summaryrefslogtreecommitdiff
path: root/xmlsecurity
AgeCommit message (Collapse)Author
2024-07-17xmlsecurity: Add UItest (save GPG encrypted ODF)Moritz Duge
Change-Id: I09dd13334e0d3da5f6004312bae69b5c77120434 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167904 Tested-by: Jenkins Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
2024-07-15tdf#161871 Revert "Removed Type and Usage Columns from Certificate Chooser"Samuel Mehrbrodt
The commit broke the display of all columns except the first one in all backends except gtk3. Also it's not clear why those columns are deemed superfluous; see discussion in tdf#161871 This reverts commit 9f327102c435887bbae650b3a573f44500b6f534. Change-Id: Idc3496122137f98c23bb7df8e36b17281fc948d3 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170491 Tested-by: Jenkins Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
2024-07-15tdf#108828 Prevent leaking keys from previous signing sessionsSamuel Mehrbrodt
Usuccessful signing sessions (e.g. abort when password is requested) left their key in the context. On the next try, the former key would also be used to sign. Change-Id: I55b9201df229cae40863a0a19b238029607d1848 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170388 Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de> Tested-by: Jenkins
2024-07-14cid#1608236 COPY_INSTEAD_OF_MOVECaolán McNamara
Change-Id: I3f46c1d7e68dbf79ddbc9dc50d2735ebe1727b14 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170445 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
2024-07-11tdf#108828 Show certificate selector again after cancelling password dialogSamuel Mehrbrodt
Change-Id: I0a57204c1885ca300d22832e5469d8918aec9ba6 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170384 Tested-by: Jenkins Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
2024-07-02BootstrapFixture: get rid of mxComponentContextXisco Fauli
Change-Id: I0318485c3c0159277e47096e0c7e0df8ed109ea4 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169865 Tested-by: Jenkins Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
2024-06-30Resave with newer Glade versionBogdan Buzea
Change-Id: Ia6374adeb4ef15f6d3d0d3bca365b269562bb640 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169597 Tested-by: Jenkins Reviewed-by: Taichi Haradaguchi <20001722@ymail.ne.jp>
2024-05-23tdf#145538 Use range based for loopsU-AMANDAQUARESMA\quare
Change-Id: Ib672cd1968de7bb99cd5f8737a09ce02b0490bf8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167995 Tested-by: Jenkins Tested-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org> Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
2024-05-16WaE: C6011 Dereferencing NULL pointer warningsCaolán McNamara
Change-Id: I710ff75d387b2d452cb80911c9f0092948453ef8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167751 Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com> Tested-by: Jenkins
2024-05-15loplugin:ostr in xmlsecurityNoel Grandin
Change-Id: Ifb936c230f68447b3bb5993705adb5e5b790371f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167668 Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk> Tested-by: Jenkins
2024-05-12WaE: C6011 Dereferencing NULL pointer warningsCaolán McNamara
Change-Id: I19824cd8fdc3ac5b5afb4e769527bf71513212fc Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167553 Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com> Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
2024-05-09WaE: C6011 Dereferencing NULL pointer warningsCaolán McNamara
Change-Id: I6ef2f39cca9e657a05b9b55d8ff87607261dd1ea Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167369 Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com> Tested-by: Jenkins
2024-05-08drop requirement for rtl_random_getBytes to have "Pool" argCaolán McNamara
Seeing as since: commit e9531b792ddf0cfc2db11713b574c5fc7ae09e2c Date: Tue Feb 6 14:39:47 2024 +0100 sal: rtlRandomPool: require OS random device, abort if not present Both rtl_random_createPool() and rtl_random_getBytes() first try to get random data from the OS, via /dev/urandom or rand_s() (documented to call RtlGenRandom(), see [1]). we don't use the initial arg to rtl_random_getBytes anymore, drop the requirement to have one. Then simplify our usages of that, and addtionally deprecate rtl_random_createPool and rtl_random_destroyPool. Change-Id: I13dcc067714a8a741a4e8f2bfcf2006373f832c4 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167067 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
2024-05-06makefile simplification: replace $(call gb_UnpackedTarball_get_dir,foo)Christian Lohmaier
…by a simple/static $(gb_UnpackedTarball_workdir)/foo see also 0c4c84a14b01c71c76a9c45a7f26aec4d64f3e4f Change-Id: I8e6aa55c85534c4446556548910c950ddbe7c6fc Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167163 Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> Tested-by: Jenkins
