Skip to content

openssl_pkey_new function is not working in the PHP version above 8.2+ #13214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Pratik2121 opened this issue Jan 22, 2024 · 20 comments
Closed

Comments

@Pratik2121
Copy link

Pratik2121 commented Jan 22, 2024

Description

The following code is not working after the 8.2 version

$privkey = openssl_pkey_new(array(
      "digest_alg"=>'md5',
      "private_key_bits" => 2048,
      "private_key_type" => OPENSSL_KEYTYPE_RSA,
));
$key_details = openssl_pkey_get_details($privkey);
print_r($key_details);

PHP Version

PHP 8.3

Operating System

Windows 10

@Pratik2121 Pratik2121 changed the title openssl_pkey_new openssl_pkey_new function is not working in the PHP version above 8.2+ Jan 22, 2024
@bukka
Copy link
Member

bukka commented Jan 22, 2024

PHP 8.2 switched to OpenSSL 3.0 so you might need to add some extra setting to enable unsecure algorithms or change your app. It's most likely due to using md5 as digest key which you should not be using in the first place. If you really really need to use, then you might try to lower security level in your openssl.cnf. You can also try to enable legacy provider if that doesn't work like described in #12369 but don't think it's needed for md5 digest alg.

@bukka
Copy link
Member

bukka commented Jan 22, 2024

I set it to feedback as there is not much on our side to do but if you still feel, there's some other issue, please comment here.

@Pratik2121
Copy link
Author

I am using OpenSSL 3.2 which is latest so I don't think this solution work

@bukka
Copy link
Member

bukka commented Jan 22, 2024

Have you tried to lower security level in your openssl.cnf?

@bukka
Copy link
Member

bukka commented Jan 22, 2024

New OpenSSL versions have higher security level so it does not allow some algorithm. In addition some old algorithms have been moved to legacy provider which must be explicitly enabled to be able to use them.

@bukka
Copy link
Member

bukka commented Jan 22, 2024

I assume you are not using PHP provided binaries if you are using OpenSSL 3.2, right?

@Pratik2121
Copy link
Author

Hope the below details will help you understand the details.
I want to use minishlink/web-push package in my application in this I was receiving error at

$key = openssl_pkey_new([
'curve_name' => self::getOpensslCurveName($curve),
'private_key_type' => OPENSSL_KEYTYPE_EC,
]);

So I tested multiple things and found openssl_pkey_new function is not working properly.
Then I ran the demo code provided on the php.net site but still, it was not working then I downgraded PHP version to 8.1 then started working then again I switched back to 8.2 or 8.3 it had the same error it meant has problem in the version.
Now for more details.
I am using wampserver 3.3.2
Currently, my PHP version is 8.3
My OpenSSL version is 3.2
My cacert.pem version is updated 2023-12-12

Hope this many details are fine for you i will get solution in next comment.

@Pratik2121
Copy link
Author

Attaching the screenshot for more clarification.

With PHP 8.3 Error
image

With PHP 8.1 correct
image

@bukka
Copy link
Member

bukka commented Jan 22, 2024

Ok so you are saying that it doesn't work for any algorithm, right?

If so, could you try this and post the result here:

$privkey = openssl_pkey_new(array(
      "digest_alg"=>'sha256',
      "private_key_bits" => 2048,
      "private_key_type" => OPENSSL_KEYTYPE_RSA,
));
var_dump($privkey);
while ($error = openssl_error_string()) var_dump($error);
var_dump(openssl_pkey_get_details($privkey));

@Pratik2121
Copy link
Author

If I run your code in PHP 8.3 below error

image

But it works with PHP 8.1

@bukka
Copy link
Member

bukka commented Jan 22, 2024

It cannot find you openssl.cnf so you might need to do one of following:

It actually should not really need it as all needed args are defined but it might be failing because of that. I would first try to address this and see. PHP-8.1 might have different configuration potentially.

@Pratik2121
Copy link
Author

Have you tried your PC or laptop?
Please don't give a random answer if it is a path issue how could it work in 8.1

Please provide a screenshot of the PHP 8.3 version where it is working

@bukka
Copy link
Member

bukka commented Jan 22, 2024

Those are not random answers but it is based on what your errors say. I'm just trying to help you to figure it out but essentially it's up to you to fix it because this is not a PHP issue but more your setup issue (we have got Windows tests that normally work and usual sdk setup works fine as well). WampServer is not a PHP project so it is their setup. You might need to ask on stack overflow or WampServer forum for help. The only thing that we can potential do is to make things easier for Windows users so I will see if I find time to try it and see if there is anything unusual in WampServer seupt but currently busy with other things so it might take some time.

@bukka
Copy link
Member

bukka commented Jan 22, 2024

Also if they use OpenSSL 3.2, then they most likely use unofficial build which is not provided by PHP project.

