[Libreoffice-commits] core.git: 3 commits - external/libxmlsec xmlsecurity/source

Miklos Vajna vmiklos at collabora.co.uk
Mon Jan 25 03:11:55 PST 2016


 external/libxmlsec/UnpackedTarball_xmlsec.mk  |    2 
 external/libxmlsec/xmlsec1-nss-sha256.patch.1 |  136 ++++++++++++++++++++
 external/libxmlsec/xmlsec1-ooxml.patch.1      |  173 ++++++++++++++++++++++++++
 xmlsecurity/source/xmlsec/errorcallback.cxx   |   25 +--
 4 files changed, 322 insertions(+), 14 deletions(-)

New commits:
commit 33cb676e582a57a469a0ea1ce7bdb2d57575992e
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Mon Jan 25 11:45:09 2016 +0100

    tdf#76142 libxmlsec: implement SHA-256 support in the NSS backend
    
    This way we do not abort a signature verification when we see a
    
    <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    
    XML node. Note that this just extends the glue layer, both NSS and
    libxmlsec itself already supported SHA-256 already.
    
    Change-Id: I68de99578b839bd7eaa8f21af903aa924c892799

diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk
index e21c2c4..68fb8d1 100644
--- a/external/libxmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk
@@ -27,6 +27,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\
 	external/libxmlsec/xmlsec1-customkeymanage.patch \
 	external/libxmlsec/xmlsec1-update-config.guess.patch.1 \
 	external/libxmlsec/xmlsec1-ooxml.patch.1 \
+	external/libxmlsec/xmlsec1-nss-sha256.patch.1 \
 ))
 
