php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13522 openssl_seal always returns FALSE
Submitted: 2001-10-02 17:28 UTC Modified: 2002-04-19 00:00 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: kanareykin+nospam at denison dot edu Assigned:
Status: No Feedback Package: OpenSSL related
PHP Version: 4.0.6 OS: SunOS 5.7
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2001-10-02 17:28 UTC] kanareykin+nospam at denison dot edu
I can't get the example openssl_seal() code (given in the online manual) to work. The function always returns FALSE without specifying an error; sealed data and envelope keys are void. I'm using the demo key and certificate that comes with OpenSSL 0.9.6a  (in demos dir) and all of the other functions (like openssl_get_public_key) seem to work, i.e. they return resource identifiers.

Config line:
'./configure' '--with-apxs=/usr/local/apache/bin/apxs'
'--with-cybercash=/usr/installs/mck-3.3.1-sparc-sun-solaris2.7''--with-mysql=/usr/local' '--with-xml' '--with-oci8' '--with-curl=/usr/local''--with-openssl=/usr/local' '--with-ldap=/usr/local'

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-10-03 08:57 UTC] wez@php.net
Please try with PHP 4.0.6 or PHP 4.0.7RC3.
If you are still getting a false return, try using
the openssl_error_string() as mentioned in the online
manual.

--Wez.
 [2001-10-05 16:29 UTC] kanareykin+nospam at denison dot edu
Upgraded to 4.0.6, so now I can use the openssl_error_string() function. However, I still don't see any errors generated
by openssl_seal(). Below is how I use it:

if (openssl_seal($data, $sealed, $ekeys, array($pk1,$pk2)))     {
        echo "Sealed: $sealed\n";
}
else    {
        echo "Could not seal data\n";
        while ($text = openssl_error_string())
                echo "$text \n";
}

This reports no errors. When I try to open the 'encrypted'
data, I do get some errors (I think these are expected):

error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 
error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed 




 [2001-10-08 12:42 UTC] kanareykin+nospam at denison dot edu
Below is the *whole* script. The only output I get is
"There were errors". It can't seal the data, returning
FALSE, but no error messages are generated.

<?php
$cert_path1 = "/usr/installs/openssl-0.9.6a/demos/maurice/cert.pem";
$cert_path2 = "/usr/installs/openssl-0.9.6a/demos/sign/cert.pem";
$data = "This is the data to be sealed";

$fp = fopen($cert_path1, "r");
$cert = fread($fp, 8192);
fclose($fp);
$pk1 = openssl_get_publickey($cert);
$fp = fopen($cert_path2, "r");
$cert = fread($fp, 8192);
fclose($fp);
$pk2 = openssl_get_publickey($cert);

if (openssl_seal($data, $sealed, $ekeys, array($pk1,$pk2)))
        echo "Sealed data: $sealed<br />";
else    {
        echo "There were errors<br />";
        while ($text = openssl_error_string())
                echo "$text <br />";
}
openssl_free_key($pk1);
openssl_free_key($pk2);
?>
 [2001-10-08 18:22 UTC] wez@php.net
The same script works just fine for me with PHP 4.0.7RC3.
Could you try it out too?

http://www.php.net/~zeev/php-4.0.7RC3.tar.gz

--Wez.
 [2001-10-11 15:09 UTC] kanareykin+nospam at denison dot edu
I *probably* could, but I really wouldn't want to put
RC on that machine. Also I don't think PHP version
is the problem - the function should work on 
PHP 4 >= 4.0.4... it must be something in the 
configuration.

Are there any scripts I could use to test if the 
openssl extension is set up properly? 
 [2002-03-16 11:08 UTC] wez@php.net
Have you resolved this problem yet?
 [2002-03-18 09:48 UTC] kanareykin+nospam at denison dot edu
No. But we are planning the long-awaited PHP upgrade on
that server and I might have some news soon.
 [2002-03-18 11:32 UTC] wez@php.net
Setting to feedback until then.

I just thought of something you might try: just build
but not install PHP 4.1.2 as a cgi and retry your script;
you can run the php binary from the source folder and not
risk upsetting the server.
 [2002-04-19 00:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-01-18 21:52 UTC] stanislav dot chachkov at gmail dot com
I have exactly the same problem, with php4.3.10 / openssl OpenSSL 0.9.7e / on BSD/OS 4.2 i386

openssl_error_string return nothing, but openssl_seal returns false.

This is the script:

<?php
	
function seal($info,$key){

  if($pk = openssl_get_publickey($key)){
    echo openssl_error_string();echo '<br>';

    $res=openssl_seal($info, $sealed, $ekeys, array($pk));
    echo openssl_error_string();echo '<br>';
    var_dump($res);echo '<br>';


    openssl_free_key($pk);	
			
    return array('sealed'=>$sealed,'ekey'=>$ekeys[0]);
  }
  echo openssl_error_string();echo '<br>';
  return FALSE;
}

$key="-----BEGIN CERTIFICATE-----
MIIBdDCCAR4CAQAwDQYJKoZIhvcNAQEEBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDAeFw0wNTAxMTgxOTUyMjBaFw0wNTA3MTcxOTUyMjBaMEUxCzAJBgNVBAYTAkFV
MRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRz
IFB0eSBMdGQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAx7Z4soVmUJvKfhtBzKAP
oRs9bdllaaTvy9I1kdf0AVFCKN7+US2LQBpGyCpTuENM+WQxJ6vGtJ2pYhGmbPm5
0QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAlvwJFlCbuagfpc6XM7zY8JP0Gz+CXlbh
NUjPgT8xkXzOBtjNxe+yNmhAfGyMXc7uKR+3tS6uHXzPvMg3PKCvqw==
-----END CERTIFICATE-----
";

print_r(seal("Secret data",$key));echo '<br>';
?>

Returns this:

bool(false)
Array ( [sealed] => [ekey] => ) 

The same script runs ok on another computer (php4.3.9/macosx)
 [2006-05-30 03:02 UTC] mdlazreg at gmail dot com
openssl_seal crashes my http server! with the windows error if I want to send the error to microsoft:

Apache HTTP Server has encountered a problem and needs to close.  We are sorry for the inconvenience.

The rest of openssl functions do work on my machine which is an XP using php 5.1.2 and OpenSSL 0.9.8a.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Mar 07 03:01:23 2021 UTC