Fix GH-21083: Skip private_key_bits validation for EC/curve-based keys

iliaal · iliaal · commit cb819e1205db · 2026-03-08T17:56:29.000-04:00
openssl_pkey_new() checks private_key_bits >= 384 before generating any key. For EC, X25519, ED25519, X448, and ED448 the size is inherent to the curve or algorithm, so this check doesn't apply and causes failures when default_bits is missing from openssl.cnf (which is the case in OpenSSL 3.6's default config). Skip the minimum-bits check for key types that don't use private_key_bits. Closes GH-21083
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -3828,7 +3828,12 @@ static int php_openssl_get_evp_pkey_type(int key_type) {
 /* {{{ php_openssl_generate_private_key */
 static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req)
 {
-	if (req->priv_key_bits < MIN_KEY_LENGTH) {
+	if (req->priv_key_type != OPENSSL_KEYTYPE_EC &&
+			req->priv_key_type != OPENSSL_KEYTYPE_X25519 &&
+			req->priv_key_type != OPENSSL_KEYTYPE_ED25519 &&
+			req->priv_key_type != OPENSSL_KEYTYPE_X448 &&
+			req->priv_key_type != OPENSSL_KEYTYPE_ED448 &&
+			req->priv_key_bits < MIN_KEY_LENGTH) {
 		php_error_docref(NULL, E_WARNING, "Private key length must be at least %d bits, configured to %d",
 			MIN_KEY_LENGTH, req->priv_key_bits);
 		return NULL;
diff --git a/ext/openssl/tests/gh21083.phpt b/ext/openssl/tests/gh21083.phpt
@@ -0,0 +1,61 @@
+--TEST--
+GH-21083 (openssl_pkey_new() fails for EC keys when private_key_bits is not set)
+--EXTENSIONS--
+openssl
+--SKIPIF--
+<?php if (!defined("OPENSSL_KEYTYPE_EC")) die("skip EC disabled"); ?>
+--ENV--
+OPENSSL_CONF=
+--FILE--
+<?php
+// Create a minimal openssl.cnf without default_bits (simulates OpenSSL 3.6 default config)
+$conf = tempnam(sys_get_temp_dir(), 'ossl');
+file_put_contents($conf, "[req]\ndistinguished_name = req_dn\n[req_dn]\n");
+
+// EC key - size is determined by the curve, private_key_bits should not be required
+$key = openssl_pkey_new([
+    'config' => $conf,
+    'private_key_type' => OPENSSL_KEYTYPE_EC,
+    'curve_name' => 'prime256v1',
+]);
+var_dump($key !== false);
+$details = openssl_pkey_get_details($key);
+var_dump($details['bits']);
+var_dump($details['type'] === OPENSSL_KEYTYPE_EC);
+echo "EC OK\n";
+
+// X25519 - fixed size key, private_key_bits should not be required
+if (defined('OPENSSL_KEYTYPE_X25519')) {
+    $key = openssl_pkey_new([
+        'config' => $conf,
+        'private_key_type' => OPENSSL_KEYTYPE_X25519,
+    ]);
+    var_dump($key !== false);
+    echo "X25519 OK\n";
+} else {
+    echo "bool(true)\nX25519 OK\n";
+}
+
+// Ed25519 - fixed size key, private_key_bits should not be required
+if (defined('OPENSSL_KEYTYPE_ED25519')) {
+    $key = openssl_pkey_new([
+        'config' => $conf,
+        'private_key_type' => OPENSSL_KEYTYPE_ED25519,
+    ]);
+    var_dump($key !== false);
+    echo "Ed25519 OK\n";
+} else {
+    echo "bool(true)\nEd25519 OK\n";
+}
+
+unlink($conf);
+?>
+--EXPECT--
+bool(true)
+int(256)
+bool(true)
+EC OK
+bool(true)
+X25519 OK
+bool(true)
+Ed25519 OK
