external/libxmlsec/UnpackedTarball_xmlsec.mk | 2 external/libxmlsec/xmlsec1-nss-sha256.patch.1 | 136 ++++++++++++++++++++ external/libxmlsec/xmlsec1-ooxml.patch.1 | 173 ++++++++++++++++++++++++++ xmlsecurity/source/xmlsec/errorcallback.cxx | 25 +-- 4 files changed, 322 insertions(+), 14 deletions(-)
New commits: commit 33cb676e582a57a469a0ea1ce7bdb2d57575992e Author: Miklos Vajna <[email protected]> Date: Mon Jan 25 11:45:09 2016 +0100 tdf#76142 libxmlsec: implement SHA-256 support in the NSS backend This way we do not abort a signature verification when we see a <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> XML node. Note that this just extends the glue layer, both NSS and libxmlsec itself already supported SHA-256 already. Change-Id: I68de99578b839bd7eaa8f21af903aa924c892799 diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk index e21c2c4..68fb8d1 100644 --- a/external/libxmlsec/UnpackedTarball_xmlsec.mk +++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk @@ -27,6 +27,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\ external/libxmlsec/xmlsec1-customkeymanage.patch \ external/libxmlsec/xmlsec1-update-config.guess.patch.1 \ external/libxmlsec/xmlsec1-ooxml.patch.1 \ + external/libxmlsec/xmlsec1-nss-sha256.patch.1 \ )) $(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/mscrypto/akmngr.h,external/libxmlsec/include/akmngr_mscrypto.h)) diff --git a/external/libxmlsec/xmlsec1-nss-sha256.patch.1 b/external/libxmlsec/xmlsec1-nss-sha256.patch.1 new file mode 100644 index 0000000..4a4fcc0 --- /dev/null +++ b/external/libxmlsec/xmlsec1-nss-sha256.patch.1 @@ -0,0 +1,136 @@ +From 8008aca4daa92316dcd44f2bb8d21b5439d8baf1 Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <[email protected]> +Date: Mon, 25 Jan 2016 11:24:01 +0100 +Subject: [PATCH] NSS glue layer: add SHA-256 support + +--- + include/xmlsec/nss/crypto.h | 16 +++++++++++++ + src/nss/crypto.c | 3 +++ + src/nss/digests.c | 57 +++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 76 insertions(+) + +diff --git a/include/xmlsec/nss/crypto.h b/include/xmlsec/nss/crypto.h +index 42ba6ca..8164f45 100644 +--- a/include/xmlsec/nss/crypto.h ++++ b/include/xmlsec/nss/crypto.h +@@ -304,6 +304,22 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void); + XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha1GetKlass (void); + #endif /* XMLSEC_NO_SHA1 */ + ++/******************************************************************** ++ * ++ * SHA256 transform ++ * ++ *******************************************************************/ ++#ifndef XMLSEC_NO_SHA256 ++/** ++ * xmlSecNssTransformSha256Id: ++ * ++ * The SHA256 digest transform klass. ++ */ ++#define xmlSecNssTransformSha256Id \ ++ xmlSecNssTransformSha256GetKlass() ++XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha256GetKlass (void); ++#endif /* XMLSEC_NO_SHA256 */ ++ + #ifdef __cplusplus + } + #endif /* __cplusplus */ +diff --git a/src/nss/crypto.c b/src/nss/crypto.c +index 0495165..80adc50 100644 +--- a/src/nss/crypto.c ++++ b/src/nss/crypto.c +@@ -132,6 +132,9 @@ xmlSecCryptoGetFunctions_nss(void) { + #ifndef XMLSEC_NO_SHA1 + gXmlSecNssFunctions->transformSha1GetKlass = xmlSecNssTransformSha1GetKlass; + #endif /* XMLSEC_NO_SHA1 */ ++#ifndef XMLSEC_NO_SHA256 ++ gXmlSecNssFunctions->transformSha256GetKlass = xmlSecNssTransformSha256GetKlass; ++#endif /* XMLSEC_NO_SHA256 */ + + /** + * High level routines form xmlsec command line utility +diff --git a/src/nss/digests.c b/src/nss/digests.c +index 5a1db91..0c4657c 100644 +--- a/src/nss/digests.c ++++ b/src/nss/digests.c +@@ -70,6 +70,11 @@ xmlSecNssDigestCheckId(xmlSecTransformPtr transform) { + return(1); + } + #endif /* XMLSEC_NO_SHA1 */ ++#ifndef XMLSEC_NO_SHA256 ++ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) { ++ return(1); ++ } ++#endif /* XMLSEC_NO_SHA256 */ + + return(0); + } +@@ -92,6 +97,11 @@ xmlSecNssDigestInitialize(xmlSecTransformPtr transform) { + ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA1); + } else + #endif /* XMLSEC_NO_SHA1 */ ++#ifndef XMLSEC_NO_SHA256 ++ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) { ++ ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA256); ++ } else ++#endif /* XMLSEC_NO_SHA256 */ + + if(1) { + xmlSecError(XMLSEC_ERRORS_HERE, +@@ -327,5 +337,52 @@ xmlSecNssTransformSha1GetKlass(void) { + } + #endif /* XMLSEC_NO_SHA1 */ + ++#ifndef XMLSEC_NO_SHA256 ++/****************************************************************************** ++ * ++ * SHA256 Digest transforms ++ * ++ *****************************************************************************/ ++static xmlSecTransformKlass xmlSecNssSha256Klass = { ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ++ xmlSecNssDigestSize, /* xmlSecSize objSize */ ++ ++ /* data */ ++ xmlSecNameSha256, /* const xmlChar* name; */ ++ xmlSecHrefSha256, /* const xmlChar* href; */ ++ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ ++ ++ /* methods */ ++ xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ NULL, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ ++ NULL, /* xmlSecTransformSetKeyMethod setKey; */ ++ xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */ ++ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++/** ++ * xmlSecNssTransformSha256GetKlass: ++ * ++ * SHA-256 digest transform klass. ++ * ++ * Returns: pointer to SHA-256 digest transform klass. ++ */ ++xmlSecTransformId ++xmlSecNssTransformSha256GetKlass(void) { ++ return(&xmlSecNssSha256Klass); ++} ++#endif /* XMLSEC_NO_SHA256 */ + + +-- +2.6.2 + commit 7fb16870bfe988661e3b1cb206ee6fed560e70a3 Author: Miklos Vajna <[email protected]> Date: Mon Jan 25 11:42:28 2016 +0100 libxmlsec: recognize OOXML RelationshipTransform The transform itself doesn't do anything so far, but the verification is no longer aborted just because we see a transform that we don't know. Change-Id: Ife89157067f3af3326896df3053065c8302795d1 diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk index a72deed..e21c2c4 100644 --- a/external/libxmlsec/UnpackedTarball_xmlsec.mk +++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk @@ -26,6 +26,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\ external/libxmlsec/xmlsec1-1.2.14-ansi.patch \ external/libxmlsec/xmlsec1-customkeymanage.patch \ external/libxmlsec/xmlsec1-update-config.guess.patch.1 \ + external/libxmlsec/xmlsec1-ooxml.patch.1 \ )) $(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/mscrypto/akmngr.h,external/libxmlsec/include/akmngr_mscrypto.h)) diff --git a/external/libxmlsec/xmlsec1-ooxml.patch.1 b/external/libxmlsec/xmlsec1-ooxml.patch.1 new file mode 100644 index 0000000..8a1dbe3 --- /dev/null +++ b/external/libxmlsec/xmlsec1-ooxml.patch.1 @@ -0,0 +1,173 @@ +From b7fb2699e3c383ae40f29369dc57afbd0d52004c Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <[email protected]> +Date: Mon, 25 Jan 2016 09:50:03 +0100 +Subject: [PATCH] OOXML Relationship Transform skeleton + +--- + include/xmlsec/strings.h | 3 ++ + include/xmlsec/transforms.h | 4 +++ + src/strings.c | 3 ++ + src/transforms.c | 11 ++++++ + src/xpath.c | 82 +++++++++++++++++++++++++++++++++++++++++++++ + 5 files changed, 103 insertions(+) + +diff --git a/include/xmlsec/strings.h b/include/xmlsec/strings.h +index 07afb9d..9c72d1b 100644 +--- a/include/xmlsec/strings.h ++++ b/include/xmlsec/strings.h +@@ -551,6 +551,9 @@ XMLSEC_EXPORT_VAR const xmlChar xmlSecXPath2FilterUnion[]; + XMLSEC_EXPORT_VAR const xmlChar xmlSecNameXPointer[]; + XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeXPointer[]; + ++XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRelationship[]; ++XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRelationship[]; ++ + /************************************************************************* + * + * Xslt strings +diff --git a/include/xmlsec/transforms.h b/include/xmlsec/transforms.h +index 4008cae..b0e31e4 100644 +--- a/include/xmlsec/transforms.h ++++ b/include/xmlsec/transforms.h +@@ -961,6 +961,10 @@ XMLSEC_EXPORT int xmlSecTransformXPointerSetExpr (xmlSecTransformPtr transform + const xmlChar* expr, + xmlSecNodeSetType nodeSetType, + xmlNodePtr hereNode); ++ ++#define xmlSecTransformRelationshipId xmlSecTransformRelationshipGetKlass() ++XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRelationshipGetKlass (void); ++ + #ifndef XMLSEC_NO_XSLT + /** + * xmlSecTransformXsltId: +diff --git a/src/strings.c b/src/strings.c +index 9897198..546e993 100644 +--- a/src/strings.c ++++ b/src/strings.c +@@ -543,6 +543,9 @@ const xmlChar xmlSecXPath2FilterUnion[] = "union"; + const xmlChar xmlSecNameXPointer[] = "xpointer"; + const xmlChar xmlSecNodeXPointer[] = "XPointer"; + ++const xmlChar xmlSecNameRelationship[] = "relationship"; ++const xmlChar xmlSecHrefRelationship[] = "http://schemas.openxmlformats.org/package/2006/RelationshipTransform";; ++ + /************************************************************************* + * + * Xslt strings +diff --git a/src/transforms.c b/src/transforms.c +index 2ed3fe8..9e5ad27 100644 +--- a/src/transforms.c ++++ b/src/transforms.c +@@ -271,6 +271,17 @@ xmlSecTransformIdsRegisterDefault(void) { + return(-1); + } + ++ if (xmlSecTransformIdsRegister(xmlSecTransformRelationshipId) < 0) ++ { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ NULL, ++ "xmlSecTransformIdsRegister", ++ XMLSEC_ERRORS_R_XMLSEC_FAILED, ++ "name=%s", ++ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformRelationshipId))); ++ return -1; ++ } ++ + #ifndef XMLSEC_NO_XSLT + if(xmlSecTransformIdsRegister(xmlSecTransformXsltId) < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, +diff --git a/src/xpath.c b/src/xpath.c +index 8b0b4f8..63b02d4 100644 +--- a/src/xpath.c ++++ b/src/xpath.c +@@ -1144,5 +1144,87 @@ xmlSecTransformVisa3DHackExecute(xmlSecTransformPtr transform, int last, + return(0); + } + ++/* OOXML Relationship Transform. */ ++typedef struct _xmlSecRelationshipCtx xmlSecRelationshipCtx, *xmlSecRelationshipCtxPtr; ++struct _xmlSecRelationshipCtx ++{ ++ xmlParserCtxtPtr parserCtx; ++}; ++#define xmlSecRelationshipSize (sizeof(xmlSecTransform) + sizeof(xmlSecRelationshipCtx)) ++#define xmlSecRelationshipGetCtx(transform) ((xmlSecRelationshipCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) ++ ++static int xmlSecRelationshipInitialize (xmlSecTransformPtr transform); ++static void xmlSecRelationshipFinalize (xmlSecTransformPtr transform); ++static int xmlSecRelationshipReadNode (xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx); ++static int xmlSecRelationshipExecute (xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx); ++ ++static xmlSecTransformKlass xmlSecRelationshipKlass = ++{ ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ++ xmlSecRelationshipSize, /* xmlSecSize objSize */ ++ xmlSecNameRelationship, /* const xmlChar* name; */ ++ xmlSecHrefRelationship, /* const xmlChar* href; */ ++ xmlSecTransformUsageDSigTransform, /* xmlSecAlgorithmUsage usage; */ ++ xmlSecRelationshipInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecRelationshipFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ xmlSecRelationshipReadNode, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ ++ NULL, /* xmlSecTransformSetKeyMethod setKey; */ ++ NULL, /* xmlSecTransformValidateMethod validate; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecRelationshipExecute, /* xmlSecTransformExecuteMethod execute; */ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++xmlSecTransformId xmlSecTransformRelationshipGetKlass(void) ++{ ++ return &xmlSecRelationshipKlass; ++} ++ ++static int xmlSecRelationshipInitialize(xmlSecTransformPtr transform) ++{ ++ xmlSecRelationshipCtxPtr ctx; ++ ++ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId), -1); ++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize), -1); ++ ++ ctx = xmlSecRelationshipGetCtx(transform); ++ xmlSecAssert2(ctx != NULL, -1); + ++ /* initialize context */ ++ memset(ctx, 0, sizeof(xmlSecRelationshipCtx)); ++ return 0; ++} ++ ++static void xmlSecRelationshipFinalize(xmlSecTransformPtr transform) ++{ ++ xmlSecRelationshipCtxPtr ctx; ++ ++ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId)); ++ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize)); ++ ++ ctx = xmlSecRelationshipGetCtx(transform); ++ xmlSecAssert(ctx != NULL); ++ ++ if (ctx->parserCtx != NULL) ++ xmlFreeParserCtxt(ctx->parserCtx); + ++ memset(ctx, 0, sizeof(xmlSecRelationshipCtx)); ++} ++ ++static int xmlSecRelationshipReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) ++{ ++ return 0; ++} ++ ++static int xmlSecRelationshipExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) ++{ ++ return 0; ++} +-- +2.6.2 + commit 86fb3f12eb07614880f51825f89ed4fb31af2d36 Author: Miklos Vajna <[email protected]> Date: Mon Jan 25 09:47:38 2016 +0100 xmlsecurity: enable libxmlsec error callback Change-Id: I9d3dd7c425723337d36fdf9f9e761398616d289d diff --git a/xmlsecurity/source/xmlsec/errorcallback.cxx b/xmlsecurity/source/xmlsec/errorcallback.cxx index abf0475..14e4863 100644 --- a/xmlsecurity/source/xmlsec/errorcallback.cxx +++ b/xmlsecurity/source/xmlsec/errorcallback.cxx @@ -29,21 +29,18 @@ using namespace ::com::sun::star::xml::crypto; extern "C" -void errorCallback(const char * /*file*/, - int /*line*/, - const char * /*func*/, - const char * /*errorObject*/, - const char * /*errorSubject*/, - int /*reason*/, - const char * /*msg*/) +void errorCallback(const char* file, + int line, + const char* func, + const char* errorObject, + const char* errorSubject, + int reason, + const char* msg) { -#if OSL_DEBUG_LEVEL > 1 -// const char * afunc = func ? func : ""; -// const char * errObj = errorObject ? errorObject : ""; -// const char * errSub = errorSubject ? errorSubject : ""; -// const char * amsg = msg ? msg : ""; -// fprintf(stdout, "xmlsec error: %s, %s, %s, %i %s \n", afunc, errObj, errSub, reason, amsg); -#endif + const char* pErrorObject = errorObject ? errorObject : ""; + const char* pErrorSubject = errorSubject ? errorSubject : ""; + const char* pMsg = msg ? msg : ""; + SAL_WARN("xmlsecurity.xmlsec", file << ":" << line << ": " << func << "() '" << pErrorObject << "' '" << pErrorSubject << "' " << reason << " '" << pMsg << "'"); } void setErrorRecorder() _______________________________________________ Libreoffice-commits mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