 $(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/mscrypto/akmngr.h,external/libxmlsec/include/akmngr_mscrypto.h))
diff --git a/external/libxmlsec/xmlsec1-nss-sha256.patch.1 b/external/libxmlsec/xmlsec1-nss-sha256.patch.1
new file mode 100644
index 0000000..4a4fcc0
--- /dev/null
+++ b/external/libxmlsec/xmlsec1-nss-sha256.patch.1
@@ -0,0 +1,136 @@
+From 8008aca4daa92316dcd44f2bb8d21b5439d8baf1 Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos at collabora.co.uk>
+Date: Mon, 25 Jan 2016 11:24:01 +0100
+Subject: [PATCH] NSS glue layer: add SHA-256 support
+
+---
+ include/xmlsec/nss/crypto.h | 16 +++++++++++++
+ src/nss/crypto.c            |  3 +++
+ src/nss/digests.c           | 57 +++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 76 insertions(+)
+
+diff --git a/include/xmlsec/nss/crypto.h b/include/xmlsec/nss/crypto.h
+index 42ba6ca..8164f45 100644
+--- a/include/xmlsec/nss/crypto.h
++++ b/include/xmlsec/nss/crypto.h
+@@ -304,6 +304,22 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void);
+ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha1GetKlass	(void);
+ #endif /* XMLSEC_NO_SHA1 */
+ 
++/********************************************************************
++ *
++ * SHA256 transform
++ *
++ *******************************************************************/
++#ifndef XMLSEC_NO_SHA256
++/**
++ * xmlSecNssTransformSha256Id:
++ *
++ * The SHA256 digest transform klass.
++ */
++#define xmlSecNssTransformSha256Id \
++	xmlSecNssTransformSha256GetKlass()
++XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha256GetKlass	(void);
++#endif /* XMLSEC_NO_SHA256 */
++
+ #ifdef __cplusplus
+ }
+ #endif /* __cplusplus */
+diff --git a/src/nss/crypto.c b/src/nss/crypto.c
+index 0495165..80adc50 100644
+--- a/src/nss/crypto.c
++++ b/src/nss/crypto.c
+@@ -132,6 +132,9 @@ xmlSecCryptoGetFunctions_nss(void) {
+ #ifndef XMLSEC_NO_SHA1    
+     gXmlSecNssFunctions->transformSha1GetKlass 		= xmlSecNssTransformSha1GetKlass;
+ #endif /* XMLSEC_NO_SHA1 */
++#ifndef XMLSEC_NO_SHA256
++    gXmlSecNssFunctions->transformSha256GetKlass = xmlSecNssTransformSha256GetKlass;
++#endif /* XMLSEC_NO_SHA256 */
+ 
+     /**
+      * High level routines form xmlsec command line utility
+diff --git a/src/nss/digests.c b/src/nss/digests.c
+index 5a1db91..0c4657c 100644
+--- a/src/nss/digests.c
++++ b/src/nss/digests.c
+@@ -70,6 +70,11 @@ xmlSecNssDigestCheckId(xmlSecTransformPtr transform) {
+ 	return(1);
+     }
+ #endif /* XMLSEC_NO_SHA1 */    
++#ifndef XMLSEC_NO_SHA256
++    if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) {
++	return(1);
++    }
++#endif /* XMLSEC_NO_SHA256 */
+ 
+     return(0);
+ }
+@@ -92,6 +97,11 @@ xmlSecNssDigestInitialize(xmlSecTransformPtr transform) {
+ 	ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA1);
+     } else
+ #endif /* XMLSEC_NO_SHA1 */    	
++#ifndef XMLSEC_NO_SHA256
++    if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) {
++	ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA256);
++    } else
++#endif /* XMLSEC_NO_SHA256 */
+ 
+     if(1) {
+ 	xmlSecError(XMLSEC_ERRORS_HERE, 
+@@ -327,5 +337,52 @@ xmlSecNssTransformSha1GetKlass(void) {
+ }
+ #endif /* XMLSEC_NO_SHA1 */
+ 
++#ifndef XMLSEC_NO_SHA256
++/******************************************************************************
++ *
++ * SHA256 Digest transforms
++ *
++ *****************************************************************************/
++static xmlSecTransformKlass xmlSecNssSha256Klass = {
++    /* klass/object sizes */
++    sizeof(xmlSecTransformKlass),		/* xmlSecSize klassSize */
++    xmlSecNssDigestSize,			/* xmlSecSize objSize */
++
++    /* data */
++    xmlSecNameSha256,				/* const xmlChar* name; */
++    xmlSecHrefSha256, 				/* const xmlChar* href; */
++    xmlSecTransformUsageDigestMethod,		/* xmlSecTransformUsage usage; */
++
++    /* methods */
++    xmlSecNssDigestInitialize,			/* xmlSecTransformInitializeMethod initialize; */
++    xmlSecNssDigestFinalize,			/* xmlSecTransformFinalizeMethod finalize; */
++    NULL,					/* xmlSecTransformNodeReadMethod readNode; */
++    NULL,					/* xmlSecTransformNodeWriteMethod writeNode; */
++    NULL,					/* xmlSecTransformSetKeyReqMethod setKeyReq; */
++    NULL,					/* xmlSecTransformSetKeyMethod setKey; */
++    xmlSecNssDigestVerify,			/* xmlSecTransformVerifyMethod verify; */
++    xmlSecTransformDefaultGetDataType,		/* xmlSecTransformGetDataTypeMethod getDataType; */
++    xmlSecTransformDefaultPushBin,		/* xmlSecTransformPushBinMethod pushBin; */
++    xmlSecTransformDefaultPopBin,		/* xmlSecTransformPopBinMethod popBin; */
++    NULL,					/* xmlSecTransformPushXmlMethod pushXml; */
++    NULL,					/* xmlSecTransformPopXmlMethod popXml; */
++    xmlSecNssDigestExecute,			/* xmlSecTransformExecuteMethod execute; */
++
++    NULL,					/* void* reserved0; */
++    NULL,					/* void* reserved1; */
++};
++
++/**
++ * xmlSecNssTransformSha256GetKlass:
++ *
++ * SHA-256 digest transform klass.
++ *
++ * Returns: pointer to SHA-256 digest transform klass.
++ */
++xmlSecTransformId
++xmlSecNssTransformSha256GetKlass(void) {
++    return(&xmlSecNssSha256Klass);
++}
++#endif /* XMLSEC_NO_SHA256 */
+ 
+ 
+-- 
+2.6.2
+
commit 7fb16870bfe988661e3b1cb206ee6fed560e70a3
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Mon Jan 25 11:42:28 2016 +0100

    libxmlsec: recognize OOXML RelationshipTransform
    
    The transform itself doesn't do anything so far, but the verification is
    no longer aborted just because we see a transform that we don't know.
    
    Change-Id: Ife89157067f3af3326896df3053065c8302795d1

diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk
index a72deed..e21c2c4 100644
--- a/external/libxmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk
@@ -26,6 +26,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\
 	external/libxmlsec/xmlsec1-1.2.14-ansi.patch \
 	external/libxmlsec/xmlsec1-customkeymanage.patch \
 	external/libxmlsec/xmlsec1-update-config.guess.patch.1 \
+	external/libxmlsec/xmlsec1-ooxml.patch.1 \
 ))
 
