|
 |
17f16b |
From 26c9da40d44f1469df97398362667c74553be7d2 Mon Sep 17 00:00:00 2001
|
|
|
17f16b |
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
|
|
17f16b |
Date: Mon, 20 Dec 2021 17:05:44 +0000
|
|
|
17f16b |
Subject: [PATCH] only use X509Data
|
|
|
17f16b |
|
|
|
17f16b |
Change-Id: I52e6588f5fac04bb26d77c1f3af470db73e41f72
|
|
|
17f16b |
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127193
|
|
|
17f16b |
Tested-by: Jenkins
|
|
|
17f16b |
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
|
|
17f16b |
(cherry picked from commit be446d81e07b5499152efeca6ca23034e51ea5ff)
|
|
|
17f16b |
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127178
|
|
|
17f16b |
Reviewed-by: Adolfo Jayme Barrientos <fitojb@ubuntu.com>
|
|
|
17f16b |
(cherry picked from commit b0404f80577de9ff69e58390c6f6ef949fdb0139)
|
|
|
17f16b |
---
|
|
|
17f16b |
.../source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx | 6 ++++++
|
|
|
17f16b |
xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx | 6 ++++++
|
|
|
17f16b |
2 files changed, 12 insertions(+)
|
|
|
17f16b |
|
|
|
17f16b |
diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
|
|
|
17f16b |
index c699c950f351..9f816479f9dd 100644
|
|
|
17f16b |
--- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
|
|
|
17f16b |
+++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
|
|
|
17f16b |
@@ -22,6 +22,8 @@
|
|
|
17f16b |
#include <rtl/uuid.h>
|
|
|
17f16b |
#include <xmlsec-wrapper.h>
|
|
|
17f16b |
|
|
|
17f16b |
+#include <xmlsec/mscng/x509.h>
|
|
|
17f16b |
+
|
|
|
17f16b |
#include <com/sun/star/xml/crypto/SecurityOperationStatus.hpp>
|
|
|
17f16b |
#include <com/sun/star/xml/crypto/XXMLSignature.hpp>
|
|
|
17f16b |
|
|
|
17f16b |
@@ -233,6 +235,10 @@ SAL_CALL XMLSignature_MSCryptImpl::validate(
|
|
|
17f16b |
// We do certificate verification ourselves.
|
|
|
17f16b |
pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
|
|
|
17f16b |
|
|
|
17f16b |
+ // limit possible key data to valid X509 certificates only, no KeyValues
|
|
|
17f16b |
+ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecMSCngKeyDataX509GetKlass()) < 0)
|
|
|
17f16b |
+ throw RuntimeException("failed to limit allowed key data");
|
|
|
17f16b |
+
|
|
|
17f16b |
//Verify signature
|
|
|
17f16b |
//The documentation says that the signature is only valid if the return value is 0 (that is, not < 0)
|
|
|
17f16b |
//AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if
|
|
|
17f16b |
diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
|
|
|
17f16b |
index b41d754f7407..975c17272dc7 100644
|
|
|
17f16b |
--- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
|
|
|
17f16b |
+++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
|
|
|
17f16b |
@@ -20,6 +20,8 @@
|
|
|
17f16b |
#include <sal/config.h>
|
|
|
17f16b |
#include <xmlsec-wrapper.h>
|
|
|
17f16b |
|
|
|
17f16b |
+#include <xmlsec/nss/x509.h>
|
|
|
17f16b |
+
|
|
|
17f16b |
#include <xmlelementwrapper_xmlsecimpl.hxx>
|
|
|
17f16b |
#include <xmlsec/xmlstreamio.hxx>
|
|
|
17f16b |
#include <xmlsec/errorcallback.hxx>
|
|
|
17f16b |
@@ -247,6 +249,10 @@ SAL_CALL XMLSignature_NssImpl::validate(
|
|
|
17f16b |
// We do certificate verification ourselves.
|
|
|
17f16b |
pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
|
|
|
17f16b |
|
|
|
17f16b |
+ // limit possible key data to valid X509 certificates only, no KeyValues
|
|
|
17f16b |
+ if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0)
|
|
|
17f16b |
+ throw RuntimeException("failed to limit allowed key data");
|
|
|
17f16b |
+
|
|
|
17f16b |
//Verify signature
|
|
|
17f16b |
int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode );
|
|
|
17f16b |
|
|
|
17f16b |
--
|
|
|
17f16b |
2.35.1
|
|
|
17f16b |
|