| Age | Commit message (Collapse) | Author |
|---|
|
Change-Id: Ie219cb3feb98660463858d00f82f882881946ad0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133072
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
for which we have o3tl:: equivalents
Change-Id: I4670fd8b703ac47214be213f41e88d1c6ede7032
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132913
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
We can already see if a signature verification fails and what is the
content of the ZIP streams we hash.
Show what is the expected hash as well.
Change-Id: Ibc67b7de0e8d03e06da1b86b6e8a7b2b2e613882
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127934
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
|
|
Change-Id: I5b04f7adf11c61f52b7bfb0f52c8c075f838f0f6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127480
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
Signing OOXML with 3 or more times didn't work as other ids
("idPackageObject", "idOfficeObject", ...) were not uniqe. This
change makes those ids unique by appending the signature id. The
signature ID is now generated for OOXML too, while previously it
was a hardcoded string ("idPackageSignature").
The test for signing multiple OOXML was written before, but didn't
catch the issues because it didn't assert the status of the
document after loading it again. This is which is now fixed (and
also added changed for the ODF test case).
Change-Id: Ifa20ea17498b117a4c57f6eddf82f8e83bc640bc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124571
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
|
|
Change-Id: I7cfcf9f9ea307bd737292e6f4f37a29f453167c6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124418
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
Signing the document 3 or more times produces an invalid signature.
The cause of this is that xmlsec is confused because we have 3
signatures, which all have the same SignedProperties with the ID
"idSignedProperties", but it expect them to be unique.
This issue is fixed by making the ID unique with adding the ID of
the Signature to the SignedProperties ID, so this makes them unique
inside the same Signature.
Also UnsignedProperties have a unique ID usign the same approach,
but they aren't referenced - luckily.
Change-Id: I53c7249a82fc0623586548db9fa25bdc0e7c4101
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124278
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
|
|
It turns out that the 2 backends NSS and MS CryptoAPI generate different
string representations of the same Distinguished Name in at least one
corner case, when a value contains a quote " U+0022.
The CryptoAPI function to generate the strings is:
CertNameToStr(..., CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, ...)
This is documented on MSDN:
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#CERT_X500_NAME_STR
NSS appears to implement RFC 1485, at least that's what the internal
function is named after, or perhaps one of its several successor RFCs
(not clear currently if there's a relevant difference).
This is now causing trouble if a certificate with such a DN is used in a
signature, created on WNT but then verified on another platform, because
commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66
introduced consistency checks that compare the DNs that occur as strings
in META-INF/documentsignatures.xml:
xmlsecurity/source/helper/xmlsignaturehelper.cxx:672: X509Data cannot be parsed
The reason is that in XSecController::setX509Data() the value read from
the X509IssuerSerial element (a string generated by CryptoAPI) doesn't
match the value generated by NSS from the certificate parsed from the
X509Certificate element, so these are erroneously interpreted as 2
distinct certificates.
Try to make the EqualDistinguishedNames() more flexible so that it can
try also a converted variant of the DN.
(libxmlsec's NSS backend also complains that it cannot parse the DN:
x509vfy.c:607: xmlSecNssX509NameRead() '' '' 12 'invalid data for 'char': actual=34 and expected comma ',''
but it manages to validate the signature despite this.)
Change-Id: I4f72900738d1f5313146bbda7320a8f44319ebc8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124287
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I6adc2cb0a07eb08a50c610958983493f4f8031ee
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124021
Tested-by: Szymon Kłos <szymon.klos@collabora.com>
Reviewed-by: Szymon Kłos <szymon.klos@collabora.com>
|
|
Change-Id: I3b4226a9d089ec9aedab95d96e50a068f57a76c7
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123991
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I749e19f786ad006dffcd65dd1ee60e57c428f57b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123717
Tested-by: Jenkins
Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
|
|
The scenarios are:
1. Calling sequence's begin() and end() in pairs to pass to algorithms
(both calls use getArray(), which does the COW checks)
2. In addition to #1, calling end() again when checking result of find
algorithms, and/or begin() to calculate result's distance
3. Using non-const sequences in range-based for loops, which internally
do #1
4. Assigning sequence to another sequence variable, and then modifying
one of them
In many cases, the sequences could be made const, or treated as const
for the purposes of the algorithms (using std::as_const, std::cbegin,
and std::cend). Where algorithm modifies the sequence, it was changed
to only call getArray() once. For that, css::uno::toNonConstRange was
introduced, which returns a struct (sublclass of std::pair) with two
iterators [begin, end], that are calculated using one call to begin()
and one call to getLength().
