summaryrefslogtreecommitdiff
path: root/xmlsecurity
AgeCommit message (Collapse)Author
2021-11-02xmlsec: fix OOXML signing with multiple certs, extend the testTomaž Vajngerl
Signing OOXML with 3 or more times didn't work as other ids ("idPackageObject", "idOfficeObject", ...) were not uniqe. This change makes those ids unique by appending the signature id. The signature ID is now generated for OOXML too, while previously it was a hardcoded string ("idPackageSignature"). The test for signing multiple OOXML was written before, but didn't catch the issues because it didn't assert the status of the document after loading it again. This is which is now fixed (and also added changed for the ODF test case). Change-Id: Ifa20ea17498b117a4c57f6eddf82f8e83bc640bc Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124571 Tested-by: Jenkins Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
2021-11-01Fix more misuses of NULL across Windows-only codeStephan Bergmann
...that had inadvertently been missing from a5cea74034a8e029bfdf0f2b82ea8800bf5bd206 °Fix misuses of NULL across Windows-only code" Change-Id: I8f60cd6114ceb7c6413fb099778bfb06407bbb24 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124431 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
2021-11-01Prepare for removal of non-const operator[] from Sequence in xmlsecurityMike Kaganski
Change-Id: I7cfcf9f9ea307bd737292e6f4f37a29f453167c6 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124418 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2021-10-28loplugin:simplifybool (clang-cl)Stephan Bergmann
(not a typo according to the comment at <https://gerrit.libreoffice.org/c/core/+/124287/3#message-df56362ec7d674eaab3fe81bb0827be81ee5686d> "xmlsecurity: some Distinguished Names are less equal than others": "i was too lazy to look up which integer would be returned by the function and hoped this would convert it to bool anyway" Change-Id: I0f4f4d19e8d382f4430023aa6f9459c66a605b04 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124321 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
2021-10-28xmlsec: signing the document fails the 3rd time (invalid signature)Tomaž Vajngerl
Signing the document 3 or more times produces an invalid signature. The cause of this is that xmlsec is confused because we have 3 signatures, which all have the same SignedProperties with the ID "idSignedProperties", but it expect them to be unique. This issue is fixed by making the ID unique with adding the ID of the Signature to the SignedProperties ID, so this makes them unique inside the same Signature. Also UnsignedProperties have a unique ID usign the same approach, but they aren't referenced - luckily. Change-Id: I53c7249a82fc0623586548db9fa25bdc0e7c4101 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124278 Tested-by: Jenkins Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
2021-10-27xmlsecurity: some Distinguished Names are less equal than othersMichael Stahl
It turns out that the 2 backends NSS and MS CryptoAPI generate different string representations of the same Distinguished Name in at least one corner case, when a value contains a quote " U+0022. The CryptoAPI function to generate the strings is: CertNameToStr(..., CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, ...) This is documented on MSDN: https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certnametostra#CERT_X500_NAME_STR NSS appears to implement RFC 1485, at least that's what the internal function is named after, or perhaps one of its several successor RFCs (not clear currently if there's a relevant difference). This is now causing trouble if a certificate with such a DN is used in a signature, created on WNT but then verified on another platform, because commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66 introduced consistency checks that compare the DNs that occur as strings in META-INF/documentsignatures.xml: xmlsecurity/source/helper/xmlsignaturehelper.cxx:672: X509Data cannot be parsed The reason is that in XSecController::setX509Data() the value read from the X509IssuerSerial element (a string generated by CryptoAPI) doesn't match the value generated by NSS from the certificate parsed from the X509Certificate element, so these are erroneously interpreted as 2 distinct certificates. Try to make the EqualDistinguishedNames() more flexible so that it can try also a converted variant of the DN. (libxmlsec's NSS backend also complains that it cannot parse the DN: x509vfy.c:607: xmlSecNssX509NameRead() '' '' 12 'invalid data for 'char': actual=34 and expected comma ','' but it manages to validate the signature despite this.) Change-Id: I4f72900738d1f5313146bbda7320a8f44319ebc8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124287 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
