[Libreoffice-commits] core.git: external/libxmlsec xmlsecurity/source
Miklos Vajna
vmiklos at collabora.co.uk
Wed May 17 08:21:32 UTC 2017
external/libxmlsec/UnpackedTarball_xmlsec.mk | 1
external/libxmlsec/xmlsec1-noverify.patch.1 | 74 ----------
xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx | 3
xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 3
4 files changed, 6 insertions(+), 75 deletions(-)
New commits:
commit 273da4e3d1d2a9fb10807d9300d5bac47e1e2584
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Wed May 17 09:13:09 2017 +0200
xmlsecurity: use xmlsec API instead of patching out cert verification
This flag does exactly what we need since xmlsec-1.2.24.
Change-Id: I3ae052d4bfe564c3234aef2511ef82ebdb452ebe
Reviewed-on: https://gerrit.libreoffice.org/37700
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
Tested-by: Jenkins <ci at libreoffice.org>
diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk
index 62adcf788a85..f41434c6d76b 100644
--- a/external/libxmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk
@@ -10,7 +10,6 @@
xmlsec_patches :=
xmlsec_patches += xmlsec1-configure.patch.1
xmlsec_patches += xmlsec1-nssdisablecallbacks.patch.1
-xmlsec_patches += xmlsec1-noverify.patch.1
xmlsec_patches += xmlsec1-vc.patch.1
xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1
xmlsec_patches += xmlsec1-customkeymanage.patch.1
diff --git a/external/libxmlsec/xmlsec1-noverify.patch.1 b/external/libxmlsec/xmlsec1-noverify.patch.1
deleted file mode 100644
index 1c5672494caa..000000000000
--- a/external/libxmlsec/xmlsec1-noverify.patch.1
+++ /dev/null
@@ -1,74 +0,0 @@
-From 4960b231f67eb86e5f6d6a79154c15268c959b34 Mon Sep 17 00:00:00 2001
-From: Miklos Vajna <vmiklos at collabora.co.uk>
-Date: Fri, 4 Mar 2016 16:10:16 +0100
-Subject: [PATCH] xmlsec1-noverify.patch
-
-Conflicts:
- src/mscrypto/x509vfy.c
- src/nss/x509vfy.c
----
- src/mscrypto/x509vfy.c | 12 ++++++++----
- src/nss/x509vfy.c | 24 ++++++++++--------------
- 2 files changed, 18 insertions(+), 18 deletions(-)
-
-diff --git a/src/mscrypto/x509vfy.c b/src/mscrypto/x509vfy.c
-index e4a84a60..a12cb709 100644
---- a/src/mscrypto/x509vfy.c
-+++ b/src/mscrypto/x509vfy.c
-@@ -525,10 +525,14 @@ xmlSecMSCryptoX509StoreVerify(xmlSecKeyDataStorePtr store, HCERTSTORE certs,
- }
-
- if(selected == 1) {
-- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) != 0
-- || xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
-- return(cert);
-- }
-+ /* JL: OpenOffice.org implements its own certificate verification routine.
-+ The goal is to separate validation of the signature
-+ and the certificate. For example, OOo could show that the document signature is valid,
-+ but the certificate could not be verified. If we do not prevent the verification of
-+ the certificate by libxmlsec and the verification fails, then the XML signature will not be
-+ verified. This would happen, for example, if the root certificate is not installed.
-+ */
-+ return(cert);
- }
- }
-
-diff --git a/src/nss/x509vfy.c b/src/nss/x509vfy.c
-index cd328fea..b28a37e1 100644
---- a/src/nss/x509vfy.c
-+++ b/src/nss/x509vfy.c
-@@ -213,20 +213,16 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
- continue;
- }
-
-- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) {
-- /* it's important to set the usage here, otherwise no real verification
-- * is performed. */
-- status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
-- cert, PR_FALSE,
-- certificateUsageEmailSigner,
-- timeboundary , NULL, NULL, NULL);
-- if(status == SECSuccess) {
-- break;
-- }
-- } else {
-- status = SECSuccess;
-- break;
-- }
-+ /*
-+ JL: OpenOffice.org implements its own certificate verification routine.
-+ The goal is to separate validation of the signature
-+ and the certificate. For example, OOo could show that the document signature is valid,
-+ but the certificate could not be verified. If we do not prevent the verification of
-+ the certificate by libxmlsec and the verification fails, then the XML signature may not be
-+ verified. This would happen, for example, if the root certificate is not installed.
-+ */
-+ status = SECSuccess;
-+ break;
- }
-
- if (status == SECSuccess) {
---
-2.12.0
-
diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
index 010743509469..c61af389528a 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
@@ -196,6 +196,9 @@ SAL_CALL XMLSignature_MSCryptImpl::validate(
return aTemplate;
}
+ // We do certificate verification ourselves.
+ pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+
//Verify signature
//The documentation says that the signature is only valid if the return value is 0 (that is, not < 0)
//AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if
diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
index 39aa6e9187d9..385a083884b3 100644
--- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
@@ -221,6 +221,9 @@ SAL_CALL XMLSignature_NssImpl::validate(
return aTemplate;
}
+ // We do certificate verification ourselves.
+ pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+
//Verify signature
int rs = xmlSecDSigCtxVerify( pDsigCtx , pNode );
More information about the Libreoffice-commits
mailing list