openssl_pkey_new function is not working in the PHP version above 8.2+

[Pratik2121]

Description

The following code is not working after the 8.2 version

$privkey = openssl_pkey_new(array(
      "digest_alg"=>'md5',
      "private_key_bits" => 2048,
      "private_key_type" => OPENSSL_KEYTYPE_RSA,
));
$key_details = openssl_pkey_get_details($privkey);
print_r($key_details);

PHP Version

PHP 8.3

Operating System

Windows 10

[bukka]

PHP 8.2 switched to OpenSSL 3.0 so you might need to add some extra setting to enable unsecure algorithms or change your app. It's most likely due to using md5 as digest key which you should not be using in the first place. If you really really need to use, then you might try to lower security level in your openssl.cnf. You can also try to enable legacy provider if that doesn't work like described in #12369 but don't think it's needed for md5 digest alg.

[bukka]

I set it to feedback as there is not much on our side to do but if you still feel, there's some other issue, please comment here.

[Pratik2121]

I am using OpenSSL 3.2 which is latest so I don't think this solution work

[bukka]

Have you tried to lower security level in your openssl.cnf?

[bukka]

New OpenSSL versions have higher security level so it does not allow some algorithm. In addition some old algorithms have been moved to legacy provider which must be explicitly enabled to be able to use them.

[bukka]

I assume you are not using PHP provided binaries if you are using OpenSSL 3.2, right?

[Pratik2121]

Hope the below details will help you understand the details.
I want to use minishlink/web-push package in my application in this I was receiving error at

$key = openssl_pkey_new([
'curve_name' => self::getOpensslCurveName($curve),
'private_key_type' => OPENSSL_KEYTYPE_EC,
]);

So I tested multiple things and found openssl_pkey_new function is not working properly.
Then I ran the demo code provided on the php.net site but still, it was not working then I downgraded PHP version to 8.1 then started working then again I switched back to 8.2 or 8.3 it had the same error it meant has problem in the version.
Now for more details.
I am using wampserver 3.3.2
Currently, my PHP version is 8.3
My OpenSSL version is 3.2
My cacert.pem version is updated 2023-12-12

Hope this many details are fine for you i will get solution in next comment.

[Pratik2121]

Attaching the screenshot for more clarification.

With PHP 8.3 Error

With PHP 8.1 correct

[bukka]

Ok so you are saying that it doesn't work for any algorithm, right?

If so, could you try this and post the result here:

$privkey = openssl_pkey_new(array(
      "digest_alg"=>'sha256',
      "private_key_bits" => 2048,
      "private_key_type" => OPENSSL_KEYTYPE_RSA,
));
var_dump($privkey);
while ($error = openssl_error_string()) var_dump($error);
var_dump(openssl_pkey_get_details($privkey));

[Pratik2121]

If I run your code in PHP 8.3 below error

But it works with PHP 8.1

[bukka]

It cannot find you openssl.cnf so you might need to do one of following:

• make sure that the default searched path contains the openssl.cnf (it might tell you which path is looked for by using openssl binary like in https://stackoverflow.com/questions/36618644/wampserver-warning-cant-open-config-file-openssl-cnf ).
• set the PATH explicitly using OPENSSL_CONF env variable: set OPENSSL_CONF=... (see for example https://stackoverflow.com/questions/52787456/openssl-config-failed-error02001003system-libraryfopenno-such-process-in-ap )
• pass the path to the openssl_pkey_new as $config parameter

It actually should not really need it as all needed args are defined but it might be failing because of that. I would first try to address this and see. PHP-8.1 might have different configuration potentially.

[Pratik2121]

Have you tried your PC or laptop?
Please don't give a random answer if it is a path issue how could it work in 8.1

Please provide a screenshot of the PHP 8.3 version where it is working

[bukka]

Those are not random answers but it is based on what your errors say. I'm just trying to help you to figure it out but essentially it's up to you to fix it because this is not a PHP issue but more your setup issue (we have got Windows tests that normally work and usual sdk setup works fine as well). WampServer is not a PHP project so it is their setup. You might need to ask on stack overflow or WampServer forum for help. The only thing that we can potential do is to make things easier for Windows users so I will see if I find time to try it and see if there is anything unusual in WampServer seupt but currently busy with other things so it might take some time.

[bukka]

Also if they use OpenSSL 3.2, then they most likely use unofficial build which is not provided by PHP project.

