external/libxmlsec/UnpackedTarball_xmlsec.mk | 1 external/libxmlsec/xmlsec1-mscrypto-sha256.patch.1 | 308 +++++++++++++++++++++ 2 files changed, 309 insertions(+)
New commits: commit e2ccc96482e770edb57edffbf653c18d3a0c4c23 Author: Miklos Vajna <[email protected]> Date: Wed Feb 3 13:34:19 2016 +0100 tdf#76142 libxmlsec: implement SHA-256 support in the mscrypto backend The only tricky part is PROV_RSA_FULL -> PROV_RSA_AES, otherwise SHA-256 is not recognized as a valid algo. MSDN documentation for PROV_RSA_FULL at <https://msdn.microsoft.com/en-us/library/windows/desktop/aa387448%28v=vs.85%29.aspx> and PROV_RSA_AES at <https://msdn.microsoft.com/en-us/library/windows/desktop/aa387447%28v=vs.85%29.aspx> say that AES is a superset of full, so should be no backwards-compatibility issue. I tested this on Windows 7, but according to the documentation, it should be no problem on Windows XP, either -- provided that the latest SP is installed. Change-Id: I3ae196679c2cbf0e9e55fab10584d9c46a480659 diff --git a/external/libxmlsec/UnpackedTarball_xmlsec.mk b/external/libxmlsec/UnpackedTarball_xmlsec.mk index 68fb8d1..18a9308 100644 --- a/external/libxmlsec/UnpackedTarball_xmlsec.mk +++ b/external/libxmlsec/UnpackedTarball_xmlsec.mk @@ -28,6 +28,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\ external/libxmlsec/xmlsec1-update-config.guess.patch.1 \ external/libxmlsec/xmlsec1-ooxml.patch.1 \ external/libxmlsec/xmlsec1-nss-sha256.patch.1 \ + external/libxmlsec/xmlsec1-mscrypto-sha256.patch.1 \ )) $(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/mscrypto/akmngr.h,external/libxmlsec/include/akmngr_mscrypto.h)) diff --git a/external/libxmlsec/xmlsec1-mscrypto-sha256.patch.1 b/external/libxmlsec/xmlsec1-mscrypto-sha256.patch.1 new file mode 100644 index 0000000..13577b7 --- /dev/null +++ b/external/libxmlsec/xmlsec1-mscrypto-sha256.patch.1 @@ -0,0 +1,308 @@ +From 1562c2ee1f30ec9983e2f7e5a7bf4a89b594d706 Mon Sep 17 00:00:00 2001 +From: Miklos Vajna <[email protected]> +Date: Tue, 2 Feb 2016 15:49:10 +0100 +Subject: [PATCH] mscrypto glue layer: add SHA-256 support + +--- + include/xmlsec/mscrypto/crypto.h | 27 ++++++++++++++++ + src/mscrypto/certkeys.c | 2 +- + src/mscrypto/crypto.c | 4 +++ + src/mscrypto/digests.c | 70 ++++++++++++++++++++++++++++++++++++++++ + src/mscrypto/signatures.c | 64 ++++++++++++++++++++++++++++++++++++ + 5 files changed, 166 insertions(+), 1 deletion(-) + +diff --git a/include/xmlsec/mscrypto/crypto.h b/include/xmlsec/mscrypto/crypto.h +index 28d792a..96aaa78 100644 +--- a/include/xmlsec/mscrypto/crypto.h ++++ b/include/xmlsec/mscrypto/crypto.h +@@ -133,6 +133,16 @@ XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataRsaGetKlass(void); + XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha1GetKlass(void); + + /** ++ * xmlSecMSCryptoTransformRsaSha256Id: ++ * ++ * The RSA-SHA256 signature transform klass. ++ */ ++ ++#define xmlSecMSCryptoTransformRsaSha256Id \ ++ xmlSecMSCryptoTransformRsaSha256GetKlass() ++XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha256GetKlass(void); ++ ++/** + * xmlSecMSCryptoTransformRsaPkcs1Id: + * + * The RSA PKCS1 key transport transform klass. +@@ -172,6 +182,23 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha1GetKlass(void) + + /******************************************************************** + * ++ * SHA256 transform ++ * ++ *******************************************************************/ ++#ifndef XMLSEC_NO_SHA256 ++ ++/** ++ * xmlSecMSCryptoTransformSha256Id: ++ * ++ * The SHA256 digest transform klass. ++ */ ++#define xmlSecMSCryptoTransformSha256Id \ ++ xmlSecMSCryptoTransformSha256GetKlass() ++XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha256GetKlass(void); ++#endif /* XMLSEC_NO_SHA256 */ ++ ++/******************************************************************** ++ * + * GOSTR3411_94 transform + * + *******************************************************************/ +diff --git a/src/mscrypto/certkeys.c b/src/mscrypto/certkeys.c +index 