2024-05-04WaE: C6011 Dereferencing NULL pointer warningsCaolán McNamara
Change-Id: I68acd56b28b0f989a4010cd939f2452970d158ff Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167103 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
2024-05-03fix crash in CertificateChooser for GPGMoritz Duge
mvUserData is still needed to keep it's content from being deleted. Revert "Drop unused instance variable." This reverts commit 687ae6ca01177a04f9ea715a1f1cd70f385a0840. Change-Id: I689cfdaf8d4d62a3b53ff7fb318dc8c70b9e1c2d Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167020 Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> Tested-by: Jenkins
2024-05-02cid#1596704 COPY_INSTEAD_OF_MOVECaolán McNamara
Change-Id: I52867ef0a094e546a307b98089c259f9e8bbdabf Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166984 Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com> Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
2024-05-02Drop unused instance variable.Moritz Duge
Change-Id: Iee32e4348526e54e0cc45a54e55eddb6479248e0 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166968 Tested-by: Jenkins Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
2024-04-27Lazy load additional GPG key data.Moritz Duge
Change-Id: I7f52b318b083535422202dacbee928333cb3ac78 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166639 Tested-by: Jenkins Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de>
2024-04-27Locally simplify getCertificatesImpl.Moritz Duge
Change-Id: I13117b36bb063b0afc498ef237b9255c0a900131 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166638 Reviewed-by: Samuel Mehrbrodt <samuel.mehrbrodt@allotropia.de> Tested-by: Jenkins
2024-04-18xmlsecurity: Change spelling from "Certification" to "Certificate"Taichi Haradaguchi
Unify the terms used in the View Certificate dialog. Change-Id: I820e4f246d2efc235794745bbd889540a39231eb Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166175 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
2024-04-09tdf#146619 Drop unused 'using namespace' in: xmlsecurity/Gabor Kelemen
Change-Id: I95b84eff5d8bb288aa704620db328d89062efdf4 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165689 Tested-by: Jenkins Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
2024-04-04Missing include, againStephan Bergmann
At least the Emscripten build was hit again by what had been fixed with bddb0d87e809c96ee810de0e553f02bbe158907d "Missing include", after a0c53ab43840d1c84d7d246b2cbc73c3a8862155 "tdf#146619 Remove unused #includes from C/C++ files". Change-Id: I632ab297bc51aa07019e4bb0cb4ef8f6372a1374 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165795 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
2024-04-02tdf#146619 Remove unused #includes from C/C++ filesRafał Dobrakowski
the 'xmlsecurity' module was cleaned Change-Id: If8fae797ed5586888022ecb09bab690d68ae7bd9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165593 Tested-by: Jenkins Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
2024-03-28Fix typoAndrea Gelmini
Change-Id: I3e20fda4b841458e979258dd5dc83c7f89f48083 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165497 Tested-by: Julien Nabet <serval2412@yahoo.fr> Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
2024-03-28update PCHs in xmlsecurityRafał Dobrakowski
Change-Id: I198af12fd6dbe3b218239e3532862cb70b571853 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165040 Tested-by: Jenkins Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
2024-03-28Missing includeStephan Bergmann
...presumably since 50897e3fe001aeae5a6091ede155088461c798f3 "Drop transitional header xmlsecurity/xmlsec-wrapper.h", > xmlsecurity/source/xmlsec/xmlsec_init.cxx:29:9: error: use of undeclared identifier 'xmlSecInit' > 29 | if( xmlSecInit() < 0 ) { > | ^ > xmlsecurity/source/xmlsec/xmlsec_init.cxx:55:9: error: use of undeclared identifier 'xmlSecShutdown' > 55 | xmlSecShutdown() ; > | ^ etc. Change-Id: I1aab4bb3601102c4ac0025833b03fa35adc9434e Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165465 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
2024-03-28Drop transitional header xmlsecurity/xmlsec-wrapper.hGabor Kelemen
It was introduced with commit ec52e5e5a204862905b555cdc1f7393aede1f7d8 and the reason of that was the XMLSEC_NO_SIZE_T behavior consolidation. But this was removed later with commit bfd479abf0d1d8ce36c3b0dcc6c824216f88a95b Change-Id: Ib5350d9ab5554d1412821b762cd3ee7906b65b64 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165440 Tested-by: Jenkins Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
2024-03-28tdf#146619 Remove unused #includes from C/C++ filesRafał Dobrakowski
'xmlsecurity' module was cleaned. Add some headers from xmlsec-wrapper.h in preparation for its removal Change-Id: Id66e6d40d4d5d980626832c0e2f6255fc31b4bcf Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164639 Tested-by: Jenkins Reviewed-by: Gabor Kelemen <gabor.kelemen.extern@allotropia.de>
2024-03-28Related: tdf#160184 clearly describe security riskPatrick Luby
Encrypting with untrusted public keys increases the risk of "man-in-the-middle" attacks so emphasize this risk. Change-Id: I48cbb7b002c5f17bdac3372bf94c1bc18ea68566 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165396 Tested-by: Jenkins Reviewed-by: Patrick Luby <guibomacdev@gmail.com> Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
2024-03-26tdf#160184 ask user if they want to trust an untrusted certificatePatrick Luby
gpgme contexts uses the "auto" trust model by default which only allows encrypting with keys that have their trust level set to "Ultimate". The gpg command, however, gives the user the option to encrypt with a certificate that has a lower trust level so emulate that bahavior by asking the user if they want to trust the certificate for just this operation only. Also, abort saving if no certificates are selected which is an indication that the user cancelled the Select Certificate dialog. Change-Id: I20951b1e31b2dcf8adb82243742f8c00fbaca8c2 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165260 Tested-by: Jenkins Reviewed-by: Patrick Luby <guibomacdev@gmail.com> Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
2024-03-19tdf#159985 Warn about the need to reload file after changing macro security ↵Rafael Lima
level Change-Id: I191fd5d676d6d54fb0ef15652420afdceab2fc78 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164810 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com> Reviewed-by: Heiko Tietze <heiko.tietze@documentfoundation.org>
2024-03-16Resave securitylevelpage.ui with newer GladeRafael Lima
Change-Id: I9a2c3b5d93453730baccec37fa0a3ac91808bad9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164873 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2024-03-12Remove SaveODFItem classGabor Kelemen
This is effectively unused since: commit d22ab7b444a4e16dc2bd1f7d15fa36a848eaaaed Change-Id: I6f646b7daf845035196fc9dde4ff270b8143d37a Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164645 Tested-by: Jenkins Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
2024-03-05Related: tdf#152524 eliminate UserData struct name collisionPatrick Luby
The cui module has its own UserData struct and when building with --enable-mergelibs=more, this data collision will cause a crash when deleting a UserData instance in the xmlsecurity module because the cui module already has its own, unrelated UserData struct. Change-Id: I6418b049c72a2e902c9b5076b72fd240f65a593d Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164404 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2024-02-25Use SAL_WNODEPRECATED_DECLARATIONS_(PUSH|POP)Mike Kaganski
Change-Id: I2810d22e8f5e1c81647b9e9b15519de65939630a Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163895 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2024-02-19hide more symbolsNoel Grandin
using the bin/find-can-be-private-symbols.py script to find classes with large numbers of exported symbols that can hidden. before exported = 58104 imported = 30810 unused_exports = 35433 after exported = 55094 imported = 31073 unused_exports = 32423 Change-Id: Idd0a70ee3740afd5ca1a86771e0e2ff8090d102d Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163456 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2024-02-16tdf#42982: Improve UNO error reporting. Make exceptions more descriptiveseturaj
Change-Id: Idb292c508029efeb23ed969c9fad566154cb424c Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162354 Tested-by: Jenkins Tested-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org> Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
2024-02-07Don't reuse CertificateChooser instancesPatrick Luby
Reusing the same instance will, in the following case, lead to a crash. It appears that the CertificateChooser is getting disposed somewhere as mpDialogImpl in its base class ends up being null: 1. Create an empty Writer document and add a digital signature in the Digital Signatures dialog 2. File > Save As the document, check the "Encrypt with GPG key" checkbox, press Encrypt, and crash in Dialog::ImplStartExecute() Change-Id: I9aaa1bd449622e018b502d68c53d397255a1b61a Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163065 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com> Reviewed-by: Patrick Luby <guibomacdev@gmail.com>
2024-02-05Resolves: tdf#156352 disable sorting while adding rowsCaolán McNamara
looks like the new row gets sorted immediately when added as an empty row into the first row, so accessing it by index later to set it text/id get an unexpected result. pause sorting while inserting the entries and enable it again when finished for the easiest fix. Change-Id: Ib028b193afbf2b9026841b19419e012b70448e39 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162993 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
