Do not special case export of EC keys

All other private keys are exported in PKCS#8 format, while EC keys use traditional format. Switch them to use PKCS#8 format as well. As the OpenSSL docs say: > PEM_write_bio_PrivateKey_traditional() writes out a private key > in the "traditional" format with a simple private key marker and > should only be used for compatibility with legacy programs.
2024-11-27 11:53:33 +08:00 · 2021-08-06 11:15:18 +02:00 · 2021-08-06 11:15:18 +02:00 · f2d3e75933
commit f2d3e75933
parent 5843ba518c
3 changed files with 15 additions and 31 deletions
--- a/4
+++ b/4
@ -112,6 +112,10 @@ PHP 8.1 UPGRADE NOTES
  . The mysqlnd.fetch_copy_data ini setting has been removed. However, this
    should not result in user-visible behavior changes.

+- OpenSSL:
+  . EC private keys will now be exported in PKCS#8 format rather than
+    traditional format, just like all other keys.
+
 - PDO:
  . PDO::ATTR_STRINGIFY_FETCHES now also stringifies values of type bool to
    "0" or "1". Previously booleans were not stringified.
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@ -4200,21 +4200,9 @@ PHP_FUNCTION(openssl_pkey_export_to_file)
 			cipher = NULL;
 		}

-		switch (EVP_PKEY_base_id(key)) {
-#ifdef HAVE_EVP_PKEY_EC
-			case EVP_PKEY_EC:
-				pem_write = PEM_write_bio_ECPrivateKey(
-						bio_out, EVP_PKEY_get0_EC_KEY(key), cipher,
-						(unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
-				break;
-#endif
-			default:
-				pem_write = PEM_write_bio_PrivateKey(
-						bio_out, key, cipher,
-						(unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
-				break;
-		}
-
+		pem_write = PEM_write_bio_PrivateKey(
+				bio_out, key, cipher,
+				(unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
 		if (pem_write) {
 			/* Success!
 			 * If returning the output as a string, do so now */
@ -4272,21 +4260,9 @@ PHP_FUNCTION(openssl_pkey_export)
 			cipher = NULL;
 		}

-		switch (EVP_PKEY_base_id(key)) {
-#ifdef HAVE_EVP_PKEY_EC
-			case EVP_PKEY_EC:
-				pem_write = PEM_write_bio_ECPrivateKey(
-						bio_out, EVP_PKEY_get0_EC_KEY(key), cipher,
-						(unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
-				break;
-#endif
-			default:
-				pem_write = PEM_write_bio_PrivateKey(
-						bio_out, key, cipher,
-						(unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
-				break;
-		}
-
+		pem_write = PEM_write_bio_PrivateKey(
+				bio_out, key, cipher,
+				(unsigned char *)passphrase, (int)passphrase_len, NULL, NULL);
 		if (pem_write) {
 			/* Success!
 			 * If returning the output as a string, do so now */
--- a/ext/openssl/tests/openssl_pkey_export_basic.phpt
+++ b/ext/openssl/tests/openssl_pkey_export_basic.phpt
@ -47,7 +47,11 @@ var_dump($key instanceof OpenSSLAsymmetricKey);
 object(OpenSSLAsymmetricKey)#%d (0) {
 }
 bool(true)
-----BEGIN EC PRIVATE KEY-----%a-----END EC PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgs+Sqh7IzteDBiS5K
+PfTvuWuyt9YkrkuoyiW/6bag6NmhRANCAAQ+riFshYe8HnWt1avx6OuNajipU1ZW
+6BgW0+D/EtDDSYeQg9ngO8qyo5M6cyh7ORtKZVUy7DP1+W+eocaZC+a6
+-----END PRIVATE KEY-----
 bool(true)
 bool(true)
 object(OpenSSLAsymmetricKey)#%d (0) {