php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25614 openssl_pkey_get_public() fails when given a private key
Submitted: 2003-09-20 12:27 UTC Modified: 2017-01-08 06:06 UTC
Votes:23
Avg. Score:4.3 ± 0.9
Reproduced:20 of 20 (100.0%)
Same Version:6 (30.0%)
Same OS:5 (25.0%)
From: six at t0x dot net Assigned: pajoye (profile)
Status: Closed Package: OpenSSL related
PHP Version: 6CVS, 5CVS, 4CVS OS: Linux 2.4
Private report: No CVE-ID: None
 [2003-09-20 12:27 UTC] six at t0x dot net
Description:
------------
PHP manual states that : "openssl_pkey_new() generates a new private and public key pair. The public component of the key can be obtained using openssl_pkey_get_public()."

However, the following script (see "reproduce-code" section) seems to indicate that openssl_pkey_get_public is broken in some way ...

it should be noted that the two exports ($ex_k and $ex_p) start (and end) with a "RSA PRIVATE KEY" header line


Reproduce code:
---------------
<?

$k = openssl_pkey_new();
$p = openssl_pkey_get_public($k);

echo "php version ".phpversion()."\n\n";
echo "generated private key resource : $k\n";
echo "generated public key resource  : $p\n\n";

openssl_pkey_export($k, $ex_k);
openssl_pkey_export($p, $ex_p);

if ($ex_k == $ex_p) echo "exports match :(\n";

?>


Expected result:
----------------
php version 4.3.3

generated private key resource : Resource id #4
generated public key resource  : Resource id #5



Actual result:
--------------
php version 4.3.3

generated private key resource : Resource id #4
generated public key resource  : Resource id #4

exports match :(


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-09-23 12:10 UTC] wez@php.net
The documentation for openssl_pkey_new() is incorrect.
It doesn't generate a pair of keys at all.

openssl_pkey_get_public() was also slightly broken, in
that it didn't detect that it couldn't get the public key
from the private key.  You can use it to get the public key out of an x509 certificate though (yeah, it sounds weird).

I've added a "fix" for this problem to the CVS that will now warn you about not being able to get the public key from a private key.  This fix will be in 4.3.4.

This stuff is a little bit messy, and its been a while since anyone did any real work on the openssl extension.

The openssl stuff could probably benefit from a review, but this won't happen for PHP 4.3.x, so I'm going to suspend this report until PHP 5 or PHP 5.1 when I get more time.
 [2006-06-01 14:22 UTC] andrey dot gladilin at gmail dot com
To fix this bug you have to change file php-4.4.0/ext/openssl/openssl.c. php-4.4.0 is just my source distributive of PHP.

In file openssl.c replace string 
key = PEM_read_bio_PUBKEY(in, NULL,NULL, NULL);

with another code

    RSA * rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL);
    BIO_free(in);
    if(NULL == rsa) {
      throw Exc("Error while processing the Public Key.");
    }

    pkey = EVP_PKEY_new();
    EVP_PKEY_assign_RSA(pkey, rsa);

Unsusccessfully I have no time to test it, but this must work. Hope to see this bugfix in a new release.
 [2006-06-01 14:27 UTC] andrey dot gladilin at gmail dot com
Sorry, it's a c++ code. Hope this wont prevent you from a fix.
 [2006-06-01 14:33 UTC] tony2001@php.net
Please provide unified diff.
And no C++, thank you.
 [2006-06-01 14:33 UTC] tony2001@php.net
Unified diff against the current CVS, of course.
 [2009-02-09 10:07 UTC] pajoye@php.net
take the hand on this one, related to an issue I'm trying to solve as well.
 [2015-04-19 18:19 UTC] pasindu@php.net
The Documentation on this was fixed sometime ago, If this is a documentation issues it can be closed.
 [2017-01-08 06:06 UTC] krakjoe@php.net
-Status: Assigned +Status: Closed
 [2017-01-08 06:06 UTC] krakjoe@php.net
The documentation appears to reflect current behaviour.

Closing.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Jul 19 03:01:25 2019 UTC