Skip to content

ext/openssl: allow constructing a public-only RSA key#22703

Open
JanTvrdik wants to merge 2 commits into
php:masterfrom
JanTvrdik:openssl-public-only-rsa-construction
Open

ext/openssl: allow constructing a public-only RSA key#22703
JanTvrdik wants to merge 2 commits into
php:masterfrom
JanTvrdik:openssl-public-only-rsa-construction

Conversation

@JanTvrdik

Copy link
Copy Markdown

Resolves #22702

@JanTvrdik JanTvrdik requested a review from bukka as a code owner July 12, 2026 06:07
Copilot AI review requested due to automatic review settings July 12, 2026 06:07

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the OpenSSL extension so openssl_pkey_new() can construct an RSA public-only key from raw parameters (n and e), aligning RSA behavior with the existing public-key construction support for DSA/DH/EC and enabling clean public-key verification flows (e.g., WebAuthn/COSE RSA keys).

Changes:

  • Allow RSA key construction without providing the private exponent d, and propagate an is_private flag into the OpenSSLAsymmetricKey wrapper.
  • Update the OpenSSL 1.x and 3.x backends to select public-key vs keypair construction appropriately.
  • Add a PHPT test covering reconstruction from n/e and verifying/encrypting with the resulting key; document the change in UPGRADING.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
UPGRADING Documents the new RSA public-only construction behavior for openssl_pkey_new().
ext/openssl/tests/openssl_pkey_new_rsa_public.phpt Adds regression coverage for constructing an RSA public key from n/e and using it in verify/encrypt flows.
ext/openssl/php_openssl_backend.h Updates the RSA init function signature to return an is_private out-param.
ext/openssl/openssl.c Uses the new is_private out-param when wrapping RSA keys from openssl_pkey_new().
ext/openssl/openssl_backend_v3.c Implements RSA public-only creation via OpenSSL 3 fromdata() selection (PUBLIC_KEY vs KEYPAIR).
ext/openssl/openssl_backend_v1.c Implements RSA public-only creation in the legacy backend and threads is_private through the init path.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread ext/openssl/openssl_backend_v3.c
Comment thread ext/openssl/openssl_backend_v1.c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Allow constructing a public-only RSA key with openssl_pkey_new()

2 participants