Commit Graph

5731 Commits

Author SHA1 Message Date
Benjamin Dauvergne 614cf17d99 Release 2.8.1
gitea/lasso/pipeline/head This commit looks good Details
-·Major·overhaul·of·OpenSSL·API·usage·by·using·only·the·EVP·API·as·the·low¶
··level·API·(RSA*,·HMAC*)·is·deprecated.¶
-·Fix·wrong·parsing·of·Count·attribute·on·saml:ProxyRestriction,·thanks·to¶
··Maxime·Besson·from·Worteks.¶
-·Perl:·pass·LDFLAGS·to·Makefile.PL¶
-·Replace·use·of·deprecated·xmlSecBase64Decode·by·xmlSecBase64Decode_ex¶
-·Fix·overwrite·of·profile.signature_status·in·lasso_saml20_login_process_response_status_and_assertion¶
-·Fix·lot·of·GCC·warnings¶
2023-02-28 16:02:18 +01:00
Agate 089a2a0003 Prepare Jenkinsfile for Gitea migration (#74572)
gitea/lasso/pipeline/head There was a failure building this commit Details
2023-02-20 15:09:38 +01:00
Frédéric Péters 8d43785224 debian: introduce autopkgtests (#74360) 2023-02-09 11:12:21 +01:00
Frédéric Péters 8d48a76802 ci: only build package for bullseye (#72729) 2022-12-22 17:21:27 +01:00
Benjamin Dauvergne 16148102e5 In lasso_saml20_login_process_response_status_and_assertion does not overwirte signature_status with rc which is always at 0 (#54689)
We are losing information in this case, like if the response was not
signed.
2022-11-23 09:40:28 +01:00
Jakub Hrozek 2d78634827 In lasso_saml20_login_process_response_status_and_assertion remove dead switch (#54689)
In case VERIFY_HINT was set to IGNORE and the login signature was
incorrect, lasso_saml20_login_process_response_status_and_assertion
would have jumped straight to the cleanup label which just returns the
return code.

