Edit report at http://bugs.php.net/bug.php?id=53850&edit=1
ID: 53850 User updated by: jason dot gerfen at gmail dot com Reported by: jason dot gerfen at gmail dot com Summary: openssl_pkey_export() with password not protecting private key Status: Open Type: Bug Package: OpenSSL related Operating System: arch linux x86_64 PHP Version: 5.3.5 Block user comment: N Private report: N New Comment: Since I have not heard anything else about this I did some digging to try and identify the problem. I have been adding some warning output in the 'openssl-1.0.0c/crypto/pem/pem_pkey.c' file after reviewing the the 'php-5.3.5/ext/openssl/openssl.c' file and noticing and focusing on the calls to the OpenSSL shared objects for 'PEM_write_bio_PrivateKey()'. When adding the warning output flags in the 'OpenSSL-1.0.0c/crypt/pem/pem_pkey.c' the password argument would always display as '(null)'. Correct me if I am looking the wrong spot in helping identify the problem. Previous Comments: ------------------------------------------------------------------------ [2011-01-28 19:42:32] jason dot gerfen at gmail dot com I have verified this under the following conditions. Arch Linux x86_64 installation This configuration returns a password protected private key Apache 2.2 [./configure] OpenSSL 0.9.8q [./config --openssldir=/usr/local/openssl-0.9.8q --shared] PHP 5.3.5 [./configure --with-apxs2=/usr/local/apache2/bin/apxs --disable-cli --with-openssl=/usr/local/openssl-0.9.8q] This configuration however does not return a password protected key Apache 2.2 [./configure] OpenSSL 0.9.8q [./config --openssldir=/usr/local/openssl-1.0.0c --shared] PHP 5.3.5 [./configure --with-apxs2=/usr/local/apache2/bin/apxs --disable-cli --with-openssl=/usr/local/openssl-1.0.0c] Anything else you might find pertinent? ------------------------------------------------------------------------ [2011-01-26 20:12:04] paj...@php.net There is no different code in php to deal with this function. If two versions of openssl give you two different results then it is a openssl problem, not php. Also I would like you to test using the same PHP versions vs two openssl, then we can begin to discuss a possible issue. Be sure to use the latest versions available at php.net, not the centos (or any other distro) you use. ------------------------------------------------------------------------ [2011-01-26 20:04:50] jason dot gerfen at gmail dot com Description: ------------ I have tested this against php5.3.5 with OpenSSL 1.0.0c (arch linux) vs an older server running php5.2.14 with OpenSSL 0.9.8e (centos linux). Test script: --------------- $opts = array('config'=>'openssl.cnf', 'encrypt_key'=>true, 'private_key_type'=>OPENSSL_KEYTYPE_RSA, 'digest_alg'=>'sha256', 'private_key_bits'=>2048, 'x509_extensions'=>'usr_cert'); $handle = openssl_pkey_new($opts); openssl_pkey_export($handle, $privatekey, sha1($_SERVER['REMOTE_ADDR']), $opts); echo $privatekey; Expected result: ---------------- CentOS example output -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,C93B386451093918 buV1Kuaiu8QXhSeBdAF9Le2u+SSzaEtrHw6rLq19xL+9lWuwf4dFtrMPRI/PPvA5 HwBB7ZzT1AAzOAK2AnDiND3+n6IyqrkQjD7R0bGY6VLXdMr3qgGiJOkmsroF5t/H LQEFGn9F8eOfEQTjkz4h9KYF/traXZSayBjNQ37fL42HO4M5WY0Ehms6bfeU5BN5 1d+NdENKLK0KVIJDNM3clQoHCc2KJwq70CeZmKq+tIG7UdigxmW0f9B/BMSM8PFx 3cFzt1eZVj23jPO65icEfqLWvdYUpOqFfZc17Si87LW8ExvO8yu4UPrk8iRR8eFH LeOCPobR446Ehq8XBgFiFp8kzus5vDbqRLbMaBqul/mVWDmkpcyrnWJVAfginUar FDTji8Ge8Zv5GgpuS2tjYkQpykthA17SKxDGe8s26feaHkErEanTWg5o50RP1oUo 1e2rrX+PVFoukN9f+j5OiScC8QDVfBcSZZYvfRmkE1SnF3S3CAVdtDIcqmy33WY+ Icx/n2uh3Y4tYafzSu/5O8ZeBzGUz3eKWMIAL66mxOclPAceWsQ6Ry22IBdjr+7p Af3IKo4sWVtj3mOlrwNdNX9JtdHYiskNTVJ7+7DBlmbM+lfQlvb7wBsVek9ex6k2 qxWv250S+rdWuXBx3WuleQsQ14gBtX7Rf0Sk3DvOTinaU9C5n8xwaO9GWS0CJtjA AkDTLZ0rylVjfdd3W7fjxfYtQEwnbKeIC1SEKuNR8tv6GXGuubU5Nt8Q5TIhZIYL p2H027lafTE1Ky+KIRD0qZWfSEAujrxJVnH1n62edYxzWXfr+onS0g== -----END RSA PRIVATE KEY----- Actual result: -------------- Arch linux sample output -----BEGIN ENCRYPTED PRIVATE KEY----- MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIkd4I9LadOsYCAggA MBQGCCqGSIb3DQMHBAhqJEWqm0xA9ASCAoDgWeRhfyKrCqfW7aSW1rYs8LVjN3ug p9Kn6U7YZydHwxYdwNSK80i0yw+yU+ovVck2BdCBnm8ggdyXgS5UVTt5bnJHIHls rEe4spLl8hkc0sOcL/ZseVBoxKIan7ZY1c0AysAwmrniFXKehSTCByDMUC58rl6H gejVJk4+yebHuLqeq7z9d9dIvEuAFI9qjZjqUhq8wsCdN2+scFi/3/DXDp1V5/AS SCeIsVsvcBNPaI8CYP48R13+mQJ+AGAWewcoHtwu8IQGuG46vlqOaYULCfInr/w7 /Y+Ttd2Hd6RHcnE9vTW7bhOn49v6KCtcwpcAtSz2kHrAufGxjAMzFV2oEVZPsDGM 4Rf3H1JtlJKIFYktTLoz9/07kQR0c6S1UkBa2oG/O7G0in7igzQEafKPKOMdOo3j jP23He7kHJTTja5HE41DryUwa1JIB4L/BtbLDiYJA7KcrY7WoSROL675OmJEG1v6 vjLD0kcxIqc4rT0xesv4JEwVBxh8R/1qlqJjvLGJU8UQYWAzLqiMsg2rqrAy9XQy Eu53GLXKhKCV2NtuvVQMbvza3RajA77B2i/EEM/ORKGiDI9isHce2yM4hptggBU6 YZiqOzIcgYjo1Dv/IB069jUdxXUg874MD/MG9r1ERUsZrLX8UMyVVj7VmnH6tMsc 2S/YwCgvflRdubDEJdmTE8KUD6XSTUjhdy1Tqzzhfg3KZ8SI8Bknb4k1oV8pSAlC 9YezxiisH4FL041LpUGhj9lbvHtY+8ctxbAT35Jy6npK94rASmoOXt0TFcOJxoGn xCZjstibMOzNSNFU8subS92Xsu9fWtEV+nCAgDOtJeMwqFNBE1g5e6JN -----END ENCRYPTED PRIVATE KEY----- ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=53850&edit=1