php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
757dadcf1f00f2a686af6dd7f3c2b826cb38ad11
archived-php-src/ext/openssl/tests/gh21083.phpt
Ilia Alshanetsky 7950482562 Fix GH-21083: Skip private_key_bits validation for EC/curve-based keys 
openssl_pkey_new() checks private_key_bits >= 384 before generating any
key. For EC, X25519, ED25519, X448, and ED448 the size is inherent to
the curve or algorithm, so this check doesn't apply and causes failures
when default_bits is missing from openssl.cnf (which is the case in
OpenSSL 3.6's default config).

Skip the minimum-bits check for key types that don't use private_key_bits.

Closes GH-21387.
2026-03-12 21:53:22 +01:00

62 lines
1.6 KiB
PHP
Raw Blame History

--TEST--
GH-21083 (openssl_pkey_new() fails for EC keys when private_key_bits is not set)
--EXTENSIONS--
openssl
--SKIPIF--
<?php if (!defined("OPENSSL_KEYTYPE_EC")) die("skip EC disabled"); ?>
--ENV--
OPENSSL_CONF=
--FILE--
<?php
// Create a minimal openssl.cnf without default_bits (simulates OpenSSL 3.6 default config)
$conf = tempnam(sys_get_temp_dir(), 'ossl');
file_put_contents($conf, "[req]\ndistinguished_name = req_dn\n[req_dn]\n");
// EC key - size is determined by the curve, private_key_bits should not be required
$key = openssl_pkey_new([
'config' => $conf,
'private_key_type' => OPENSSL_KEYTYPE_EC,
'curve_name' => 'prime256v1',
]);
var_dump($key !== false);
$details = openssl_pkey_get_details($key);
var_dump($details['bits']);
var_dump($details['type'] === OPENSSL_KEYTYPE_EC);
echo "EC OK\n";
// X25519 - fixed size key, private_key_bits should not be required
if (defined('OPENSSL_KEYTYPE_X25519')) {
$key = openssl_pkey_new([
'config' => $conf,
'private_key_type' => OPENSSL_KEYTYPE_X25519,
]);
var_dump($key !== false);
echo "X25519 OK\n";
} else {
echo "bool(true)\nX25519 OK\n";
}
// Ed25519 - fixed size key, private_key_bits should not be required
if (defined('OPENSSL_KEYTYPE_ED25519')) {
$key = openssl_pkey_new([
'config' => $conf,
'private_key_type' => OPENSSL_KEYTYPE_ED25519,
]);
var_dump($key !== false);
echo "Ed25519 OK\n";
} else {
echo "bool(true)\nEd25519 OK\n";
}
unlink($conf);
?>
--EXPECT--
bool(true)
int(256)
bool(true)
EC OK
bool(true)
X25519 OK
bool(true)
Ed25519 OK
Reference in New Issue View Git Blame Copy Permalink