2021-10-25tdf#145312 xmlsecurity: prevent from crash when cannot receive pdfium annotationSzymon Kłos
Change-Id: I6adc2cb0a07eb08a50c610958983493f4f8031ee Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124021 Tested-by: Szymon Kłos <szymon.klos@collabora.com> Reviewed-by: Szymon Kłos <szymon.klos@collabora.com>
2021-10-21loplugin:flattenNoel Grandin
Change-Id: I3b4226a9d089ec9aedab95d96e50a068f57a76c7 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123991 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-10-21Fix commentTor Lillqvist
Change-Id: Ifd1068066c8711a1fa96ff4ede1fa0017a221617
2021-10-20Run testODFX509CertificateChain first because otherwise it fails on my MacTor Lillqvist
Sure, it would be better to figure out why it fails. Change-Id: I4c9e8aa0a9a3cd421de08ec9c9ea2dcb1a242ab1 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123875 Tested-by: Tor Lillqvist <tml@collabora.com> Reviewed-by: Tor Lillqvist <tml@collabora.com>
2021-10-19loplugin various (clang-cl)Stephan Bergmann
Change-Id: Ib9bd9b96d28c9c4dd0fa36a82a177e119aa04e6b Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123820 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
2021-10-19xmlsecurity: fix --without-system-nss usage of NSS_SetAlgorithmPolicyMichael Stahl
The problem with commit ff572d9222ec16ffd679ae907a0bf4a8900265e1 is that it's using the wrong library; NSS_SetAlgorithmPolicy is actually in libnssutil3.so. This causes a linking problem when upgrading the internal NSS to a version that has NSS_USE_ALG_IN_ANY_SIGNATURE. Change-Id: I954d88062c38881bc721bdf052db4f7b55888aae Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123819 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
2021-10-19xmlsecurity: fix test failing because NSS policy forbids SHA1Michael Stahl
With Fedora's nss-3.71.0-1.fc34.x86_64 there is the problem that 8 tests including testODFGood in CppunitTest/xmlsecurity_signing fail because the crypto policy disallows SHA1 for signatures. Apparently this particular policy bit was added in NSS 3.59: https://bugzilla.mozilla.org/show_bug.cgi?id=1670835 For signatures, maybe it's not a good idea to override system policy for product builds, so do it locally in the tests, at least for now. Another option would be to set NSS_HASH_ALG_SUPPORT environmental variable to something like "+SHA-1". If similar problems turn up for encrypted documents in the future, that should be fixed in product builds too of course, as encrypted documents must always be decryptable. Change-Id: I4f634cf5da1707fb628e63cd0cdafebdf4fc903f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123678 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
2021-10-18xmlsecurity: fix new tests on WNTMichael Stahl
Tests added in commit 40d70d427edddb589eda64fafc2e56536953d274 don't actually run on WNT but that wasn't obvious because commit 149df1fec6472e30582162e17e04c75aee91d26a prevented running them in Jenkins on master, they failed only in the libreoffice-7-1 backport. xmlsecurity/qa/unit/signing/signing.cxx(631) : error : Assertion Test name: testODFDoubleX509Certificate::TestBody assertion failed - Expression: (nActual == SignatureState::NOTVALIDATED || nActual == SignatureState::OK) - 2 This is an oddity where NSS claims the signature in the document is valid but CryptoAPI claims it is invalid; the hashes passed into the validation functions are the same. Just allow BROKEN as an additional result value on WNT. xmlsecurity/qa/unit/signing/signing.cxx(550) : error : Assertion Test name: testODFX509CertificateChain::TestBody equality assertion failed - Expected: 0 - Actual : 1 The problem here is that with NSS the tests use a custom NSS database in test/signing-keys so we need to make these certificates available for CryptoAPI too. The following one-liner converts the NSS database to a PKCS#7 that can be loaded by CrytpAPI: > openssl crl2pkcs7 -nocrl -certfile <(certutil -d sql:test/signing-keys -L | awk '/^[^ ].*,[^ ]*,/ { printf "%s", $1; for (i = 2; i < NF; i++) { printf " %s", $i; } printf "\n"; }' | while read name; do certutil -L -d sql:test/signing-keys -a -n "${name}" ; done) > test/signing-keys/test.p7b Then one might naively assume that something like this would allow these certificates to be added temporarily as trusted CAs: + HCERTSTORE hRoot = CertOpenSystemStoreW( 0, L"Root" ) ; + HCERTSTORE const hExtra = CertOpenStore( + CERT_STORE_PROV_FILENAME_A, + PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, + NULL, + CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, + path); + if (hExtra != NULL && hRoot != NULL) + { + BOOL ret = CertAddStoreToCollection( + hRoot, + hExtra, + CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, + 0); + SAL_DEBUG("XXX hExtra done " << ret); + } There is no error from this, but it doesn't work. Instead, check if CertGetCertificateChain() sets the CERT_TRUST_IS_UNTRUSTED_ROOT flag and then look up the certificate manually in the extra PKCS#7 store. Change-Id: Ic9865e0b5783211c2128ce0327c4583b7784ff62 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123667 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2021-10-18xmlsecurity: fix some obvious copypastaMichael Stahl
