php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73833 null character not allowed in openssl_pkey_get_private
Submitted: 2016-12-29 15:33 UTC Modified: 2017-04-24 16:01 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mfaust at usinternet dot com Assigned: bukka (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.6.29 OS: Linux
Private report: No CVE-ID: None
 [2016-12-29 15:33 UTC] mfaust at usinternet dot com
Description:
------------
When encrypting a private key for export you are allowed to have a null character as part of the password key, but when decrypting with openssl_pkey_get_private it fails to decrypt with the same key.

PHP is compiled against OpenSSL 1.0.1e-fips 11 Feb 2013

Test script:
---------------
//This will fail to decrypt using the first password due to the null byte (\x00)
$passwords = ["abc\x00defghijkl", "abcdefghikjl"];

foreach($passwords as $password){
    $key = openssl_pkey_new();

    if(openssl_pkey_export($key, $privatePEM, $password) === FALSE){
        echo "Failed to encrypt.\n";
    }else{
        echo "Encrypted!\n";
    }

    //This will throw a warning and fail to decrypt.
    if(openssl_pkey_get_private($privatePEM, $password) === FALSE){
        echo "Failed to decrypt.\n";
    }else{
        echo "Decrypted!\n";
    }


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-29 15:34 UTC] mfaust at usinternet dot com
missing trailing }, sorry.
 [2017-04-24 16:01 UTC] bukka@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: bukka
 [2017-04-24 16:11 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9fa347997a47d5b44515a701b695e47696cba04b
Log: Fix bug #73833 (null character not allowed in openssl_pkey_get_private)
 [2017-04-24 16:11 UTC] bukka@php.net
-Status: Assigned +Status: Closed
 [2017-04-24 16:13 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9fa347997a47d5b44515a701b695e47696cba04b
Log: Fix bug #73833 (null character not allowed in openssl_pkey_get_private)
 [2017-04-24 16:14 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9fa347997a47d5b44515a701b695e47696cba04b
Log: Fix bug #73833 (null character not allowed in openssl_pkey_get_private)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC