Edit report at https://bugs.php.net/bug.php?id=65193&edit=1
ID: 65193 Updated by: fel...@php.net Reported by: ly...@php.net Summary: openssl_private_encrypt OAEP only works AFTER PKCS1 -Status: Open +Status: Not a bug Type: Bug Package: OpenSSL related Operating System: CentOS 2.6.18 PHP Version: 5.4.11 Block user comment: N Private report: N New Comment: Just read the code again, the problem is that the 3th try fails, but the extension does not clean $encrypted_message string. Causing a false positive for you. Just clean the variable before calling the function again. Previous Comments: ------------------------------------------------------------------------ [2013-07-03 17:03:05] fel...@php.net It looks an issue on openssl library. According to http://openssl.6102.n7.nabble.com/Proplem-with-RSA-private-encrypt-and-OAEP-td45517.html RSA_PKCS1_OAEP_PADDING is not intended to be used with RSA_private_encrypt() function. Probably the lib is ignoring the padding passed after you set a right one. ------------------------------------------------------------------------ [2013-07-03 15:09:37] ly...@php.net The PHP Version popup in report form was in a time warp... Corrected here. OpenSSL version: 0.9.8b Actual output: PKCS1_OAEP fails: string(0) "" PKCS1 works: string(172) "gVJcDQJnKJG7PX3+axZMyjph5xi3TFMLWXY2OLD4d62YYhlAmCUnr+WQP/F6//ykx3L/rXS7zfjXFPoyzn5v7dwysM107fS0tXwzngZ1fRjH5iU+1Dv4TJf4dXRZXzYKClDSSiQ0ZrmoGhVo5wx3PY61mEkBLNbS5IvZ75rCLSo=" PKCS1_OAEP works only AFTER PKCS1: string(172) "gVJcDQJnKJG7PX3+axZMyjph5xi3TFMLWXY2OLD4d62YYhlAmCUnr+WQP/F6//ykx3L/rXS7zfjXFPoyzn5v7dwysM107fS0tXwzngZ1fRjH5iU+1Dv4TJf4dXRZXzYKClDSSiQ0ZrmoGhVo5wx3PY61mEkBLNbS5IvZ75rCLSo=" ------------------------------------------------------------------------ [2013-07-03 15:04:47] ly...@php.net Description: ------------ A call to openssl_private_encrypt(..., OPENSSL_PKCS1_OAEP_PADDING) fails unless you call it AFTER openssl_private_encrypt(..., OPENSSL_PKCS1_PADDING) Test script: --------------- $private_key_text = file_get_contents('private.pem'); openssl_private_encrypt($decrypted_message, $encrypted_message, $private_key_text, OPENSSL_PKCS1_OAEP_PADDING); echo "PKCS1_OAEP fails:\n"; var_dump(base64_encode($encrypted_message)); echo "\n"; openssl_private_encrypt($decrypted_message, $encrypted_message, $private_key_text, OPENSSL_PKCS1_PADDING); echo "PKCS1 works:\n"; var_dump(base64_encode($encrypted_message)); echo "\n"; openssl_private_encrypt($decrypted_message, $encrypted_message, $private_key_text, OPENSSL_PKCS1_OAEP_PADDING); echo "PKCS1_OAEP works only AFTER PKCS1:\n"; var_dump(base64_encode($encrypted_message)); echo "\n"; Expected result: ---------------- All three outputs the same. Actual result: -------------- First output is blank string. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=65193&edit=1
