[Libreoffice-commits] core.git: 3 commits - external/libxmlsec xmlsecurity/source
Miklos Vajna
vmiklos at collabora.co.uk
Mon Jan 25 03:11:55 PST 2016
external/libxmlsec/UnpackedTarball_xmlsec.mk | 2
external/libxmlsec/xmlsec1-nss-sha256.patch.1 | 136 ++++++++++++++++++++
external/libxmlsec/xmlsec1-ooxml.patch.1 | 173 ++++++++++++++++++++++++++
xmlsecurity/source/xmlsec/errorcallback.cxx | 25 +--
4 files changed, 322 insertions(+), 14 deletions(-)
New commits:
commit 33cb676e582a57a469a0ea1ce7bdb2d57575992e
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Mon Jan 25 11:45:09 2016 +0100
tdf#76142 libxmlsec: implement SHA-256 support in the NSS backend
This way we do not abort a signature verification when we see a
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
XML node. Note that this just extends the glue layer, both NSS and
libxmlsec itself already supported SHA-256 already.
Change-Id: I68de99578b839bd7eaa8f21af903aa924c892799
diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk
index e21c2c4..68fb8d1 100644
--- a/external/libxmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk
@@ -27,6 +27,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\
external/libxmlsec/xmlsec1-customkeymanage.patch \
external/libxmlsec/xmlsec1-update-config.guess.patch.1 \
external/libxmlsec/xmlsec1-ooxml.patch.1 \
+ external/libxmlsec/xmlsec1-nss-sha256.patch.1 \
))
$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/mscrypto/akmngr.h,external/libxmlsec/include/akmngr_mscrypto.h))
diff --git a/external/libxmlsec/xmlsec1-nss-sha256.patch.1 b/external/libxmlsec/xmlsec1-nss-sha256.patch.1
new file mode 100644
index 0000000..4a4fcc0
--- /dev/null
+++ b/external/libxmlsec/xmlsec1-nss-sha256.patch.1
@@ -0,0 +1,136 @@
+From 8008aca4daa92316dcd44f2bb8d21b5439d8baf1 Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos at collabora.co.uk>
+Date: Mon, 25 Jan 2016 11:24:01 +0100
+Subject: [PATCH] NSS glue layer: add SHA-256 support
+
+---
+ include/xmlsec/nss/crypto.h | 16 +++++++++++++
+ src/nss/crypto.c | 3 +++
+ src/nss/digests.c | 57 +++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 76 insertions(+)
+
+diff --git a/include/xmlsec/nss/crypto.h b/include/xmlsec/nss/crypto.h
+index 42ba6ca..8164f45 100644
+--- a/include/xmlsec/nss/crypto.h
++++ b/include/xmlsec/nss/crypto.h
+@@ -304,6 +304,22 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void);
+ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha1GetKlass (void);
+ #endif /* XMLSEC_NO_SHA1 */
+
++/********************************************************************
++ *
++ * SHA256 transform
++ *
++ *******************************************************************/
++#ifndef XMLSEC_NO_SHA256
++/**
++ * xmlSecNssTransformSha256Id:
++ *
++ * The SHA256 digest transform klass.
