[Libreoffice-commits] core.git: xmlsecurity/source
Thorsten Behrens
Thorsten.Behrens at CIB.de
Sat Sep 9 23:44:14 UTC 2017
xmlsecurity/source/helper/xsecctl.cxx | 3 +++
xmlsecurity/source/helper/xsecparser.cxx | 2 ++
xmlsecurity/source/helper/xsecsign.cxx | 9 +++++++--
3 files changed, 12 insertions(+), 2 deletions(-)
New commits:
commit fdc85f759c4ef69f4ccdb7f160ad4bce7e61b231
Author: Thorsten Behrens <Thorsten.Behrens at CIB.de>
Date: Fri Sep 8 03:19:04 2017 +0200
gpg4libre: use SHA512 digests for GPG signing unconditionally
Change-Id: I2ee6b0ba440a50b4627b3732c52afe08ba02d664
Reviewed-on: https://gerrit.libreoffice.org/42087
Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index ad0744f54d27..616ffcfb2ae4 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -661,6 +661,9 @@ void XSecController::exportSignature(
/* Write SignatureMethod element */
pAttributeList = new SvXMLAttributeList();
+ // TODO: actually roundtrip this value from parsing documentsignatures.xml - entirely
+ // broken to assume this would in any way relate to the 1st reference's digest algo
+
// Assume that all Reference elements use the same DigestMethod:Algorithm, and that the
// SignatureMethod:Algorithm should be the corresponding one.
pAttributeList->AddAttribute(
diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx
index be6f0b7c3dd2..81b7ebf7e630 100644
--- a/xmlsecurity/source/helper/xsecparser.cxx
+++ b/xmlsecurity/source/helper/xsecparser.cxx
@@ -151,6 +151,8 @@ void SAL_CALL XSecParser::startElement(
m_nReferenceDigestID = cssxc::DigestID::SHA256;
else if (ouAlgorithm == ALGO_XMLDSIGSHA512)
m_nReferenceDigestID = cssxc::DigestID::SHA512;
+ else
+ m_nReferenceDigestID = 0;
}
}
else if (aName == "Transform")
diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx
index 278eba79f8af..cd173e2fb956 100644
--- a/xmlsecurity/source/helper/xsecsign.cxx
+++ b/xmlsecurity/source/helper/xsecsign.cxx
@@ -144,7 +144,9 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar
cssu::Reference<cssxc::sax::XKeyCollector> keyCollector (xReferenceResolvedListener, cssu::UNO_QUERY);
keyCollector->setKeyId(0);
- const sal_Int32 digestID = bXAdESCompliantIfODF ? cssxc::DigestID::SHA256 : cssxc::DigestID::SHA1;
+ // use sha512 for gpg signing unconditionally
+ const sal_Int32 digestID = !internalSignatureInfor.signatureInfor.ouGpgCertificate.isEmpty()?
+ cssxc::DigestID::SHA512 : (bXAdESCompliantIfODF ? cssxc::DigestID::SHA256 : cssxc::DigestID::SHA1);
if (nStorageFormat != embed::StorageFormats::OFOPXML)
{
@@ -194,7 +196,7 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar
void XSecController::signAStream( sal_Int32 securityId, const OUString& uri, bool isBinary, bool bXAdESCompliantIfODF)
{
const SignatureReferenceType type = isBinary ? SignatureReferenceType::BINARYSTREAM : SignatureReferenceType::XMLSTREAM;
- const sal_Int32 digestID = bXAdESCompliantIfODF ? cssxc::DigestID::SHA256 : cssxc::DigestID::SHA1;
+ sal_Int32 digestID = bXAdESCompliantIfODF ? cssxc::DigestID::SHA256 : cssxc::DigestID::SHA1;
int index = findSignatureInfor( securityId );
@@ -206,6 +208,9 @@ void XSecController::signAStream( sal_Int32 securityId, const OUString& uri, boo
}
else
{
+ // use sha512 for gpg signing unconditionally
+ if (!m_vInternalSignatureInformations[index].signatureInfor.ouGpgCertificate.isEmpty())
+ digestID = cssxc::DigestID::SHA512;
m_vInternalSignatureInformations[index].addReference(type, digestID, uri, -1);
}
}
More information about the Libreoffice-commits
mailing list