These 2 calls to CertAddStoreToCollection follow calls where m_hCertStore was already added and according to the comments they should add the other store instead. (regression from commit 813e1f5a8ae4800e8a11c612de4e3b0a97f1368d) Change-Id: If375f603647a702feb0ca8f272126a15d5d0e906 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123666 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2021-10-17Simplify Sequences in xmlsecurityJulien Nabet
Change-Id: I749e19f786ad006dffcd65dd1ee60e57c428f57b Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123717 Tested-by: Jenkins Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
2021-10-17Simplify vector initialization in xmlsecurityJulien Nabet
Change-Id: Ia19ffa1213d578c30f35545bcca515669e7ff7a0 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123710 Tested-by: Jenkins Reviewed-by: Julien Nabet <serval2412@yahoo.fr>
2021-10-15Remove non-const Sequence::begin()/end() in internal codeMike Kaganski
... to avoid hidden cost of multiple COW checks, because they call getArray() internally. This obsoletes [loplugin:sequenceloop]. Also rename toNonConstRange to asNonConstRange, to reflect that the result is a view of the sequence, not an independent object. TODO: also drop non-const operator[], but introduce operator[] in SequenceRange. Change-Id: Idd5fd7a3400fe65274d2a6343025e2ef8911635d Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123518 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com> Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2021-10-14Avoid COW overhead using css::uno::SequenceMike Kaganski
The scenarios are: 1. Calling sequence's begin() and end() in pairs to pass to algorithms (both calls use getArray(), which does the COW checks) 2. In addition to #1, calling end() again when checking result of find algorithms, and/or begin() to calculate result's distance 3. Using non-const sequences in range-based for loops, which internally do #1 4. Assigning sequence to another sequence variable, and then modifying one of them In many cases, the sequences could be made const, or treated as const for the purposes of the algorithms (using std::as_const, std::cbegin, and std::cend). Where algorithm modifies the sequence, it was changed to only call getArray() once. For that, css::uno::toNonConstRange was introduced, which returns a struct (sublclass of std::pair) with two iterators [begin, end], that are calculated using one call to begin() and one call to getLength(). To handle #4, css::uno::Sequence::swap was introduced, that swaps the internal pointer to uno_Sequence. So when a local Sequence variable should be assigned to another variable, and the latter will be modified further, it's now possible to use swap instead, so the two sequences are kept independent. The modified places were found by temporarily removing non-const end(). Change-Id: I8fe2787f200eecb70744e8b77fbdf7a49653f628 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123542 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2021-10-12xmlsecurity: add tests for multiple X509Data/X509CertificateMichael Stahl
Change-Id: If50ae8156f81c1053aa8fbfc3148da64bb8e1442 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111666 Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> Tested-by: Jenkins
2021-10-12xmlsecurity: add test for timestampsMichael Stahl
Change-Id: I6ce64ca7c59639684779144ed0ed8d36c4aca32b Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111665 Reviewed-by: Miklos Vajna <vmiklos@collabora.com> Tested-by: Jenkins
2021-10-11loplugin:moveparam in xmlsecurityNoel Grandin
Change-Id: I3ce77ab82529f13c5e55ea30c813f66cb5180877 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123369 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-10-11loplugin:moveparam in unotoolsNoel Grandin
Change-Id: Idd014c93e2e85d2ffc7a2535a9c65cffc8a9d403 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123348 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-10-08loplugin:moveparam in vclNoel Grandin
Change-Id: I6dea009e1031174ecb3d4371e91c9c6d26c6e514 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123245 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-10-03A more lightweight O[U]StringConcatenationStephan Bergmann
