|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #80078 openssl_dh_compute_key unknown parameters
Submitted: 2020-09-08 09:12 UTC Modified: -
From: mfr64 at web dot de Assigned:
Status: Open Package: OpenSSL related
PHP Version: 7.4.10 OS: Windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: mfr64 at web dot de
New email:
PHP Version: OS:


 [2020-09-08 09:12 UTC] mfr64 at web dot de
With PHP 7.4.10 Development Server on Windows platform (Build: C:\php-snap-build\php74\vc15\x64\obj\Release, extension=openssl enabled within php.ini) I have this problem:

openssl_dh_compute_key apparently cannot deal with elliptic curve / ECDH.

It could be I did not manage to find the trick as documentation/examples are missing how to use with ECDH rather than RSA or DH keys.

openssl_dh_compute_key($pubkey, $dh_key) is checking parameter types. If successful it does not return NULL (but FALSE). I never succeeded in getting data from openssl_dh_compute_key other than FALSE or NULL. There are no error messages.

What is wrong? Application of openssl_dh_compute_key or its implementation?

Test script:
// $dh_key
// Secret brainpoolP384r1 key has been generated with:
//     $res = openssl_pkey_new($config);
//     $err = ! openssl_pkey_export($res, $privkey, "password", $config );
//     file_put_contents($privkeyfile, $privkey)
// where $config = array("digest_alg" => "sha384",
//      "curve_name" => "brainpoolP384r1",
//      "private_key_type" => OPENSSL_KEYTYPE_EC,
//      "config"     => $configfile,  );
// For ECDH purpose following code reads it again in and provides
// $dh_key as a resource of type "OpenSSL key". This works well as
// binary private key can be obtained by this code:
//     $dh_key_det = openssl_pkey_get_details($dh_key);
//     $dh_cont = $dh_key_det["ec"]["d"];

$key = file_get_contents($privkeyfile);
$dh_key = openssl_get_privatekey($key, "password");

// $pubkey
// $cert is a certificate in PEM format.
// $pubkey is a string "-----BEGIN PUBLIC KEY----- MHow ... A4zQ== -----END PUBLIC KEY----- "

$cert = file_get_contents($certfile);
$x509 = openssl_x509_read($cert);
$pubkeyid = openssl_get_publickey($x509);
$pubkeyid_det = openssl_pkey_get_details($pubkeyid);
$pubkey = $pubkeyid_det["key"];

// Now to the problem:
$res = openssl_dh_compute_key($pubkey, $dh_key);  // returning FALSE

Expected result:
1. Confirmation that openssl_dh_compute_key can handle ECDH, incl. brainpoolP384r1 curve. If not, please add.
2. Information about how to set parameters correctly within ECDH context, be it "brainpoolP384r1" or other curve.

Actual result:
openssl_dh_compute_key returning FALSE if parameters are correct type but still wrong.
openssl_dh_compute_key returning NULL if parameters are not correct type.

I never succeeded in getting data from openssl_dh_compute_key other than FALSE or NULL. There are no error messages. Lack of documentation, lack of examples.


Add a Patch

Pull Requests

Add a Pull Request

PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Sep 23 03:03:37 2021 UTC