++ */
++#define xmlSecNssTransformSha256Id \
++ xmlSecNssTransformSha256GetKlass()
++XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha256GetKlass (void);
++#endif /* XMLSEC_NO_SHA256 */
++
+ #ifdef __cplusplus
+ }
+ #endif /* __cplusplus */
+diff --git a/src/nss/crypto.c b/src/nss/crypto.c
+index 0495165..80adc50 100644
+--- a/src/nss/crypto.c
++++ b/src/nss/crypto.c
+@@ -132,6 +132,9 @@ xmlSecCryptoGetFunctions_nss(void) {
+ #ifndef XMLSEC_NO_SHA1
+ gXmlSecNssFunctions->transformSha1GetKlass = xmlSecNssTransformSha1GetKlass;
+ #endif /* XMLSEC_NO_SHA1 */
++#ifndef XMLSEC_NO_SHA256
++ gXmlSecNssFunctions->transformSha256GetKlass = xmlSecNssTransformSha256GetKlass;
++#endif /* XMLSEC_NO_SHA256 */
+
+ /**
+ * High level routines form xmlsec command line utility
+diff --git a/src/nss/digests.c b/src/nss/digests.c
+index 5a1db91..0c4657c 100644
+--- a/src/nss/digests.c
++++ b/src/nss/digests.c
+@@ -70,6 +70,11 @@ xmlSecNssDigestCheckId(xmlSecTransformPtr transform) {
+ return(1);
+ }
+ #endif /* XMLSEC_NO_SHA1 */
++#ifndef XMLSEC_NO_SHA256
++ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) {
++ return(1);
++ }
++#endif /* XMLSEC_NO_SHA256 */
+
+ return(0);
+ }
+@@ -92,6 +97,11 @@ xmlSecNssDigestInitialize(xmlSecTransformPtr transform) {
+ ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA1);
+ } else
+ #endif /* XMLSEC_NO_SHA1 */
++#ifndef XMLSEC_NO_SHA256
++ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) {
++ ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA256);
++ } else
++#endif /* XMLSEC_NO_SHA256 */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+@@ -327,5 +337,52 @@ xmlSecNssTransformSha1GetKlass(void) {
+ }
+ #endif /* XMLSEC_NO_SHA1 */
+
++#ifndef XMLSEC_NO_SHA256
++/******************************************************************************
++ *
++ * SHA256 Digest transforms
++ *
++ *****************************************************************************/
++static xmlSecTransformKlass xmlSecNssSha256Klass = {
++ /* klass/object sizes */
++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
++ xmlSecNssDigestSize, /* xmlSecSize objSize */
++
++ /* data */
++ xmlSecNameSha256, /* const xmlChar* name; */
++ xmlSecHrefSha256, /* const xmlChar* href; */
++ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
++
++ /* methods */
++ xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
++ xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
++ NULL, /* xmlSecTransformNodeReadMethod readNode; */
++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
++ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
++ NULL, /* xmlSecTransformSetKeyMethod setKey; */
++ xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */
++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
++ NULL, /* xmlSecTransformPopXmlMethod popXml; */
++ xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */
++
++ NULL, /* void* reserved0; */
++ NULL, /* void* reserved1; */
++};
++
++/**
++ * xmlSecNssTransformSha256GetKlass:
++ *
++ * SHA-256 digest transform klass.
++ *
++ * Returns: pointer to SHA-256 digest transform klass.
++ */
++xmlSecTransformId
++xmlSecNssTransformSha256GetKlass(void) {
++ return(&xmlSecNssSha256Klass);
++}
++#endif /* XMLSEC_NO_SHA256 */
+
+
+--
+2.6.2
+
commit 7fb16870bfe988661e3b1cb206ee6fed560e70a3
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Mon Jan 25 11:42:28 2016 +0100
libxmlsec: recognize OOXML RelationshipTransform
The transform itself doesn't do anything so far, but the verification is
no longer aborted just because we see a transform that we don't know.
Change-Id: Ife89157067f3af3326896df3053065c8302795d1
diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk
index a72deed..e21c2c4 100644
--- a/external/libxmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk
@@ -26,6 +26,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\
external/libxmlsec/xmlsec1-1.2.14-ansi.patch \
external/libxmlsec/xmlsec1-customkeymanage.patch \
external/libxmlsec/xmlsec1-update-config.guess.patch.1 \
+ external/libxmlsec/xmlsec1-ooxml.patch.1 \
))
