[Libreoffice-commits] core.git: external/libxmlsec
Miklos Vajna
vmiklos at collabora.co.uk
Wed Feb 3 12:36:00 UTC 2016
external/libxmlsec/UnpackedTarball_xmlsec.mk | 1
external/libxmlsec/xmlsec1-mscrypto-sha256.patch.1 | 308 +++++++++++++++++++++
2 files changed, 309 insertions(+)
New commits:
commit e2ccc96482e770edb57edffbf653c18d3a0c4c23
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Wed Feb 3 13:34:19 2016 +0100
tdf#76142 libxmlsec: implement SHA-256 support in the mscrypto backend
The only tricky part is PROV_RSA_FULL -> PROV_RSA_AES, otherwise SHA-256
is not recognized as a valid algo. MSDN documentation for PROV_RSA_FULL
at
<https://msdn.microsoft.com/en-us/library/windows/desktop/aa387448%28v=vs.85%29.aspx>
and PROV_RSA_AES at
<https://msdn.microsoft.com/en-us/library/windows/desktop/aa387447%28v=vs.85%29.aspx>
say that AES is a superset of full, so should be no
backwards-compatibility issue. I tested this on Windows 7, but according
to the documentation, it should be no problem on Windows XP, either --
provided that the latest SP is installed.
Change-Id: I3ae196679c2cbf0e9e55fab10584d9c46a480659
diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk
index 68fb8d1..18a9308 100644
--- a/external/libxmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk
@@ -28,6 +28,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\
external/libxmlsec/xmlsec1-update-config.guess.patch.1 \
external/libxmlsec/xmlsec1-ooxml.patch.1 \
external/libxmlsec/xmlsec1-nss-sha256.patch.1 \
+ external/libxmlsec/xmlsec1-mscrypto-sha256.patch.1 \
))
$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/mscrypto/akmngr.h,external/libxmlsec/include/akmngr_mscrypto.h))
diff --git a/external/libxmlsec/xmlsec1-mscrypto-sha256.patch.1 b/external/libxmlsec/xmlsec1-mscrypto-sha256.patch.1
new file mode 100644
index 0000000..13577b7
--- /dev/null
+++ b/external/libxmlsec/xmlsec1-mscrypto-sha256.patch.1
@@ -0,0 +1,308 @@
+From 1562c2ee1f30ec9983e2f7e5a7bf4a89b594d706 Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos at collabora.co.uk>
+Date: Tue, 2 Feb 2016 15:49:10 +0100
+Subject: [PATCH] mscrypto glue layer: add SHA-256 support
+
+---
+ include/xmlsec/mscrypto/crypto.h | 27 ++++++++++++++++
+ src/mscrypto/certkeys.c | 2 +-
+ src/mscrypto/crypto.c | 4 +++
+ src/mscrypto/digests.c | 70 ++++++++++++++++++++++++++++++++++++++++
+ src/mscrypto/signatures.c | 64 ++++++++++++++++++++++++++++++++++++
+ 5 files changed, 166 insertions(+), 1 deletion(-)
+
+diff --git a/include/xmlsec/mscrypto/crypto.h b/include/xmlsec/mscrypto/crypto.h
+index 28d792a..96aaa78 100644
+--- a/include/xmlsec/mscrypto/crypto.h
++++ b/include/xmlsec/mscrypto/crypto.h
+@@ -133,6 +133,16 @@ XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataRsaGetKlass(void);
+ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha1GetKlass(void);
+
+ /**
++ * xmlSecMSCryptoTransformRsaSha256Id:
++ *
++ * The RSA-SHA256 signature transform klass.
++ */
++
++#define xmlSecMSCryptoTransformRsaSha256Id \
++ xmlSecMSCryptoTransformRsaSha256GetKlass()
++XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha256GetKlass(void);
++
++/**
+ * xmlSecMSCryptoTransformRsaPkcs1Id:
+ *
+ * The RSA PKCS1 key transport transform klass.
+@@ -172,6 +182,23 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha1GetKlass(void)
+
+ /********************************************************************
+ *
++ * SHA256 transform
++ *
++ *******************************************************************/
++#ifndef XMLSEC_NO_SHA256
++
++/**
++ * xmlSecMSCryptoTransformSha256Id:
++ *
++ * The SHA256 digest transform klass.
