Edit report at https://bugs.php.net/bug.php?id=61930&edit=1
ID: 61930
Updated by: s...@php.net
Reported by: s...@php.net
Summary: openssl corrupts ssl key resource when using
openssl_get_publickey()
Status: Open
Type: Bug
Package: OpenSSL related
Operating System: *
PHP Version: 5.4.2
Block user comment: N
Private report: N
New Comment:
The problem happens because php_openssl_evp_from_zval on receiving resource
with
public key, is doing just this:
if (resourceval) {
*resourceval = Z_LVAL_PP(val);
}
and then:
return (EVP_PKEY*)what;
while openssl_pkey_get_public() does this:
Z_TYPE_P(return_value) = IS_RESOURCE;
pkey = php_openssl_evp_from_zval(cert, 1, NULL, 1, &Z_LVAL_P(return_value)
TSRMLS_CC);
so the refcount of the resource in return_value is never increased, even though
it is assigned now to another variable. When the return_value is freed, so is
the resource, thus corrupting data in $key.
Previous Comments:
------------------------------------------------------------------------
[2012-05-03 20:18:08] s...@php.net
Description:
------------
If openssl_get_publickey() is applied to a key resource, the resource that
comes
out of it has wrong refcount and if freed, the argument of
openssl_get_publickey() gets freed too.
Test script:
---------------
If we have a certificate in $cert and data in $data and valid signature in
$sign, this works:
$key = openssl_get_publickey($cert);
var_dump(openssl_verify($data, $sig, $key));
however this does not:
$key = openssl_get_publickey($cert);
var_dump(openssl_get_publickey($key));
var_dump(openssl_verify($data, $sig, $key));
it produces errors like this:
Warning: openssl_verify(): 4 is not a valid OpenSSL X.509/key resource in
/Users/smalyshev/osslbug.php on line 29
Warning: openssl_verify(): supplied key param cannot be coerced into a public
key in /Users/smalyshev/osslbug.php on line 29
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=61930&edit=1