 $(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/mscrypto/akmngr.h,external/libxmlsec/include/akmngr_mscrypto.h))
diff --git a/external/libxmlsec/xmlsec1-ooxml.patch.1 b/external/libxmlsec/xmlsec1-ooxml.patch.1
new file mode 100644
index 0000000..8a1dbe3
--- /dev/null
+++ b/external/libxmlsec/xmlsec1-ooxml.patch.1
@@ -0,0 +1,173 @@
+From b7fb2699e3c383ae40f29369dc57afbd0d52004c Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos at collabora.co.uk>
+Date: Mon, 25 Jan 2016 09:50:03 +0100
+Subject: [PATCH] OOXML Relationship Transform skeleton
+
+---
+ include/xmlsec/strings.h    |  3 ++
+ include/xmlsec/transforms.h |  4 +++
+ src/strings.c               |  3 ++
+ src/transforms.c            | 11 ++++++
+ src/xpath.c                 | 82 +++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 103 insertions(+)
+
+diff --git a/include/xmlsec/strings.h b/include/xmlsec/strings.h
+index 07afb9d..9c72d1b 100644
+--- a/include/xmlsec/strings.h
++++ b/include/xmlsec/strings.h
+@@ -551,6 +551,9 @@ XMLSEC_EXPORT_VAR const xmlChar xmlSecXPath2FilterUnion[];
+ XMLSEC_EXPORT_VAR const xmlChar xmlSecNameXPointer[];
+ XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeXPointer[];
+ 
++XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRelationship[];
++XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRelationship[];
++
+ /*************************************************************************
+  *
+  * Xslt strings
+diff --git a/include/xmlsec/transforms.h b/include/xmlsec/transforms.h
+index 4008cae..b0e31e4 100644
+--- a/include/xmlsec/transforms.h
++++ b/include/xmlsec/transforms.h
+@@ -961,6 +961,10 @@ XMLSEC_EXPORT int		xmlSecTransformXPointerSetExpr		(xmlSecTransformPtr transform
+ 									 const xmlChar* expr,
+ 									 xmlSecNodeSetType nodeSetType,
+ 									 xmlNodePtr hereNode);
++
++#define xmlSecTransformRelationshipId xmlSecTransformRelationshipGetKlass()
++XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRelationshipGetKlass (void);
++
+ #ifndef XMLSEC_NO_XSLT
+ /**
+  * xmlSecTransformXsltId:
+diff --git a/src/strings.c b/src/strings.c
+index 9897198..546e993 100644
+--- a/src/strings.c
++++ b/src/strings.c
+@@ -543,6 +543,9 @@ const xmlChar xmlSecXPath2FilterUnion[]		= "union";
+ const xmlChar xmlSecNameXPointer[]		= "xpointer";
+ const xmlChar xmlSecNodeXPointer[]		= "XPointer";
+ 
++const xmlChar xmlSecNameRelationship[] = "relationship";
++const xmlChar xmlSecHrefRelationship[] = "http://schemas.openxmlformats.org/package/2006/RelationshipTransform";
++
+ /*************************************************************************
+  *
+  * Xslt strings
+diff --git a/src/transforms.c b/src/transforms.c
+index 2ed3fe8..9e5ad27 100644
+--- a/src/transforms.c
++++ b/src/transforms.c
+@@ -271,6 +271,17 @@ xmlSecTransformIdsRegisterDefault(void) {
+ 	return(-1);
+     }
+ 
++    if (xmlSecTransformIdsRegister(xmlSecTransformRelationshipId) < 0)
++    {
++	xmlSecError(XMLSEC_ERRORS_HERE,
++		    NULL,
++		    "xmlSecTransformIdsRegister",
++		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
++		    "name=%s",
++		    xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformRelationshipId)));
++	return -1;
++    }
++
+ #ifndef XMLSEC_NO_XSLT
+     if(xmlSecTransformIdsRegister(xmlSecTransformXsltId) < 0) {
+ 	xmlSecError(XMLSEC_ERRORS_HERE,
+diff --git a/src/xpath.c b/src/xpath.c
+index 8b0b4f8..63b02d4 100644
+--- a/src/xpath.c
++++ b/src/xpath.c
+@@ -1144,5 +1144,87 @@ xmlSecTransformVisa3DHackExecute(xmlSecTransformPtr transform, int last,
+     return(0);
+ }
+ 
++/* OOXML Relationship Transform. */
++typedef struct _xmlSecRelationshipCtx xmlSecRelationshipCtx, *xmlSecRelationshipCtxPtr;
++struct _xmlSecRelationshipCtx
++{
++    xmlParserCtxtPtr parserCtx;
++};
++#define xmlSecRelationshipSize (sizeof(xmlSecTransform) + sizeof(xmlSecRelationshipCtx))
++#define xmlSecRelationshipGetCtx(transform) ((xmlSecRelationshipCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
++
++static int xmlSecRelationshipInitialize (xmlSecTransformPtr transform);
++static void xmlSecRelationshipFinalize (xmlSecTransformPtr transform);
++static int xmlSecRelationshipReadNode (xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx);
++static int xmlSecRelationshipExecute (xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx);
++
++static xmlSecTransformKlass xmlSecRelationshipKlass =
++{
++    /* klass/object sizes */
++    sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
++    xmlSecRelationshipSize, /* xmlSecSize objSize */
++    xmlSecNameRelationship, /* const xmlChar* name; */
++    xmlSecHrefRelationship, /* const xmlChar* href; */
++    xmlSecTransformUsageDSigTransform, /* xmlSecAlgorithmUsage usage; */
++    xmlSecRelationshipInitialize, /* xmlSecTransformInitializeMethod initialize; */
++    xmlSecRelationshipFinalize, /* xmlSecTransformFinalizeMethod finalize; */
++    xmlSecRelationshipReadNode, /* xmlSecTransformNodeReadMethod readNode; */
++    NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
++    NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
++    NULL, /* xmlSecTransformSetKeyMethod setKey; */
++    NULL, /* xmlSecTransformValidateMethod validate; */
++    xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
++    xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
++    xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
++    NULL, /* xmlSecTransformPushXmlMethod pushXml; */
++    NULL, /* xmlSecTransformPopXmlMethod popXml; */
++    xmlSecRelationshipExecute, /* xmlSecTransformExecuteMethod execute; */
++    NULL, /* void* reserved0; */
++    NULL, /* void* reserved1; */
++};
++
++xmlSecTransformId xmlSecTransformRelationshipGetKlass(void)
++{
++    return &xmlSecRelationshipKlass;
++}
++
++static int xmlSecRelationshipInitialize(xmlSecTransformPtr transform)
++{
++    xmlSecRelationshipCtxPtr ctx;
++
++    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId), -1);
++    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize), -1);
++
++    ctx = xmlSecRelationshipGetCtx(transform);
++    xmlSecAssert2(ctx != NULL, -1);
+ 
++    /* initialize context */
++    memset(ctx, 0, sizeof(xmlSecRelationshipCtx));
++    return 0;
++}
++
++static void xmlSecRelationshipFinalize(xmlSecTransformPtr transform)
++{
++    xmlSecRelationshipCtxPtr ctx;
++
++    xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId));
++    xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize));
++
++    ctx = xmlSecRelationshipGetCtx(transform);
++    xmlSecAssert(ctx != NULL);
++
++    if (ctx->parserCtx != NULL)
++	xmlFreeParserCtxt(ctx->parserCtx);
+ 
++    memset(ctx, 0, sizeof(xmlSecRelationshipCtx));
++}
++
++static int xmlSecRelationshipReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx)
++{
++    return 0;
++}
++
++static int xmlSecRelationshipExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx)
++{
++    return 0;
++}
+-- 
+2.6.2
+
commit 86fb3f12eb07614880f51825f89ed4fb31af2d36
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Mon Jan 25 09:47:38 2016 +0100

