The following functions where part of the experimental ID-WSF support
recently removed but where incorrectly included in the official ABI, so we
restore dummy versions of them (they do nothing or return NULL):
- lasso_get_prefix_for_dst_service_href
- lasso_get_prefix_for_idwsf2_dst_service_href
- lasso_register_dst_service
- lasso_register_idwsf2_dst_service
Lasso log using the GLib logging API and the Python binding install a
hook to delegate logging to a Python logger named "lasso".
During the logging call the error indicator can be set to signal an
exception. The indicator will still be set when we return from the Lasso
API call, and is not handled by the Python wrapping of the C functions.
If our function returns a non-NULL value, the Python interpreter will
raise because this situation is forbidden.
To prevent it, if we detect that an exception occurred during logging
calls, we print it to stderr, clear the error indicator and return
immediately.
The key encryption padding algorithm is now configurable, the default
being changed to OAEP. It's possible to set the default through
./configure with:
--with-default-key-encryption-method=[rsa-pkcs1|rsa-oaep]
at initialization time with an environment variable:
LASSO_DEFAULT_KEY_ENCRYPTION_METHOD=[rsa-pkcs1|rsa-oaep]
or at runtime for a service provider:
lasso_provider_set_key_encryption_method(LassoProvider *provider,
LassoKeyEncryptionMethod key_encryption_method)
The setting is global for all encrypted nodes (Assertion or NameID).
Adds a new utility function lasso_allowed_signature_method() that checks
if the signature method is allowed. Previously, the code would only
check if the method was valid.
This new function is used whenever lasso_validate_signature_method was
previously used through lasso_ok_signature_method() which wraps both
validate and allowed.
lasso_allowed_signature_method() is also used on a couple of places,
notably lasso_query_verify_helper().
Related:
https://dev.entrouvert.org/issues/54037
Adds two new configure options:
--with-default-sign-algo
--min-hash-algo
--with-default-sign-algo sets the default signing algorithm and defaults
to rsa-sha1. At the moment, two algorithms are supported: rsa-sha1 and
rsa-sha256.
--min-hash-algo sets the minimum hash algorithm to be accepted. The
default is sha1 for backwards compatibility as well.
Related:
https://dev.entrouvert.org/issues/54037
These tests use a hardcoded query and private key which makes it
unsuitable to make the tests use the configured default digest. Let's
just convert them to SHA256 unconditionally.
The switch clause was using SHA1 digests for all digest types when
signing. This obviously breaks verifying the signatures if HMAC-SHAXXX
is used and XXX is something else than 1.
CVE-2021-28091 : when AuthnResponse messages are not signed (which is
permitted by the specifiation), all assertion's signatures should be
checked, but currently after the first signed assertion is checked all
following assertions are accepted without checking their signature, and
the last one is considered the main assertion.
This patch :
* check signatures from all assertions if the message is not signed,
* refuse messages with assertion from different issuers than the one on
the message, to prevent assertion bundling event if they are signed.
The __str__ method called itself, resulting in an RecursionError.
======================================================================
ERROR: test14 (__main__.BindingTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
File "./binding_tests.py", line 336, in test14
assert isinstance(str(cm.exception), str)
File "../lasso.py", line 69, in __str__
return '<lasso.%s: %s>' % (self.__class__.__name__, self)
File "../lasso.py", line 69, in __str__
return '<lasso.%s: %s>' % (self.__class__.__name__, self)
File "../lasso.py", line 69, in __str__
return '<lasso.%s: %s>' % (self.__class__.__name__, self)
[Previous line repeated 489 more times]
File "../lasso.py", line 68, in __str__
if sys.version_info >= (3,):
RecursionError: maximum recursion depth exceeded in comparison
----------------------------------------------------------------------