php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #80078 openssl_dh_compute_key unknown parameters
Submitted: 2020-09-08 09:12 UTC Modified: 2021-12-06 17:09 UTC
From: mfr64 at web dot de Assigned:
Status: Closed Package: OpenSSL related
PHP Version: 7.4.10 OS: *
Private report: No CVE-ID: None
View Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
7 - 6 = ?
Subscribe to this entry?

 
 [2020-09-08 09:12 UTC] mfr64 at web dot de 
Description:
------------
With PHP 7.4.10 Development Server on Windows platform (Build: C:\php-snap-build\php74\vc15\x64\obj\Release, extension=openssl enabled within php.ini) I have this problem:

openssl_dh_compute_key apparently cannot deal with elliptic curve / ECDH.

It could be I did not manage to find the trick as documentation/examples are missing how to use with ECDH rather than RSA or DH keys.

openssl_dh_compute_key($pubkey, $dh_key) is checking parameter types. If successful it does not return NULL (but FALSE). I never succeeded in getting data from openssl_dh_compute_key other than FALSE or NULL. There are no error messages.

What is wrong? Application of openssl_dh_compute_key or its implementation?


Test script:
---------------
// $dh_key
// Secret brainpoolP384r1 key has been generated with:
//     $res = openssl_pkey_new($config);
//     $err = ! openssl_pkey_export($res, $privkey, "password", $config );
//     file_put_contents($privkeyfile, $privkey)
//
// where $config = array("digest_alg" => "sha384",
//      "curve_name" => "brainpoolP384r1",
//      "private_key_type" => OPENSSL_KEYTYPE_EC,
//      "config"     => $configfile,  );
//
// For ECDH purpose following code reads it again in and provides
// $dh_key as a resource of type "OpenSSL key". This works well as
// binary private key can be obtained by this code:
//     $dh_key_det = openssl_pkey_get_details($dh_key);
//     $dh_cont = $dh_key_det["ec"]["d"];

$key = file_get_contents($privkeyfile);
$dh_key = openssl_get_privatekey($key, "password");


// $pubkey
// $cert is a certificate in PEM format.
// $pubkey is a string "-----BEGIN PUBLIC KEY----- MHow ... A4zQ== -----END PUBLIC KEY----- "

$cert = file_get_contents($certfile);
$x509 = openssl_x509_read($cert);
$pubkeyid = openssl_get_publickey($x509);
$pubkeyid_det = openssl_pkey_get_details($pubkeyid);
$pubkey = $pubkeyid_det["key"];

// Now to the problem:
$res = openssl_dh_compute_key($pubkey, $dh_key);  // returning FALSE


Expected result:
----------------
1. Confirmation that openssl_dh_compute_key can handle ECDH, incl. brainpoolP384r1 curve. If not, please add.
2. Information about how to set parameters correctly within ECDH context, be it "brainpoolP384r1" or other curve.



Actual result:
--------------
openssl_dh_compute_key returning FALSE if parameters are correct type but still wrong.
openssl_dh_compute_key returning NULL if parameters are not correct type.

I never succeeded in getting data from openssl_dh_compute_key other than FALSE or NULL. There are no error messages. Lack of documentation, lack of examples.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-12-06 17:09 UTC] cmb@php.net
-Status: Open +Status: Verified -Operating System: Windows +Operating System: *
 [2021-12-06 17:09 UTC] cmb@php.net 
Indeed, openssl_dh_compute_key() does not support ECDH keys prior
to PHP 8.1.0 *and* OpenSSL 3.0.0.
 [2021-12-16 12:26 UTC] git@php.net 
Automatic comment on behalf of cmb69
Revision: https://github.com/php/doc-en/commit/4e05f1d8fd0e86d250aee7c497da640dea79be60
Log: Fix #80078: openssl_dh_compute_key unknown parameters
 [2021-12-16 12:26 UTC] git@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Nov 03 17:00:01 2025 UTC