| Age | Commit message (Collapse) | Author |
|---|
|
xmlhelp, xmloff, xmlsecurity
Change-Id: I80c6fa806387f3dcba8be7f93fe2fef146b033e3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112050
Tested-by: Jenkins
Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
|
|
Since commit 9630a2dfc79b08e3417e6e69b083f5124614499c,
CppunitTest_xmlsecurity_signing on Win64 segfaults:
===
[CUT] xmlsecurity_signing
/usr/bin/sh: line 1: 10188 Segmentation fault ( PATH="C:\lo\src\core\instdir\program;C:\lo\src\core\instdir\program;C:\lo\src\core\workdir\LinkTarget\Library;C:\lo\src\core\workdir\UnpackedTarball\cppunit\src\cppunit\DebugDll;$PATH" $W/LinkTarget/Executable/cppunittester.exe $W/LinkTarget/CppunitTest/test_xmlsecurity_signing.dll --headless "-env:BRAND_BASE_DIR=file:///$S/instdir" "-env:BRAND_SHARE_SUBDIR=share" "-env:BRAND_SHARE_RESOURCE_SUBDIR=program/resource" "-env:UserInstallation=file:///$W/CppunitTest/xmlsecurity_signing.test.user" "-env:CONFIGURATION_LAYERS=xcsxcu:file:///$I/share/registry xcsxcu:file:///$W/unittest/registry" "-env:UNO_TYPES=file:///$I/program/types.rdb file:///$I/program/types/offapi.rdb" "-env:UNO_SERVICES=file:///$W/Rdb/ure/services.rdb file:///$W/Rdb/services.rdb" -env:URE_INTERNAL_LIB_DIR=file:///$I/program -env:LO_LIB_DIR=file:///$I/program -env:LO_JAVA_DIR=file:///$I/program/classes --protector $W/LinkTarget/Library/unoexceptionprotector.dll unoexceptionprotector --protector $W/LinkTarget/Library/unobootstrapprotector.dll unobootstrapprotector --protector $W/LinkTarget/Library/vclbootstrapprotector.dll vclbootstrapprotector "-env:CPPUNITTESTTARGET=$W/CppunitTest/xmlsecurity_signing.test" ) > $W/CppunitTest/xmlsecurity_signing.test.log 2>&1
warn:sfx.appl:18084:18824:sfx2/source/appl/app.cxx:191: No DDE-Service possible. Error: 16399
warn:vcl:18084:18824:vcl/win/window/salframe.cxx:1084: WinSalFrame::SetIcon(): Could not load large icon !
warn:vcl:18084:18824:vcl/win/window/salframe.cxx:1085: WinSalFrame::SetIcon(): Could not load small icon !
warn:basic:18084:18824:basic/source/uno/namecont.cxx:973: Cannot access extensions!
warn:basic:18084:18824:basic/source/uno/namecont.cxx:973: Cannot access extensions!
warn:xmlsecurity.xmlsec:18084:18824:xmlsecurity/source/xmlsec/errorcallback.cxx:51: ..\src\xmldsig.c:793: xmlSecDSigCtxProcessKeyInfoNode() '' '' 45 'details=NULL' Operation completed successfully.
warn:xmlsecurity.xmlsec:18084:18824:xmlsecurity/source/xmlsec/errorcallback.cxx:51: ..\src\xmldsig.c:508: xmlSecDSigCtxProcessSignatureNode() '' 'xmlSecDSigCtxProcessKeyInfoNode' 1 ' ' Operation completed successfully.
warn:xmlsecurity.xmlsec:18084:18824:xmlsecurity/source/xmlsec/errorcallback.cxx:51: ..\src\xmldsig.c:291: xmlSecDSigCtxSign() '' 'xmlSecDSigCtxProcessSignatureNode' 1 ' ' Operation completed successfully.
HEAP CORRUPTION DETECTED: after Normal block (#1570713) at 0x00000197AC7E5AB0.
CRT detected that the application wrote to memory after end of heap buffer.
warn:xmlsecurity.xmlsec:18084:18824:xmlsecurity/source/xmlsec/errorcallback.cxx:51: ..\src\xmldsig.c:793: xmlSecDSigCtxProcessKeyInfoNode() '' '' 45 'details=NULL' Operation completed successfully.
warn:xmlsecurity.xmlsec:18084:18824:xmlsecurity/source/xmlsec/errorcallback.cxx:51: ..\src\xmldsig.c:508: xmlSecDSigCtxProcessSignatureNode() '' 'xmlSecDSigCtxProcessKeyInfoNode' 1 ' ' Operation completed successfully.
warn:xmlsecurity.xmlsec:18084:18824:xmlsecurity/source/xmlsec/errorcallback.cxx:51: ..\src\xmldsig.c:346: xmlSecDSigCtxVerify() '' 'xmlSecDSigCtxProcessSignatureNode' 1 ' ' Operation completed successfully.
HEAP CORRUPTION DETECTED: after Normal block (#1585431) at 0x00000197AC7E7BF0.
CRT detected that the application wrote to memory after end of heap buffer.
SigningTest::testDescription finished in: 3332ms
warn:vcl:18084:18824:vcl/win/window/salframe.cxx:1084: WinSalFrame::SetIcon(): Could not load large icon !
warn:vcl:18084:18824:vcl/win/window/salframe.cxx:1085: WinSalFrame::SetIcon(): Could not load small icon !
SigningTest::testECDSA finished in: 550ms
warn:vcl:18084:18824:vcl/win/window/salframe.cxx:1084: WinSalFrame::SetIcon(): Could not load large icon !
warn:vcl:18084:18824:vcl/win/window/salframe.cxx:1085: WinSalFrame::SetIcon(): Could not load small icon !
