[Libreoffice-commits] core.git: external/xmlsec

[Miklos Vajna]

 external/xmlsec/UnpackedTarball_xmlsec.mk    |    2 
 external/xmlsec/xmlsec1-ecdsa-assert.patch.1 |   58 +++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)

New commits:
commit 6a069bea171a9857829d82711d16ec19621ff5f7
Author: Miklos Vajna <vmik...@collabora.co.uk>
Date:   Thu May 10 22:42:12 2018 +0200

    Related: tdf#109180 xmlsec nss: backport ecdsa fix
    
    Change-Id: Id977be090e09eefcb4196078682694443718c2fd
    Reviewed-on: https://gerrit.libreoffice.org/54103
    Tested-by: Jenkins <c...@libreoffice.org>
    Reviewed-by: Miklos Vajna <vmik...@collabora.co.uk>

diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk 
b/external/xmlsec/UnpackedTarball_xmlsec.mk
index 808803d38a8f..24be126f1d84 100644
--- a/external/xmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -12,6 +12,8 @@ xmlsec_patches += xmlsec1-configure.patch.1
 xmlsec_patches += xmlsec1-vc.patch.1
 xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1
 xmlsec_patches += xmlsec1-customkeymanage.patch.1
+# Backport of <https://github.com/lsh123/xmlsec/pull/172>.
+xmlsec_patches += xmlsec1-ecdsa-assert.patch.1
 
 $(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))
 
diff --git a/external/xmlsec/xmlsec1-ecdsa-assert.patch.1 
b/external/xmlsec/xmlsec1-ecdsa-assert.patch.1
new file mode 100644
index 000000000000..02f7fe844720
--- /dev/null
+++ b/external/xmlsec/xmlsec1-ecdsa-assert.patch.1
@@ -0,0 +1,58 @@
+From 34899117d1c43022d2d9454bf59e3a30cfaa666a Mon Sep 17 00:00:00 2001
+Date: Mon, 7 May 2018 18:59:33 +0200
+Subject: [PATCH] NSS: ECDSA updates (#172)
+
+* nss: register ecdsa key data
+
+This test started to fail when 2ae61923d6e8db7eca0a8476e934e4af5b1cc5de
+(MS CNG: adopt trusted certificate (#141), 2018-01-15) fixed the typo in
+the test to require ecdsa key data.
+
+The implementation was there, just not the registration.
+
+Testcase: aleksey-xmldsig-01/enveloping-sha256-ecdsa-sha256
+
+* nss: fix assert condition when getting key type of ECDSA key
+
+The condition is now consistent with the RSA getter. In practice this
+fixes a crash when using libxmlsec via its API and setting only the
+private key (but not the public key) for signing -- as
+SECKEY_GetPublicKeyType(NULL) is not safe.
+
+Bugreport: https://bugs.documentfoundation.org/show_bug.cgi?id=109180
+---
+ src/nss/crypto.c  | 4 ++++
+ src/nss/pkikeys.c | 2 +-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/nss/crypto.c b/src/nss/crypto.c
+index 57767465..bb50bfb5 100644
+--- a/src/nss/crypto.c
++++ b/src/nss/crypto.c
+@@ -75,6 +75,10 @@ xmlSecCryptoGetFunctions_nss(void) {
+     gXmlSecNssFunctions->keyDataDsaGetKlass             = 
xmlSecNssKeyDataDsaGetKlass;
+ #endif /* XMLSEC_NO_DSA */
+ 
++#ifndef XMLSEC_NO_ECDSA
++    gXmlSecNssFunctions->keyDataEcdsaGetKlass          = 
xmlSecNssKeyDataEcdsaGetKlass;
++#endif /* XMLSEC_NO_ECDSA */
++
+ #ifndef XMLSEC_NO_HMAC
+     gXmlSecNssFunctions->keyDataHmacGetKlass            = 
xmlSecNssKeyDataHmacGetKlass;
+ #endif /* XMLSEC_NO_HMAC */
+diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c
+index 25828aec..cf18d1c0 100644
+--- a/src/nss/pkikeys.c
++++ b/src/nss/pkikeys.c
+@@ -1471,7 +1471,7 @@ xmlSecNssKeyDataEcdsaGetType(xmlSecKeyDataPtr data) {
+     xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId), 
xmlSecKeyDataTypeUnknown);
+     ctx = xmlSecNssPKIKeyDataGetCtx(data);
+     xmlSecAssert2(ctx != NULL, -1);
+-    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == ecKey, -1);
++    xmlSecAssert2(ctx->pubkey == NULL || SECKEY_GetPublicKeyType(ctx->pubkey) 
== ecKey, -1);
+     if (ctx->privkey != NULL) {
+         return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+     } else {
+-- 
+2.13.6
+
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits