xmlsecurity: validate OOXML <Manifest> references

ODF uses no <Manifest> references, so this doesn't change anything for
ODF.

Previously we only validated the hash of a <Manifest> element, but not
reference hashes inside the <Manifest> element. This means now we can
detect not only changes to the signature metadata (signing data, signing
comment), but also changes in other streams, i.e. everything else.

libxmlsec already validated the manifest references hashes, the only
missing piece was that it's up to the client if it wants to validate
them, so libxmlsec doesn't do so by default -> our code has to.

This commit only affects the nss backend, still need to adapt the
mscrypto backend later presumably.

Change-Id: I0b11519d3eb003783048a00c4cada74762c6462f

0 files changed, 0 insertions, 0 deletions