openssl_public_encrypt() length limitation

21 years ago by Timm Friebe — view source

unread

Hello,

first of all, I'm not into this at all, a colleague at work told me
about this. The following is the problem: When enrypting data with
openssl_public_encrypt(), this goes well up to a certain length (tested
limit: 245 bytes of data to be encrypted), but as of a certain length
(246 bytes), the function returns FALSE with no note whatsoever why it
went wrong.

Is this expected behaviour? Is the length of the input data limited or
constrained by the length of the public key? In this case, shouldn't
there be a warning?

Steps to reproduce:

Generate a 2048 byte key:
$ openssl genrsa 2048 -rand >my.key
Sign it
$ openssl req -new -x509 -key my.key >my.cert
Place the attached script "openssl.php" in the same directory
and execute it:

$ php openssl.php 245
---> Get public key from my.cert: resource(5) of type (OpenSSL key)
---> Encrypt 245 bytes of data using public key: bool(true)
---> Freeing public key: NULL
---> Encoding 256 bytes of encrypted data: string(344)
"EhJiMGQK6qjp/wE4KXmJopBA82ylNxthg[...]o/Xg=="

So far, so good.

$ php openssl.php 246
---> Get public key from my.cert: resource(5) of type (OpenSSL key)
---> Encrypt 246 bytes of data using public key: bool(false)
---> Freeing public key: NULL
*** Encryption failed!

Tested with PHP versions:

$ php -v
PHP 4.3.4 (cli) (built: Nov 21 2003 00:21:18)
Copyright (c) 1997-2003 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies

and

$ php-dev -v
PHP 5.0.0RC1-dev (cli) (built: Jan 18 2004 16:53:16) (DEBUG)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.0-dev, Copyright (c) 1998-2004 Zend Technologies

on the following platforms

$ uname -a
FreeBSD friebes.net 4.8-STABLE FreeBSD 4.8-STABLE #9: Thu Aug 7
21:39:07 CEST 2003 root@friebes.net:/usr/obj/usr/src/sys/GENERIC
i386

$ pkg_info |grep openssl
openssl-0.9.7b_1 SSL and crypto library

and

$ uname -a
Linux heuer1 2.2.20 #1 SMP Mon Nov 5 14:36:30 CET 2001 i686 unknown

$ dpkg -l | grep openssl
ii openssl 0.9.6c-2.woody Secure Socket Layer (SSL) binary and
related

/ Timm

21 years ago by Pierre-Alain Joye — view source

unread

On Sat, 24 Jan 2004 18:26:15 +0000
Timm Friebe thekid@thekid.de wrote:

Hello,

first of all, I'm not into this at all, a colleague at work told me
about this. The following is the problem: When enrypting data with
openssl_public_encrypt(), this goes well up to a certain length
(tested limit: 245 bytes of data to be encrypted), but as of a certain
length(246 bytes), the function returns FALSE with no note whatsoever
why it went wrong.

Is this expected behaviour? Is the length of the input data limited or
constrained by the length of the public key? In this case, shouldn't
there be a warning?

The maximum length of the input depends of the padding mode:

PKCS1_PADDING max=rsalength-1
PKCS1_OAEP_PADDING max=rsalength-4

AFAIR :) Everyone with more clue: correct me if I'm wrong :)

pierre