$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/mscrypto/akmngr.h,external/libxmlsec/include/akmngr_mscrypto.h))
diff --git a/external/libxmlsec/xmlsec1-ooxml.patch.1 b/external/libxmlsec/xmlsec1-ooxml.patch.1
new file mode 100644
index 0000000..8a1dbe3
--- /dev/null
+++ b/external/libxmlsec/xmlsec1-ooxml.patch.1
@@ -0,0 +1,173 @@
+From b7fb2699e3c383ae40f29369dc57afbd0d52004c Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos at collabora.co.uk>
+Date: Mon, 25 Jan 2016 09:50:03 +0100
+Subject: [PATCH] OOXML Relationship Transform skeleton
+
+---
+ include/xmlsec/strings.h | 3 ++
+ include/xmlsec/transforms.h | 4 +++
+ src/strings.c | 3 ++
+ src/transforms.c | 11 ++++++
+ src/xpath.c | 82 +++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 103 insertions(+)
+
+diff --git a/include/xmlsec/strings.h b/include/xmlsec/strings.h
+index 07afb9d..9c72d1b 100644
+--- a/include/xmlsec/strings.h
++++ b/include/xmlsec/strings.h
+@@ -551,6 +551,9 @@ XMLSEC_EXPORT_VAR const xmlChar xmlSecXPath2FilterUnion[];
+ XMLSEC_EXPORT_VAR const xmlChar xmlSecNameXPointer[];
+ XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeXPointer[];
+
++XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRelationship[];
++XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRelationship[];
++
+ /*************************************************************************
+ *
+ * Xslt strings
+diff --git a/include/xmlsec/transforms.h b/include/xmlsec/transforms.h
+index 4008cae..b0e31e4 100644
+--- a/include/xmlsec/transforms.h
++++ b/include/xmlsec/transforms.h
+@@ -961,6 +961,10 @@ XMLSEC_EXPORT int xmlSecTransformXPointerSetExpr (xmlSecTransformPtr transform
+ const xmlChar* expr,
+ xmlSecNodeSetType nodeSetType,
+ xmlNodePtr hereNode);
++
++#define xmlSecTransformRelationshipId xmlSecTransformRelationshipGetKlass()
++XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRelationshipGetKlass (void);
++
+ #ifndef XMLSEC_NO_XSLT
+ /**
+ * xmlSecTransformXsltId:
+diff --git a/src/strings.c b/src/strings.c
+index 9897198..546e993 100644
+--- a/src/strings.c
++++ b/src/strings.c
+@@ -543,6 +543,9 @@ const xmlChar xmlSecXPath2FilterUnion[] = "union";
+ const xmlChar xmlSecNameXPointer[] = "xpointer";
+ const xmlChar xmlSecNodeXPointer[] = "XPointer";
+
++const xmlChar xmlSecNameRelationship[] = "relationship";
++const xmlChar xmlSecHrefRelationship[] = "http://schemas.openxmlformats.org/package/2006/RelationshipTransform";
++
+ /*************************************************************************
+ *
+ * Xslt strings
+diff --git a/src/transforms.c b/src/transforms.c
+index 2ed3fe8..9e5ad27 100644
+--- a/src/transforms.c
++++ b/src/transforms.c
+@@ -271,6 +271,17 @@ xmlSecTransformIdsRegisterDefault(void) {
+ return(-1);
+ }
+
++ if (xmlSecTransformIdsRegister(xmlSecTransformRelationshipId) < 0)
++ {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecTransformIdsRegister",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "name=%s",
++ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformRelationshipId)));
++ return -1;
++ }
++
+ #ifndef XMLSEC_NO_XSLT
+ if(xmlSecTransformIdsRegister(xmlSecTransformXsltId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+diff --git a/src/xpath.c b/src/xpath.c
+index 8b0b4f8..63b02d4 100644
+--- a/src/xpath.c
++++ b/src/xpath.c
+@@ -1144,5 +1144,87 @@ xmlSecTransformVisa3DHackExecute(xmlSecTransformPtr transform, int last,
+ return(0);
+ }
+
++/* OOXML Relationship Transform. */
++typedef struct _xmlSecRelationshipCtx xmlSecRelationshipCtx, *xmlSecRelationshipCtxPtr;
++struct _xmlSecRelationshipCtx
++{
++ xmlParserCtxtPtr parserCtx;
++};
++#define xmlSecRelationshipSize (sizeof(xmlSecTransform) + sizeof(xmlSecRelationshipCtx))
++#define xmlSecRelationshipGetCtx(transform) ((xmlSecRelationshipCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
++
++static int xmlSecRelationshipInitialize (xmlSecTransformPtr transform);
++static void xmlSecRelationshipFinalize (xmlSecTransformPtr transform);
++static int xmlSecRelationshipReadNode (xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx);
