XMLTooling - C++
- Defaults to RSA-SHA1 as signing algorithmCPPXT-162Resolved issue: CPPXT-162Scott Cantor
- CurlInputStream should handle reallocation failuresCPPXT-161Resolved issue: CPPXT-161Scott Cantor
- Add pipe character to list of unsafe/encoded template charsCPPXT-160Resolved issue: CPPXT-160Scott Cantor
- Memory leak in version 3.2.4CPPXT-159Resolved issue: CPPXT-159Scott Cantor
- Build fails with clang-16CPPXT-158Resolved issue: CPPXT-158Scott Cantor
- ETag not being stored off when HTTP/2 used for metadataCPPXT-156Resolved issue: CPPXT-156Scott Cantor
- Block CipherReference in Decrypter classCPPXT-155Resolved issue: CPPXT-155Scott Cantor
- Log which encryption key was used when decrypting assertionCPPXT-154Resolved issue: CPPXT-154Scott Cantor
- test.pfx uses obsolete encryption algorithm, thus xmltoolingtest fails under OpenSSL 3CPPXT-153Resolved issue: CPPXT-153Scott Cantor
- PThread sleep method is recursiveCPPXT-152Resolved issue: CPPXT-152Scott Cantor
- Wiki migration broke some SecurityHelperTest testsCPPXT-151Resolved issue: CPPXT-151Scott Cantor
- Address BOOST_BIND_GLOBAL_PLACEHOLDERS issueCPPXT-150Scott Cantor
- Build work, but the test failsCPPXT-149Scott Cantor
- OpenSSL 3.0 compatibilityCPPXT-148Resolved issue: CPPXT-148Scott Cantor
- .bak files in the distribution tarballCPPXT-146Scott Cantor
- DataSealer is sharing non-thread safe keysCPPXT-145Resolved issue: CPPXT-145Scott Cantor
- Crash due to uncaught DOMExceptionCPPXT-143Resolved issue: CPPXT-143Scott Cantor
- CURL SOAP Transport: unset Expect HeaderCPPXT-144Resolved issue: CPPXT-144Scott Cantor
- Fails to build with g++ 8.2CPPXT-141Resolved issue: CPPXT-141Scott Cantor
- KeyInfo parser cannot handle <any>CPPXT-140Resolved issue: CPPXT-140Scott Cantor
- DataSealer needs to catch both Santuario exception typesCPPXT-139Resolved issue: CPPXT-139Scott Cantor
- xmltooling does not build with OpenSSL-1.1.1CPPXT-138Resolved issue: CPPXT-138Rod Widdowson
- OpenSSL 1.1.1 workCPPXT-137Resolved issue: CPPXT-137Scott Cantor
- Likely issues with empty element content in KeyInfo handling codeCPPXT-136Resolved issue: CPPXT-136Scott Cantor
- Lite half of library has unintentional zlib dependencyCPPXT-135Resolved issue: CPPXT-135Scott Cantor
- Reloadable configuration deleting backing file on a 304CPPXT-134Resolved issue: CPPXT-134Scott Cantor
- Eliminate uses of getTextContent in DOM helpersCPPXT-133Resolved issue: CPPXT-133Scott Cantor
- Slow down dependent on curl versionCPPXT-132Resolved issue: CPPXT-132Scott Cantor
- auto_ptr cleanupCPPXT-130Resolved issue: CPPXT-130Scott Cantor
- Additional nodes can be added to XML without breaking signatureCPPXT-128Resolved issue: CPPXT-128Scott Cantor
- DTD-defined entities can be added to XML without breaking signatureCPPXT-127Resolved issue: CPPXT-127Scott Cantor
- TODO and cleanup tasks for V3CPPXT-126Resolved issue: CPPXT-126Rod Widdowson
- Consider making AbractPKIXTrustEngine::checkEntityNames virtualCPPXT-125Resolved issue: CPPXT-125Scott Cantor
- Regression caused by CPPXT-116CPPXT-124Resolved issue: CPPXT-124Scott Cantor
- Updates and next releases of Xerces and SantuarioCPPXT-123Resolved issue: CPPXT-123Scott Cantor
- Replace DateTime class with Xerces versionCPPXT-122Resolved issue: CPPXT-122Scott Cantor
- Add -Wstrict-overflow=5 to gcc buildCPPXT-121Resolved issue: CPPXT-121Scott Cantor
- Set disallow-doctype property on DOMLSParserCPPXT-120Resolved issue: CPPXT-120Scott Cantor
- Explore possibility of a Xerces 3.2 releaseCPPXT-119Resolved issue: CPPXT-119Scott Cantor
- Address any deprecated CURL optionsCPPXT-118Resolved issue: CPPXT-118Scott Cantor
- Conflict between libxerces-c-devel and xerces-c-devel not handledCPPXT-117Resolved issue: CPPXT-117Scott Cantor
- Apache 2.4 / Shibboleth DeadlockCPPXT-116Resolved issue: CPPXT-116Scott Cantor
- ExplicitKeyTrustEngine doesn't handle EC in the OpenSSL caseCPPXT-114Resolved issue: CPPXT-114Scott Cantor
- Add ability to flush SOAP connection poolCPPXT-113Resolved issue: CPPXT-113Scott Cantor
- Build flags leak into pkg-config filesCPPXT-111Resolved issue: CPPXT-111Scott Cantor
- OpenSSL 1.1 compatibilityCPPXT-110Resolved issue: CPPXT-110Scott Cantor
- XSECCryptoX509CRL::loadX509CRLPEM() can read past unterminated bufferCPPXT-109Resolved issue: CPPXT-109Scott Cantor
- Potential nullpointer dereference in InlineCredential::getKeyInfoCPPXT-108Resolved issue: CPPXT-108Scott Cantor
- Issues compiling with Boost and VC15CPPXT-107Resolved issue: CPPXT-107Scott Cantor
- Move Windows build up to latest compilersCPPXT-106Resolved issue: CPPXT-106Rod Widdowson
50 of 142
Defaults to RSA-SHA1 as signing algorithm
Fixed
Basics
Logistics
Basics
Logistics
Description
Environment
None
Created August 19, 2024 at 9:50 PM
Updated October 16, 2024 at 4:47 PM
Resolved September 9, 2024 at 5:14 PM
Activity
Scott Cantor September 9, 2024 at 4:37 PM(edited)
Scott Cantor
September 9, 2024 at 4:37 PM
(edited)
I’m not that shocked, but the obvious fix didn’t change the algorithm in testing.
