php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74555 mysqli_select_db() fails after unrelated openssl calls
Submitted: 2017-05-08 15:17 UTC Modified: 2017-05-08 16:04 UTC
From: spam2 at rhsoft dot net Assigned:
Status: Duplicate Package: MySQLi related
PHP Version: 7.0.18 OS:
Private report: No CVE-ID: None
 [2017-05-08 15:17 UTC] spam2 at rhsoft dot net
Description:
------------
* i have two encrypted database connections to different servers
* all is fine including mysqli_select_db() before each command
* $cl_api->crypto->decrypt($password_crypted, $this->secure_hash) and
  a following mysqli_select_db() in unrelated code and all dies
___________________________________

$cl_api->crypto->decrypt($password_crypted, $this->secure_hash is basically the following code - i just removed the mysqli_select_db() as workaround globally and so the code finished before trigger the problem

private $hash_algo = 'sha256';
private $iv_length;
openssl_decrypt($raw, $this->cipher_algo, openssl_digest($key, $this->hash_algo, true), OPENSSL_RAW_DATA, $iv);
___________________________________

mysqli_select_db() is basically there because at least years ago when working with persistent connections changing the database for one instance changed it also for the other when you used the same credentials and so my database class started switch back to the database of it's own instance before issue any other command

___________________________________

[root@arrakis:~]$ cat messages
May  8 16:51:06 arrakis panel: sftp: Passwortanzeige aktiviert (reindl)
PHP Warning:  mysqli_select_db() [<a href='http://at.php.net/manual/de/function.mysqli-select-db.php'>function.mysqli-select-db.php</a>]: SSL operation failed with code 1. OpenSSL Error messages:#012error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length in global_mysql_class.inc.php on line 340
PHP Warning:  mysqli_select_db() [<a href='http://at.php.net/manual/de/function.mysqli-select-db.php'>function.mysqli-select-db.php</a>]: MySQL server has gone away in global_mysql_class.inc.php on line 340
PHP Warning:  mysqli_select_db() [<a href='http://at.php.net/manual/de/function.mysqli-select-db.php'>function.mysqli-select-db.php</a>]: Error while reading INIT_DB's OK packet. PID=15511 in global_mysql_class.inc.php on line 340
DATABASE-ERROR: show_content.php - /docroot/sftp/library.php line 381 (parent call: /docroot/sftp/module.php on line 346): Datenbank pam_mysql ist nicht vorhanden. - MySQL server has gone away


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-05-08 15:49 UTC] spam2 at rhsoft dot net
well, the whole mysqli ssl-related stuff seems to fall into pieces when openssl_decrypt() is part of the game and you are using encrypted database connections
________________________________

line 382:

$result = mysqli_query($this->conn, $sql, MYSQLI_STORE_RESULT) or $fehler = 1;

what prevents the whole application to fail is that after the first error i close and re-connect the database connection and the connect method has even a small loop with microsleep(1000) to survive restarts of mysqld in 99 of 100 cases unnoticed
________________________________

  if($fehler && !$ignore_errors)
  {
   /** Bei nicht ignorierten Fehlertypen Verbindung neu aufbauen und Query nochmals versuchen */
   if(!in_array(mysqli_errno($this->conn), array_keys($this->ignored_errors)))
   {
    $this->reconnect();
    $fehler = 0;
    if($unbuffered === 0)
    {
     $result = mysqli_query($this->conn, $sql, MYSQLI_STORE_RESULT) or $fehler = 1;
    }
    else
    {
     $result = mysqli_query($this->conn, $sql, MYSQLI_USE_RESULT) or $fehler = 1;
    }
   }
  }
________________________________

May  8 17:39:31 arrakis httpd: PHP Warning:  mysqli_query() [<a href='http://at.php.net/manual/de/function.mysqli-query.php'>function.mysqli-query.php</a>]: SSL operation failed with code 1. OpenSSL Error messages:#012error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length in global_mysql_class.inc.php on line 382
May  8 17:39:31 arrakis httpd: PHP Warning:  mysqli_query() [<a href='http://at.php.net/manual/de/function.mysqli-query.php'>function.mysqli-query.php</a>]: MySQL server has gone away in global_mysql_class.inc.php on line 382
May  8 17:39:31 arrakis httpd: PHP Warning:  mysqli_query() [<a href='http://at.php.net/manual/de/function.mysqli-query.php'>function.mysqli-query.php</a>]: Error reading result set's header in global_mysql_class.inc.php on line 382
May  8 17:39:32 arrakis httpd: PHP Warning:  mysqli_query() [<a href='http://at.php.net/manual/de/function.mysqli-query.php'>function.mysqli-query.php</a>]: SSL operation failed with code 1. OpenSSL Error messages:#012error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length in global_mysql_class.inc.php on line 382
 [2017-05-08 16:04 UTC] requinix@php.net
-Status: Open +Status: Duplicate
 [2017-05-08 16:04 UTC] requinix@php.net
Duplicate of bug #73978, see also https://bugs.php.net/bug.php?id=69524

> In addition the patch was quite big and required some refactoring so there is no
> plan to port it to 7.0 either atm. Only 7.1 has the fix though.
>
> As a workaround for older versions, please call openssl_error_string() after
> openssl_pkey_get_public in your app / script.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Jun 19 10:01:27 2019 UTC