...compared to a full-blown O[U]String, for temporary objects holding an O[U]StringConcat result that can then be used as a std::[u16]string_view. It's instructive to see how some invocations of operator ==, operator !=, and O[U]StringBuffer::insert with an O[U]StringConcat argument required implicit materialization of an O[U]String temporary, and how that expensive operation has now been made explicit with the explicit O[U]StringConcatenation ctor. (The additional operator == and operator != overloads are necessary because the overloads taking two std::[u16]string_view parameters wouldn't even be found here with ADL. And the OUString-related ones would cause ambiguities in at least sal/qa/rtl/strings/test_oustring_stringliterals.cxx built with RTL_STRING_UNITTEST, so have simply been disabled for that special test-code case.) Change-Id: Id29799fa8da21a09ff9794cbc7cc9b366e6803b8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122890 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk> Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
2021-09-22Extend loplugin:stringviewparam to starts/endsWith: xmlsecurityStephan Bergmann
Change-Id: I8a08b0382121355c70284c2e85375ba6c3671553 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122468 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
2021-09-15loplugin:constvarsNoel Grandin
Change-Id: I9b35d6333afa6b305bf73fc55a7e60c8365674e9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122134 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-09-15Use <comphelper/servicehelper.hxx> implementing XUnoTunnel part 5Mike Kaganski
- Revise uses of getSomething to use getFromUnoTunnel Where that is impossible, use getSomething_cast to unify casting, and minimize number of places doing low-level transformations. The change keeps the existing tunnel references that last for the duration of the pointers' life, because sometimes destroying such reference may destroy the pointed object, and result in use after free. Change-Id: I291c33223582c34cd2c763aa8aacf0ae899ca4c0 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122101 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2021-09-15Use <comphelper/servicehelper.hxx> implementing XUnoTunnel part 4Mike Kaganski
- Change implementations of getSomething to use getSomethingImpl Or where that's impossible, use getSomething_cast to unify this and reduce number of places where we reinterpret_cast. All static methods getting tunnel ids were renamed to getUnoTunnelId, to comply with the convention used in <comphelper/servicehelper.hxx>. TODO (in separate commits): - Revise uses of getSomething to use getFromUnoTunnel Change-Id: Ifde9e214b52e5df678de71fcc32d2199c82e85cf Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122100 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2021-09-15Use <comphelper/servicehelper.hxx> implementing XUnoTunnel part 3 [API CHANGE]Mike Kaganski
- Replace all uses of OImplementationId in core with UnoIdInit - Deprecate OImplementationId in <cppuhelper/typeprovider.hxx> OImplementationId uses broken double checked locking; additionally, it uses it at the first call to getImplementationId, not when the object is constructed. This implementation can't be changed, cince it's part of published API; it can't rely on C++11, which would be required for use of thread-safe statics and move the initialization to ctor. The class has obsolete _bUseEthernetAddress member, that is unused and ignored since 4e9fa7e339a1cd6cb2fec643715991bcf5057cec. No need to implement it when replacing its uses to UnoIdInit. The deprecation is the API CHANGE. No published API is introduced to replace it; 3rd-party code should seek alternative solutions, or just keep using the deprecated functionality. TODO (in separate commits): - Change implementations of getSomething to use getSomethingImpl - Revise uses of getSomething to use getFromUnoTunnel Change-Id: I8b6e684e5389bc0d5bb3b7f21f72a4c8f684107d Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122077 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2021-09-15Use <comphelper/servicehelper.hxx> implementing XUnoTunnel part 1Mike Kaganski
The header got some changes: 1. Move UnoTunnelIdInit and isUnoTunnelId into 'comphelper' namespace 2. Rename UnoTunnelIdInit to UnoIdInit, as a precondition to replace of uses of OImplementationId with it, including in XTypeProvider 3. Introduce convenience functions 'getSomething_cast' to cast between sal_Int64 and object pointers uniformly. 4. Rename getUnoTunnelImplementation to getFromUnoTunnel, both to make it a bit shorter, and to reflect its function better. Templatize it to take also css::uno::Any for convenience. 5. Introduce getSomethingImpl, inspired by sw::UnoTunnelImpl; allow it handle cases both with and without fallback to parent. 6. Adjust UNO3_GETIMPLEMENTATION_* macros TODO (in separate commits): - Drop sw::UnoTunnelImpl and sw::UnoTunnelGetImplementation - Replace all uses of OImplementationId in core with UnoIdInit - Deprecate OImplementationId in <cppuhelper/typeprovider.hxx> - Change implementations of getSomething to use getSomethingImpl - Revise uses of getSomething to use getFromUnoTunnel Change-Id: If4a3cb024130f1f552f988f0479589da1cd066e7 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122022 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2021-09-03clang-tidy:readability-redundant-member-initNoel Grandin