73a6c26..e0b4f47 100644 +--- a/src/mscrypto/certkeys.c ++++ b/src/mscrypto/certkeys.c +@@ -1009,7 +1009,7 @@ xmlSecMSCryptoKeyDataRsaInitialize(xmlSecKeyDataPtr data) { + xmlSecAssert2(ctx != NULL, -1); + + ctx->providerName = MS_ENHANCED_PROV; +- ctx->providerType = PROV_RSA_FULL; ++ ctx->providerType = PROV_RSA_AES; + + return(0); + } +diff --git a/src/mscrypto/crypto.c b/src/mscrypto/crypto.c +index d60d3c6..b2fde85 100644 +--- a/src/mscrypto/crypto.c ++++ b/src/mscrypto/crypto.c +@@ -105,6 +105,7 @@ xmlSecCryptoGetFunctions_mscrypto(void) { + + #ifndef XMLSEC_NO_RSA + gXmlSecMSCryptoFunctions->transformRsaSha1GetKlass = xmlSecMSCryptoTransformRsaSha1GetKlass; ++ gXmlSecMSCryptoFunctions->transformRsaSha256GetKlass = xmlSecMSCryptoTransformRsaSha256GetKlass; + gXmlSecMSCryptoFunctions->transformRsaPkcs1GetKlass = xmlSecMSCryptoTransformRsaPkcs1GetKlass; + #endif /* XMLSEC_NO_RSA */ + +@@ -119,6 +120,9 @@ xmlSecCryptoGetFunctions_mscrypto(void) { + #ifndef XMLSEC_NO_SHA1 + gXmlSecMSCryptoFunctions->transformSha1GetKlass = xmlSecMSCryptoTransformSha1GetKlass; + #endif /* XMLSEC_NO_SHA1 */ ++#ifndef XMLSEC_NO_SHA256 ++ gXmlSecMSCryptoFunctions->transformSha256GetKlass = xmlSecMSCryptoTransformSha256GetKlass; ++#endif /* XMLSEC_NO_SHA256 */ + + #ifndef XMLSEC_NO_GOST + gXmlSecMSCryptoFunctions->transformGostR3411_94GetKlass = xmlSecMSCryptoTransformGostR3411_94GetKlass; +diff --git a/src/mscrypto/digests.c b/src/mscrypto/digests.c +index 19acc65..2b466b7 100644 +--- a/src/mscrypto/digests.c ++++ b/src/mscrypto/digests.c +@@ -66,6 +66,11 @@ xmlSecMSCryptoDigestCheckId(xmlSecTransformPtr transform) { + return(1); + } + #endif /* XMLSEC_NO_SHA1 */ ++#ifndef XMLSEC_NO_SHA256 ++ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha256Id)) { ++ return(1); ++ } ++#endif /* XMLSEC_NO_SHA256 */ + + #ifndef XMLSEC_NO_GOST + if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) { +@@ -94,6 +99,11 @@ xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) { + ctx->alg_id = CALG_SHA; + } else + #endif /* XMLSEC_NO_SHA1 */ ++#ifndef XMLSEC_NO_SHA256 ++ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha256Id)) { ++ ctx->alg_id = CALG_SHA_256; ++ } else ++#endif /* XMLSEC_NO_SHA256 */ + + #ifndef XMLSEC_NO_GOST + if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) { +@@ -124,6 +134,8 @@ xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) { + } + + /* TODO: Check what provider is best suited here.... */ ++ if (ctx->alg_id != CALG_SHA_256) ++ { + if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { + if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENHANCED_PROV,PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { + xmlSecError(XMLSEC_ERRORS_HERE, +@@ -134,6 +146,20 @@ xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) { + return(-1); + } + } ++ } ++ else ++ { ++ // SHA-256 ++ if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENH_RSA_AES_PROV, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) ++ { ++ xmlSecError(XMLSEC_ERRORS_HERE, ++ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), ++ "CryptAcquireContext", ++ XMLSEC_ERRORS_R_CRYPTO_FAILED, ++ XMLSEC_ERRORS_NO_MESSAGE); ++ return(-1); ++ } ++ } + + return(0); + } +@@ -367,6 +393,50 @@ xmlSecMSCryptoTransformSha1GetKlass(void) { + } + #endif /* XMLSEC_NO_SHA1 */ + ++#ifndef XMLSEC_NO_SHA256 ++/****************************************************************************** ++ * ++ * SHA256 ++ * ++ *****************************************************************************/ ++static xmlSecTransformKlass xmlSecMSCryptoSha256Klass = { ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* size_t klassSize */ ++ xmlSecMSCryptoDigestSize, /* size_t objSize */ ++ ++ xmlSecNameSha256, /* const xmlChar* name; */ ++ xmlSecHrefSha256, /* const xmlChar* href; */ ++ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ ++ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ NULL, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ ++ NULL, /* xmlSecTransformSetKeyMethod