2024-02-05tdf#147291 add more default certificate manager application for macOSPatrick Luby
Add the following applications to the macOS GUI servers list: - Trusted Key Manager - CertEurope - SCInterface Manager and SmartCard tools Change-Id: Iec78171c6e82f0a072f5f06b79606560a8cc03cc Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162942 Tested-by: Jenkins Reviewed-by: Patrick Luby <guibomacdev@gmail.com> Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
2024-02-02tdf#159307 add default macOS certificate manager applicationsPatrick Luby
Most, if not all, of the Linux certificate manager applications are not available on macOS so create a separate list for macOS. Also, fix uncloseable windows due to uncaught exceptions thrown by XSystemShellExecute::execute(). Failure to catch such exceptions would cause the document window to be uncloseable and the application to be unquittable. Change-Id: I9bc6dc9c6c9d054252b634874045cb066023214a Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162887 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
2024-02-01check that rtl_random_getBytes() was successfulMichael Stahl
... everywhere it is used to generate material for encryption. Change-Id: Id3390376bb2f3a5fa1bbfd735850fce886ef7db2 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162873 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
2024-01-30tdf#105844 unotest,xmlsecurity: fix tests on MacOSXMichael Stahl
The new tests fail with: > core/xmlsecurity/qa/unit/signing/signing2.cxx: > 252: Assertion > Test name: testPasswordPreserveMacroSignatureODFWholesomeLO242::TestBody > equality assertion failed > - Expected: 1 > - Actual : 4 This is because only the first test that runs sees the testing CA certificates that are copied in MacrosTest::setUpNssGpg(); when the second test runs, they have somehow vanished. This is because apparently SQLite on MacOSX, unlike on Linux, monitors the file descriptors of its database files, and then invalidates itself when setUpNssGpg() via osl::File::copy() renames and unlinks the existing database files: > cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode renamed while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/cert9.db.osl-tmp > cppunittester[29873:5483181] [logging] invalidated open fd: 5 (0x20) > cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode unlinked while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/cert9.db.osl-tmp > cppunittester[29873:5483181] [logging] invalidated open fd: 5 (0x11) > cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode renamed while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/key4.db.osl-tmp > cppunittester[29873:5483181] [logging] invalidated open fd: 6 (0x20) > cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib: database integrity compromised by API violation: vnode unlinked while in use: core/workdir/CppunitTest/xmlsecurity_signing2.test.user/key4.db.osl-tmp > cppunittester[29873:5483181] [logging] invalidated open fd: 6 (0x11) Split MacrosTest::setUpNssGpg()/tearDownNssGpg() into functions setUpX509() which only does something on the 1st invocation, and setUpGpg()/tearDownGpg() which may be invoked per-test (they could also be run once for the whole test suite, but not obvious how to do that); PDF related tests don't need GPG. Presumably this is (along with the WNT-specific problem fixed in commit 3e9a700091872480dd085f0928d1d30b7d74cfd7) the reason why most of the tests not only accept the expected result of SignatureState::OK but also SignatureState::NOTVALIDATED. Change-Id: I59b85ca651cecaccfdea729ed1e645c53079c8bf Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162693 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
2024-01-30tdf#159307 Fix GetCertificateManagerStephan Bergmann
...which had always cut off an existing path ever since 92b6ffcd9f687cc54a0fc3801ca85c7e4d77512f "Allow selecting a custom certificate manager", for reasons that are unclear to me. So if an existing setting contains at least one slash (or backslash, on Windows), try to use it as-is; otherwise, keep searching for it in aPath. (And, in any case, make sure to report back the given value in sExecutable.) Change-Id: I8b2b6ac7a449d7afd02e029ff46d4c79e6b824e1 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162703 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
2024-01-27Drop std::as_const from css::uno::Sequence iterationsMike Kaganski
Obsoleted by commit 2484de6728bd11bb7949003d112f1ece2223c7a1 (Remove non-const Sequence::begin()/end() in internal code, 2021-10-15) and commit fb3c04bd1930eedacd406874e1a285d62bbf27d9 (Drop non-const Sequence::operator[] in internal code, 2021-11-05). Change-Id: Idbafef5d34c0d4771cbbf75b9db9712e504164cd Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162640 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2024-01-23Make wholesome ODF package encryption the defaultThorsten Behrens
