diff options
author | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-06-22 09:13:04 +0200 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-06-22 10:13:53 +0200 |
commit | 5b42a17dc99fba2ccf8dd8d0a8e0e4e836e30120 (patch) | |
tree | e6f189aef60ba83607c0b2cbc433c91171471272 /external | |
parent | 9373590415342bf75ddd1960c90510c1c7139636 (diff) |
libxmlsec windows: enable ECDSA support
It is provided by the mscng backend.
Change-Id: I1b7e6baf4ba37f7990d1dd685e8d867834e8212d
Reviewed-on: https://gerrit.libreoffice.org/56271
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins
Diffstat (limited to 'external')
-rw-r--r-- | external/xmlsec/ExternalPackage_xmlsec.mk | 1 | ||||
-rw-r--r-- | external/xmlsec/ExternalProject_xmlsec.mk | 2 | ||||
-rw-r--r-- | external/xmlsec/UnpackedTarball_xmlsec.mk | 2 | ||||
-rw-r--r-- | external/xmlsec/mscng-fixes.patch.1 | 70 |
4 files changed, 74 insertions, 1 deletions
diff --git a/external/xmlsec/ExternalPackage_xmlsec.mk b/external/xmlsec/ExternalPackage_xmlsec.mk index e7a38909d825..3ad09e8734df 100644 --- a/external/xmlsec/ExternalPackage_xmlsec.mk +++ b/external/xmlsec/ExternalPackage_xmlsec.mk @@ -13,6 +13,7 @@ $(eval $(call gb_ExternalPackage_use_external_project,xmlsec,xmlsec)) ifeq ($(OS),WNT) $(eval $(call gb_ExternalPackage_add_file,xmlsec,$(LIBO_LIB_FOLDER)/libxmlsec-mscrypto.dll,win32/binaries/libxmlsec-mscrypto.dll)) +$(eval $(call gb_ExternalPackage_add_file,xmlsec,$(LIBO_LIB_FOLDER)/libxmlsec-mscng.dll,win32/binaries/libxmlsec-mscng.dll)) $(eval $(call gb_ExternalPackage_add_file,xmlsec,$(LIBO_LIB_FOLDER)/libxmlsec.dll,win32/binaries/libxmlsec.dll)) endif diff --git a/external/xmlsec/ExternalProject_xmlsec.mk b/external/xmlsec/ExternalProject_xmlsec.mk index 8ff1057f18b1..1225df47cf53 100644 --- a/external/xmlsec/ExternalProject_xmlsec.mk +++ b/external/xmlsec/ExternalProject_xmlsec.mk @@ -23,7 +23,7 @@ $(eval $(call gb_ExternalProject_use_nmake,xmlsec,build)) $(call gb_ExternalProject_get_state_target,xmlsec,build) : $(call gb_ExternalProject_run,build,\ - cscript /e:javascript configure.js crypto=mscrypto xslt=no iconv=no static=no \ + cscript /e:javascript configure.js crypto=mscrypto$(COMMA)mscng xslt=no iconv=no static=no \ lib=$(call gb_UnpackedTarball_get_dir,libxml2)/win32/bin.msvc \ $(if $(filter TRUE,$(ENABLE_DBGUTIL)),debug=yes) \ && nmake \ diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk index ec543de3b04c..0d33b12584dd 100644 --- a/external/xmlsec/UnpackedTarball_xmlsec.mk +++ b/external/xmlsec/UnpackedTarball_xmlsec.mk @@ -11,6 +11,8 @@ xmlsec_patches := xmlsec_patches += xmlsec1-configure.patch.1 xmlsec_patches += xmlsec1-vc.patch.1 xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1 +# Backport of <https://github.com/lsh123/xmlsec/pull/192>. +xmlsec_patches += mscng-fixes.patch.1 $(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec)) diff --git a/external/xmlsec/mscng-fixes.patch.1 b/external/xmlsec/mscng-fixes.patch.1 new file mode 100644 index 000000000000..c93a0812210c --- /dev/null +++ b/external/xmlsec/mscng-fixes.patch.1 @@ -0,0 +1,70 @@ +From c97803e20287c189e37b5a737e84ed02b510949f Mon Sep 17 00:00:00 2001 +Subject: [PATCH] mscng: fix use-after-free, implement adoption of private key + as part of key extraction (#192) + +--- + src/mscng/signatures.c | 18 +++++++++++++----- + src/mscng/x509.c | 8 ++++++-- + src/xmltree.c | 2 +- + 3 files changed, 20 insertions(+), 8 deletions(-) + +diff --git a/src/mscng/signatures.c b/src/mscng/signatures.c +index 365c484a..a7e0fbb7 100644 +--- a/src/mscng/signatures.c ++++ b/src/mscng/signatures.c +@@ -258,20 +258,28 @@ static void xmlSecMSCngSignatureFinalize(xmlSecTransformPtr transform) { + xmlSecKeyDataDestroy(ctx->data); + } + +- if(ctx->pbHash != NULL) { +- xmlFree(ctx->pbHash); +- } ++ // MSDN documents at ++ // https://msdn.microsoft.com/en-us/library/windows/desktop/aa376217(v=vs.85).aspx ++ // that the order of cleanup should be: ++ // - algo handle ++ // - hash handle ++ // - hash object pointer ++ // - hash pointer + + if(ctx->hHashAlg != 0) { + BCryptCloseAlgorithmProvider(ctx->hHashAlg, 0); + } + ++ if(ctx->hHash != 0) { ++ BCryptDestroyHash(ctx->hHash); ++ } ++ + if(ctx->pbHashObject != NULL) { + xmlFree(ctx->pbHashObject); + } + +- if(ctx->hHash != 0) { +- BCryptDestroyHash(ctx->hHash); ++ if(ctx->pbHash != NULL) { ++ xmlFree(ctx->pbHash); + } + + memset(ctx, 0, sizeof(xmlSecMSCngSignatureCtx)); +diff --git a/src/mscng/x509.c b/src/mscng/x509.c +index 492193af..3ab62c5c 100644 +--- a/src/mscng/x509.c ++++ b/src/mscng/x509.c +@@ -785,8 +785,12 @@ xmlSecMSCngKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, + } + + if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) { +- xmlSecNotImplementedError(NULL); +- return(-1); ++ keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePrivate); ++ if(keyValue == NULL) { ++ xmlSecInternalError("xmlSecMSCngCertAdopt", ++ xmlSecKeyDataGetName(data)); ++ return(-1); ++ } + } else if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic) != 0) { + keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePublic); + if(keyValue == NULL) { +-- +2.16.4 + |