I'm working on some legacy code and encountered openssl key encryption that throws E_WARNING with error message "openssl_free_key() expects parameter 1 to be resource, string given".
Upon closer inspection, I found out that private key is indeed a string instead resource.
Since key is a string and key was not generated by "openssl_get_privatekey", is "openssl_free_key" required at the end of request?
Searching and looking at PHP docs, gives no definitive information regarding this problem.
$value = 'something';
if (openssl_pkcs12_read($file, $cart, $pass) === true) {
$private_key = $cart['pkey'];
} else {
throw new Exception('Failed to open certificate.');
}
if (isset($private_key)) {
openssl_sign($value, $signature, $private_key, OPENSSL_ALGO_SHA1);
openssl_free_key($private_key);
}
The docs say:
This function frees a private key created by openssl_pkey_new().
So if your key is a string: no.