Related: https://dev.entrouvert.org/issues/54689
License: MIT
2022-11-23 09:40:28 +01:00
Benjamin Dauvergne d10c0f6693 Fix unused parameters warnings (#71400) 2022-11-21 13:28:10 +01:00
Benjamin Dauvergne 72b778e47e Fix all cast-function-type warnings (#71400) 2022-11-21 13:28:08 +01:00
Benjamin Dauvergne 69b1ea1c2f Fix warning about enum conversion (#71400) 2022-11-21 13:28:06 +01:00
Benjamin Dauvergne 99fe56bec4 Fix all warnings in tests (#71400) 2022-11-21 13:28:02 +01:00
Benjamin Dauvergne 0c4d3014a4 Fix use of wrong enumeration NULL value (#71400)
It produced a cast warning.
2022-11-21 13:27:53 +01:00
Benjamin Dauvergne 6389b2ca48 Fix warnings about type casts (#71400) 2022-11-21 13:27:47 +01:00
Benjamin Dauvergne 8a588a8acb Replace all use of xmlSecBase64Decode by lasso_base64_decode (#71399) 2022-11-21 13:27:15 +01:00
Benjamin Dauvergne 1aa6271f93 Adapt lasso_base64_decode to the deprecation of xmlSecBase64Decode (#71399)
We now use the non-deprecated new API (since xmlsec 1.2.35) xmlSecBase64Decode_ex.
2022-11-21 13:27:15 +01:00
Benjamin Dauvergne b263815fa4 Add new define LASSO_XMLSEC_VERSION_NUMBER allow version check on libxmlsec (#71399) 2022-11-21 13:27:15 +01:00
Benjamin Dauvergne 228ac9470f Make lasso_inflate output the inflated buffer size (#71399) 2022-11-21 13:27:12 +01:00
Benjamin Dauvergne 66ebd11166 Use OpenSSL EVP API to work around deprecation of low level APIs in OpenSSL 3 (#71313)
OpenSSL API is used to sign query-string values in the SAML 2.0 Redirect binding.
Other binding only need the libxmlsec API as signature are XML DSIG signatures.
2022-11-21 13:22:04 +01:00
Benjamin Dauvergne 0705940804 Prevent loading of default cert file during tests (#71396) 2022-11-21 12:28:18 +01:00
Frédéric Péters d4488c2f72 debian: sync with upstream packaging changes 2022-11-20 16:34:53 +01:00
Frédéric Péters e4f50c8b25 perl: pass $(LDFLAGS) to Makefile.PL (#71393)
LDFLAGS is set during the Debian build to pass hardening flags and
we want them to be applied to the perl module.
2022-11-20 12:24:51 +01:00
Benjamin Dauvergne 3a7ad3610f Fix parsing of Count attribute of saml:ProxyRestriction (#69673) 2022-09-28 18:18:36 +02:00
Benjamin Dauvergne f83d02f314 Revert "Use the AM_PATH_PYTHON macro instead of custom macros"
This reverts commit 23d91efac3.
2022-04-27 14:54:06 +02:00
Benjamin Dauvergne 23d91efac3 Use the AM_PATH_PYTHON macro instead of custom macros 2022-04-27 10:44:57 +02:00
Benjamin Dauvergne 7aa6144689 website: update for 2.8.0 2022-03-15 15:33:51 +01:00
Benjamin Dauvergne 6e1306c0f8 Release 2.8.0 2022-03-15 13:11:23 +01:00
Frédéric Péters ade1436675 debian: sync bullseye packaging with upstream debian.org (#62756) 2022-03-14 21:33:12 +01:00
Frédéric Péters 904361430f jenkins: add bullseye to packaging targets 2022-02-28 15:37:52 +01:00
Frédéric Péters d4259f0517 debian: sync bullseye packaging with upstream debian.org (#58788) 2021-11-20 10:20:20 +01:00
Frédéric Péters 71d4bf9c08 debian: init debian-bullseye as a copy of debian buster (#58788) 2021-11-20 10:20:20 +01:00
Benjamin Dauvergne a28fb8c8e1 Does not decref boolean constants (#57268)
TRUE/FALSE are special references in CPython bindings whose reference
count must never be updated.
2021-09-28 10:23:10 +02:00
Benjamin Dauvergne d80357e226 Keep ABI stability (#56883)
The following functions where part of the experimental ID-WSF support
recently removed but where incorrectly included in the official ABI, so we
restore dummy versions of them (they do nothing or return NULL):
- lasso_get_prefix_for_dst_service_href
- lasso_get_prefix_for_idwsf2_dst_service_href
- lasso_register_dst_service
- lasso_register_idwsf2_dst_service
2021-09-13 12:13:11 +02:00
Benjamin Dauvergne aab962cb69 debian: update liblasso3.symbols 2021-09-11 22:19:15 +02:00
Benjamin Dauvergne 23035115a3 Clear Python error indicator after logging (#56572)
Lasso log using the GLib logging API and the Python binding install a
hook to delegate logging to a Python logger named "lasso".

During the logging call the error indicator can be set to signal an
exception. The indicator will still be set when we return from the Lasso
API call, and is not handled by the Python wrapping of the C functions.
If our function returns a non-NULL value, the Python interpreter will
raise because this situation is forbidden.

To prevent it, if we detect that an exception occurred during logging
calls, we print it to stderr, clear the error indicator and return
immediately.
2021-09-11 19:20:25 +02:00
Benjamin Dauvergne 53b0bd3569 Change default key encryption padding algorithm to RSA-OAEP (#56023)
The key encryption padding algorithm is now configurable, the default
being changed to OAEP. It's possible to set the default through
./configure with:

    --with-default-key-encryption-method=[rsa-pkcs1|rsa-oaep]

at initialization time with an environment variable:

    LASSO_DEFAULT_KEY_ENCRYPTION_METHOD=[rsa-pkcs1|rsa-oaep]

or at runtime for a service provider:

    lasso_provider_set_key_encryption_method(LassoProvider *provider,
        LassoKeyEncryptionMethod key_encryption_method)

