Skip to content

openssl_pkey_export() Fails Under OpenSSL 3.x FIPS Mode (due to legacy PEM encryption APIs) #18468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
GirlieNinja opened this issue Apr 30, 2025 · 0 comments
Open

openssl_pkey_export() Fails Under OpenSSL 3.x FIPS Mode (due to legacy PEM encryption APIs) #18468

GirlieNinja opened this issue Apr 30, 2025 · 0 comments
Labels
Bug Status: Needs Triage

Comments

@GirlieNinja
Copy link

GirlieNinja commented Apr 30, 2025
edited
Loading

Description

Summary
When using PHP with OpenSSL 3.x in FIPS mode (as enabled by default in certain environments such as Amazon Linux 2023), the openssl_pkey_export() function fails when a passphrase is provided.

This is due to the use of legacy OpenSSL APIs (PEM_write_bio_PrivateKey() → PEM_write_bio_PrivateKey_traditional() → EVP_CipherInit_ex()), which are not FIPS-compliant in OpenSSL 3.x.

Affected:
PHP 8.1 – 8.4

OpenSSL 3.x in FIPS mode

PHP’s built-in openssl extension

openssl_pkey_export($key, $out, $passphrase) when $passphrase is provided

Reproduction

<?php
$privateKey = openssl_pkey_new([
    "private_key_bits" => 2048,
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
]);

openssl_pkey_export($privateKey, $out, 'testpass');

When run under OpenSSL 3.x with FIPS enabled, the call fails with:

error:0308010C:digital envelope routines::unsupported

Root Cause (maybe?)

Internally, PHP uses:

openssl_pkey_export()
  ↓
PEM_write_bio_PrivateKey()
  ↓
PEM_write_bio_PrivateKey_traditional()
  ↓
PEM_ASN1_write_bio()
  ↓
EVP_CipherInit_ex() (manual cipher setup)

In OpenSSL 3 FIPS mode, manual cipher encryption is disallowed.
Only provider-based encryption (via OSSL_ENCODER, etc.) is allowed.

This behavior is documented in the OpenSSL 3.x migration guide and FIPS module guide:

Applications should no longer rely on implicit fetches of algorithms
or manually configure cipher contexts outside the provider framework.

Expected Behavior

If the system is in FIPS mode and the passphrase is provided,
openssl_pkey_export() should either:

Properly export the key using a FIPS-compliant provider mechanism (e.g., via OSSL_ENCODER)

Or fail with a clear message that encrypted exports are not supported under current conditions

As a note, my openssl is configured properly and I can generate a private key with a passphrase via the command line. Also, if you leave the passphrase out of the call openssl_pkey_export() it does work without encryption.

PHP Version

PHP 8.1.32 (cli) (built: Mar 11 2025 22:09:20) (NTS gcc x86_64)
Copyright (c) The PHP Group
Zend Engine v4.1.32, Copyright (c) Zend Technologies
with Zend OPcache v8.1.32, Copyright (c), by Zend Technologies

Operating System

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Status: Needs Triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GirlieNinja