To handle #4, css::uno::Sequence::swap was introduced, that swaps the
internal pointer to uno_Sequence. So when a local Sequence variable
should be assigned to another variable, and the latter will be modified
further, it's now possible to use swap instead, so the two sequences
are kept independent.
The modified places were found by temporarily removing non-const end().
Change-Id: I8fe2787f200eecb70744e8b77fbdf7a49653f628
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123542
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
Change-Id: I3ce77ab82529f13c5e55ea30c813f66cb5180877
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123369
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I6dea009e1031174ecb3d4371e91c9c6d26c6e514
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123245
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
...compared to a full-blown O[U]String, for temporary objects holding an
O[U]StringConcat result that can then be used as a std::[u16]string_view.
It's instructive to see how some invocations of operator ==, operator !=, and
O[U]StringBuffer::insert with an O[U]StringConcat argument required implicit
materialization of an O[U]String temporary, and how that expensive operation has
now been made explicit with the explicit O[U]StringConcatenation ctor.
(The additional operator == and operator != overloads are necessary because the
overloads taking two std::[u16]string_view parameters wouldn't even be found
here with ADL. And the OUString-related ones would cause ambiguities in at
least sal/qa/rtl/strings/test_oustring_stringliterals.cxx built with
RTL_STRING_UNITTEST, so have simply been disabled for that special test-code
case.)
Change-Id: Id29799fa8da21a09ff9794cbc7cc9b366e6803b8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122890
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I8a08b0382121355c70284c2e85375ba6c3671553
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122468
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Note that because of where the fix resides, loplugin:redundantcast
also notices a few more things.
Change-Id: I0b66047fadfff2c5ceafcbd3eab085de00d861a6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120865
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: Ic7410f836e584df45101e78e345c8b3c8d355e09
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120680
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
(for std::unique_ptr, with recent libstdc++ 12 trunk)
Change-Id: I61b7823dd740ea7cdfe0d7403a50ac73b24d1c4e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120229
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
mostly by doing
$ git grep -l '#define.*\"' -- *.cxx
| xargs perl -pi -e
's/^#define\s+(\w+)\s+(\".*\")/constexpr OUStringLiteral \1 =
u\2;/g'
Change-Id: Idface893449b0ef2a3c5254865a300585d752fbb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119669
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: Ib40bda812872c9421948bc9a1e131ab3f95a0ff0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119557
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
etc
Change-Id: I1242b26fa7e08c1818a0d5d5519e1220fbfb07bd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119533
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
etc
Change-Id: Id7efff454fc73ead0d404495846f7df6e7a16a41
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119532
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
and
cid#1489424 Big parameter passed by value
cid#1489425 Big parameter passed by value
cid#1489427 Big parameter passed by value
cid#1489432 Big parameter passed by value
cid#1489435 Big parameter passed by value
cid#1489436 Big parameter passed by value
cid#1489439 Big parameter passed by value
cid#1489441 Big parameter passed by value
cid#1489443 Big parameter passed by value
cid#1489445 Big parameter passed by value
cid#1489451 Big parameter passed by value
cid#1489459 Big parameter passed by value
cid#1489462 Big parameter passed by value
cid#1489463 Big parameter passed by value
cid#1489465 Big parameter passed by value
cid#1489467 Big parameter passed by value
cid#1489468 Big parameter passed by value
