php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73978 openssl_decrypt triggers bug in PDO
Submitted: 2017-01-23 11:43 UTC Modified: 2017-01-25 07:37 UTC
From: schmittjoh at gmail dot com Assigned: bukka
Status: Closed Package: OpenSSL related
PHP Version: 7.1.1 OS: Ubuntu 16.04
Private report: No CVE-ID:
 [2017-01-23 11:43 UTC] schmittjoh at gmail dot com
Description:
------------
We get an SSL error when connecting to a secure MySQL server for some queries:

Warning: PDOStatement::execute(): SSL operation failed with code 1. OpenSSL Error messages:
error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length
error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length

The error happens for the next query after we used the openssl_decrypt function in our code. It seems like this function is not properly encapsulated or leaves some state behind which then triggers the error in PDO.

I was not able to reproduce a test-case with values that would not expose our secret, but making a second call to openssl_decrypt with no meaningful values fixes it.

Test script:
---------------
// This query runs fine.
$con->prepare("SELECT 1")->execute()->fetchColumn();

// This call leaves some state behind that causes error on second query.
openssl_decrypt(/* real arguments here */);

// Adding a call like this works around the bug.
// openssl_decrypt('', 'AES-256-CBC', '', 0, '');

// Error on this query.
$con->prepare("SELECT 1")->execute()->fetchColumn();


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-23 11:48 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2017-01-23 11:48 UTC] requinix@php.net
What happens if you do the problematic openssl_decrypt() *before* the connection?
 [2017-01-23 12:01 UTC] schmittjoh at gmail dot com
If you run openssl_decrypt before the connection is created, the queries run through fine.
 [2017-01-23 17:09 UTC] dz at heroku dot com
Interesting; does this also happen with 7.0?
 [2017-01-24 12:22 UTC] bukka@php.net
-Status: Feedback +Status: Assigned -Assigned To: +Assigned To: bukka
 [2017-01-24 12:22 UTC] bukka@php.net
Looks like I missed this one (meaning forgot to add error storing in there)... Will fix it as soon as I get chance. If you want to fix it before it's released just call openssl_error_string() after openssl_decrypt which will move errors from the error queue.

Btw. the reason for that that you pass key ($password) with size different that key lenght (for AES-256 it's 256bit = 32 bytes) which is either fill with zero bytes (if shorter) or trimmed (if longer) so you can also fix it by passing correct key... ;)
 [2017-01-24 12:35 UTC] bukka@php.net
-Package: PDO MySQL +Package: OpenSSL related
 [2017-01-25 07:37 UTC] requinix@php.net
Bug #69524 looks like the same issue.
 [2017-01-25 19:55 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=519b0dc886aed287e5c3472df9c879186f5112c2
Log: Fix bug #73978 (openssl_decrypt triggers bug in PDO)
 [2017-01-25 19:55 UTC] bukka@php.net
-Status: Assigned +Status: Closed
 [2017-01-25 19:56 UTC] bukka@php.net
Automatic comment on behalf of bukka
Revision: http://git.php.net/?p=php-src.git;a=commit;h=519b0dc886aed287e5c3472df9c879186f5112c2
Log: Fix bug #73978 (openssl_decrypt triggers bug in PDO)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue May 30 09:02:04 2017 UTC