| Summary: | EU-conform digital signatures (XAdES, ASiC container) in Libre Office | ||
|---|---|---|---|
| Product: | LibreOffice | Reporter: | Aron Szabo <baronsz> |
| Component: | LibreOffice | Assignee: | Miklos Vajna <vmiklos> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | gbpacheco, h3734236, nemeth, nuno.ponte, timar74, vmiklos |
| Priority: | medium | ||
| Version: | unspecified | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | target:5.2.0 | ||
| Crash report or crash signature: | Regression By: | ||
| Attachments: |
Libre Office document with XAdES-signature (SHA-1 based)
Libre Office document with XAdES-signature (SHA-256 based) |
||
|
Description
Aron Szabo
2014-03-13 21:50:46 UTC
Created attachment 95889 [details]
Libre Office document with XAdES-signature (SHA-1 based)
Created attachment 95890 [details]
Libre Office document with XAdES-signature (SHA-256 based)
** Please read this message in its entirety before responding ** To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present on a currently supported version of LibreOffice (5.0.1 or preferably 5.0.2.2 or later) https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the version of LibreOffice and your operating system, and any changes you see in the bug behavior If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a short comment that includes your version of LibreOffice and Operating System Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) http://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to "inherited from OOo"; 4b. If the bug was not present in 3.3 - add "regression" to keyword Feel free to come ask questions or to say hello in our QA chat: http://webchat.freenode.net/?channels=libreoffice-qa Thank you for your help! -- The LibreOffice QA Team This NEW Message was generated on: 2015-10-14 One concrete problem from the above report is the lack of sha-256 support. I checked that (at least on Linux) libxmlsec supports sha-256, nss does as well, but the nss backend of libxmlsec does not. I'll fix that. Miklos Vajna committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=33cb676e582a57a469a0ea1ce7bdb2d57575992e tdf#76142 libxmlsec: implement SHA-256 support in the NSS backend It will be available in 5.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Miklos Vajna committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=93fdb8dc67bf04c7a1e22c8dd15152212799c4f2 tdf#76142 libxmlsec: extend SHA-256 support in the NSS backend It will be available in 5.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Miklos Vajna committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=c6967f6d1889e08bcd1d206d2b28a598f812641d tdf#76142 libxmlsec: fix xmlSecNssDigestVerify() for SHA-256 It will be available in 5.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Miklos Vajna committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=e2ccc96482e770edb57edffbf653c18d3a0c4c23 tdf#76142 libxmlsec: implement SHA-256 support in the mscrypto backend It will be available in 5.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Now attachment 95890 [details] opens correctly for me on both Windows and Linux, while previously a dbgutil failed with: warn:xmlsecurity.xmlsec:2700:1788:xmlsecurity/source/xmlsec/errorcallback.cxx:43: ..\src\transforms.c:1544: xmlSecTransformNodeRead() '' 'xmlSecTransformIdListFindByHref' 1 'href=http://www.w3.org/2001/04/xmlenc#sha256' on the console. Out of interest, what tool was used to produce the SHA-256 attachment? (In reply to Tor Lillqvist from comment #10) > Out of interest, what tool was used to produce the SHA-256 attachment? Hi, I used just a PHP-based tool that I developed to create test signatures (mainly malformed signatures for negative tests). Aron |