From: Operating system: arch linux x86_64 PHP version: 5.3.5 Package: OpenSSL related Bug Type: Bug Bug description:openssl_pkey_export() with password not protecting private key
Description: ------------ I have tested this against php5.3.5 with OpenSSL 1.0.0c (arch linux) vs an older server running php5.2.14 with OpenSSL 0.9.8e (centos linux). Test script: --------------- $opts = array('config'=>'openssl.cnf', 'encrypt_key'=>true, 'private_key_type'=>OPENSSL_KEYTYPE_RSA, 'digest_alg'=>'sha256', 'private_key_bits'=>2048, 'x509_extensions'=>'usr_cert'); $handle = openssl_pkey_new($opts); openssl_pkey_export($handle, $privatekey, sha1($_SERVER['REMOTE_ADDR']), $opts); echo $privatekey; Expected result: ---------------- CentOS example output -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,C93B386451093918 buV1Kuaiu8QXhSeBdAF9Le2u+SSzaEtrHw6rLq19xL+9lWuwf4dFtrMPRI/PPvA5 HwBB7ZzT1AAzOAK2AnDiND3+n6IyqrkQjD7R0bGY6VLXdMr3qgGiJOkmsroF5t/H LQEFGn9F8eOfEQTjkz4h9KYF/traXZSayBjNQ37fL42HO4M5WY0Ehms6bfeU5BN5 1d+NdENKLK0KVIJDNM3clQoHCc2KJwq70CeZmKq+tIG7UdigxmW0f9B/BMSM8PFx 3cFzt1eZVj23jPO65icEfqLWvdYUpOqFfZc17Si87LW8ExvO8yu4UPrk8iRR8eFH LeOCPobR446Ehq8XBgFiFp8kzus5vDbqRLbMaBqul/mVWDmkpcyrnWJVAfginUar FDTji8Ge8Zv5GgpuS2tjYkQpykthA17SKxDGe8s26feaHkErEanTWg5o50RP1oUo 1e2rrX+PVFoukN9f+j5OiScC8QDVfBcSZZYvfRmkE1SnF3S3CAVdtDIcqmy33WY+ Icx/n2uh3Y4tYafzSu/5O8ZeBzGUz3eKWMIAL66mxOclPAceWsQ6Ry22IBdjr+7p Af3IKo4sWVtj3mOlrwNdNX9JtdHYiskNTVJ7+7DBlmbM+lfQlvb7wBsVek9ex6k2 qxWv250S+rdWuXBx3WuleQsQ14gBtX7Rf0Sk3DvOTinaU9C5n8xwaO9GWS0CJtjA AkDTLZ0rylVjfdd3W7fjxfYtQEwnbKeIC1SEKuNR8tv6GXGuubU5Nt8Q5TIhZIYL p2H027lafTE1Ky+KIRD0qZWfSEAujrxJVnH1n62edYxzWXfr+onS0g== -----END RSA PRIVATE KEY----- Actual result: -------------- Arch linux sample output -----BEGIN ENCRYPTED PRIVATE KEY----- MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIkd4I9LadOsYCAggA MBQGCCqGSIb3DQMHBAhqJEWqm0xA9ASCAoDgWeRhfyKrCqfW7aSW1rYs8LVjN3ug p9Kn6U7YZydHwxYdwNSK80i0yw+yU+ovVck2BdCBnm8ggdyXgS5UVTt5bnJHIHls rEe4spLl8hkc0sOcL/ZseVBoxKIan7ZY1c0AysAwmrniFXKehSTCByDMUC58rl6H gejVJk4+yebHuLqeq7z9d9dIvEuAFI9qjZjqUhq8wsCdN2+scFi/3/DXDp1V5/AS SCeIsVsvcBNPaI8CYP48R13+mQJ+AGAWewcoHtwu8IQGuG46vlqOaYULCfInr/w7 /Y+Ttd2Hd6RHcnE9vTW7bhOn49v6KCtcwpcAtSz2kHrAufGxjAMzFV2oEVZPsDGM 4Rf3H1JtlJKIFYktTLoz9/07kQR0c6S1UkBa2oG/O7G0in7igzQEafKPKOMdOo3j jP23He7kHJTTja5HE41DryUwa1JIB4L/BtbLDiYJA7KcrY7WoSROL675OmJEG1v6 vjLD0kcxIqc4rT0xesv4JEwVBxh8R/1qlqJjvLGJU8UQYWAzLqiMsg2rqrAy9XQy Eu53GLXKhKCV2NtuvVQMbvza3RajA77B2i/EEM/ORKGiDI9isHce2yM4hptggBU6 YZiqOzIcgYjo1Dv/IB069jUdxXUg874MD/MG9r1ERUsZrLX8UMyVVj7VmnH6tMsc 2S/YwCgvflRdubDEJdmTE8KUD6XSTUjhdy1Tqzzhfg3KZ8SI8Bknb4k1oV8pSAlC 9YezxiisH4FL041LpUGhj9lbvHtY+8ctxbAT35Jy6npK94rASmoOXt0TFcOJxoGn xCZjstibMOzNSNFU8subS92Xsu9fWtEV+nCAgDOtJeMwqFNBE1g5e6JN -----END ENCRYPTED PRIVATE KEY----- -- Edit bug report at http://bugs.php.net/bug.php?id=53850&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=53850&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=53850&r=trysnapshot53 Try a snapshot (trunk): http://bugs.php.net/fix.php?id=53850&r=trysnapshottrunk Fixed in SVN: http://bugs.php.net/fix.php?id=53850&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=53850&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=53850&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=53850&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=53850&r=needscript Try newer version: http://bugs.php.net/fix.php?id=53850&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=53850&r=support Expected behavior: http://bugs.php.net/fix.php?id=53850&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=53850&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=53850&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=53850&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=53850&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=53850&r=dst IIS Stability: http://bugs.php.net/fix.php?id=53850&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=53850&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=53850&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=53850&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=53850&r=mysqlcfg