There still seems to be some confusion about the "password" argument to this function. It accepts a binary string for the key (ie. NOT encoded), at least for the cipher methods I tried (AES-128-CTR and AES-256-CTR). One of the posts says you should hex encode the key (which is wrong), and some say you should hash the key but don't make it clear how to properly pass the hashed key.
Instead of the post made by anonymous, this should be more accurate info about the parameters:
data - BINARY string
method - regular string, from openssl_get_cipher_methods()
password - BINARY string (ie. the encryption key in binary)
options - integer (use the constants provided)
iv - BINARY string
This is not only from my testing, but backed up by the usage of this function by https://github.com/defuse/php-encryption