|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25614 openssl_pkey_get_public() fails when given a private key
Submitted: 2003-09-20 12:27 UTC Modified: 2017-01-08 06:06 UTC
Avg. Score:4.3 ± 0.9
Reproduced:20 of 20 (100.0%)
Same Version:6 (30.0%)
Same OS:5 (25.0%)
From: six at t0x dot net Assigned: pajoye (profile)
Status: Closed Package: OpenSSL related
PHP Version: 6CVS, 5CVS, 4CVS OS: Linux 2.4
Private report: No CVE-ID: None
 [2003-09-20 12:27 UTC] six at t0x dot net
PHP manual states that : "openssl_pkey_new() generates a new private and public key pair. The public component of the key can be obtained using openssl_pkey_get_public()."

However, the following script (see "reproduce-code" section) seems to indicate that openssl_pkey_get_public is broken in some way ...

it should be noted that the two exports ($ex_k and $ex_p) start (and end) with a "RSA PRIVATE KEY" header line

Reproduce code:

$k = openssl_pkey_new();
$p = openssl_pkey_get_public($k);

echo "php version ".phpversion()."\n\n";
echo "generated private key resource : $k\n";
echo "generated public key resource  : $p\n\n";

openssl_pkey_export($k, $ex_k);
openssl_pkey_export($p, $ex_p);

if ($ex_k == $ex_p) echo "exports match :(\n";


Expected result:
php version 4.3.3

generated private key resource : Resource id #4
generated public key resource  : Resource id #5

Actual result:
php version 4.3.3

generated private key resource : Resource id #4
generated public key resource  : Resource id #4

exports match :(


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-09-23 12:10 UTC]
The documentation for openssl_pkey_new() is incorrect.
It doesn't generate a pair of keys at all.

openssl_pkey_get_public() was also slightly broken, in
that it didn't detect that it couldn't get the public key
from the private key.  You can use it to get the public key out of an x509 certificate though (yeah, it sounds weird).

I've added a "fix" for this problem to the CVS that will now warn you about not being able to get the public key from a private key.  This fix will be in 4.3.4.

This stuff is a little bit messy, and its been a while since anyone did any real work on the openssl extension.

The openssl stuff could probably benefit from a review, but this won't happen for PHP 4.3.x, so I'm going to suspend this report until PHP 5 or PHP 5.1 when I get more time.
 [2006-06-01 14:22 UTC] andrey dot gladilin at gmail dot com
To fix this bug you have to change file php-4.4.0/ext/openssl/openssl.c. php-4.4.0 is just my source distributive of PHP.

In file openssl.c replace string 
key = PEM_read_bio_PUBKEY(in, NULL,NULL, NULL);

with another code

    RSA * rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL);
    if(NULL == rsa) {
      throw Exc("Error while processing the Public Key.");

    pkey = EVP_PKEY_new();
    EVP_PKEY_assign_RSA(pkey, rsa);

Unsusccessfully I have no time to test it, but this must work. Hope to see this bugfix in a new release.
 [2006-06-01 14:27 UTC] andrey dot gladilin at gmail dot com
Sorry, it's a c++ code. Hope this wont prevent you from a fix.
 [2006-06-01 14:33 UTC]
Please provide unified diff.
And no C++, thank you.
 [2006-06-01 14:33 UTC]
Unified diff against the current CVS, of course.
 [2009-02-09 10:07 UTC]
take the hand on this one, related to an issue I'm trying to solve as well.
 [2015-04-19 18:19 UTC]
The Documentation on this was fixed sometime ago, If this is a documentation issues it can be closed.
 [2017-01-08 06:06 UTC]
-Status: Assigned +Status: Closed
 [2017-01-08 06:06 UTC]
The documentation appears to reflect current behaviour.

PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Nov 29 19:03:12 2021 UTC