    xmlsecurity: enable libxmlsec error callback
    
    Change-Id: I9d3dd7c425723337d36fdf9f9e761398616d289d

diff --git a/xmlsecurity/source/xmlsec/errorcallback.cxx b/xmlsecurity/source/xmlsec/errorcallback.cxx
index abf0475..14e4863 100644
--- a/xmlsecurity/source/xmlsec/errorcallback.cxx
+++ b/xmlsecurity/source/xmlsec/errorcallback.cxx
@@ -29,21 +29,18 @@ using namespace ::com::sun::star::xml::crypto;
 
 
 extern "C"
-void errorCallback(const char * /*file*/,
-                   int /*line*/,
-                   const char * /*func*/,
-                   const char * /*errorObject*/,
-                   const char * /*errorSubject*/,
-                   int /*reason*/,
-                   const char  * /*msg*/)
+void errorCallback(const char* file,
+                   int line,
+                   const char* func,
+                   const char* errorObject,
+                   const char* errorSubject,
+                   int reason,
+                   const char* msg)
 {
-#if OSL_DEBUG_LEVEL > 1
-//     const char * afunc = func ? func : "";
-//     const char * errObj = errorObject ? errorObject : "";
-//     const char * errSub = errorSubject ? errorSubject : "";
-//     const char * amsg = msg ? msg : "";
-//  fprintf(stdout, "xmlsec error: %s, %s,  %s, %i %s  \n", afunc, errObj, errSub, reason, amsg);
-#endif
+    const char* pErrorObject = errorObject ? errorObject : "";
+    const char* pErrorSubject = errorSubject ? errorSubject : "";
+    const char* pMsg = msg ? msg : "";
+    SAL_WARN("xmlsecurity.xmlsec", file << ":" << line << ": " << func << "() '" << pErrorObject << "' '" << pErrorSubject << "' " << reason << " '" << pMsg << "'");
 }
 
 void setErrorRecorder()


More information about the Libreoffice-commits mailing list