entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

xmlsec: use XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH when writing encrypted keys (#85339) 

For compatibility with libxmlsec1>=1.3.0, as we do not use KeyName to
reference the wrapping key:

  (API breaking change) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode, set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.
This commit is contained in:
Benjamin Dauvergne 2024-01-24 18:52:21 +01:00
parent f29d8e033b
commit 38d9291fd2
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lasso/xml/xml.c
View File

@ -620,6 +620,10 @@ lasso_node_encrypt(LassoNode *lasso_node, xmlSecKey *encryption_public_key,
goto cleanup;
}
#if LASSO_XMLSEC_VERSION_NUMBER >= 0x010300
enc_ctx->keyInfoWriteCtx.flags |= XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH;
#endif
/* generate a symetric key */
switch (encryption_sym_key_type) {
case LASSO_ENCRYPTION_SYM_KEY_TYPE_AES_256: