php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-26 01:18:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs

Browse Source 
Squashed commit of the following:

commit a64c1d9bc4
Author: Tomasz Sawicki <falundir@gmail.com>
Date:   Wed Jun 24 08:49:37 2015 +0200

    Fix #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs

    The "key values mismatch" error is triggered in openssl_pkcs12_read by
    PKCS12_parse, because it uses X509_check_private_key to separate main
    certificate (which corresponds to private key) from extra certificates.
    Extra certificates usually comes first (p12 contents are reversed as
    stack) and X509_check_private_key triggers X509_R_KEY_VALUES_MISMATCH
    error.
    The fix pops "key values mismatch" error from OpenSSL error stack for
    each extra certificate if there are any.
This commit is contained in:
Tjerk Meesters
2015-06-26 05:31:54 +08:00
parent b1ec4515b0
commit 2ff3dafccf
5 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
NEWS
+4
View File
@@ -2,6 +2,10 @@ PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? Jul 2015, PHP 5.6.12
- OpenSSL:
. Fixed bug #69882 (OpenSSL error “key values mismatch” after
openssl_pkcs12_read with extra cert) (Tomasz Sawicki)
09 Jul 2015, PHP 5.6.11
- Core:
ext/openssl/openssl.c
+9 -1
View File
@@ -2575,7 +2575,15 @@ PHP_FUNCTION(openssl_pkcs12_read)
zval * zextracert;
X509* aCA = sk_X509_pop(ca);
if (!aCA) break;
/* fix for bug 69882 */
{
int err = ERR_peek_error();
if (err == OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH) {
ERR_get_error();
}
}
bio_out = BIO_new(BIO_s_mem());
if (PEM_write_bio_X509(bio_out, aCA)) {
BUF_MEM *bio_buf;
ext/openssl/php_openssl.h
+2
View File
@@ -29,6 +29,8 @@ extern zend_module_entry openssl_module_entry;
#define OPENSSL_RAW_DATA 1
#define OPENSSL_ZERO_PADDING 2
#define OPENSSL_ERROR_X509_PRIVATE_KEY_VALUES_MISMATCH 0x0B080074
/* Used for client-initiated handshake renegotiation DoS protection*/
#define OPENSSL_DEFAULT_RENEG_LIMIT 2
#define OPENSSL_DEFAULT_RENEG_WINDOW 300
ext/openssl/tests/bug69882.phpt
+17
View File
@@ -0,0 +1,17 @@
--TEST--
Bug #69882: OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra certs
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
?>
--FILE--
<?php
$p12 = file_get_contents(__DIR__.'/p12_with_extra_certs.p12');
$result = openssl_pkcs12_read($p12, $cert_data, 'qwerty');
var_dump($result);
var_dump(openssl_error_string());
?>
--EXPECTF--
bool(true)
bool(false)
ext/openssl/tests/p12_with_extra_certs.p12
BIN
View File
Binary file not shown.