Skip to content

Add digest algo param to OpenSSL public encrypt and private decrypt #19223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add digest algo param to OpenSSL public encrypt and private decrypt #19223

wants to merge 1 commit into from
+99 −11

Conversation

bukka
Copy link
Member

@bukka bukka commented Jul 23, 2025
edited
Loading

Specifically, it is added to openssl_public_encrypt() and openssl_private_decrypt() functions. The purpose is to specify digest algorithm for OEAP padding. It currently defaults to SHA1 for some OpenSSL versions / builds which is not preferred for modern setup and causes problems in compatibility with web crypto.

@bukka bukka requested a review from kocsismate as a code owner July 23, 2025 14:59
@bukka bukka changed the title Add digest algo param to OpenSSL private encrypt and public decrypt Add digest algo param to OpenSSL public encrypt and private decrypt Jul 23, 2025
bukka added a commit to bukka/php-src that referenced this pull request Jul 23, 2025
@bukka
Add digest algo param to public encrypt and private decrypt
f02d3c7 
Specifically, it is added to openssl_public_encrypt() and
openssl_private_decrypt() functions. The purpose is to specify digest
algorithm for OEAP padding. It currently defaults to SHA1 which is not
preferred for modern setup and causes problems in compatibility with
web crypto.

Closes phpGH-19223
@bukka bukka force-pushed the openssl_private_encrypt_digest_algo branch from cf85cba to f02d3c7 Compare July 23, 2025 15:03
@bukka
Copy link
Member Author

bukka commented Jul 23, 2025

As part of this I have been also trying to extend private encrypt (sign) and public decrypt (verify) but quickly realised the OEAP is not supported there so tried PSS (using EVP_PKEY_CTX_set_signature_md instead of EVP_PKEY_CTX_set_rsa_oaep_md) which I made work with some tweaks for private encrypt (required pre-hashing from users which is already not nice) but then realised that it actually doesn't work for public decrypt which uses EVP_PKEY_verify_recover (it is not possible to recover PSS). So it is supported only for those two functions.

@bukka bukka linked an issue Jul 23, 2025 that may be closed by this pull request
Bug with openssl_private_decrypt when using RSA-OAEP with SHA-256 from JS #19076
Closed
@bukka bukka mentioned this pull request Jul 23, 2025
Closed
bukka added a commit to bukka/php-src that referenced this pull request Jul 23, 2025
@bukka
Add digest algo param to public encrypt and private decrypt
108c57a 
Specifically, it is added to openssl_public_encrypt() and
openssl_private_decrypt() functions. The purpose is to specify digest
algorithm for OEAP padding. It currently defaults to SHA1 which is not
preferred for modern setup and causes problems in compatibility with
web crypto.

Closes phpGH-19223
@bukka bukka force-pushed the openssl_private_encrypt_digest_algo branch from f02d3c7 to 108c57a Compare July 23, 2025 20:21
bukka added a commit to bukka/php-src that referenced this pull request Jul 23, 2025
@bukka
Add digest algo param to public encrypt and private decrypt
4470ae6 
Specifically, it is added to openssl_public_encrypt() and
openssl_private_decrypt() functions. The purpose is to specify digest
algorithm for OEAP padding. It currently defaults to SHA1 which is not
preferred for modern setup and causes problems in compatibility with
web crypto.

Closes phpGH-19223
@bukka bukka force-pushed the openssl_private_encrypt_digest_algo branch from 108c57a to 4470ae6 Compare July 23, 2025 21:26
nielsdos
nielsdos reviewed Jul 24, 2025
View reviewed changes
bukka added a commit to bukka/php-src that referenced this pull request Jul 24, 2025
@bukka
Add digest algo param to public encrypt and private decrypt
a812af9 
Specifically, it is added to openssl_public_encrypt() and
openssl_private_decrypt() functions. The purpose is to specify digest
algorithm for OEAP padding. It currently defaults to SHA1 for some
OpenSSL versions which is not preferred for modern setup and causes
problems in compatibility with web crypto.

Closes phpGH-19223
@bukka bukka force-pushed the openssl_private_encrypt_digest_algo branch from 4470ae6 to a812af9 Compare July 24, 2025 22:24
nielsdos
nielsdos requested changes Jul 25, 2025
View reviewed changes
Copy link
Member

@nielsdos nielsdos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ASAN reports a leak. Changes to NUL handling look correct.

nielsdos
nielsdos reviewed Jul 25, 2025
View reviewed changes
@bukka
Add digest algo param to public encrypt and private decrypt
f06382c 
Specifically, it is added to openssl_public_encrypt() and
openssl_private_decrypt() functions. The purpose is to specify digest
algorithm for OEAP padding. It currently defaults to SHA1 for some
OpenSSL versions which is not preferred for modern setup and causes
problems in compatibility with web crypto.

Closes phpGH-19223
@bukka bukka force-pushed the openssl_private_encrypt_digest_algo branch from a812af9 to f06382c Compare July 25, 2025 10:04
@bukka bukka closed this in b1fce8a Jul 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nielsdos nielsdos nielsdos requested changes

@kocsismate kocsismate Awaiting requested review from kocsismate kocsismate is a code owner

Assignees
No one assigned
Labels
Extension: openssl
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bug with openssl_private_decrypt when using RSA-OAEP with SHA-256 from JS
2 participants
@bukka @nielsdos