Change-Id: Iede70151af052505b780c6ce708aa74d97da5c75 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121545 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-08-23loplugin:referencecasting look through more clang TypesNoel Grandin
Note that because of where the fix resides, loplugin:redundantcast also notices a few more things. Change-Id: I0b66047fadfff2c5ceafcbd3eab085de00d861a6 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120865 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-08-20Make some scripts more portableIlmari Lauhakangas
Change-Id: Ia89059eea51ca396a7c74143625ac9a6706de198 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120773 Tested-by: Jenkins Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakangas@libreoffice.org>
2021-08-18loplugin:constparamsNoel Grandin
Change-Id: Ic7410f836e584df45101e78e345c8b3c8d355e09 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120680 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-08-10Missing includeStephan Bergmann
(for std::unique_ptr, with recent libstdc++ 12 trunk) Change-Id: I61b7823dd740ea7cdfe0d7403a50ac73b24d1c4e Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120229 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
2021-08-05Pass context and resource string down to boost::locale separatelyNoel Grandin
because this is often on a hot path, and we can avoid the splitting and joining of strings like this. Change-Id: Ia36047209368ca53431178c2e8723a18cfe8260a Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119220 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-08-03Consolidate on C++17 std::scoped_lock instead of std::lock_guardNoel Grandin
as in commit 9376f65a26240441bf9dd6ae1f69886dc9fa60fa Change-Id: I3ad9afd4d113582a214a4a4bc7eea55e38cd6ff9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119927 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-08-02convert #defines to OUStringLiteralNoel Grandin
mostly by doing $ git grep -l '#define.*\"' -- *.cxx | xargs perl -pi -e 's/^#define\s+(\w+)\s+(\".*\")/constexpr OUStringLiteral \1 = u\2;/g' Change-Id: Idface893449b0ef2a3c5254865a300585d752fbb Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119669 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-08-01xmlsec: handle missing EqualDistinguishedNamesJan-Marek Glogowski
This is just a hack. A more correct fix would be to condition the whole xmlsecurity support in the various LO modules. The non-NSS build now fails, because it misses the EqualDistinguishedNames, which is non-trivial to implement. This is the consequence of commit 1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42 "xmlsecurity: add EqualDistinguishedNames()" and commit 5af5ea893bcb8a8eb472ac11133da10e5a604e66 "xmlsecurity: improve handling of multiple certificates per X509Data". FWIW: one could also use OpenSSL i2d_X509_NAME and X509_NAME_cmp to implement this functionality, but it looks like it requires some ANS.1 input to begin with (maybe i2s_ASN1_* can be used). And then you would still miss some certificate store integration. Change-Id: I0600f76a5cb4379db428f67cb136b8567dfcc51e Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116123 Tested-by: Jenkins Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
2021-08-01osl::Mutex->std::mutex in ODigestContextNoel Grandin
Change-Id: I168750490f2c60f8c93aef630949acb4e29734b5 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119750 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-08-01osl::Mutex->std::mutex in SecurityEnvironment_NssImplNoel Grandin
Change-Id: I4b00afbe71b5459a9b1b8e612e44af71616a9b8c Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119749 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-07-29rtl::Static -> static localNoel Grandin
in a handful cases, like a map or a vector, we don't need init on demand at all, the default constructor can be laid out at compile time Change-Id: I2d404584b5aa23db7b1f779e160e04e72dd2aa74 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119656 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-07-27cid#1489430 Big parameter passed by valueCaolán McNamara
