[Libreoffice-commits] core.git: external/xmlsec

Miklos Vajna vmiklos at collabora.co.uk
Fri Jun 22 08:14:17 UTC 2018


 external/xmlsec/ExternalPackage_xmlsec.mk |    1 
 external/xmlsec/ExternalProject_xmlsec.mk |    2 
 external/xmlsec/UnpackedTarball_xmlsec.mk |    2 
 external/xmlsec/mscng-fixes.patch.1       |   70 ++++++++++++++++++++++++++++++
 4 files changed, 74 insertions(+), 1 deletion(-)

New commits:
commit 5b42a17dc99fba2ccf8dd8d0a8e0e4e836e30120
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Fri Jun 22 09:13:04 2018 +0200

    libxmlsec windows: enable ECDSA support
    
    It is provided by the mscng backend.
    
    Change-Id: I1b7e6baf4ba37f7990d1dd685e8d867834e8212d
    Reviewed-on: https://gerrit.libreoffice.org/56271
    Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
    Tested-by: Jenkins

diff --git a/external/xmlsec/ExternalPackage_xmlsec.mk b/external/xmlsec/ExternalPackage_xmlsec.mk
index e7a38909d825..3ad09e8734df 100644
--- a/external/xmlsec/ExternalPackage_xmlsec.mk
+++ b/external/xmlsec/ExternalPackage_xmlsec.mk
@@ -13,6 +13,7 @@ $(eval $(call gb_ExternalPackage_use_external_project,xmlsec,xmlsec))
 
 ifeq ($(OS),WNT)
 $(eval $(call gb_ExternalPackage_add_file,xmlsec,$(LIBO_LIB_FOLDER)/libxmlsec-mscrypto.dll,win32/binaries/libxmlsec-mscrypto.dll))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,$(LIBO_LIB_FOLDER)/libxmlsec-mscng.dll,win32/binaries/libxmlsec-mscng.dll))
 $(eval $(call gb_ExternalPackage_add_file,xmlsec,$(LIBO_LIB_FOLDER)/libxmlsec.dll,win32/binaries/libxmlsec.dll))
 endif
 
diff --git a/external/xmlsec/ExternalProject_xmlsec.mk b/external/xmlsec/ExternalProject_xmlsec.mk
index 8ff1057f18b1..1225df47cf53 100644
--- a/external/xmlsec/ExternalProject_xmlsec.mk
+++ b/external/xmlsec/ExternalProject_xmlsec.mk
@@ -23,7 +23,7 @@ $(eval $(call gb_ExternalProject_use_nmake,xmlsec,build))
 
 $(call gb_ExternalProject_get_state_target,xmlsec,build) :
 	$(call gb_ExternalProject_run,build,\
-		cscript /e:javascript configure.js crypto=mscrypto xslt=no iconv=no static=no \
+		cscript /e:javascript configure.js crypto=mscrypto$(COMMA)mscng xslt=no iconv=no static=no \
 			lib=$(call gb_UnpackedTarball_get_dir,libxml2)/win32/bin.msvc \
 			$(if $(filter TRUE,$(ENABLE_DBGUTIL)),debug=yes) \
 		&& nmake \
diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk
index ec543de3b04c..0d33b12584dd 100644
--- a/external/xmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -11,6 +11,8 @@ xmlsec_patches :=
 xmlsec_patches += xmlsec1-configure.patch.1
 xmlsec_patches += xmlsec1-vc.patch.1
 xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1
+# Backport of <https://github.com/lsh123/xmlsec/pull/192>.
+xmlsec_patches += mscng-fixes.patch.1
 
 $(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))
 
diff --git a/external/xmlsec/mscng-fixes.patch.1 b/external/xmlsec/mscng-fixes.patch.1
new file mode 100644
index 000000000000..c93a0812210c
--- /dev/null
+++ b/external/xmlsec/mscng-fixes.patch.1
@@ -0,0 +1,70 @@
+From c97803e20287c189e37b5a737e84ed02b510949f Mon Sep 17 00:00:00 2001
+Subject: [PATCH] mscng: fix use-after-free, implement adoption of private key
+ as part of key extraction (#192)
+
+---
+ src/mscng/signatures.c | 18 +++++++++++++-----
+ src/mscng/x509.c       |  8 ++++++--
+ src/xmltree.c          |  2 +-
+ 3 files changed, 20 insertions(+), 8 deletions(-)
+
+diff --git a/src/mscng/signatures.c b/src/mscng/signatures.c
+index 365c484a..a7e0fbb7 100644
+--- a/src/mscng/signatures.c
++++ b/src/mscng/signatures.c
+@@ -258,20 +258,28 @@ static void xmlSecMSCngSignatureFinalize(xmlSecTransformPtr transform) {
+         xmlSecKeyDataDestroy(ctx->data);
+     }
+ 
+-    if(ctx->pbHash != NULL) {
+-        xmlFree(ctx->pbHash);
+-    }
++    // MSDN documents at
++    // https://msdn.microsoft.com/en-us/library/windows/desktop/aa376217(v=vs.85).aspx
++    // that the order of cleanup should be:
++    // - algo handle
++    // - hash handle
++    // - hash object pointer
++    // - hash pointer
+ 
+     if(ctx->hHashAlg != 0) {
+         BCryptCloseAlgorithmProvider(ctx->hHashAlg, 0);
+     }
+ 
++    if(ctx->hHash != 0) {
++        BCryptDestroyHash(ctx->hHash);
++    }
++
+     if(ctx->pbHashObject != NULL) {
+         xmlFree(ctx->pbHashObject);
+     }
+ 
+-    if(ctx->hHash != 0) {
+-        BCryptDestroyHash(ctx->hHash);
++    if(ctx->pbHash != NULL) {
++        xmlFree(ctx->pbHash);
+     }
+ 
+     memset(ctx, 0, sizeof(xmlSecMSCngSignatureCtx));
+diff --git a/src/mscng/x509.c b/src/mscng/x509.c
+index 492193af..3ab62c5c 100644
+--- a/src/mscng/x509.c
++++ b/src/mscng/x509.c
+@@ -785,8 +785,12 @@ xmlSecMSCngKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
+         }
+ 
+         if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) {
+-            xmlSecNotImplementedError(NULL);
+-            return(-1);
++            keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePrivate);
++            if(keyValue == NULL) {
++                xmlSecInternalError("xmlSecMSCngCertAdopt",
++                    xmlSecKeyDataGetName(data));
++                return(-1);
++            }
+         } else if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic) != 0) {
+             keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePublic);
+             if(keyValue == NULL) {
+-- 
+2.16.4
+


More information about the Libreoffice-commits mailing list