cid#1489469 Big parameter passed by value
cid#1489473 Big parameter passed by value
cid#1489475 Big parameter passed by value
cid#1489476 Big parameter passed by value
cid#1489477 Big parameter passed by value
cid#1489479 Big parameter passed by value
cid#1489481 Big parameter passed by value
cid#1489489 Big parameter passed by value
cid#1489491 Big parameter passed by value
cid#1489493 Big parameter passed by value
cid#1489495 Big parameter passed by value
cid#1489498 Big parameter passed by value
cid#1489501 Big parameter passed by value
cid#1489504 Big parameter passed by value
cid#1489508 Big parameter passed by value
cid#1489509 Big parameter passed by value
cid#1489513 Big parameter passed by value
cid#1489516 Big parameter passed by value
cid#1489518 Big parameter passed by value
cid#1489521 Big parameter passed by value
cid#1489533 Big parameter passed by value
cid#1489534 Big parameter passed by value
cid#1489537 Big parameter passed by value
cid#1489538 Big parameter passed by value
cid#1489540 Big parameter passed by value
Change-Id: If613144a64087b4e0459f5935e1adbcb0e0330b8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119531
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
and
cid#1489421 Big parameter passed by value
cid#1489426 Big parameter passed by value
cid#1489428 Big parameter passed by value
cid#1489430 Big parameter passed by value
cid#1489433 Big parameter passed by value
cid#1489434 Big parameter passed by value
cid#1489438 Big parameter passed by value
cid#1489442 Big parameter passed by value
cid#1489447 Big parameter passed by value
cid#1489452 Big parameter passed by value
cid#1489455 Big parameter passed by value
cid#1489456 Big parameter passed by value
cid#1489460 Big parameter passed by value
cid#1489461 Big parameter passed by value
cid#1489466 Big parameter passed by value
cid#1489470 Big parameter passed by value
cid#1489471 Big parameter passed by value
cid#1489478 Big parameter passed by value
cid#1489483 Big parameter passed by value
cid#1489488 Big parameter passed by value
cid#1489497 Big parameter passed by value
cid#1489499 Big parameter passed by value
cid#1489500 Big parameter passed by value
cid#1489506 Big parameter passed by value
cid#1489514 Big parameter passed by value
cid#1489515 Big parameter passed by value
cid#1489519 Big parameter passed by value
cid#1489524 Big parameter passed by value
cid#1489528 Big parameter passed by value
cid#1489530 Big parameter passed by value
cid#1489531 Big parameter passed by value
cid#1489536 Big parameter passed by value
Change-Id: I72167511858f16f49b31fd69e39435dbdaf83196
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119530
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
in SvXMLImport.
Remove an assert in XSecParser because std::move on std::optional
does not make the optional empty, unlike it's effect on std::unique_ptr.
Change-Id: Ie94d01423bf694a37e4bd7f2c0235c5f79a44efe
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119302
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I1fe7b2f3e265f05c795689bf4e98e7005ef42cfd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116557
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
|
|
See tdf#42949 for motivation
Change-Id: Ifc253bf800bb1468b5774663a93f4fb30bec81d3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113657
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
this appeared in:
commit 0dac6d1f179c286dd7aea2d9ef7c37db8323fa37
Author: Miklos Vajna <vmiklos@collabora.co.uk>
Date: Mon Jan 25 15:34:38 2016 +0100
xmlsecurity: implement OOXML stream references
and disappeared in:
commit cc1d19f7bbaefa5fb22ebd1344112755068b93c9
Author: Michael Stahl <michael.stahl@allotropia.de>
Date: Tue Mar 30 17:37:31 2021 +0200
xmlsecurity: replace OOXMLSecParser implementation
Change-Id: Ibaff786612d0f58639471d409dc49d813fb1cb6e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113442
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
This is similar to 12b15be8f4f930a04d8056b9219ac969b42a9784 and following
commits, but OOXMLSecParser has some differences to XSecParser, such as
using a ds:Manifest, and requires a couple extra namespaces.