SigningTest::testECDSAOOXML finished in: 466ms
warn:vcl:18084:18824:vcl/win/window/salframe.cxx:1084: WinSalFrame::SetIcon(): Could not load large icon !
warn:vcl:18084:18824:vcl/win/window/salframe.cxx:1085: WinSalFrame::SetIcon(): Could not load small icon !
warn:vcl.gdi:18084:18824:vcl/source/outdev/map.cxx:694: Please record only relative MapModes!
warn:vcl.gdi:18084:18824:vcl/source/outdev/map.cxx:694: Please record only relative MapModes!
warn:vcl.gdi:18084:18824:vcl/source/outdev/map.cxx:694: Please record only relative MapModes!
warn:vcl.gdi:18084:18824:vcl/source/outdev/map.cxx:694: Please record only relative MapModes!
warn:vcl.gdi:18084:18824:vcl/source/outdev/map.cxx:694: Please record only relative MapModes!
warn:vcl.gdi:18084:18824:vcl/source/outdev/map.cxx:694: Please record only relative MapModes!
SigningTest::testECDSAPDF finished in: 433ms
warn:xmlsecurity.xmlsec:18084:18824:xmlsecurity/source/xmlsec/errorcallback.cxx:51: ..\src\xmldsig.c:793: xmlSecDSigCtxProcessKeyInfoNode() '' '' 45 'details=NULL' Operation completed successfully.
warn:xmlsecurity.xmlsec:18084:18824:xmlsecurity/source/xmlsec/errorcallback.cxx:51: ..\src\xmldsig.c:508: xmlSecDSigCtxProcessSignatureNode() '' 'xmlSecDSigCtxProcessKeyInfoNode' 1 ' ' Operation completed successfully.
warn:xmlsecurity.xmlsec:18084:18824:xmlsecurity/source/xmlsec/errorcallback.cxx:51: ..\src\xmldsig.c:346: xmlSecDSigCtxVerify() '' 'xmlSecDSigCtxProcessSignatureNode' 1 ' ' Operation completed successfully.
===
The problem is mismatch between sizeof(xmlSecSize) in xmlsec and LO:
xmlsec uses 32-bit integer, while LO uses 64-bit. Crash happens in
XMLSignature_MSCryptImpl::validate(), when pDsigCtx->manifestReferences
address is incorrectly retrieved and passed to xmlSecPtrListGetSize.
Despite the comment in xmlsecurity/inc/xmlsec-wrapper.h mentioned that
the XMLSEC_NO_SIZE_T isn't used in xmlsec for MSVC, it's actually used
there since commit 1cf0cd6f0f19c34a23228f7de691187887081dff. So we need
to enable it for MSVC, too.
Change-Id: I05a4f4f6700c178d28886a7ac203469c41d7048b
Reviewed-on: https://gerrit.libreoffice.org/62676
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
By making it possible to use libxmlsec's mscng backend instead of the old
mscrypto one which lacks ECDSA support.
make -sr CppunitTest_xmlsecurity_signing SVL_CRYPTO_CNG=1 CPPUNIT_TEST_NAME="SigningTest::testECDSA"
passes with these changes, while it failed in the SVL_CRYPTO_CNG=1 case previously.
Change-Id: Ic23e5af11d271ed84175abe3d5ad008c7cc9e071
Reviewed-on: https://gerrit.libreoffice.org/56370
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins
|
|
Change-Id: I9c3eca51fec52a255fcf280fe4e5ecc2ebbee5f3
|
|
The only remaining difference is that in the system-xmlsec case we work
with the default key manager, not with the one that's only added by our
xmlsec patches.
This works for me for the uses I know of (see
<https://lists.freedesktop.org/archives/libreoffice/2017-February/076947.html>
for the motivation): signing and verifying of different signatures (bad
signature, good with non-trusted CA, good with trusted CA) with
software-based certificates all behave as expected.
Change-Id: If3f3e2b8373ab7397db3f98070a5a2ce51fa7c06
Reviewed-on: https://gerrit.libreoffice.org/39075
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
xmlsec1-customkeymanage.patch.1 of our bundled xmlsec extends
xmlSecNssKeyDataX509VerifyAndExtractKey(), so that it calls
xmlSecNssPKIAdoptKey() for the private key of the signing certificate.
Make this explicit in xmlsecurity/ code, so we don't depend on the
patched xmlSecNssKeyDataX509VerifyAndExtractKey().
This is harmless for the patched xmlsec, but it prevents this error:
warn:xmlsecurity.xmlsec:26221:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: keys.c:1246: xmlSecKeysMngrGetKey() '' 'xmlSecKeysMngrFindKey' 1 ' '
warn:xmlsecurity.xmlsec:26221:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: xmldsig.c:790: xmlSecDSigCtxProcessKeyInfoNode() '' '' 45 'details=NULL'
warn:xmlsecurity.xmlsec:26221:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: xmldsig.c:503: xmlSecDSigCtxProcessSignatureNode() '' 'xmlSecDSigCtxProcessKeyInfoNode' 1 ' '
warn:xmlsecurity.xmlsec:26221:1:xmlsecurity/source/xmlsec/errorcallback.cxx:48: xmldsig.c:286: xmlSecDSigCtxSign() '' 'xmlSecDSigCtxSignatureProcessNode' 1 ' '
when xmlsec is not patched.
(This is needed, but not enough to build against system xmlsec.)
Change-Id: I5d68a8be7aefcb529566213f9b9c2985eab6a80a
Reviewed-on: https://gerrit.libreoffice.org/39023
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
|
|
Change-Id: Ibf313b8948a493043006ebf3a8281487c1f67b48
Reviewed-on: https://gerrit.libreoffice.org/25532
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Tested-by: Tor Lillqvist <tml@collabora.com>
|