@Pratik2121
Copy link
Author

It's okay brother if you require time my concern was if it is not working then in the next build please update and release. I am 90% sure something is missing in the library it is not about Wamp they don't build PHP they provide the environment thanks for your help and time.

@bukka
Copy link
Member

bukka commented Jan 22, 2024

But we don't have builds for OpenSSL 3.2 currently (PHP 8.1 is build with OpenSSL 1.1.1 and PHP 8.2 and 8.3 is build with OpenSSL 3.0). Are you sure that your are using that (you can check it by running php --ri openssl which should also show you the path where the openssl.cnf is searched for - you can check the same for your working PHP 8.1 and compare if both configs exist)?

@Pratik2121
Copy link
Author

image

@liviuconcioiu
Copy link

liviuconcioiu commented Jan 22, 2024

@Pratik2121 you have a missing C:\Program Files\Common Files\SSL\openssl.cnf. I'm using PHP 8.3.2 and nginx.

With the code @bukka posted, I get this:

object(OpenSSLAsymmetricKey)#1 (0) {
}
array(4) {
  ["bits"]=>
  int(2048)
  ["key"]=>
  string(451) "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJifr0TDvskuFqiB/5bF
qvYGTH5k5ImLTD4zSwNG5aPkANLGLX3yTb1+WwIPgeSKDvAtivC+3cPLHQS5cg3V
EPKHwJewaKzAqrIjCSNALIPODtGod6zAc6Q+WxCldfCm1QyW83iTkOtT3dxdQktd
qLsTHPqCrAYigucWW4/NpqvXzbYVsX4CAe6Ixp+v/zl/gYonysCcrbR0erbGnfmR
b4+ecPs+7UH5spD3tv0xneeUfThdKyRU4YHLWkXCurmBHZufk0L7nQQ4U+lMdZ3/
8O3T3yCRtv75pPxZsE2LmT1rI2Wv8PRy/4XFzKiOF9z8qKPGxZThrXyxT6JfFoOT
dwIDAQAB
-----END PUBLIC KEY-----
"
  ["rsa"]=>
  array(8) {
    ["n"]=> string(256) "��N�W�\Ї%�*D[Vl=*����;����c������J��������ٕ+�b'u�f)��� �]� �~��� HD����rOp4.�`�����H�r� string(3) "��"
["d"]=> string(256) "Ȳ E��>ݠv��o�K�����ܷ5���r�^�=��I�O*��9K��įL!!��BRҿ���<���r�LZ򣟳I�I5'���Dl�Ir!���8M��~Lj��zR�{����ƅ��YE���o��M��w�::�� �#�*��&tF���[����ɪ������(�?s�U�(E����^H�V�CV������߬���Ү�؄�\'�����.�Ӳ�b^��'6bk%u��i�wL^ string(128) "�Տ�;ĕ�������=x�\��]z��ԩ�YpCK��9e��& z�i�=�p/@�����G%?��\}��);��,b�������V��w��)j������)3����8JCU��Kf�94�����A1����k�CS�"
["q"]=> string(128) "��x�w��������(o�K�H,n4����ߤ��~]������]\�p��UI�Z���P��y�<�T�RI��w�0�9l�DS8ʪ��oKD �`�L�{�[��+�����l�Gb����rc,G�i�U�L��Yy��)2�n�"
["dmp1"]=> string(128) "( ��7W������\��/\LV\�L�u���9���3���5��Ss-f�F��Rţ��o���h� g�R�����j�#�_�{w^P��d����w��zm(��:���B�c0�3�����U��N)�^�%��IB�z�i�" 
["dmq1"]=> string(128) "��U]�����tA?�L�<�S����������X?��9�7��i�����̭m����?�V����8���Zgd~���)��j���U����$�\��0#gC}���%�<����-H�èʨ�h�l�����}Ů�`�|u��" 
["iqmp"]=> string(128) "Z릂�������Z60��<�������+�1�Ӄ-�s@���0��TY���h����R�G�t�I��c����3WbIq�_���[� ����؁�Of���P�J6��x�;�/��,��J�&���x���I���B�G�(��[" }
["type"]=> int(0) } 

@bukka
Copy link
Member

bukka commented Jan 22, 2024

Yeah it looks to me like most likely missing C:\Program Files\Common Files\SSL\openssl.cnf. Please note that this is using OpenSSL 3.0 so PHP builds are used which means that with PHP 8.1, you are most likely using OpenSSL 1.1.1. It might have different configuration and potentially might search for config in different place or not requiring config (OpenSSL 3.0 requires config for other things so might be one of the reasons). Please add openssl.cnf and try again.

@bukka
Copy link
Member

bukka commented Feb 3, 2024

I'm going to close this. If you see any issue on PHP side (if it's still not working after openssl.cnf is present), please comment here with all the details.

@bukka bukka closed this as completed Feb 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants