[Libreoffice-commits] core.git: Branch 'feature/cib_contract138c' - xmlsecurity/inc xmlsecurity/source

Tue, 05 Apr 2022 07:03:06 -0700 

 xmlsecurity/inc/xmlsec-wrapper.h                               |    4 ----
 xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx |    4 ----
 xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx         |    4 ----
 3 files changed, 12 deletions(-)

New commits:
commit cb53bee61713cd02364d64dc4906e3be1ff324a1
Author:     Gabor Kelemen <kelem...@ubuntu.com>
AuthorDate: Tue Apr 5 14:35:48 2022 +0200
Commit:     Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Tue Apr 5 14:35:48 2022 +0200

    Revert "only use X509Data"
    
    This reverts commit 5c494aa3c72b1f833999bdc55a7cdf9403678f87.
    
    Not helpful in itself, revert until all xmlsecurity is backported

diff --git a/xmlsecurity/inc/xmlsec-wrapper.h b/xmlsecurity/inc/xmlsec-wrapper.h
index 476c51b3f964..c060c8bf23b8 100644
--- a/xmlsecurity/inc/xmlsec-wrapper.h
+++ b/xmlsecurity/inc/xmlsec-wrapper.h
@@ -43,10 +43,6 @@
 #include <xmlsec/nss/app.h>
 #include <xmlsec/nss/crypto.h>
 #include <xmlsec/nss/pkikeys.h>
-#include <xmlsec/nss/x509.h>
-#endif
-#ifdef XMLSEC_CRYPTO_MSCRYPTO
-#include <xmlsec/mscrypto/x509.h>
 #endif
 
 #endif
diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx 
b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
index 118ddcbf8696..6b16efd46752 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx
@@ -229,10 +229,6 @@ SAL_CALL XMLSignature_MSCryptImpl::validate(
     // We do certificate verification ourselves.
     pDsigCtx->keyInfoReadCtx.flags |= 
XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
 
-    // limit possible key data to valid X509 certificates only, no KeyValues
-    if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST 
xmlSecMSCryptoKeyDataX509GetKlass()) < 0)
-        throw RuntimeException("failed to limit allowed key data");
-
     //Verify signature
     //The documentation says that the signature is only valid if the return 
value is 0 (that is, not < 0)
     //AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not 
make any assumptions, if
diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx 
b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
index c4e21d791c2d..e50daa47e868 100644
--- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx
@@ -244,10 +244,6 @@ SAL_CALL XMLSignature_NssImpl::validate(
         // We do certificate verification ourselves.
         pDsigCtx->keyInfoReadCtx.flags |= 
XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
 
-        // limit possible key data to valid X509 certificates only, no 
KeyValues
-        if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), 
BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0)
-            throw RuntimeException("failed to limit allowed key data");
-
         //Verify signature
         int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode );

Reply via email to