|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74700 Faulty returned values openssl_pkey_get_details
Submitted: 2017-06-06 09:53 UTC Modified: 2017-06-11 16:49 UTC
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: nothingam at protonmail dot com Assigned: bukka (profile)
Status: Not a bug Package: OpenSSL related
PHP Version: 5.6.30 OS: Debian
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: nothingam at protonmail dot com
New email:
PHP Version: OS:


 [2017-06-06 09:53 UTC] nothingam at protonmail dot com
The 'openssl_pkey_get_details' function for OPENSSL_KEYTYPE_DH typed keys seems to return faulty 'pub_key's (probably 'priv_key's too).
If the last byte is zero byte (0x00), the returned value in the $ret['dh']['pub_key'] is shorter than expected (obviously with one byte in this case).

I've successfully reproduced the problem on:
- Windows: PHP 5.5.12 (cli) (built: Apr 30 2014 11:20:58)
- Debian: PHP 5.6.30-0+deb8u1 (cli) (built: Feb  8 2017 08:50:21)

From manual page:

Test script:
$DH_DEFAULT_PRIME = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF";
for($i=0; $i < 500; $i++) {
	$details = array();
	$details['p'] = pack('H*', $DH_DEFAULT_PRIME);
	$details['g'] = pack('H*', $DH_DEFAULT_GENERATOR);
	$res = openssl_pkey_new(array("dh" => $details));
	$details = openssl_pkey_get_details($res);
	$privateKey = $details['dh']['priv_key'];
	$publicKey = $details['dh']['pub_key'];
	if (strlen($publicKey) != $details['bits']/8) {
		echo "Whooaa!";


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-06-11 16:49 UTC]
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: bukka
 [2017-06-11 16:49 UTC]
This is expected and it's what we get from BN_bin2bn. Just to correct you, it won't happen for the last byte but the first byte.
 [2017-06-12 09:01 UTC] nothingam at protonmail dot com
Thanks for the correction, i've tested it and really is the first byte missing. 
If i get it correctly, it happens because the highest bits are not always set, so the bit length of the bignum can differ from the key length. The BN_bn2bin stores the value in big endian format, hence the left most byte is the most significant one.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat Dec 03 05:05:53 2022 UTC