[Libreoffice-commits] core.git: external/xmlsec
Miklos Vajna
vmiklos at collabora.co.uk
Fri Jun 22 08:14:17 UTC 2018
external/xmlsec/ExternalPackage_xmlsec.mk | 1
external/xmlsec/ExternalProject_xmlsec.mk | 2
external/xmlsec/UnpackedTarball_xmlsec.mk | 2
external/xmlsec/mscng-fixes.patch.1 | 70 ++++++++++++++++++++++++++++++
4 files changed, 74 insertions(+), 1 deletion(-)
New commits:
commit 5b42a17dc99fba2ccf8dd8d0a8e0e4e836e30120
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Fri Jun 22 09:13:04 2018 +0200
libxmlsec windows: enable ECDSA support
It is provided by the mscng backend.
Change-Id: I1b7e6baf4ba37f7990d1dd685e8d867834e8212d
Reviewed-on: https://gerrit.libreoffice.org/56271
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
Tested-by: Jenkins
diff --git a/external/xmlsec/ExternalPackage_xmlsec.mk b/external/xmlsec/ExternalPackage_xmlsec.mk
index e7a38909d825..3ad09e8734df 100644
--- a/external/xmlsec/ExternalPackage_xmlsec.mk
+++ b/external/xmlsec/ExternalPackage_xmlsec.mk
@@ -13,6 +13,7 @@ $(eval $(call gb_ExternalPackage_use_external_project,xmlsec,xmlsec))
ifeq ($(OS),WNT)
$(eval $(call gb_ExternalPackage_add_file,xmlsec,$(LIBO_LIB_FOLDER)/libxmlsec-mscrypto.dll,win32/binaries/libxmlsec-mscrypto.dll))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,$(LIBO_LIB_FOLDER)/libxmlsec-mscng.dll,win32/binaries/libxmlsec-mscng.dll))
$(eval $(call gb_ExternalPackage_add_file,xmlsec,$(LIBO_LIB_FOLDER)/libxmlsec.dll,win32/binaries/libxmlsec.dll))
endif
diff --git a/external/xmlsec/ExternalProject_xmlsec.mk b/external/xmlsec/ExternalProject_xmlsec.mk
index 8ff1057f18b1..1225df47cf53 100644
--- a/external/xmlsec/ExternalProject_xmlsec.mk
+++ b/external/xmlsec/ExternalProject_xmlsec.mk
@@ -23,7 +23,7 @@ $(eval $(call gb_ExternalProject_use_nmake,xmlsec,build))
$(call gb_ExternalProject_get_state_target,xmlsec,build) :
$(call gb_ExternalProject_run,build,\
- cscript /e:javascript configure.js crypto=mscrypto xslt=no iconv=no static=no \
+ cscript /e:javascript configure.js crypto=mscrypto$(COMMA)mscng xslt=no iconv=no static=no \
lib=$(call gb_UnpackedTarball_get_dir,libxml2)/win32/bin.msvc \
$(if $(filter TRUE,$(ENABLE_DBGUTIL)),debug=yes) \
&& nmake \
diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk
index ec543de3b04c..0d33b12584dd 100644
--- a/external/xmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -11,6 +11,8 @@ xmlsec_patches :=
xmlsec_patches += xmlsec1-configure.patch.1
xmlsec_patches += xmlsec1-vc.patch.1
xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1
+# Backport of <https://github.com/lsh123/xmlsec/pull/192>.
+xmlsec_patches += mscng-fixes.patch.1
$(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))
diff --git a/external/xmlsec/mscng-fixes.patch.1 b/external/xmlsec/mscng-fixes.patch.1
new file mode 100644
index 000000000000..c93a0812210c
--- /dev/null
+++ b/external/xmlsec/mscng-fixes.patch.1
@@ -0,0 +1,70 @@
+From c97803e20287c189e37b5a737e84ed02b510949f Mon Sep 17 00:00:00 2001
+Subject: [PATCH] mscng: fix use-after-free, implement adoption of private key
+ as part of key extraction (#192)
+
+---
+ src/mscng/signatures.c | 18 +++++++++++++-----
+ src/mscng/x509.c | 8 ++++++--
+ src/xmltree.c | 2 +-
+ 3 files changed, 20 insertions(+), 8 deletions(-)
+
+diff --git a/src/mscng/signatures.c b/src/mscng/signatures.c
+index 365c484a..a7e0fbb7 100644
+--- a/src/mscng/signatures.c
++++ b/src/mscng/signatures.c
+@@ -258,20 +258,28 @@ static void xmlSecMSCngSignatureFinalize(xmlSecTransformPtr transform) {
+ xmlSecKeyDataDestroy(ctx->data);
+ }
+
+- if(ctx->pbHash != NULL) {
+- xmlFree(ctx->pbHash);
+- }
++ // MSDN documents at
++ // https://msdn.microsoft.com/en-us/library/windows/desktop/aa376217(v=vs.85).aspx
++ // that the order of cleanup should be:
++ // - algo handle
++ // - hash handle
++ // - hash object pointer
++ // - hash pointer
+
+ if(ctx->hHashAlg != 0) {
+ BCryptCloseAlgorithmProvider(ctx->hHashAlg, 0);
+ }
+
++ if(ctx->hHash != 0) {
++ BCryptDestroyHash(ctx->hHash);
++ }
++
+ if(ctx->pbHashObject != NULL) {
+ xmlFree(ctx->pbHashObject);
+ }
+
+- if(ctx->hHash != 0) {
+- BCryptDestroyHash(ctx->hHash);
++ if(ctx->pbHash != NULL) {
++ xmlFree(ctx->pbHash);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecMSCngSignatureCtx));
+diff --git a/src/mscng/x509.c b/src/mscng/x509.c
+index 492193af..3ab62c5c 100644
+--- a/src/mscng/x509.c
++++ b/src/mscng/x509.c
+@@ -785,8 +785,12 @@ xmlSecMSCngKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
+ }
+
+ if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) {
+- xmlSecNotImplementedError(NULL);
+- return(-1);
++ keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePrivate);
++ if(keyValue == NULL) {
++ xmlSecInternalError("xmlSecMSCngCertAdopt",
++ xmlSecKeyDataGetName(data));
++ return(-1);
++ }
+ } else if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic) != 0) {
+ keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePublic);
+ if(keyValue == NULL) {
+--
+2.16.4
+
More information about the Libreoffice-commits
mailing list