ETA: Ugh, Windows no longer detects when shibd binds to a port when shibd is already running. Lovely. The obvious fix did in fact work.
Scott Cantor August 20, 2024 at 12:07 PM
Scott Cantor
August 20, 2024 at 12:07 PM
For my purposes later, the bug I spotted that I assume is the cause is in the XMLSignatureImpl class in xmltooling, one of the two marshallers doesn’t have the SHA-2 conditional.
I assume the code base must just end up calling that one instead of the Document-based one that does have it.
Scott Cantor August 19, 2024 at 11:49 PM(edited)
Scott Cantor
August 19, 2024 at 11:49 PM
(edited)
No, that’s what I expected. Also why it’s gone unnoticed, signing is rare and post is relatively rare.
Paul B. Henson August 19, 2024 at 10:24 PM
Paul B. Henson
August 19, 2024 at 10:24 PM
I was testing signed authn requests with the POST binding, it looked like this with no explicit sp config and no algorithm list in the idm metadata:
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_97d29e8f685e11b9cf62e8dd225f2815">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>mBMUj/mrrsbu/Oyud8ZexLAlF6XefjTPAwwszNNvZ7M=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>Interestingly, the exact same config but using the redirect binding does use RSA-SHA256 by default:
SAMLRequest: fZLRTsIwFIZfZek9tNskjIYtQbiQBHVh0wtvTLcdXJOunT0d6Ns7GCrGhNv29PvP/6VzFI1q+aJztd7CewfovI9GaeSni5h0VnMjUCLXogHkruTZ4n7DgzHjrTXOlEYRb4EI1kmjl0Zj14DNwO5lCU/bTUxq51rklGI7qmA/bov6ICyMS9PQrJZFYRS4eoxo6JEc0PQxy4m36leRWhyhvwhZ/Wf0Z7TfZCcVnAFbqKSF0tEseyTeehWT1zCczoIJMFaxSrAyLMNiMvWL2XQi2I5FUT+G2MFaoxPaxSRgwc2IRSN/lgcB9yM+CV6Il54L30pdSf123U4xDCG/y/N0NJR6BounQv0ASeZHx/wUbC+sX8eKb9UkuSIWf8TO6UXKENnyhx67XqVGyfLTWyhlDksLwkFMfEKT4cnfX5F8AQ==
RelayState: cookie:1724105932_9936
SigAlg: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
Signature: oIyeSIvLKVyfNcmiE2LnxQbe75HMSbXY3SxY4Mz21ALs8A+c6FWI4R/klJ2+a7b555uqE4YR3ulkVJOHghunZx3Bew2sF1poiqkx36HA69gut3jbM2h/Ouix8xWkH3LM9NmMpQM03oBe3zHBJWlftPd4hxJdCP9At/BGflIXvM9RAjhjxRVbDOKNxao+rQEsjlDZfc0/NgnjlMnYRYKiwtFgm71c7Ap8LcjgY100A7VLSJjT1mJka0KVDolv+xc780lU8vKUk0dXuvfcUrMO+zKPYTJFHBwcv6/gimLta4lGkrG+AztUQJPnzOMtyPCaPVS22hJ69QJJXmluoclfXrO6lmitVIeQ7S4uGqqpLkLdi09D1rubKjgiklFVgkiReeseS1H65UNgnvkqb0KtVWpDSho+WHROZSrb6yx0Y+2ikiEHhUD0w6GEaWd/aa4nVCoXuAR9O1qCui9t6PI81ngRY1Wb6Rhv12smUVu1QXOHV29INrs822HeOWQ84dpZWhich seems the opposite of what you were thinking but <shrug>?
Scott Cantor August 19, 2024 at 9:54 PM
Scott Cantor
August 19, 2024 at 9:54 PM
Did you notice if this is XML signing only or also redirects? I looked and I think the latter should definitely be SHA1.
The documentation for ApplicationsDefaults (https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2063695997/ApplicationDefaults) indicates the default signing/digest algorithms are RSA-SHA256 and SHA256, but the documentation for RelyingParty (https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065334363/RelyingParty) indicates the default signing/digest algorithms are RSA-SHA1 and SHA1.
Empirically, for an SP not specifying either attribute working with an
idp without the algsupport extension in its metadata, it appears to use
RSA-SHA1 as the signature algorithm and SHA256 for the digest algorithm.
Given SHA1 is deprecated, ideally the SP signing algorithm default can be updated to RSA-SHA256 and the RelyingParty documentation fixed.
Per the mailing list (http://shibboleth.net/pipermail/users/2024-August/055340.html) this might be an issue in a library.