|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13522 openssl_seal always returns FALSE
Submitted: 2001-10-02 17:28 UTC Modified: 2002-04-19 00:00 UTC
Avg. Score:4.3 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: kanareykin+nospam at denison dot edu Assigned:
Status: No Feedback Package: OpenSSL related
PHP Version: 4.0.6 OS: SunOS 5.7
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2001-10-02 17:28 UTC] kanareykin+nospam at denison dot edu
I can't get the example openssl_seal() code (given in the online manual) to work. The function always returns FALSE without specifying an error; sealed data and envelope keys are void. I'm using the demo key and certificate that comes with OpenSSL 0.9.6a  (in demos dir) and all of the other functions (like openssl_get_public_key) seem to work, i.e. they return resource identifiers.

Config line:
'./configure' '--with-apxs=/usr/local/apache/bin/apxs'
'--with-cybercash=/usr/installs/mck-3.3.1-sparc-sun-solaris2.7''--with-mysql=/usr/local' '--with-xml' '--with-oci8' '--with-curl=/usr/local''--with-openssl=/usr/local' '--with-ldap=/usr/local'


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-10-03 08:57 UTC]
Please try with PHP 4.0.6 or PHP 4.0.7RC3.
If you are still getting a false return, try using
the openssl_error_string() as mentioned in the online

 [2001-10-05 16:29 UTC] kanareykin+nospam at denison dot edu
Upgraded to 4.0.6, so now I can use the openssl_error_string() function. However, I still don't see any errors generated
by openssl_seal(). Below is how I use it:

if (openssl_seal($data, $sealed, $ekeys, array($pk1,$pk2)))     {
        echo "Sealed: $sealed\n";
else    {
        echo "Could not seal data\n";
        while ($text = openssl_error_string())
                echo "$text \n";

This reports no errors. When I try to open the 'encrypted'
data, I do get some errors (I think these are expected):

error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 
error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed 

 [2001-10-08 12:42 UTC] kanareykin+nospam at denison dot edu
Below is the *whole* script. The only output I get is
"There were errors". It can't seal the data, returning
FALSE, but no error messages are generated.

$cert_path1 = "/usr/installs/openssl-0.9.6a/demos/maurice/cert.pem";
$cert_path2 = "/usr/installs/openssl-0.9.6a/demos/sign/cert.pem";
$data = "This is the data to be sealed";

$fp = fopen($cert_path1, "r");
$cert = fread($fp, 8192);
$pk1 = openssl_get_publickey($cert);
$fp = fopen($cert_path2, "r");
$cert = fread($fp, 8192);
$pk2 = openssl_get_publickey($cert);

if (openssl_seal($data, $sealed, $ekeys, array($pk1,$pk2)))
        echo "Sealed data: $sealed<br />";
else    {
        echo "There were errors<br />";
        while ($text = openssl_error_string())
                echo "$text <br />";
 [2001-10-08 18:22 UTC]
The same script works just fine for me with PHP 4.0.7RC3.
Could you try it out too?

 [2001-10-11 15:09 UTC] kanareykin+nospam at denison dot edu
I *probably* could, but I really wouldn't want to put
RC on that machine. Also I don't think PHP version
is the problem - the function should work on 
PHP 4 >= 4.0.4... it must be something in the 

Are there any scripts I could use to test if the 
openssl extension is set up properly? 
 [2002-03-16 11:08 UTC]
Have you resolved this problem yet?
 [2002-03-18 09:48 UTC] kanareykin+nospam at denison dot edu
No. But we are planning the long-awaited PHP upgrade on
that server and I might have some news soon.
 [2002-03-18 11:32 UTC]
Setting to feedback until then.

I just thought of something you might try: just build
but not install PHP 4.1.2 as a cgi and retry your script;
you can run the php binary from the source folder and not
risk upsetting the server.
 [2002-04-19 00:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-01-18 21:52 UTC] stanislav dot chachkov at gmail dot com
I have exactly the same problem, with php4.3.10 / openssl OpenSSL 0.9.7e / on BSD/OS 4.2 i386

openssl_error_string return nothing, but openssl_seal returns false.

This is the script:

function seal($info,$key){

  if($pk = openssl_get_publickey($key)){
    echo openssl_error_string();echo '<br>';

    $res=openssl_seal($info, $sealed, $ekeys, array($pk));
    echo openssl_error_string();echo '<br>';
    var_dump($res);echo '<br>';

    return array('sealed'=>$sealed,'ekey'=>$ekeys[0]);
  echo openssl_error_string();echo '<br>';
  return FALSE;

$key="-----BEGIN CERTIFICATE-----

print_r(seal("Secret data",$key));echo '<br>';

Returns this:

Array ( [sealed] => [ekey] => ) 

The same script runs ok on another computer (php4.3.9/macosx)
 [2006-05-30 03:02 UTC] mdlazreg at gmail dot com
openssl_seal crashes my http server! with the windows error if I want to send the error to microsoft:

Apache HTTP Server has encountered a problem and needs to close.  We are sorry for the inconvenience.

The rest of openssl functions do work on my machine which is an XP using php 5.1.2 and OpenSSL 0.9.8a.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Apr 15 06:01:31 2024 UTC