Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`dump_privatekey` truncates key when null byte in passphrase

See original GitHub issue

This shouldn’t be a thing…

import OpenSSL

pk_passphrase = b"12345\x0067890"
truncated_passphrase = pk_passphrase.split(b"\x00", 1)[0]

plain_pk = """-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMcRMugJ4kvkOEuT
AvMFr9+3A6+HAB6nKYcXXZz93ube8rJpBZQEfWn73H10dQiQR/a+rhxYEeLy8dPc
UkFcGR9miVkukJ59zex7iySJY76bdBD8gyx1LTKrkCstP2XHKEYqgbj+tm7VzJnY
sQLqoaa5NeyWJnUC3MJympkAS7p3AgMBAAECgYAoBAcNqd75jnjaiETRgVUnTWzK
PgMCJmwsob/JrSa/lhWHU6Exbe2f/mcGOQDFpesxaIcrX3DJBDkkc2d9h/vsfo5v
JLk/rbHoItWxwuY5n5raAPeQPToKpTDxDrL6Ejhgcxd19wNht7/XSrYZ+dq3iU6G
mOEvU2hrnfIW3kwVYQJBAP62G6R0gucNfaKGtHzfR3TN9G/DnCItchF+TxGTtpdh
Cz32MG+7pirT/0xunekmUIp15QHdRy496sVxWTCooLkCQQDIEwXTAwhLNRGFEs5S
jSkxNfTVeNiOzlG8jPBJJDAdlLt1gUqjZWnk9yU+itMSGi/6eeuH2n04FFk+SV/T
7ryvAkB0y0ZDk5VOozX/p2rtc2iNm77A3N4kIdiTQuq4sZXhNgN0pwWwxke8jbcb
8gEAnqwBwWt//locTxHu9TmjgT8pAkEAlbF16B0atXptM02QxT8MlN8z4gxaqu4/
RX2FwpOq1FcVsqMbvwj/o+ouGY8wwRiK0TMrQCf/DFhdNTcc1aqHzQJBAKWtq4LI
uVZjCAuyrqEnt7R1bOiLrar+/ezJPY2z+f2rb1TGr31ztPeFvO3edLw+QdhzwJGp
QKImYzqMe+zkIOQ=
-----END PRIVATE KEY-----
"""

pkey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, plain_pk)

encrypted_pk = OpenSSL.crypto.dump_privatekey(
    OpenSSL.crypto.FILETYPE_PEM, pkey, "AES-256-CBC", pk_passphrase
)


decrypted_pk_obj = OpenSSL.crypto.load_privatekey(
    OpenSSL.crypto.FILETYPE_PEM, encrypted_pk, truncated_passphrase
)
decrypted_pk = OpenSSL.crypto.dump_privatekey(
    OpenSSL.crypto.FILETYPE_PEM, decrypted_pk_obj
).decode()

assert plain_pk == decrypted_pk

Issue Analytics

State:
Created 3 years ago
Comments:5 (5 by maintainers)

Top GitHub Comments

1reaction

reaperhulkcommented, Sep 26, 2020

Ah I see what you’re saying here. pyOpenSSL uses PEM_write_bio_PrivateKey and PEM_read_bio_PrivateKey using the pem_password_cb for this, which doesn’t allow passing a length (so it computes it via null terminated logic). These functions also take a char * and length though so not sure why it was originally done this way. We’d take a patch to fix this since it’s foolish, but in general our recommendation with these APIs is to use cryptography where possible (which doesn’t make this mistake).

0reactions

huwcbjonescommented, Sep 24, 2020

Basically, this MWE shows that if a passphrase contains a null byte and that passphrase is used to dump a PK. Then if you thought you were encrypting with a 32 byte key, you won’t be; you’ll be using however many bytes up to the null byte.

We found this because we managed to generate a random key that had a null byte as the first byte and OpenSSL exploded saying you can’t encrypt with an empty string for a key 😂