Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:7317
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
To: internals@lists.php.net
Content-Type: multipart/mixed; boundary="=-LPSVz5uluZmCdljfjPB4"
Message-ID: <1074968775.249.21.camel@localhost>
Mime-Version: 1.0
Date: Sat, 24 Jan 2004 18:26:15 +0000
Subject: openssl_public_encrypt() length limitation
From: thekid@thekid.de (Timm Friebe)

--=-LPSVz5uluZmCdljfjPB4
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hello,

first of all, I'm not into this at all, a colleague at work told me
about this. The following is the problem: When enrypting data with
openssl_public_encrypt(), this goes well up to a certain length (tested
limit: 245 bytes of data to be encrypted), but as of a certain length
(246 bytes), the function returns FALSE with no note whatsoever why it
went wrong.

Is this expected behaviour? Is the length of the input data limited or
constrained by the length of the public key? In this case, shouldn't
there be a warning?

Steps to reproduce:

1) Generate a 2048 byte key:
   $ openssl genrsa 2048 -rand >my.key

2) Sign it
   $ openssl req -new -x509 -key my.key >my.cert

3) Place the attached script "openssl.php" in the same directory
   and execute it:

   $ php openssl.php 245
   ---> Get public key from my.cert: resource(5) of type (OpenSSL key)
   ---> Encrypt 245 bytes of data using public key: bool(true)
   ---> Freeing public key: NULL
   ---> Encoding 256 bytes of encrypted data: string(344)  
   "EhJiMGQK6qjp/wE4KXmJopBA82ylNxthg[...]o/Xg=="
   
   So far, so good.

   $ php openssl.php 246
   ---> Get public key from my.cert: resource(5) of type (OpenSSL key)
   ---> Encrypt 246 bytes of data using public key: bool(false)
   ---> Freeing public key: NULL
   ***  Encryption failed!

Tested with PHP versions:

$ php -v 
PHP 4.3.4 (cli) (built: Nov 21 2003 00:21:18)
Copyright (c) 1997-2003 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies

and

$ php-dev -v
PHP 5.0.0RC1-dev (cli) (built: Jan 18 2004 16:53:16) (DEBUG)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.0-dev, Copyright (c) 1998-2004 Zend Technologies

on the following platforms

$ uname -a
FreeBSD friebes.net 4.8-STABLE FreeBSD 4.8-STABLE #9: Thu Aug  7
21:39:07 CEST 2003     root@friebes.net:/usr/obj/usr/src/sys/GENERIC 
i386

$ pkg_info |grep openssl
openssl-0.9.7b_1    SSL and crypto library

and

$ uname -a
Linux heuer1 2.2.20 #1 SMP Mon Nov 5 14:36:30 CET 2001 i686 unknown

$ dpkg -l | grep openssl
ii  openssl        0.9.6c-2.woody Secure Socket Layer (SSL) binary and
related

/ Timm

--=-LPSVz5uluZmCdljfjPB4
Content-Disposition: attachment; filename=openssl.php
Content-Type: application/x-php; name=openssl.php
Content-Transfer-Encoding: 7bit

<?php
  error_reporting(E_ALL);

  $data= str_repeat('-', (int)$argv[1]);
  $cert= 'my.cert';

  printf('---> Get public key from %s: ', $cert);
  $pkey= openssl_get_publickey(file_get_contents($cert));
  var_dump($pkey);
  
  printf('---> Encrypt %d bytes of data using public key: ', strlen($data));
  $r= openssl_public_encrypt($data, $crypted, $pkey);
  var_dump($r);

  printf('---> Freeing public key: ');
  $f= openssl_free_key($pkey);
  var_dump($f);
  
  if (FALSE === $r) {
    die("***  Encryption failed!\n");
  }

  printf('---> Encoding %d bytes of encrypted data: ', strlen($crypted));
  $encoded= base64_encode($crypted);
  var_dump($encoded);
?>

--=-LPSVz5uluZmCdljfjPB4--