The setting is global for all encrypted nodes (Assertion or NameID).
2021-09-11 19:20:04 +02:00
Benjamin Dauvergne 1e718bd3aa Python: fix formatting (#56023) 2021-09-11 19:19:59 +02:00
Benjamin Dauvergne 906edf5599 Remove win32 directory (#56645)
It's obsolete.
2021-09-11 19:07:50 +02:00
Benjamin Dauvergne 4a880977d1 Remove ID-WSF 1.0, 2.0 and WS-* support (#56644)
It has been deprecated for a long time.
2021-09-11 18:54:41 +02:00
Benjamin Dauvergne d4ccf15902 Fix warning about int conversion
saml2_authn_context.c:77:3: warning: initialization of ‘unsigned int’ from ‘void *’
    makes integer from pointer without a cast [-Wint-conversion]
2021-09-03 10:14:24 +02:00
Benjamin Dauvergne 663c094ec7 Prevent multiple OneTimeUse elements (#52961)
"A SAML authority MUST NOT include more than one <OneTimeUse> element within a
<Conditions>element of an assertion"
2021-07-16 14:36:32 +02:00
Benjamin Dauvergne 149de8cd0b python: clear warnings about PY_SSIZE_T_CLEAN (#55561)
Using the python3 bindings on recent python3 >=3.8 versions shows:

   DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats

https://docs.python.org/3.9/whatsnew/changelog.html?highlight=py_ssize_t_clean#id193
2021-07-13 13:21:13 +02:00
Benjamin Dauvergne b6321b4db2 python: clear warnings about assertX methods (#55561) 2021-07-13 13:20:47 +02:00
Jakub Hrozek 1b0000e016 test13_test_lasso_server_load_metadata: Don't verify signature if lasso is not configured with sha-1 (#54037) 2021-06-24 02:15:27 +02:00
Jakub Hrozek f70eee9ef7 python: Skip the DSA key test unless SHA-1 is configured (#54037)
lasso supports DSA-XXX only with SHA-1. The alternative is to use
DSA-SHA256.
2021-06-24 02:15:23 +02:00
Jakub Hrozek f9a3aca0cb Check if the signature method is allowed in addition to being valid (#54037)
Adds a new utility function lasso_allowed_signature_method() that checks
if the signature method is allowed. Previously, the code would only
check if the method was valid.

This new function is used whenever lasso_validate_signature_method was
previously used through lasso_ok_signature_method() which wraps both
validate and allowed.

lasso_allowed_signature_method() is also used on a couple of places,
notably lasso_query_verify_helper().

Related:
https://dev.entrouvert.org/issues/54037
2021-06-24 02:15:17 +02:00
Jakub Hrozek 0d34c97be1 Mass-replace LASSO_SIGNATURE_METHOD_RSA_SHA1 with lasso_get_default_signature_method() (#54037)
This should be backwards-compatible but at the same time use the
selected default instead of RSA-SHA1.

Related:
https://dev.entrouvert.org/issues/54037
2021-06-23 23:32:33 +02:00
Jakub Hrozek f095ac8f57 Make the default signature method and the minimal hash strength configurable (#54037)
Adds two new configure options:
    --with-default-sign-algo
    --min-hash-algo

--with-default-sign-algo sets the default signing algorithm and defaults
to rsa-sha1. At the moment, two algorithms are supported: rsa-sha1 and
rsa-sha256.

--min-hash-algo sets the minimum hash algorithm to be accepted. The
default is sha1 for backwards compatibility as well.

Related:
https://dev.entrouvert.org/issues/54037
2021-06-23 23:32:29 +02:00
Jakub Hrozek f625eaa007 tests: Move test08_lasso_key and test07_saml2_query_verify_signature to SHA256 (#54037)
These tests use a hardcoded query and private key which makes it
unsuitable to make the tests use the configured default digest. Let's
just convert them to SHA256 unconditionally.
2021-06-23 23:32:26 +02:00
Jakub Hrozek 8b8fd22a16 Fix lasso_query_sign HMAC other than SHA1 (#54037)
The switch clause was using SHA1 digests for all digest types when
signing. This obviously breaks verifying the signatures if HMAC-SHAXXX
is used and XXX is something else than 1.
2021-06-23 23:32:12 +02:00
Benjamin Dauvergne 076a37d7f0 Release 2.7.0 2021-06-01 11:56:05 +02:00
Benjamin Dauvergne ea7e5efe97 Fix signature checking on unsigned response with multiple assertions
CVE-2021-28091 : when AuthnResponse messages are not signed (which is
permitted by the specifiation), all assertion's signatures should be
checked, but currently after the first signed assertion is checked all
following assertions are accepted without checking their signature, and
the last one is considered the main assertion.

This patch :
* check signatures from all assertions if the message is not signed,
* refuse messages with assertion from different issuers than the one on
  the message, to prevent assertion bundling event if they are signed.
2021-06-01 11:50:53 +02:00