Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#10609 - fix decryption XML replacement for PHP 8.x #563

Closed
wants to merge 1 commit into from
Closed

#10609 - fix decryption XML replacement for PHP 8.x #563

wants to merge 1 commit into from

Conversation

yphoenix
Copy link

Fixes the issue uncovered with PHP 8.1 when merging a decrypted XML segment into its parent.

#562

@pitbulk
Copy link
Contributor

pitbulk commented Sep 22, 2023

Hi @yphoenix can you add to the PR the test case you described on the issue you shared?
I want to make sure to cover it.

Also I plan to review the issue recently described robrichards/xmlseclibs#257

Also it seems the test failed for PHP8.1 and PHP8.2

In one test case for example, disg namespace is defined in the EncryptedData element and in the other not

<saml:EncryptedID><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>
<saml:EncryptedID><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>

@pitbulk
Copy link
Contributor

pitbulk commented Sep 22, 2023

It seems not related with your PR
https://github.com/SAML-Toolkits/php-saml/actions/runs/6268932337/job/17024640991

In an environment with OpenSSL 1.1.1f and PHP 8.1.18 test past

Your test from Aug 11 failed using 8.1.21 and based on the image used, OpenSSL 3.0.2-0ubuntu1.10

@pitbulk
Copy link
Contributor

pitbulk commented Sep 22, 2023

This test with openssl 3.X and PHP 8.0.30 past, but with 8.1.23 and 8.2.10 fails

macos with OpenSSL 1.1.1w and 8.0.30 worked but with PHP 8.1.23

I though it was openssl, but the issue seems related to PHP, checking the changelog there were a lot of recent changes on DOM class

I will need more time to identity what exact PHP version introduces the change that makes the test to fail.

@yphoenix
Copy link
Author

I'll see if I can come up with a unit test for the decoding of the encrypted assertion. I may not be able to get to it immediately.

@yphoenix
Copy link
Author

Looks like it will be fixed in the next release of PHP 8.x, in which case this PR will no-longer be needed.

@ghost ghost closed this by deleting the head repository Jan 3, 2024
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants