gregvish/lasso-sha256

## lasso-sha256
From 0dd4c31adb9fc4d2e400e4244665c4f523e6cbb0 Mon Sep 17 00:00:00 2001
From: Greg Vishnepolsky <greg@adallom.com>
Date: Mon, 9 Feb 2015 13:06:02 +0200
Subject: [PATCH] Added additional transforms to constraints of xml signature
 validation

---
 lasso/xml/tools.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
index 09f7da8..241b929 100644
--- a/lasso/xml/tools.c
+++ b/lasso/xml/tools.c
@@ -1252,8 +1252,10 @@ lasso_saml_constrain_dsigctxt(xmlSecDSigCtxPtr dsigCtx) {
 	if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) ||
 			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) ||
 			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha1Id) < 0) ||
+			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha256Id) < 0) ||
 			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformHmacSha1Id) < 0) ||
 			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformDsaSha1Id) < 0) ||
+			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha256Id) < 0) ||
 			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) < 0)) {

 		message(G_LOG_LEVEL_CRITICAL, "Error: failed to limit allowed signature transforms");
@@ -1262,6 +1264,7 @@ lasso_saml_constrain_dsigctxt(xmlSecDSigCtxPtr dsigCtx) {
 	if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) ||
 			(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) ||
 			(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha1Id) < 0) ||
+			(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha256Id) < 0) ||
 			(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) < 0)) {

 		message(G_LOG_LEVEL_CRITICAL, "Error: failed to limit allowed reference transforms");
--
1.9.1
	From 0dd4c31adb9fc4d2e400e4244665c4f523e6cbb0 Mon Sep 17 00:00:00 2001
	From: Greg Vishnepolsky <greg@adallom.com>
	Date: Mon, 9 Feb 2015 13:06:02 +0200
	Subject: [PATCH] Added additional transforms to constraints of xml signature
	validation

	---
	lasso/xml/tools.c \| 3 +++
	1 file changed, 3 insertions(+)

	diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
	index 09f7da8..241b929 100644
	--- a/lasso/xml/tools.c
	+++ b/lasso/xml/tools.c
	@@ -1252,8 +1252,10 @@ lasso_saml_constrain_dsigctxt(xmlSecDSigCtxPtr dsigCtx) {
	if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) \|\|
	(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) \|\|
	(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha1Id) < 0) \|\|
	+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha256Id) < 0) \|\|
	(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformHmacSha1Id) < 0) \|\|
	(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformDsaSha1Id) < 0) \|\|
	+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha256Id) < 0) \|\|
	(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) < 0)) {

	message(G_LOG_LEVEL_CRITICAL, "Error: failed to limit allowed signature transforms");
	@@ -1262,6 +1264,7 @@ lasso_saml_constrain_dsigctxt(xmlSecDSigCtxPtr dsigCtx) {
	if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) \|\|
	(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) \|\|
	(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha1Id) < 0) \|\|
	+ (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha256Id) < 0) \|\|
	(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) < 0)) {

	message(G_LOG_LEVEL_CRITICAL, "Error: failed to limit allowed reference transforms");
	--
	1.9.1