[Pratik2121]

It's okay brother if you require time my concern was if it is not working then in the next build please update and release. I am 90% sure something is missing in the library it is not about Wamp they don't build PHP they provide the environment thanks for your help and time.

[bukka]

But we don't have builds for OpenSSL 3.2 currently (PHP 8.1 is build with OpenSSL 1.1.1 and PHP 8.2 and 8.3 is build with OpenSSL 3.0). Are you sure that your are using that (you can check it by running php --ri openssl which should also show you the path where the openssl.cnf is searched for - you can check the same for your working PHP 8.1 and compare if both configs exist)?

[Pratik2121]

[liviuconcioiu]

@Pratik2121 you have a missing C:\Program Files\Common Files\SSL\openssl.cnf. I'm using PHP 8.3.2 and nginx.

With the code @bukka posted, I get this:

object(OpenSSLAsymmetricKey)#1 (0) {
}
array(4) {
  ["bits"]=>
  int(2048)
  ["key"]=>
  string(451) "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJifr0TDvskuFqiB/5bF
qvYGTH5k5ImLTD4zSwNG5aPkANLGLX3yTb1+WwIPgeSKDvAtivC+3cPLHQS5cg3V
EPKHwJewaKzAqrIjCSNALIPODtGod6zAc6Q+WxCldfCm1QyW83iTkOtT3dxdQktd
qLsTHPqCrAYigucWW4/NpqvXzbYVsX4CAe6Ixp+v/zl/gYonysCcrbR0erbGnfmR
b4+ecPs+7UH5spD3tv0xneeUfThdKyRU4YHLWkXCurmBHZufk0L7nQQ4U+lMdZ3/
8O3T3yCRtv75pPxZsE2LmT1rI2Wv8PRy/4XFzKiOF9z8qKPGxZThrXyxT6JfFoOT
dwIDAQAB
-----END PUBLIC KEY-----
"
  ["rsa"]=>
  array(8) {
    ["n"]=> string(256) "��N�W�\Ї%�*D[Vl=*����;����c������J��������ٕ+�b'u�f)��� �]� �~��� HD����rOp4.�`�����H�r� string(3) "��"
["d"]=> string(256) "Ȳ E��>ݠv��o�K�����ܷ5���r�^�=��I�O*��9K��įL!!��BRҿ���<���r�LZ򣟳I�I5'���Dl�Ir!���8M��~Lj��zR�{����ƅ��YE���o��M��w�::�� �#�*��&tF���[����ɪ������(�?s�U�(E����^H�V�CV������߬���Ү�؄�\'�����.�Ӳ�b^��'6bk%u��i�wL^ string(128) "�Տ�;ĕ�������=x�\��]z��ԩ�YpCK��9e��& z�i�=�p/@�����G%?��\}��);��,b�������V��w��)j������)3����8JCU��Kf�94�����A1����k�CS�"
["q"]=> string(128) "��x�w��������(o�K�H,n4����ߤ��~]������]\�p��UI�Z���P��y�<�T�RI��w�0�9l�DS8ʪ��oKD �`�L�{�[��+�����l�Gb����rc,G�i�U�L��Yy��)2�n�"
["dmp1"]=> string(128) "( ��7W������\��/\LV\�L�u���9���3���5��Ss-f�F��Rţ��o���h� g�R�����j�#�_�{w^P��d����w��zm(��:���B�c0�3�����U��N)�^�%��IB�z�i�" 
["dmq1"]=> string(128) "��U]�����tA?�L�<�S����������X?��9�7��i�����̭m����?�V����8���Zgd~���)��j���U����$�\��0#gC}���%�<����-H�èʨ�h�l�����}Ů�`�|u��" 
["iqmp"]=> string(128) "Z릂�������Z60��<�������+�1�Ӄ-�s@���0��TY���h����R�G�t�I��c����3WbIq�_���[� ����؁�Of���P�J6��x�;�/��,��J�&���x���I���B�G�(��[" }
["type"]=> int(0) } 

[bukka]

Yeah it looks to me like most likely missing C:\Program Files\Common Files\SSL\openssl.cnf. Please note that this is using OpenSSL 3.0 so PHP builds are used which means that with PHP 8.1, you are most likely using OpenSSL 1.1.1. It might have different configuration and potentially might search for config in different place or not requiring config (OpenSSL 3.0 requires config for other things so might be one of the reasons). Please add openssl.cnf and try again.

[bukka]

I'm going to close this. If you see any issue on PHP side (if it's still not working after openssl.cnf is present), please comment here with all the details.