lasso-sha256

From 0dd4c31adb9fc4d2e400e4244665c4f523e6cbb0 Mon Sep 17 00:00:00 2001
From: Greg Vishnepolsky <[email protected]>
Date: Mon, 9 Feb 2015 13:06:02 +0200
Subject: [PATCH] Added additional transforms to constraints of xml signature
 validation

---
 lasso/xml/tools.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
index 09f7da8..241b929 100644
--- a/lasso/xml/tools.c
+++ b/lasso/xml/tools.c
@@ -1252,8 +1252,10 @@ lasso_saml_constrain_dsigctxt(xmlSecDSigCtxPtr dsigCtx) {
 	if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) ||
 			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) ||
 			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha1Id) < 0) ||
+			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha256Id) < 0) ||
 			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformHmacSha1Id) < 0) ||
 			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformDsaSha1Id) < 0) ||
+			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha256Id) < 0) ||
 			(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) < 0)) {
 
 		message(G_LOG_LEVEL_CRITICAL, "Error: failed to limit allowed signature transforms");
@@ -1262,6 +1264,7 @@ lasso_saml_constrain_dsigctxt(xmlSecDSigCtxPtr dsigCtx) {
 	if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) ||
 			(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) ||
 			(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha1Id) < 0) ||
+			(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha256Id) < 0) ||
 			(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) < 0)) {
 
 		message(G_LOG_LEVEL_CRITICAL, "Error: failed to limit allowed reference transforms");
-- 
1.9.1