Fixed bug #80747

nikic · nikic · commit 64b108546435 · 2021-02-15T15:34:01.000+01:00
If RSA key generation fails, actually report that failure.
diff --git a/NEWS b/NEWS
@@ -15,6 +15,10 @@ PHP                                                                        NEWS
 - OPcache:
   . Fixed bug #80682 (opcache doesn't honour pcre.jit option). (Remi)
 
+- OpenSSL:
+  . Fixed bug #80747 (Providing RSA key size < 512 generates key that crash
+    PHP). (Nikita)
+
 - Phar:
   . Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o
     semicolon) (cmb)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -4021,6 +4021,8 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req
 						PHP_OPENSSL_RAND_ADD_TIME();
 						if (rsaparam == NULL || !RSA_generate_key_ex(rsaparam, req->priv_key_bits, bne, NULL)) {
 							php_openssl_store_errors();
+							RSA_free(rsaparam);
+							rsaparam = NULL;
 						}
 						BN_free(bne);
 					}
diff --git a/ext/openssl/tests/bug80747.phpt b/ext/openssl/tests/bug80747.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #80747: Providing RSA key size < 512 generates key that crash PHP
+--FILE--
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) die("skip");
+?>
+--FILE--
+<?php
+
+$conf = array(
+    'config' => __DIR__ . DIRECTORY_SEPARATOR . 'openssl.cnf',
+    'private_key_bits' => 511,
+);
+var_dump(openssl_pkey_new($conf));
+
+?>
+--EXPECT--
+bool(false)

Original file line number	Diff line number	Diff line change
`@@ -4021,6 +4021,8 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req`
`4021`	`4021`	`PHP_OPENSSL_RAND_ADD_TIME();`
`4022`	`4022`	`if (rsaparam == NULL \|\| !RSA_generate_key_ex(rsaparam, req->priv_key_bits, bne, NULL)) {`
`4023`	`4023`	`php_openssl_store_errors();`
	`4024`	`+ RSA_free(rsaparam);`
	`4025`	`+ rsaparam = NULL;`
`4024`	`4026`	`}`
`4025`	`4027`	`BN_free(bne);`
`4026`	`4028`	`}`