Change-Id: I56e39d9609db8fcad50ca1632ff482c1f0a30ff5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113381
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Mostly automated rewrite
Change-Id: Ie020a083f898bc126b8fb039d4ecb2e687172da1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112965
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
|
|
xmlhelp, xmloff, xmlsecurity
Change-Id: I80c6fa806387f3dcba8be7f93fe2fef146b033e3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112050
Tested-by: Jenkins
Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
|
|
Change-Id: I03d48712252cb9f2a3e3c14d6800081ed6af84d6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111911
Tested-by: Jenkins
Reviewed-by: Andras Timar <andras.timar@collabora.com>
|
|
this function is nearly exactly the same as ReadAndVerifySignature
except it doesn't set error-state on exception during parse
Change-Id: Ife881f639a11d3185920ca62cc2cd22812fae36d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112366
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: I89c0e29f595049096afa73ff86badc06c0b40d7f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112365
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
|
|
Change-Id: Ic79d81387867f028eb8dc9553fb87f5961d6c771
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112364
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Return early in case pdfium is not available, to avoid the ifdef forest.
Change-Id: I1fd1b22015e10527a989c8a1c4f4073fef29553e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112238
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
It turns out that an X509Data element can contain an arbitrary number of
each of its child elements.
How exactly certificates of an issuer chain may or should be distributed
across multiple X509Data elements isn't terribly obvious.
One thing that is clear is that any element that refers to or contains
one particular certificate has to be a child of the same X509Data
element, although in no particular order, so try to match the 2 such
elements that the parser supports in XSecController::setX509Data().
Presumably the only way it makes sense to have multiple signing
certificates is if they all contain the same key but are signed by
different CAs. This case isn't handled currently; CheckX509Data() will
complain there's not a single chain and validation of the certificates
will fail.
Change-Id: I9633a980b0c18d58dfce24fc59396a833498a77d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111500
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Combine everything related to a certificate in a new struct X509Data.
The CertDigest is not actually written in the X509Data element but in
xades:Cert, so try to find the matching entry in
XSecController::setX509CertDigest().
There was a confusing interaction with PGP signatures, where ouGpgKeyID
was used for import, but export wrote the value from ouCertDigest
instead - this needed fixing.
The main point of this is enforcing a constraint from xmldsig-core 4.5.4:
All certificates appearing in an X509Data element MUST relate to the
validation key by either containing it or being part of a certification
chain that terminates in a certificate containing the validation key.
Change-Id: I5254aa393f8e7172da59709923e4bbcd625ec713
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111254
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I2e4411f0907b89e7ad6e0185cee8f12b600515e8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111253
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: Iab5a59af73048765ead718fe941d6dec933a7060
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111252
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
LO writes timestamp both to dc:date and xades:SigningTime elements.
The parser tries to avoid reading multiple dc:date, preferring the first
one, but doesn't care about multiple xades:SigningTime, for undocumented
reasons.
Ideally something should check all read values for consistency.
Change-Id: Ic018ee89797a1c8a4f870ae102af48006de930ef
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111160
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: Ia2da9bf1329a856629f60ab64b74d5ee79077076
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111159
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: Ic73b647798a91bd253d93970e2a9a3e11b208a1c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111158
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Implement Namespaces in XML and follow xmldsig-core and XAdES schemas.
Change-Id: I03537b51bb757ecbfa63a826b38de543c70ba032
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110833
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: Ic5227df4bd5b1f3dfe9cd13ae971d268a40f0fcf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111120
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I038c4f85250b4d8d8fef605fd90f6fa53bbffe9f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111079
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I044dd21b63d7eb03224675584fa143009c6b6008
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108418
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Once reason and time has getters, no need to expose the underlying
PDFium type.
Change-Id: I8f6b152fddf38e76ad7c3b1897fcb2026129820f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106631
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
Change-Id: Ieab577de92898568e27a879af1ca1bda170a307d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106554
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
