php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #65193 openssl_private_encrypt OAEP only works AFTER PKCS1
Submitted: 2013-07-03 15:04 UTC Modified: 2013-07-03 17:24 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: lynch@php.net Assigned:
Status: Not a bug Package: OpenSSL related
PHP Version: 5.4.11 OS: CentOS 2.6.18
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: lynch@php.net
New email:
PHP Version: OS:

 

 [2013-07-03 15:04 UTC] lynch@php.net 
Description:
------------
A call to openssl_private_encrypt(..., OPENSSL_PKCS1_OAEP_PADDING) fails
unless you call it AFTER openssl_private_encrypt(..., OPENSSL_PKCS1_PADDING)


Test script:
---------------
$private_key_text = file_get_contents('private.pem');

openssl_private_encrypt($decrypted_message, $encrypted_message, $private_key_text, OPENSSL_PKCS1_OAEP_PADDING);
echo "PKCS1_OAEP fails:\n";
var_dump(base64_encode($encrypted_message));
echo "\n";


openssl_private_encrypt($decrypted_message, $encrypted_message, $private_key_text, OPENSSL_PKCS1_PADDING);
echo "PKCS1 works:\n";
var_dump(base64_encode($encrypted_message));
echo "\n";


openssl_private_encrypt($decrypted_message, $encrypted_message, $private_key_text, OPENSSL_PKCS1_OAEP_PADDING);
echo "PKCS1_OAEP works only AFTER PKCS1:\n";
var_dump(base64_encode($encrypted_message));
echo "\n";



Expected result:
----------------
All three outputs the same.

Actual result:
--------------
First output is blank string.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-03 15:09 UTC] lynch@php.net
-PHP Version: 5.3.26 +PHP Version: 5.4.11
 [2013-07-03 15:09 UTC] lynch@php.net 
The PHP Version popup in report form was in a time warp... Corrected here.

OpenSSL version: 0.9.8b

Actual output:

PKCS1_OAEP fails:
string(0) ""

PKCS1 works:
string(172) "gVJcDQJnKJG7PX3+axZMyjph5xi3TFMLWXY2OLD4d62YYhlAmCUnr+WQP/F6//ykx3L/rXS7zfjXFPoyzn5v7dwysM107fS0tXwzngZ1fRjH5iU+1Dv4TJf4dXRZXzYKClDSSiQ0ZrmoGhVo5wx3PY61mEkBLNbS5IvZ75rCLSo="

PKCS1_OAEP works only AFTER PKCS1:
string(172) "gVJcDQJnKJG7PX3+axZMyjph5xi3TFMLWXY2OLD4d62YYhlAmCUnr+WQP/F6//ykx3L/rXS7zfjXFPoyzn5v7dwysM107fS0tXwzngZ1fRjH5iU+1Dv4TJf4dXRZXzYKClDSSiQ0ZrmoGhVo5wx3PY61mEkBLNbS5IvZ75rCLSo="
 [2013-07-03 17:03 UTC] felipe@php.net 
It looks an issue on openssl library.
According to http://openssl.6102.n7.nabble.com/Proplem-with-RSA-private-encrypt-and-OAEP-td45517.html RSA_PKCS1_OAEP_PADDING is not intended to be used with RSA_private_encrypt() function. Probably the lib is ignoring the padding passed after you set a right one.
 [2013-07-03 17:24 UTC] felipe@php.net
-Status: Open +Status: Not a bug
 [2013-07-03 17:24 UTC] felipe@php.net 
Just read the code again, the problem is that the 3th try fails, but the extension does not clean $encrypted_message string. Causing a false positive for you. Just clean the variable before calling the function again.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat May 03 14:01:30 2025 UTC