[ saw the upload on d-d-c ]
Am Tue, Nov 15, 2022 at 12:56:17PM +0100 schrieb Frederic Peters:
> Signature in the SAML GET binding is broken by the new xmlsec version,
>
> lasso:ERROR:tools.c:586:lasso_query_sign: assertion failed: (rsa)
> Bail out! lasso:ERROR:tools.c:586:lasso_query_sign: assertion failed: (rsa)
>
> This is because it uses the OpenSSL 3.0 API and xmlSecOpenSSLKeyDataRsaGetRsa
> doesn't work anymore:
Oops, sorry, Test-built it and it built fine... but..
> /**
> * xmlSecOpenSSLKeyDataRsaGetRsa:
> * @data: the pointer to RSA key data.
> *
> * DEPRECATED. Gets the OpenSSL RSA key from RSA key data.
> *
> * Returns: pointer to OpenSSL RSA key or NULL if an error occurs.
> */
> RSA*
> xmlSecOpenSSLKeyDataRsaGetRsa(xmlSecKeyDataPtr data) {
> #ifndef XMLSEC_OPENSSL_API_300
> EVP_PKEY* pKey;
>
> xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId),
> NULL);
>
> pKey = xmlSecOpenSSLKeyDataRsaGetEvp(data);
> xmlSecAssert2((pKey == NULL) || (EVP_PKEY_base_id(pKey) == EVP_PKEY_RSA),
> NULL);
>
> return((pKey != NULL) ? EVP_PKEY_get0_RSA(pKey) : NULL);
> #else /* XMLSEC_OPENSSL_API_300 */
> UNREFERENCED_PARAMETER(data);
> xmlSecNotImplementedError("OpenSSL 3.0 does not support direct access to
> RSA key");
> return(NULL);
> #endif /* XMLSEC_OPENSSL_API_300 */
> }
OK, I see and
#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
#define XMLSEC_OPENSSL_API_300
makes it define that when building against openssl3.
Regards,
Rene