++static int xmlSecRelationshipExecute (xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx);
++
++static xmlSecTransformKlass xmlSecRelationshipKlass =
++{
++ /* klass/object sizes */
++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
++ xmlSecRelationshipSize, /* xmlSecSize objSize */
++ xmlSecNameRelationship, /* const xmlChar* name; */
++ xmlSecHrefRelationship, /* const xmlChar* href; */
++ xmlSecTransformUsageDSigTransform, /* xmlSecAlgorithmUsage usage; */
++ xmlSecRelationshipInitialize, /* xmlSecTransformInitializeMethod initialize; */
++ xmlSecRelationshipFinalize, /* xmlSecTransformFinalizeMethod finalize; */
++ xmlSecRelationshipReadNode, /* xmlSecTransformNodeReadMethod readNode; */
++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
++ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
++ NULL, /* xmlSecTransformSetKeyMethod setKey; */
++ NULL, /* xmlSecTransformValidateMethod validate; */
++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
++ NULL, /* xmlSecTransformPopXmlMethod popXml; */
++ xmlSecRelationshipExecute, /* xmlSecTransformExecuteMethod execute; */
++ NULL, /* void* reserved0; */
++ NULL, /* void* reserved1; */
++};
++
++xmlSecTransformId xmlSecTransformRelationshipGetKlass(void)
++{
++ return &xmlSecRelationshipKlass;
++}
++
++static int xmlSecRelationshipInitialize(xmlSecTransformPtr transform)
++{
++ xmlSecRelationshipCtxPtr ctx;
++
++ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId), -1);
++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize), -1);
++
++ ctx = xmlSecRelationshipGetCtx(transform);
++ xmlSecAssert2(ctx != NULL, -1);
+
++ /* initialize context */
++ memset(ctx, 0, sizeof(xmlSecRelationshipCtx));
++ return 0;
++}
++
++static void xmlSecRelationshipFinalize(xmlSecTransformPtr transform)
++{
++ xmlSecRelationshipCtxPtr ctx;
++
++ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId));
++ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize));
++
++ ctx = xmlSecRelationshipGetCtx(transform);
++ xmlSecAssert(ctx != NULL);
++
++ if (ctx->parserCtx != NULL)
++ xmlFreeParserCtxt(ctx->parserCtx);
+
++ memset(ctx, 0, sizeof(xmlSecRelationshipCtx));
++}
++
++static int xmlSecRelationshipReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx)
++{
++ return 0;
++}
++
++static int xmlSecRelationshipExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx)
++{
++ return 0;
++}
+--
+2.6.2
+
commit 86fb3f12eb07614880f51825f89ed4fb31af2d36
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Mon Jan 25 09:47:38 2016 +0100
xmlsecurity: enable libxmlsec error callback
Change-Id: I9d3dd7c425723337d36fdf9f9e761398616d289d
diff --git a/xmlsecurity/source/xmlsec/errorcallback.cxx b/xmlsecurity/source/xmlsec/errorcallback.cxx
index abf0475..14e4863 100644
--- a/xmlsecurity/source/xmlsec/errorcallback.cxx
+++ b/xmlsecurity/source/xmlsec/errorcallback.cxx
@@ -29,21 +29,18 @@ using namespace ::com::sun::star::xml::crypto;
extern "C"
-void errorCallback(const char * /*file*/,
- int /*line*/,
- const char * /*func*/,
- const char * /*errorObject*/,
- const char * /*errorSubject*/,
- int /*reason*/,
- const char * /*msg*/)
+void errorCallback(const char* file,
+ int line,
+ const char* func,
+ const char* errorObject,
+ const char* errorSubject,
+ int reason,
+ const char* msg)
{
-#if OSL_DEBUG_LEVEL > 1
-// const char * afunc = func ? func : "";
-// const char * errObj = errorObject ? errorObject : "";
-// const char * errSub = errorSubject ? errorSubject : "";
-// const char * amsg = msg ? msg : "";
-// fprintf(stdout, "xmlsec error: %s, %s, %s, %i %s \n", afunc, errObj, errSub, reason, amsg);
-#endif
+ const char* pErrorObject = errorObject ? errorObject : "";
+ const char* pErrorSubject = errorSubject ? errorSubject : "";
+ const char* pMsg = msg ? msg : "";
+ SAL_WARN("xmlsecurity.xmlsec", file << ":" << line << ": " << func << "() '" << pErrorObject << "' '" << pErrorSubject << "' " << reason << " '" << pMsg << "'");
}
void setErrorRecorder()
More information about the Libreoffice-commits
mailing list