xmlsecurity/source/helper/xsecctl.cxx | 3 +++ xmlsecurity/source/helper/xsecparser.cxx | 2 ++ xmlsecurity/source/helper/xsecsign.cxx | 9 +++++++-- 3 files changed, 12 insertions(+), 2 deletions(-)
New commits: commit fdc85f759c4ef69f4ccdb7f160ad4bce7e61b231 Author: Thorsten Behrens <thorsten.behr...@cib.de> Date: Fri Sep 8 03:19:04 2017 +0200 gpg4libre: use SHA512 digests for GPG signing unconditionally Change-Id: I2ee6b0ba440a50b4627b3732c52afe08ba02d664 Reviewed-on: https://gerrit.libreoffice.org/42087 Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de> Tested-by: Thorsten Behrens <thorsten.behr...@cib.de> diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx index ad0744f54d27..616ffcfb2ae4 100644 --- a/xmlsecurity/source/helper/xsecctl.cxx +++ b/xmlsecurity/source/helper/xsecctl.cxx @@ -661,6 +661,9 @@ void XSecController::exportSignature( /* Write SignatureMethod element */ pAttributeList = new SvXMLAttributeList(); + // TODO: actually roundtrip this value from parsing documentsignatures.xml - entirely + // broken to assume this would in any way relate to the 1st reference's digest algo + // Assume that all Reference elements use the same DigestMethod:Algorithm, and that the // SignatureMethod:Algorithm should be the corresponding one. pAttributeList->AddAttribute( diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx index be6f0b7c3dd2..81b7ebf7e630 100644 --- a/xmlsecurity/source/helper/xsecparser.cxx +++ b/xmlsecurity/source/helper/xsecparser.cxx @@ -151,6 +151,8 @@ void SAL_CALL XSecParser::startElement( m_nReferenceDigestID = cssxc::DigestID::SHA256; else if (ouAlgorithm == ALGO_XMLDSIGSHA512) m_nReferenceDigestID = cssxc::DigestID::SHA512; + else + m_nReferenceDigestID = 0; } } else if (aName == "Transform") diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx index 278eba79f8af..cd173e2fb956 100644 --- a/xmlsecurity/source/helper/xsecsign.cxx +++ b/xmlsecurity/source/helper/xsecsign.cxx @@ -144,7 +144,9 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar cssu::Reference<cssxc::sax::XKeyCollector> keyCollector (xReferenceResolvedListener, cssu::UNO_QUERY); keyCollector->setKeyId(0); - const sal_Int32 digestID = bXAdESCompliantIfODF ? cssxc::DigestID::SHA256 : cssxc::DigestID::SHA1; + // use sha512 for gpg signing unconditionally + const sal_Int32 digestID = !internalSignatureInfor.signatureInfor.ouGpgCertificate.isEmpty()? + cssxc::DigestID::SHA512 : (bXAdESCompliantIfODF ? cssxc::DigestID::SHA256 : cssxc::DigestID::SHA1); if (nStorageFormat != embed::StorageFormats::OFOPXML) { @@ -194,7 +196,7 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar void XSecController::signAStream( sal_Int32 securityId, const OUString& uri, bool isBinary, bool bXAdESCompliantIfODF) { const SignatureReferenceType type = isBinary ? SignatureReferenceType::BINARYSTREAM : SignatureReferenceType::XMLSTREAM; - const sal_Int32 digestID = bXAdESCompliantIfODF ? cssxc::DigestID::SHA256 : cssxc::DigestID::SHA1; + sal_Int32 digestID = bXAdESCompliantIfODF ? cssxc::DigestID::SHA256 : cssxc::DigestID::SHA1; int index = findSignatureInfor( securityId ); @@ -206,6 +208,9 @@ void XSecController::signAStream( sal_Int32 securityId, const OUString& uri, boo } else { + // use sha512 for gpg signing unconditionally + if (!m_vInternalSignatureInformations[index].signatureInfor.ouGpgCertificate.isEmpty()) + digestID = cssxc::DigestID::SHA512; m_vInternalSignatureInformations[index].addReference(type, digestID, uri, -1); } } _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits