diff options
author | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2017-09-08 03:19:04 +0200 |
---|---|---|
committer | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2017-09-10 01:43:53 +0200 |
commit | fdc85f759c4ef69f4ccdb7f160ad4bce7e61b231 (patch) | |
tree | 56944e12a0d4800bd59b7d529b21e3913584c69b /xmlsecurity | |
parent | ca6ab632a8f2dd5b45234f7af9b9f2b40690db89 (diff) |
gpg4libre: use SHA512 digests for GPG signing unconditionally
Change-Id: I2ee6b0ba440a50b4627b3732c52afe08ba02d664
Reviewed-on: https://gerrit.libreoffice.org/42087
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Diffstat (limited to 'xmlsecurity')
-rw-r--r-- | xmlsecurity/source/helper/xsecctl.cxx | 3 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecparser.cxx | 2 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecsign.cxx | 9 |
3 files changed, 12 insertions, 2 deletions
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx index ad0744f54d27..616ffcfb2ae4 100644 --- a/xmlsecurity/source/helper/xsecctl.cxx +++ b/xmlsecurity/source/helper/xsecctl.cxx @@ -661,6 +661,9 @@ void XSecController::exportSignature( /* Write SignatureMethod element */ pAttributeList = new SvXMLAttributeList(); + // TODO: actually roundtrip this value from parsing documentsignatures.xml - entirely + // broken to assume this would in any way relate to the 1st reference's digest algo + // Assume that all Reference elements use the same DigestMethod:Algorithm, and that the // SignatureMethod:Algorithm should be the corresponding one. pAttributeList->AddAttribute( diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx index be6f0b7c3dd2..81b7ebf7e630 100644 --- a/xmlsecurity/source/helper/xsecparser.cxx +++ b/xmlsecurity/source/helper/xsecparser.cxx @@ -151,6 +151,8 @@ void SAL_CALL XSecParser::startElement( m_nReferenceDigestID = cssxc::DigestID::SHA256; else if (ouAlgorithm == ALGO_XMLDSIGSHA512) m_nReferenceDigestID = cssxc::DigestID::SHA512; + else + m_nReferenceDigestID = 0; } } else if (aName == "Transform") diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx index 278eba79f8af..cd173e2fb956 100644 --- a/xmlsecurity/source/helper/xsecsign.cxx +++ b/xmlsecurity/source/helper/xsecsign.cxx @@ -144,7 +144,9 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar cssu::Reference<cssxc::sax::XKeyCollector> keyCollector (xReferenceResolvedListener, cssu::UNO_QUERY); keyCollector->setKeyId(0); - const sal_Int32 digestID = bXAdESCompliantIfODF ? cssxc::DigestID::SHA256 : cssxc::DigestID::SHA1; + // use sha512 for gpg signing unconditionally + const sal_Int32 digestID = !internalSignatureInfor.signatureInfor.ouGpgCertificate.isEmpty()? + cssxc::DigestID::SHA512 : (bXAdESCompliantIfODF ? cssxc::DigestID::SHA256 : cssxc::DigestID::SHA1); if (nStorageFormat != embed::StorageFormats::OFOPXML) { @@ -194,7 +196,7 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar void XSecController::signAStream( sal_Int32 securityId, const OUString& uri, bool isBinary, bool bXAdESCompliantIfODF) { const SignatureReferenceType type = isBinary ? SignatureReferenceType::BINARYSTREAM : SignatureReferenceType::XMLSTREAM; - const sal_Int32 digestID = bXAdESCompliantIfODF ? cssxc::DigestID::SHA256 : cssxc::DigestID::SHA1; + sal_Int32 digestID = bXAdESCompliantIfODF ? cssxc::DigestID::SHA256 : cssxc::DigestID::SHA1; int index = findSignatureInfor( securityId ); @@ -206,6 +208,9 @@ void XSecController::signAStream( sal_Int32 securityId, const OUString& uri, boo } else { + // use sha512 for gpg signing unconditionally + if (!m_vInternalSignatureInformations[index].signatureInfor.ouGpgCertificate.isEmpty()) + digestID = cssxc::DigestID::SHA512; m_vInternalSignatureInformations[index].addReference(type, digestID, uri, -1); } } |