Unable to use simple saml with openssl 3
255 views
Skip to first unread message
Andrew G
Aug 26, 2022, 5:20:01 PM8/26/22
to SimpleSAMLphp
We've built our own openssl with our PHP to use version 3.0.5. Now when we try to log in with SAML we get an error:
Uncaught Error: Call to undefined function SimpleSAML\openssl_random_pseudo_bytes()
Uncaught Error: Call to undefined function SimpleSAML\openssl_random_pseudo_bytes()
If I put in a shim for that function, I then get this error:
[26-Aug-2022 20:58:12 UTC] %date{%b %d %H:%M:%S} simplesamlphp ERR [b0c7afebcf] Caused by: Error: Undefined constant "RobRichards\XMLSecLibs\OPENSSL_PKCS1_PADDING"
[26-Aug-2022 20:58:12 UTC] %date{%b %d %H:%M:%S} simplesamlphp ERR [b0c7afebcf] Backtrace:
[26-Aug-2022 20:58:12 UTC] %date{%b %d %H:%M:%S} simplesamlphp ERR [b0c7afebcf] 5 C:\Program Files (x86)\...\simplesamlphp\vendor\robrichards\xmlseclibs\src\XMLSecurityKey.php:223 (RobRichards\XMLSecLibs\XMLSecurityKey::__construct)
Would it be accurate to say SimpleSAML is only compatible with openssl 1? And thus can never be used in a FIPS environment?
[26-Aug-2022 20:58:12 UTC] %date{%b %d %H:%M:%S} simplesamlphp ERR [b0c7afebcf] Caused by: Error: Undefined constant "RobRichards\XMLSecLibs\OPENSSL_PKCS1_PADDING"
[26-Aug-2022 20:58:12 UTC] %date{%b %d %H:%M:%S} simplesamlphp ERR [b0c7afebcf] Backtrace:
[26-Aug-2022 20:58:12 UTC] %date{%b %d %H:%M:%S} simplesamlphp ERR [b0c7afebcf] 5 C:\Program Files (x86)\...\simplesamlphp\vendor\robrichards\xmlseclibs\src\XMLSecurityKey.php:223 (RobRichards\XMLSecLibs\XMLSecurityKey::__construct)
Would it be accurate to say SimpleSAML is only compatible with openssl 1? And thus can never be used in a FIPS environment?
Peter Brand
Aug 27, 2022, 12:22:58 PM8/27/22
to simple...@googlegroups.com
* Andrew G <andrew...@gmail.com> [2022-08-26 23:20]:
https://github.com/robrichards/xmlseclibs/search?q=openssl_random_pseudo_bytes
Judging from past expieriences (and commit frequency) I wouldn't
expect any xmlseclibs releases anytime soon. (You can of course help
to change this by submitting clear, tested PRs to the xmlseclibs
repo. If you depend on FIPS certification you're lilkely using this in
a regulated industry and as such should be in a position to help fund
the necessary changes.)
-peter
> We've built our own openssl with our PHP to use version 3.0.5. Now when we
> try to log in with SAML we get an error:
>
> Uncaught Error: Call to undefined function
> SimpleSAML\openssl_random_pseudo_bytes()
Seems this code is being used by a dependency of SSP, xmlseclibs:
> try to log in with SAML we get an error:
>
> Uncaught Error: Call to undefined function
> SimpleSAML\openssl_random_pseudo_bytes()
https://github.com/robrichards/xmlseclibs/search?q=openssl_random_pseudo_bytes
Judging from past expieriences (and commit frequency) I wouldn't
expect any xmlseclibs releases anytime soon. (You can of course help
to change this by submitting clear, tested PRs to the xmlseclibs
repo. If you depend on FIPS certification you're lilkely using this in
a regulated industry and as such should be in a position to help fund
the necessary changes.)
-peter
pra...@gmail.com
Aug 27, 2022, 5:13:36 PM8/27/22
to SimpleSAMLphp
What version of PHP are you running? I was under the impression that openssl 3 only works with php 8.1
The two things you referenced are functions or constants provided by php openssl extension, so I think you may need to investigate
how well that works with openssl 3.
- Patrick
Andrew G
Aug 27, 2022, 6:22:39 PM8/27/22
to SimpleSAMLphp
Correct we are using php 8.1. I'm struggling to find any information or documentation on what functions are in which dll.
Andrew G
Aug 28, 2022, 7:24:02 PM8/28/22
to SimpleSAMLphp
Hmm you may be right. It looks like the install isn't working with openssl correctly. It says curl is using openssl, and curl is working, but none of the other openssl stuff is.
Tim van Dijen
Aug 29, 2022, 4:40:00 AM8/29/22
to SimpleSAMLphp
Could be that you just have to manually enable the openssl extension within PHP?
- Tim
Op maandag 29 augustus 2022 om 01:24:02 UTC+2 schreef Andrew G:
Andrew G
Aug 29, 2022, 1:11:17 PM8/29/22
to SimpleSAMLphp
You're right. Something seems to have gone wrong with our PHP build.
Reply all
Reply to author
Forward
0 new messages