3

I have googled and studied openssl for several days, and have not found a solution to the problem with openssl_pkey_new in XAMPP for windows. Have tried both ver. 7.1.1 and 7.1.4. Each time i try to run this code:

echo getenv('OPENSSL_CONF')."<p>";

$config = array(
    "config" => "c:/xampp/apache/conf/openssl.cnf",
    "digest_alg" => "sha256",
    "private_key_bits" => 4096,
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
);

// Create the private and public key
$res = openssl_pkey_new($config);
echo "<br>openssl_pkey_new: <br>";
//var_dump(openssl_error_string());
while($e = openssl_error_string() ) {
    print_r($e."<br>\n");
}

// Extract the private key from $res to $privKey
openssl_pkey_export($res, $privKey);
echo "<br>openssl_pkey_export: <br>";
while($e = openssl_error_string() ) {
    print_r($e."<br>\n");
}

// Extract the public key from $res to $pubKey
$pubKey = openssl_pkey_get_details($res);
$pubKey = $pubKey["key"];
echo "<br>openssl_pkey_get_details: <br>";
while($e = openssl_error_string() ) {
    print_r($e."<br>\n");
}

I get these errors:

openssl_pkey_new:
error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
error:0E064002:configuration file routines:CONF_load:system lib
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value

openssl_pkey_export:
error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
error:0E064002:configuration file routines:CONF_load:system lib
error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
error:0E064002:configuration file routines:CONF_load:system lib

Maybe erroneous openssl.cnf or/and server.key+server.csr+server.crt and/or maybe erroneous libeay32.dll+ssleay32.dll, or all is bad? an anoying problem to be mild in my expression!!

Key generating tutorial: https://latunyj.wordpress.com/2011/10/31/generating-self-signed-certificate-in-xampp-win32-for-apache-web-server/

Comprhensive answers to the problem: What I have to do to OpenSSL extension work on my xampp (Windows)? :(

Other links: https://snippets.aktagon.com/snippets/543-how-to-fix-pem-read-bio-no-start-line-error-nginx-error http://au.php.net/manual/en/openssl.installation.php https://community.apachefriends.org/f/viewtopic.php?f=16&t=71199

Really hope someone know the answer to this problem.

Edit:

If wondering why it is annoying, is because i am using RSA-OAEP between server and client, implementing openssl and webcrypto to encrypt/decrypt AES-CBC keys. AES-CBC encrypted data is exchanged together with the encrypted keys.

My temporary workaround is generating the on server reciding RSA keypair on client and send in clear text. Ok for development, but not appopriate for production. That is the annoying part. XAMPP prior to 7.x.x didn't have AES-CBC methods. By the way XAMPP is only development.

Community
  • 1
  • 1
gerteb
  • 121
  • 1
  • 12
  • It sounds a lot like [OpenSSL and error in reading openssl.conf file](http://stackoverflow.com/q/7360602/608639). I'm not a PHP guy (I'm an OpenSSL guy), but can you check/confirm the web server can read `c:/xampp/apache/conf/openssl.cnf`? I'm thinking the filename is wrong (path or `openssl.conf`), path separators are wrong (Windows uses back slashes), or Apache does not have access to the file (`ERROR_ACCESS_DENIED`, `0x05`). – jww May 14 '17 at 03:19
  • In xampp 7.1.4 getenv('OPENSSL_CONF') points to [xamppdir]/apache/bin, thats why i hard code in $options. And yes apache has read wrights to the file. – gerteb May 14 '17 at 13:43
  • `OPENSSL_CONF` is an environmental variable and it may be wrong. Use `dir` to show the location, and use `cacls` to show the permissions. On Windows, Web Servers are supposed to run under a different, nearly unprivileged account. It would not surprise me if the file exists but the web server does not have permission for it. If that's a possibility, then use `procmon` to watch the web server's file system accesses. – jww May 14 '17 at 14:33
  • Cacls openssl.cnf says NT AUTHORITY\SYSTEM:(ID)F BUILTIN\Administrators:(ID)F BUILTIN\Users:(ID)R, and apache is running as SYSTEM. – gerteb May 14 '17 at 15:28
  • You should add the file location and cacls output to the question. There's no need to talk about RSA-OAEP since it has nothing to do with the problem. *"... Apache is running as SYSTEM"* - Epic fail. I cringe when Unix guys try to do security on Windows. They appear to be mostly clueless. – jww May 14 '17 at 16:36
  • Xampp is on my own closed development windows server. Only me and my wife has access. No reason to worry. By the way it is behind two firewalls, and i am not clueless to security. Has not changed the servise to run as www or other user, because i am a lasy guy. Ok. By the way it is beside the question. – gerteb May 15 '17 at 13:02
  • the reson i mention RSA-OAEP is that it is what i am using the keys for. Using openssl_pkey_new on xampp on 5.6.30 work, but RSA-CBC is 7.1.X only. That's the reson i mention that. – gerteb May 15 '17 at 13:14

0 Answers0