Change-Id: I825ae7a5e4b80d390804a7bb2cfdfc3b1843bd07 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162066 Tested-by: Jenkins Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
2024-01-16tdf#105844 xmlsecurity: fix test failure on WNTMichael Stahl
Commit 4d6e9d5e155da1dde05233eb87691e2a454162f6 added 2 tests that always fail on WNT, unfortunately Jenkins doesn't actually run the tests. There are 3 certificates involved: "Xmlsecurity RSA Test Root CA" "Xmlsecurity Intermediate Root CA" "Xmlsecurity RSA Test example Alice" In the signature XML, there are 3 elements that contain or reference certificates: 1. X509Data - xmlsecurity produces only the signing certificate here 2. xd:SigningCertificate (XAdES) - again only the signing certificate 3. xd:EncapsulatedX509Certificate (XAdES) - xmlsecurity produces the full certificate chain here All of these elements *could* contain the full certificate chain, but in LO-produced XML signatures only 3. does. The problem is that the function CheckUnitTestStore() that looks up a certificate in a unit-test-specific CA store via $LIBO_TEST_CRYPTOAPI_PKCS7 can only handle a root certificate, it does not recursively retrieve and check a certificate chain. The SecurityEnvironment_MSCryptImpl::verifyCertificate() already has a parameter "seqCerts" to pass in the full certificate chain, but due to the way the data from the XML is processed, it gets passed only the content of the X509Data element(s), which, for LO-produced signatures, do not contain the full certificate chain. Instead of improving the unit-test-specific function, let's try to get all the certificates out of the XML signature, and then pass them to verifyCertificate(). Of course this requires some consistency checks so that the verification can't be fooled by different certificates in different XML elements. Change-Id: I8ca541887ceac2dfb6af5d96a5565cfa58d7f682 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162170 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
2024-01-16loplugin:unusedmethodsNoel Grandin
Change-Id: I24c429c7cb8283a384b72499d1c3f4c2f1457c33 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162155 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2024-01-15Update libxmlsec to 1.3.3Miklos Vajna
Extend external/xmlsec/old-nss.patch.1, our bundled NSS in debug builds has some assert failure in relatively new xmlsec code, just disable it for now till it's clarified with upstream how to sort that out properly. E.g. CppunitTest_filter_svg fails like this: #1 0x00007ffff77503e5 in abort () at /lib64/libc.so.6 #2 0x00007ffff679ca90 in PR_Assert (s=0x7ffff44fbfe5 "oidmechhash != NULL", file=0x7ffff44fbfb6 "secoid.c", ln=2140) at ../../../../pr/src/io/prlog.c:571 #3 0x00007ffff44eaae0 in SECOID_FindOIDByMechanism (mechanism=307) at secoid.c:2140 #4 0x00007ffff6660c65 in PK11_MechanismToAlgtag (type=307) at pk11mech.c:1745 #5 0x00007fffe874e4ea in xmlSecNssCryptoCheckMechanism (type=307) at crypto.c:68 #6 0x00007fffe874ec44 in xmlSecNssUpdateAvailableCryptoTransforms (functions=0x7fffe87ffbc0 <functions>) at crypto.c:401 #7 0x00007fffe874f13d in xmlSecNssInit () at crypto.c:552 #8 0x00007fffe86b2c36 in initXmlSec() () at /home/vmiklos/git/libreoffice/core/xmlsecurity/source/xmlsec/xmlsec_init.cxx:42 #9 0x00007fffdf3c54f2 in DocumentSignatureManager::init() (this=0x7fffffff3970) at /home/vmiklos/git/libreoffice/core/xmlsecurity/source/helper/documentsignaturemanager.cxx:79 #10 0x00007fffdf43e3da in (anonymous namespace)::DocumentDigitalSignatures::ImplVerifySignatures(com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&, DocumentSignatureMode) (this=0x1c07ac0, rxStorage=uno::Reference to (OStorage *) 0x1944e18, xSignStream=empty uno::Reference, eMode=DocumentSignatureMode::Macros) at /home/vmiklos/git/libreoffice/core/xmlsecurity/source/component/documentdigitalsignatures.cxx:486 #11 0x00007fffdf43da17 in (anonymous namespace)::DocumentDigitalSignatures::verifyScriptingContentSignatures(com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&) (this=0x1c07ac0, rxStorage=uno::Reference to (OStorage *) 0x1944e18, xSignInStream=empty uno::Reference) at /home/vmiklos/git/libreoffice/core/xmlsecurity/source/component/documentdigitalsignatures.cxx:373 #12 0x00007fffe6fa06df in SfxObjectShell::GetDocumentSignatureInformation(bool, com::sun::star::uno::Reference<com::sun::star::security::XDocumentDigitalSignatures> const&) (this=0x188c280, bScriptingContent=true, xSigner=empty uno::Reference) at /home/vmiklos/git/libreoffice/core/sfx2/source/doc/objserv.cxx:1847 Change-Id: I36dee0d2b128a6931875572aa4acc9df940ab623 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161951 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>