Package: liblasso3
Version: 2.8.0-1+b5
Severity: important
Signature in the SAML GET binding is broken by the new xmlsec version,
lasso:ERROR:tools.c:586:lasso_query_sign: assertion failed: (rsa)
Bail out! lasso:ERROR:tools.c:586:lasso_query_sign: assertion failed: (rsa)
This is because it uses the OpenSSL 3.0 API and xmlSecOpenSSLKeyDataRsaGetRsa
doesn't work anymore:
/**
* xmlSecOpenSSLKeyDataRsaGetRsa:
* @data: the pointer to RSA key data.
*
* DEPRECATED. Gets the OpenSSL RSA key from RSA key data.
*
* Returns: pointer to OpenSSL RSA key or NULL if an error occurs.
*/
RSA*
xmlSecOpenSSLKeyDataRsaGetRsa(xmlSecKeyDataPtr data) {
#ifndef XMLSEC_OPENSSL_API_300
EVP_PKEY* pKey;
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), NULL);
pKey = xmlSecOpenSSLKeyDataRsaGetEvp(data);
xmlSecAssert2((pKey == NULL) || (EVP_PKEY_base_id(pKey) == EVP_PKEY_RSA),
NULL);
return((pKey != NULL) ? EVP_PKEY_get0_RSA(pKey) : NULL);
#else /* XMLSEC_OPENSSL_API_300 */
UNREFERENCED_PARAMETER(data);
xmlSecNotImplementedError("OpenSSL 3.0 does not support direct access to
RSA key");
return(NULL);
#endif /* XMLSEC_OPENSSL_API_300 */
}
(reported upstream as https://dev.entrouvert.org/issues/71313)
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.0.0-2-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages liblasso3 depends on:
ii libc6 2.36-5
ii libglib2.0-0 2.74.1-2
ii libssl3 3.0.7-1
ii libxml2 2.9.14+dfsg-1.1+b2
hi libxmlsec1 1.2.36-2
hi libxmlsec1-openssl 1.2.36-2
ii libxslt1.1 1.1.35-1
ii zlib1g 1:1.2.13.dfsg-1
liblasso3 recommends no packages.
liblasso3 suggests no packages.
-- no debconf information