setKey; */ ++ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++/** ++ * xmlSecMSCryptoTransformSha256GetKlass: ++ * ++ * SHA-256 digest transform klass. ++ * ++ * Returns: pointer to SHA-256 digest transform klass. ++ */ ++xmlSecTransformId ++xmlSecMSCryptoTransformSha256GetKlass(void) { ++ return(&xmlSecMSCryptoSha256Klass); ++} ++#endif /* XMLSEC_NO_SHA256 */ ++ + #ifndef XMLSEC_NO_GOST + /****************************************************************************** + * +diff --git a/src/mscrypto/signatures.c b/src/mscrypto/signatures.c +index a567db7..bc69b44 100644 +--- a/src/mscrypto/signatures.c ++++ b/src/mscrypto/signatures.c +@@ -97,6 +97,9 @@ static int xmlSecMSCryptoSignatureCheckId(xmlSecTransformPtr transform) { + if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) { + return(1); + } ++ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) { ++ return(1); ++ } + #endif /* XMLSEC_NO_RSA */ + + return(0); +@@ -118,6 +121,10 @@ static int xmlSecMSCryptoSignatureInitialize(xmlSecTransformPtr transform) { + ctx->digestAlgId = CALG_SHA1; + ctx->keyId = xmlSecMSCryptoKeyDataRsaId; + } else ++ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) { ++ ctx->digestAlgId = CALG_SHA_256; ++ ctx->keyId = xmlSecMSCryptoKeyDataRsaId; ++ } else + #endif /* XMLSEC_NO_RSA */ + + #ifndef XMLSEC_NO_GOST +@@ -282,6 +289,12 @@ static int xmlSecMSCryptoSignatureVerify(xmlSecTransformPtr transform, + while (l >= tmpBuf) { + *l-- = *j++; + } ++ } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) { ++ j = (BYTE *)data; ++ l = tmpBuf + dataSize - 1; ++ while (l >= tmpBuf) { ++ *l-- = *j++; ++ } + } else { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), +@@ -487,6 +500,13 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra + while (j >= outBuf) { + *j-- = *i++; + } ++ } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) { ++ i = tmpBuf; ++ j = outBuf + dwSigLen - 1; ++ ++ while (j >= outBuf) { ++ *j-- = *i++; ++ } + } else { + /* We shouldn't get at this place */ + xmlSecError(XMLSEC_ERRORS_HERE, +@@ -563,6 +583,50 @@ xmlSecMSCryptoTransformRsaSha1GetKlass(void) { + return(&xmlSecMSCryptoRsaSha1Klass); + } + ++/**************************************************************************** ++ * ++ * RSA-SHA256 signature transform ++ * ++ ***************************************************************************/ ++static xmlSecTransformKlass xmlSecMSCryptoRsaSha256Klass = { ++ /* klass/object sizes */ ++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ ++ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ ++ ++ xmlSecNameRsaSha256, /* const xmlChar* name; */ ++ xmlSecHrefRsaSha256, /* const xmlChar* href; */ ++ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ ++ ++ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ ++ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ ++ NULL, /* xmlSecTransformNodeReadMethod readNode; */ ++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ ++ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ ++ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ ++ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ ++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ ++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ ++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ ++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ ++ NULL, /* xmlSecTransformPopXmlMethod popXml; */ ++ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ ++ ++ NULL, /* void* reserved0; */ ++ NULL, /* void* reserved1; */ ++}; ++ ++/** ++ * xmlSecMSCryptoTransformRsaSha256GetKlass: ++ * ++ * The RSA-SHA1 signature transform klass. ++ * ++ * Returns: RSA-SHA1 signature transform klass. ++ */ ++xmlSecTransformId ++xmlSecMSCryptoTransformRsaSha256GetKlass(void) { ++ return(&xmlSecMSCryptoRsaSha256Klass); ++} ++ + #endif /* XMLSEC_NO_RSA */ + + #ifndef XMLSEC_NO_DSA +-- +2.4.5 + _______________________________________________ Libreoffice-commits mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
