php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #80078 openssl_dh_compute_key unknown parameters
Submitted: 2020-09-08 09:12 UTC Modified: 2021-12-06 17:09 UTC
From: mfr64 at web dot de Assigned:
Status: Closed Package: OpenSSL related
PHP Version: 7.4.10 OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mfr64 at web dot de
New email:
PHP Version: OS:

 

 [2020-09-08 09:12 UTC] mfr64 at web dot de 
Description:
------------
With PHP 7.4.10 Development Server on Windows platform (Build: C:\php-snap-build\php74\vc15\x64\obj\Release, extension=openssl enabled within php.ini) I have this problem:

openssl_dh_compute_key apparently cannot deal with elliptic curve / ECDH.

It could be I did not manage to find the trick as documentation/examples are missing how to use with ECDH rather than RSA or DH keys.

openssl_dh_compute_key($pubkey, $dh_key) is checking parameter types. If successful it does not return NULL (but FALSE). I never succeeded in getting data from openssl_dh_compute_key other than FALSE or NULL. There are no error messages.

What is wrong? Application of openssl_dh_compute_key or its implementation?


Test script:
---------------
// $dh_key
// Secret brainpoolP384r1 key has been generated with:
//     $res = openssl_pkey_new($config);
//     $err = ! openssl_pkey_export($res, $privkey, "password", $config );
//     file_put_contents($privkeyfile, $privkey)
//
// where $config = array("digest_alg" => "sha384",
//      "curve_name" => "brainpoolP384r1",
//      "private_key_type" => OPENSSL_KEYTYPE_EC,
//      "config"     => $configfile,  );
//
// For ECDH purpose following code reads it again in and provides
// $dh_key as a resource of type "OpenSSL key". This works well as
// binary private key can be obtained by this code:
//     $dh_key_det = openssl_pkey_get_details($dh_key);
//     $dh_cont = $dh_key_det["ec"]["d"];

$key = file_get_contents($privkeyfile);
$dh_key = openssl_get_privatekey($key, "password");


// $pubkey
// $cert is a certificate in PEM format.
// $pubkey is a string "-----BEGIN PUBLIC KEY----- MHow ... A4zQ== -----END PUBLIC KEY----- "

$cert = file_get_contents($certfile);
$x509 = openssl_x509_read($cert);
$pubkeyid = openssl_get_publickey($x509);
$pubkeyid_det = openssl_pkey_get_details($pubkeyid);
$pubkey = $pubkeyid_det["key"];

// Now to the problem:
$res = openssl_dh_compute_key($pubkey, $dh_key);  // returning FALSE


Expected result:
----------------
1. Confirmation that openssl_dh_compute_key can handle ECDH, incl. brainpoolP384r1 curve. If not, please add.
2. Information about how to set parameters correctly within ECDH context, be it "brainpoolP384r1" or other curve.



Actual result:
--------------
openssl_dh_compute_key returning FALSE if parameters are correct type but still wrong.
openssl_dh_compute_key returning NULL if parameters are not correct type.

I never succeeded in getting data from openssl_dh_compute_key other than FALSE or NULL. There are no error messages. Lack of documentation, lack of examples.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-12-06 17:09 UTC] cmb@php.net
-Status: Open +Status: Verified -Operating System: Windows +Operating System: *
 [2021-12-06 17:09 UTC] cmb@php.net 
Indeed, openssl_dh_compute_key() does not support ECDH keys prior
to PHP 8.1.0 *and* OpenSSL 3.0.0.
 [2021-12-16 12:26 UTC] git@php.net 
Automatic comment on behalf of cmb69
Revision: https://github.com/php/doc-en/commit/4e05f1d8fd0e86d250aee7c497da640dea79be60
Log: Fix #80078: openssl_dh_compute_key unknown parameters
 [2021-12-16 12:26 UTC] git@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jul 02 18:01:34 2025 UTC