++ */
++#define xmlSecMSCryptoTransformSha256Id \
++ xmlSecMSCryptoTransformSha256GetKlass()
++XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha256GetKlass(void);
++#endif /* XMLSEC_NO_SHA256 */
++
++/********************************************************************
++ *
+ * GOSTR3411_94 transform
+ *
+ *******************************************************************/
+diff --git a/src/mscrypto/certkeys.c b/src/mscrypto/certkeys.c
+index 73a6c26..e0b4f47 100644
+--- a/src/mscrypto/certkeys.c
++++ b/src/mscrypto/certkeys.c
+@@ -1009,7 +1009,7 @@ xmlSecMSCryptoKeyDataRsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ctx->providerName = MS_ENHANCED_PROV;
+- ctx->providerType = PROV_RSA_FULL;
++ ctx->providerType = PROV_RSA_AES;
+
+ return(0);
+ }
+diff --git a/src/mscrypto/crypto.c b/src/mscrypto/crypto.c
+index d60d3c6..b2fde85 100644
+--- a/src/mscrypto/crypto.c
++++ b/src/mscrypto/crypto.c
+@@ -105,6 +105,7 @@ xmlSecCryptoGetFunctions_mscrypto(void) {
+
+ #ifndef XMLSEC_NO_RSA
+ gXmlSecMSCryptoFunctions->transformRsaSha1GetKlass = xmlSecMSCryptoTransformRsaSha1GetKlass;
++ gXmlSecMSCryptoFunctions->transformRsaSha256GetKlass = xmlSecMSCryptoTransformRsaSha256GetKlass;
+ gXmlSecMSCryptoFunctions->transformRsaPkcs1GetKlass = xmlSecMSCryptoTransformRsaPkcs1GetKlass;
+ #endif /* XMLSEC_NO_RSA */
+
+@@ -119,6 +120,9 @@ xmlSecCryptoGetFunctions_mscrypto(void) {
+ #ifndef XMLSEC_NO_SHA1
+ gXmlSecMSCryptoFunctions->transformSha1GetKlass = xmlSecMSCryptoTransformSha1GetKlass;
+ #endif /* XMLSEC_NO_SHA1 */
++#ifndef XMLSEC_NO_SHA256
++ gXmlSecMSCryptoFunctions->transformSha256GetKlass = xmlSecMSCryptoTransformSha256GetKlass;
++#endif /* XMLSEC_NO_SHA256 */
+
+ #ifndef XMLSEC_NO_GOST
+ gXmlSecMSCryptoFunctions->transformGostR3411_94GetKlass = xmlSecMSCryptoTransformGostR3411_94GetKlass;
+diff --git a/src/mscrypto/digests.c b/src/mscrypto/digests.c
+index 19acc65..2b466b7 100644
+--- a/src/mscrypto/digests.c
++++ b/src/mscrypto/digests.c
+@@ -66,6 +66,11 @@ xmlSecMSCryptoDigestCheckId(xmlSecTransformPtr transform) {
+ return(1);
+ }
+ #endif /* XMLSEC_NO_SHA1 */
++#ifndef XMLSEC_NO_SHA256
++ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha256Id)) {
++ return(1);
++ }
++#endif /* XMLSEC_NO_SHA256 */
+
+ #ifndef XMLSEC_NO_GOST
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) {
+@@ -94,6 +99,11 @@ xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) {
+ ctx->alg_id = CALG_SHA;
+ } else
+ #endif /* XMLSEC_NO_SHA1 */
++#ifndef XMLSEC_NO_SHA256
++ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha256Id)) {
++ ctx->alg_id = CALG_SHA_256;
++ } else
++#endif /* XMLSEC_NO_SHA256 */
+
+ #ifndef XMLSEC_NO_GOST
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) {
+@@ -124,6 +134,8 @@ xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) {
+ }
+
+ /* TODO: Check what provider is best suited here.... */
++ if (ctx->alg_id != CALG_SHA_256)
++ {
+ if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
+ if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENHANCED_PROV,PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+@@ -134,6 +146,20 @@ xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) {
+ return(-1);
+ }
+ }
++ }
++ else
++ {
++ // SHA-256
++ if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENH_RSA_AES_PROV, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
++ {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
++ "CryptAcquireContext",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++ }
+
+ return(0);
+ }
+@@ -367,6 +393,50 @@ xmlSecMSCryptoTransformSha1GetKlass(void) {
+ }
+ #endif /* XMLSEC_NO_SHA1 */
+
++#ifndef XMLSEC_NO_SHA256
++/******************************************************************************
++ *
++ * SHA256
++ *
++ *****************************************************************************/
++static xmlSecTransformKlass xmlSecMSCryptoSha256Klass = {
++ /* klass/object sizes */
++ sizeof(xmlSecTransformKlass), /* size_t klassSize */
++ xmlSecMSCryptoDigestSize, /* size_t objSize */
++
++ xmlSecNameSha256, /* const xmlChar* name; */
++ xmlSecHrefSha256, /* const xmlChar* href; */
++ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
++ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
++ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
++ NULL, /* xmlSecTransformNodeReadMethod readNode; */
++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
++ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
++ NULL, /* xmlSecTransformSetKeyMethod setKey; */
++ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
++ NULL, /* xmlSecTransformPopXmlMethod popXml; */
++ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
++ NULL, /* void* reserved0; */
++ NULL, /* void* reserved1; */
++};
++
++/**
++ * xmlSecMSCryptoTransformSha256GetKlass:
++ *
++ * SHA-256 digest transform klass.
++ *
++ * Returns: pointer to SHA-256 digest transform klass.
++ */
++xmlSecTransformId
++xmlSecMSCryptoTransformSha256GetKlass(void) {
++ return(&xmlSecMSCryptoSha256Klass);
++}
++#endif /* XMLSEC_NO_SHA256 */
++
+ #ifndef XMLSEC_NO_GOST
+ /******************************************************************************
+ *
+diff --git a/src/mscrypto/signatures.c b/src/mscrypto/signatures.c
+index a567db7..bc69b44 100644
+--- a/src/mscrypto/signatures.c
++++ b/src/mscrypto/signatures.c
+@@ -97,6 +97,9 @@ static int xmlSecMSCryptoSignatureCheckId(xmlSecTransformPtr transform) {
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
+ return(1);
+ }
++ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
++ return(1);
++ }
+ #endif /* XMLSEC_NO_RSA */
+
+ return(0);
+@@ -118,6 +121,10 @@ static int xmlSecMSCryptoSignatureInitialize(xmlSecTransformPtr transform) {
+ ctx->digestAlgId = CALG_SHA1;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
++ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
++ ctx->digestAlgId = CALG_SHA_256;
++ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
++ } else
+ #endif /* XMLSEC_NO_RSA */
+
+ #ifndef XMLSEC_NO_GOST
+@@ -282,6 +289,12 @@ static int xmlSecMSCryptoSignatureVerify(xmlSecTransformPtr transform,
+ while (l >= tmpBuf) {
+ *l-- = *j++;
+ }
++ } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
++ j = (BYTE *)data;
++ l = tmpBuf + dataSize - 1;
++ while (l >= tmpBuf) {
++ *l-- = *j++;
++ }
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+@@ -487,6 +500,13 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra
+ while (j >= outBuf) {
+ *j-- = *i++;
+ }
++ } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
++ i = tmpBuf;
++ j = outBuf + dwSigLen - 1;
++
++ while (j >= outBuf) {
++ *j-- = *i++;
++ }
+ } else {
+ /* We shouldn't get at this place */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+@@ -563,6 +583,50 @@ xmlSecMSCryptoTransformRsaSha1GetKlass(void) {
+ return(&xmlSecMSCryptoRsaSha1Klass);
+ }
+
++/****************************************************************************
++ *
++ * RSA-SHA256 signature transform
++ *
++ ***************************************************************************/
++static xmlSecTransformKlass xmlSecMSCryptoRsaSha256Klass = {
++ /* klass/object sizes */
++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
++ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
++
++ xmlSecNameRsaSha256, /* const xmlChar* name; */
++ xmlSecHrefRsaSha256, /* const xmlChar* href; */
++ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
++
++ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
++ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
++ NULL, /* xmlSecTransformNodeReadMethod readNode; */
++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
++ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
++ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
++ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
++ NULL, /* xmlSecTransformPopXmlMethod popXml; */
++ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
++
++ NULL, /* void* reserved0; */
++ NULL, /* void* reserved1; */
++};
++
++/**
++ * xmlSecMSCryptoTransformRsaSha256GetKlass:
++ *
++ * The RSA-SHA1 signature transform klass.
++ *
++ * Returns: RSA-SHA1 signature transform klass.
++ */
++xmlSecTransformId
++xmlSecMSCryptoTransformRsaSha256GetKlass(void) {
++ return(&xmlSecMSCryptoRsaSha256Klass);
++}
++
+ #endif /* XMLSEC_NO_RSA */
+
+ #ifndef XMLSEC_NO_DSA
+--
+2.4.5
+
More information about the Libreoffice-commits
mailing list