summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKatarina Behrens <Katarina.Behrens@cib.de>2017-07-17 16:00:12 +0200
committerThorsten Behrens <Thorsten.Behrens@CIB.de>2017-07-18 11:10:21 +0200
commit79953866ed9e589dc36a01aa2d35c5fb3fb73f8a (patch)
tree4c4fe637e596811902cf62b99aa355da347f9057
parent6c1a83147c60b999decf12307d2d4313382702ee (diff)
gpg4libre: Import public key payload if verification result != valid
it is essential to look closer at the results of verification (code doing that was removed by commit bdbebda1d80f538f946b14042) to be able to proceed with importing public key payload from the file if needed I've also killed one more instance of xmlStrlen being used on binary data Change-Id: I8cd45fe963c8dde91727471ddbebe6943374a121 Reviewed-on: https://gerrit.libreoffice.org/40066 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de> (cherry picked from commit 53be53b35e18230004b5f173c961fb8aa7162b09) Reviewed-on: https://gerrit.libreoffice.org/40073 (cherry picked from commit 4ca03b46b53818a25636a96b5e42b3a0b116bc35) Reviewed-on: https://gerrit.libreoffice.org/40101 Reviewed-by: Vasily Melenchuk <vasily.melenchuk@cib.de> Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de> Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
-rw-r--r--xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx19
1 files changed, 14 insertions, 5 deletions
diff --git a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
index 645e066107f5..e1afb3ef986b 100644
--- a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
+++ b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
@@ -371,7 +371,10 @@ SAL_CALL XMLSignature_GpgImpl::validate(
data_signature, data_text);
// TODO: needs some more error handling, needs checking _all_ signatures
- if( verify_res.isNull() || verify_res.numSignatures() == 0 )
+ if( verify_res.isNull() || verify_res.numSignatures() == 0
+ // there is at least 1 signature and it is anything else than fully valid
+ || ( (verify_res.numSignatures() > 0)
+ && verify_res.signature(0).status().encodedError() > 0 ) )
{
// let's try again, but this time import the public key
// payload (avoiding that in a first cut for being a bit
@@ -408,21 +411,27 @@ SAL_CALL XMLSignature_GpgImpl::validate(
// got a key packet, import & re-validate
xmlChar* pKeyPacket=xmlNodeGetContent(cur);
- if(xmlSecBase64Decode(pKeyPacket, reinterpret_cast<xmlSecByte*>(pKeyPacket), xmlStrlen(pKeyPacket)) < 0)
+ int nKeyLen = xmlSecBase64Decode(pKeyPacket, reinterpret_cast<xmlSecByte*>(pKeyPacket), xmlStrlen(pKeyPacket));
+ if( nKeyLen < 0)
throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
GpgME::Data data_key(
reinterpret_cast<char*>(pKeyPacket),
- xmlStrlen(pKeyPacket), false);
+ nKeyLen, false);
GpgME::ImportResult import_res=rCtx.importKeys(data_key);
xmlFree(pKeyPacket);
- // and re-run
+ // and re-run (rewind text and signature streams to position 0)
+ data_text.seek(0,SEEK_SET);
+ data_signature.seek(0,SEEK_SET);
verify_res=rCtx.verifyDetachedSignature(data_signature, data_text);
// TODO: needs some more error handling, needs checking _all_ signatures
- if( verify_res.isNull() || verify_res.numSignatures() == 0 )
+ if( verify_res.isNull() || verify_res.numSignatures() == 0
+ // there is at least 1 signature and it is anything else than valid
+ || ( (verify_res.numSignatures() > 0)
+ && verify_res.signature(0).status().encodedError() > 0 ) )
{
clearErrorRecorder();
xmlFree(pSignatureValue);