From 7b00829e27b0a26e9fa8d06bb651134f03a466e9 Mon Sep 17 00:00:00 2001 From: Thorsten Behrens Date: Wed, 18 Oct 2017 12:48:55 +0200 Subject: gpg4libre - tdf#113188 add option for minimal PGPKeyPacket Change-Id: I660e68074616f6953e6527e40ec22276ce8ef2fb Reviewed-on: https://gerrit.libreoffice.org/43492 Reviewed-by: Thorsten Behrens Tested-by: Thorsten Behrens --- external/gpgme/UnpackedTarball_gpgme.mk | 1 + external/gpgme/add-minimal-keyexport.patch | 68 ++++++++++++++++++++++ .../schema/org/openoffice/Office/Common.xcs | 13 +++++ xmlsecurity/source/gpg/CertificateImpl.cxx | 6 +- 4 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 external/gpgme/add-minimal-keyexport.patch diff --git a/external/gpgme/UnpackedTarball_gpgme.mk b/external/gpgme/UnpackedTarball_gpgme.mk index ca9fd79feaab..15259971f798 100644 --- a/external/gpgme/UnpackedTarball_gpgme.mk +++ b/external/gpgme/UnpackedTarball_gpgme.mk @@ -16,5 +16,6 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,gpgme,0)) $(eval $(call gb_UnpackedTarball_add_patches,gpgme, \ external/gpgme/find-libgpg-error-libassuan.patch \ external/gpgme/fix-autoconf-macros.patch \ + external/gpgme/add-minimal-keyexport.patch \ )) # vim: set noet sw=4 ts=4: diff --git a/external/gpgme/add-minimal-keyexport.patch b/external/gpgme/add-minimal-keyexport.patch new file mode 100644 index 000000000000..abaeb15897fc --- /dev/null +++ b/external/gpgme/add-minimal-keyexport.patch @@ -0,0 +1,68 @@ +--- lang/cpp/src/context.h.bak 2017-10-18 12:28:00.898945587 +0200 ++++ lang/cpp/src/context.h 2017-10-18 12:28:35.794832395 +0200 +@@ -178,10 +178,10 @@ + // Key Export + // + +- GpgME::Error exportPublicKeys(const char *pattern, Data &keyData); +- GpgME::Error exportPublicKeys(const char *pattern[], Data &keyData); +- GpgME::Error startPublicKeyExport(const char *pattern, Data &keyData); +- GpgME::Error startPublicKeyExport(const char *pattern[], Data &keyData); ++ GpgME::Error exportPublicKeys(const char *pattern, Data &keyData, bool minimal=false); ++ GpgME::Error exportPublicKeys(const char *pattern[], Data &keyData, bool minimal=false); ++ GpgME::Error startPublicKeyExport(const char *pattern, Data &keyData, bool minimal=false); ++ GpgME::Error startPublicKeyExport(const char *pattern[], Data &keyData, bool minimal=false); + + // + // Key Import +--- lang/cpp/src/context.cpp.bak 2017-10-18 12:27:50.830978224 +0200 ++++ lang/cpp/src/context.cpp 2017-10-18 12:30:13.278515603 +0200 +@@ -557,14 +557,14 @@ + } + } + +-Error Context::exportPublicKeys(const char *pattern, Data &keyData) ++Error Context::exportPublicKeys(const char *pattern, Data &keyData, bool minimal) + { + d->lastop = Private::Export; + Data::Private *const dp = keyData.impl(); +- return Error(d->lasterr = gpgme_op_export(d->ctx, pattern, 0, dp ? dp->data : 0)); ++ return Error(d->lasterr = gpgme_op_export(d->ctx, pattern, minimal ? GPGME_EXPORT_MODE_MINIMAL : 0, dp ? dp->data : 0)); + } + +-Error Context::exportPublicKeys(const char *patterns[], Data &keyData) ++Error Context::exportPublicKeys(const char *patterns[], Data &keyData, bool minimal) + { + d->lastop = Private::Export; + #ifndef HAVE_GPGME_EXT_KEYLIST_MODE_EXTERNAL_NONBROKEN +@@ -574,17 +574,17 @@ + } + #endif + Data::Private *const dp = keyData.impl(); +- return Error(d->lasterr = gpgme_op_export_ext(d->ctx, patterns, 0, dp ? dp->data : 0)); ++ return Error(d->lasterr = gpgme_op_export_ext(d->ctx, patterns, minimal ? GPGME_EXPORT_MODE_MINIMAL : 0, dp ? dp->data : 0)); + } + +-Error Context::startPublicKeyExport(const char *pattern, Data &keyData) ++Error Context::startPublicKeyExport(const char *pattern, Data &keyData, bool minimal) + { + d->lastop = Private::Export; + Data::Private *const dp = keyData.impl(); +- return Error(d->lasterr = gpgme_op_export_start(d->ctx, pattern, 0, dp ? dp->data : 0)); ++ return Error(d->lasterr = gpgme_op_export_start(d->ctx, pattern, minimal ? GPGME_EXPORT_MODE_MINIMAL : 0, dp ? dp->data : 0)); + } + +-Error Context::startPublicKeyExport(const char *patterns[], Data &keyData) ++Error Context::startPublicKeyExport(const char *patterns[], Data &keyData, bool minimal) + { + d->lastop = Private::Export; + #ifndef HAVE_GPGME_EXT_KEYLIST_MODE_EXTERNAL_NONBROKEN +@@ -594,7 +594,7 @@ + } + #endif + Data::Private *const dp = keyData.impl(); +- return Error(d->lasterr = gpgme_op_export_ext_start(d->ctx, patterns, 0, dp ? dp->data : 0)); ++ return Error(d->lasterr = gpgme_op_export_ext_start(d->ctx, patterns, minimal ? GPGME_EXPORT_MODE_MINIMAL : 0, dp ? dp->data : 0)); + } + + ImportResult Context::importKeys(const Data &data) diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs index 118700782343..01651dabe8f5 100644 --- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs +++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs @@ -2460,6 +2460,19 @@ true + + + Contains security settings regarding the GnuPG/OpenPGP backend. + + + + Determines if the PGPKeyPacket element on signed + documents will contain the full public key (default), or + the potentially much smaller minimal one, without any signatures. + + false + + Contains security settings regarding Basic scripts. diff --git a/xmlsecurity/source/gpg/CertificateImpl.cxx b/xmlsecurity/source/gpg/CertificateImpl.cxx index 49674f877956..6d06b24c3a2a 100644 --- a/xmlsecurity/source/gpg/CertificateImpl.cxx +++ b/xmlsecurity/source/gpg/CertificateImpl.cxx @@ -13,6 +13,7 @@ #include #include +#include #include #include @@ -212,7 +213,10 @@ void CertificateImpl::setCertificate(GpgME::Context* ctx, const GpgME::Key& key) // extract key data, store into m_aBits GpgME::Data data_out; ctx->setArmor(false); // caller will base64-encode anyway - GpgME::Error err = ctx->exportPublicKeys(key.primaryFingerprint(), data_out); + GpgME::Error err = ctx->exportPublicKeys( + key.primaryFingerprint(), + data_out, + officecfg::Office::Common::Security::OpenPGP::MinimalKeyExport::get()); if (err) throw RuntimeException("The GpgME library failed to retrieve the public key"); -- cgit