Change-Id: Ib40bda812872c9421948bc9a1e131ab3f95a0ff0 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119557 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com>
2021-07-27cid#1489502 Big parameter passed by valueCaolán McNamara
etc Change-Id: I1242b26fa7e08c1818a0d5d5519e1220fbfb07bd Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119533 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com>
2021-07-26cid#1489541 Big parameter passed by valueCaolán McNamara
etc Change-Id: Id7efff454fc73ead0d404495846f7df6e7a16a41 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119532 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com>
2021-07-26cid#1489423 Big parameter passed by valueCaolán McNamara
and cid#1489424 Big parameter passed by value cid#1489425 Big parameter passed by value cid#1489427 Big parameter passed by value cid#1489432 Big parameter passed by value cid#1489435 Big parameter passed by value cid#1489436 Big parameter passed by value cid#1489439 Big parameter passed by value cid#1489441 Big parameter passed by value cid#1489443 Big parameter passed by value cid#1489445 Big parameter passed by value cid#1489451 Big parameter passed by value cid#1489459 Big parameter passed by value cid#1489462 Big parameter passed by value cid#1489463 Big parameter passed by value cid#1489465 Big parameter passed by value cid#1489467 Big parameter passed by value cid#1489468 Big parameter passed by value cid#1489469 Big parameter passed by value cid#1489473 Big parameter passed by value cid#1489475 Big parameter passed by value cid#1489476 Big parameter passed by value cid#1489477 Big parameter passed by value cid#1489479 Big parameter passed by value cid#1489481 Big parameter passed by value cid#1489489 Big parameter passed by value cid#1489491 Big parameter passed by value cid#1489493 Big parameter passed by value cid#1489495 Big parameter passed by value cid#1489498 Big parameter passed by value cid#1489501 Big parameter passed by value cid#1489504 Big parameter passed by value cid#1489508 Big parameter passed by value cid#1489509 Big parameter passed by value cid#1489513 Big parameter passed by value cid#1489516 Big parameter passed by value cid#1489518 Big parameter passed by value cid#1489521 Big parameter passed by value cid#1489533 Big parameter passed by value cid#1489534 Big parameter passed by value cid#1489537 Big parameter passed by value cid#1489538 Big parameter passed by value cid#1489540 Big parameter passed by value Change-Id: If613144a64087b4e0459f5935e1adbcb0e0330b8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119531 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com>
2021-07-26cid#1489419 Big parameter passed by valueCaolán McNamara
and cid#1489421 Big parameter passed by value cid#1489426 Big parameter passed by value cid#1489428 Big parameter passed by value cid#1489430 Big parameter passed by value cid#1489433 Big parameter passed by value cid#1489434 Big parameter passed by value cid#1489438 Big parameter passed by value cid#1489442 Big parameter passed by value cid#1489447 Big parameter passed by value cid#1489452 Big parameter passed by value cid#1489455 Big parameter passed by value cid#1489456 Big parameter passed by value cid#1489460 Big parameter passed by value cid#1489461 Big parameter passed by value cid#1489466 Big parameter passed by value cid#1489470 Big parameter passed by value cid#1489471 Big parameter passed by value cid#1489478 Big parameter passed by value cid#1489483 Big parameter passed by value cid#1489488 Big parameter passed by value cid#1489497 Big parameter passed by value cid#1489499 Big parameter passed by value cid#1489500 Big parameter passed by value cid#1489506 Big parameter passed by value cid#1489514 Big parameter passed by value cid#1489515 Big parameter passed by value cid#1489519 Big parameter passed by value cid#1489524 Big parameter passed by value cid#1489528 Big parameter passed by value cid#1489530 Big parameter passed by value cid#1489531 Big parameter passed by value cid#1489536 Big parameter passed by value Change-Id: I72167511858f16f49b31fd69e39435dbdaf83196 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119530 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com>
2021-07-26use officecfg for security optionsNoel Grandin
Change-Id: I9d91fd5b260b82e05aac6567143386742953ecf6 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119486 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2021-07-22pass SvXMLNamespaceMap around by valueNoel Grandin
in SvXMLImport. Remove an assert in XSecParser because std::move on std::optional does not make the optional empty, unlike it's effect on std::unique_ptr. Change-Id: Ie94d01423bf694a37e4bd7f2c0235c5f79a44efe Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119302 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>