php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76676 OPENSSL_KEYTYPE_EC (and others) not supported by openssl_public_encrypt()
Submitted: 2018-07-28 13:47 UTC Modified: -
From: kaplan@php.net Assigned:
Status: Open Package: OpenSSL related
PHP Version: 7.1.20 OS:
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-07-28 13:47 UTC] kaplan@php.net
Description:
------------
Comparing key types supported by php_openssl_is_private_key() to the ones supported by openssl_public_key() shows many are missing.

php_openssl_is_private_key recognizes: 
EVP_PKEY_RSA / EVP_PKEY_RSA2
EVP_PKEY_DSA / EVP_PKEY_DSA1 / EVP_PKEY_DSA2 / EVP_PKEY_DSA3 / EVP_PKEY_DSA4
EVP_PKEY_DH
EVP_PKEY_EC

openssl_private_encrypt supports
EVP_PKEY_RSA / EVP_PKEY_RSA2

openssl_private_decrypt supports
EVP_PKEY_RSA / EVP_PKEY_RSA2

openssl_public_decrypt supports
EVP_PKEY_RSA / EVP_PKEY_RSA2

Maybe also use EVP_PKEY_base_id() as in openssl_pkey_get_details() which does support all the keys as php_openssl_is_private_key().

Tested in 7.1.14, 7.2.6 and master (July 26th, 2018).

Test script:
---------------
<?php
$pair = generateKeyPair(true);
$public = $pair['public'];

$ciphertext = "111-11-1111";
$res = openssl_public_encrypt($ciphertext, $enc, $public, OPENSSL_PKCS1_OAEP_PADDING);
if($res){
    var_dump(bin2hex($enc));
} else {
    echo "Failed to encrypt :(";
}

function generateKeyPair(bool $ec){
    $params = $ec ? [
        'private_key_bits' => 384,
        'private_key_type' => OPENSSL_KEYTYPE_EC,
        'curve_name' => 'secp384r1'
    ] : [
        'private_key_bits' => 3072,
        'private_key_type' => OPENSSL_KEYTYPE_RSA
    ];
    
    $res = openssl_pkey_new($params);
    openssl_pkey_export($res, $privKey);

    $pubKey = openssl_pkey_get_details($res);
    $pubKey = $pubKey["key"];
    
    openssl_free_key($res);
    return ['private'=>$privKey, 'public'=>$pubKey];
}

?>

Expected result:
----------------
1. for OPENSSL_KEYTYPE_EC to be suppprted.
2. for missing keytype be part of the error message.

Actual result:
--------------
Warning: openssl_public_encrypt(): key type not supported in this PHP build!

Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Thu Dec 13 14:01:25 2018 UTC