xmlseclibs: openssl_verify() failure with PHP 8.1 (works with 7.4)

This one is driving me nuts. I have a SAML exchange that uses an encrypted and signed assertion in the response.

Under PHP 7.4 everything works great, the call to openssl_verify($data, $signature, $this->key, $algo); in verifyOpenSSL works perfectly and returns 1

Under PHP 8.1 everything fails, with exactly the same data being passed with the error.

error:02000068:rsa routines::bad signature
error:1C880004:Provider routines::RSA lib

The key is their public cert (this is a SAML response), the signature is sha256

Any tips appreciated, especially as to why the same code works with 7.4 and not 8.1

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 15 (5 by maintainers)

Most upvoted comments

Looking at the release log, lots of DOM fixes in 8.1.21, looks like it may have been introduced with this version.

Fix DOMElement::append() and DOMElement::prepend() hierarchy checks.

+1
yphoenix on Jul 28, 2023

FYI tracked it down to insertBefore() - https://github.com/SAML-Toolkits/php-saml/issues/562

+1
yphoenix on Jul 27, 2023

Thanks. Tracked down to: Utils::treeCopyReplace($encryptedAssertion, $decrypted); in OneLogin’s Library. Closing this and moving over there.

+1
yphoenix on Jul 27, 2023

Pinned it down, not an openssl error, wrong value is being passed as the data, will work out whether it is a xmlseclibs or a onelogin saml issue.

+1
yphoenix on Jul 27, 2023
Read more comments on GitHub
← rosbridge_suite: rosbridge_websocket fails to process incoming messages after the first time
IdGen: Debugging InvalidSystemClockExceptions →