diff options
| author | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-02-01 11:16:15 +0100 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-02-01 11:36:56 +0100 |
| commit | e6aaf64cfc378d0daa0709c40c85ee1e9c0fd151 (patch) | |
| tree | 71d427bcf402d4157d72b8e526f4734afd63f00d | |
| parent | 513d5c5781ec14f8512432f31290a3d54c8d57df (diff) | |
xmlsecurity: validate OOXML <Manifest> references
ODF uses no <Manifest> references, so this doesn't change anything for
ODF.
Previously we only validated the hash of a <Manifest> element, but not
reference hashes inside the <Manifest> element. This means now we can
detect not only changes to the signature metadata (signing data, signing
comment), but also changes in other streams, i.e. everything else.
libxmlsec already validated the manifest references hashes, the only
missing piece was that it's up to the client if it wants to validate
them, so libxmlsec doesn't do so by default -> our code has to.
This commit only affects the nss backend, still need to adapt the
mscrypto backend later presumably.
Change-Id: I0b11519d3eb003783048a00c4cada74762c6462f
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx index 4093f1c25af8..1a427048c2ee 100644 --- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx @@ -244,9 +244,21 @@ SAL_CALL XMLSignature_NssImpl::validate( //Verify signature int rs = xmlSecDSigCtxVerify( pDsigCtx , pNode ); + // Also verify manifest: this is empty for ODF, but contains everything (except signature metadata) for OOXML. + xmlSecSize nReferenceCount = xmlSecPtrListGetSize(&pDsigCtx->manifestReferences); + // Require that all manifest references are also good. + xmlSecSize nReferenceGood = 0; + for (xmlSecSize nReference = 0; nReference < nReferenceCount; ++nReference) + { + xmlSecDSigReferenceCtxPtr pReference = static_cast<xmlSecDSigReferenceCtxPtr>(xmlSecPtrListGetItem(&pDsigCtx->manifestReferences, nReference)); + if (pReference) + { + if (pReference->status == xmlSecDSigStatusSucceeded) + ++nReferenceGood; + } + } - if (rs == 0 && - pDsigCtx->status == xmlSecDSigStatusSucceeded) + if (rs == 0 && pDsigCtx->status == xmlSecDSigStatusSucceeded && nReferenceCount == nReferenceGood) { aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED); xmlSecDSigCtxDestroy( pDsigCtx ) ; |