bae67891402f782c1e767
Log: Fix bug #72336 (openssl_pkey_new does not fail for invalid DSA params)
 [2016-06-22 05:58 UTC] krakjoe@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=54310d95f91bcd286e4bae67891402f782c1e767
Log: Fix bug #72336 (openssl_pkey_new does not fail for invalid DSA params)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Feb 21 16:01:43 2017 UTC