From 010c58f110c4fa3fa88a0c3905095028b6c2d532 Mon Sep 17 00:00:00 2001 From: "Elena.Subbotina" Date: Thu, 27 Jul 2023 17:27:46 +0300 Subject: [PATCH 1/3] fix bug #58959 --- MsBinaryFile/XlsFile/Format/Logic/GlobalsSubstream.cpp | 7 +++++-- OOXML/XlsbFormat/WorkBookStream.cpp | 7 +++++-- X2tConverter/src/ASCConverters.cpp | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/MsBinaryFile/XlsFile/Format/Logic/GlobalsSubstream.cpp b/MsBinaryFile/XlsFile/Format/Logic/GlobalsSubstream.cpp index e52dbf2e5a..25ebf8b11e 100644 --- a/MsBinaryFile/XlsFile/Format/Logic/GlobalsSubstream.cpp +++ b/MsBinaryFile/XlsFile/Format/Logic/GlobalsSubstream.cpp @@ -809,8 +809,11 @@ void GlobalsSubstream::UpdateDefineNames() { if (lbl->fFunc) { - if (name == L"FORMULA") //"general_formulas.xls" - name = L"_xludf." + name; + if (name != L"CHISQDIST" && + name != L"CHISQINV" && + name != L"CURRENT" && + name != L"EFFECTIVE") + name = L"_xludf." + name; } } global_info_->arDefineNames.push_back(name);// для имен функций - todooo ... не все функции корректны !! БДИ !! diff --git a/OOXML/XlsbFormat/WorkBookStream.cpp b/OOXML/XlsbFormat/WorkBookStream.cpp index 2c615a48a7..50b36ee6aa 100644 --- a/OOXML/XlsbFormat/WorkBookStream.cpp +++ b/OOXML/XlsbFormat/WorkBookStream.cpp @@ -599,8 +599,11 @@ void WorkBookStream::UpdateDefineNames(XLS::GlobalWorkbookInfo* global_info_) { if (lbl->fFunc) { - if (name == L"FORMULA") //"general_formulas.xls" - name = L"_xludf." + name; + if (name != L"CHISQDIST" && + name != L"CHISQINV" && + name != L"CURRENT" && + name != L"EFFECTIVE") + name = L"_xludf." + name; } } global_info_->arDefineNames.push_back(name);// для имен функций - todooo ... не все функции корректны !! БДИ !! diff --git a/X2tConverter/src/ASCConverters.cpp b/X2tConverter/src/ASCConverters.cpp index f0fad7ef34..950dd51982 100644 --- a/X2tConverter/src/ASCConverters.cpp +++ b/X2tConverter/src/ASCConverters.cpp @@ -5070,7 +5070,7 @@ namespace NExtractTools { hRes = dir2zipMscrypt(sResultDocxDir, sTo, sTemp, params); } - return AVS_FILEUTILS_ERROR_CONVERT; + return hRes; } _UINT32 xls2xlsx_dir (const std::wstring &sFrom, const std::wstring &sTo, const std::wstring &sTemp, InputParams& params) { From c2748fcff448308e2a3591dba283358ccd7a488a Mon Sep 17 00:00:00 2001 From: Oleg Korshul Date: Thu, 27 Jul 2023 18:14:06 +0300 Subject: [PATCH 2/3] Add check buffer size for password generation --- DesktopEditor/xmlsec/src/osign/lib/src/certificate.cpp | 1 + DesktopEditor/xmlsec/src/osign/test/main.cpp | 1 + 2 files changed, 2 insertions(+) diff --git a/DesktopEditor/xmlsec/src/osign/lib/src/certificate.cpp b/DesktopEditor/xmlsec/src/osign/lib/src/certificate.cpp index eb0ea709f8..8813a1da53 100644 --- a/DesktopEditor/xmlsec/src/osign/lib/src/certificate.cpp +++ b/DesktopEditor/xmlsec/src/osign/lib/src/certificate.cpp @@ -450,6 +450,7 @@ namespace OSign CStorageBuffer buffer; buffer.Alloc(size); RAND_priv_bytes(buffer.GetData(), (int)size); + buffer.AddSkip(size); buffer.Skip(size); return buffer; } diff --git a/DesktopEditor/xmlsec/src/osign/test/main.cpp b/DesktopEditor/xmlsec/src/osign/test/main.cpp index f05f9ca6ea..2e474e01d2 100644 --- a/DesktopEditor/xmlsec/src/osign/test/main.cpp +++ b/DesktopEditor/xmlsec/src/osign/test/main.cpp @@ -22,6 +22,7 @@ TEST_F(COSignTest, crypt_storage_aes_gcm_random_password) { // создаем случайный пароль длиной 100 символов OSign::CStorageBuffer oPassword = OSign::Crypt::GeneratePassword(100); + EXPECT_EQ(100, oPassword.GetLength()); // буфер для шифрования std::string sDataCrypt = "Hello, world!"; From 3217ac7d51b8f40b37973c3356597c120407a0dc Mon Sep 17 00:00:00 2001 From: Oleg Korshul Date: Fri, 28 Jul 2023 12:09:51 +0300 Subject: [PATCH 3/3] Add method for cert&key generation --- .../xmlsec/src/include/CertificateCommon.h | 2 + .../xmlsec/src/include/openssl_config.h | 1 + .../xmlsec/src/src/CertificateCommon.cpp | 15 ++ .../xmlsec/src/src/Certificate_openssl.h | 144 ++++++++++++++++++ DesktopEditor/xmlsec/src/test/main.cpp | 74 +++++---- 5 files changed, 203 insertions(+), 33 deletions(-) diff --git a/DesktopEditor/xmlsec/src/include/CertificateCommon.h b/DesktopEditor/xmlsec/src/include/CertificateCommon.h index 644d9a423d..079efbfcb2 100644 --- a/DesktopEditor/xmlsec/src/include/CertificateCommon.h +++ b/DesktopEditor/xmlsec/src/include/CertificateCommon.h @@ -42,6 +42,8 @@ namespace NSCertificate OPENSSL_DECL std::wstring GetSignatureMethod(const int& nAlg); OPENSSL_DECL ICertificate* CreateInstance(const int& type = CERTIFICATE_ENGINE_TYPE_DEFAULT); + + OPENSSL_DECL ICertificate* GenerateByAlg(const std::string& key_alg, const std::map& props = std::map()); }; #endif // _XML_CERTIFICATE_COMMON_H_ diff --git a/DesktopEditor/xmlsec/src/include/openssl_config.h b/DesktopEditor/xmlsec/src/include/openssl_config.h index 0221ea206d..49e5500d9a 100644 --- a/DesktopEditor/xmlsec/src/include/openssl_config.h +++ b/DesktopEditor/xmlsec/src/include/openssl_config.h @@ -3,6 +3,7 @@ #include #include +#include #include "../../../common/base_export.h" #ifdef COMMON_OPENSSL_BUILDING_INTERNAL diff --git a/DesktopEditor/xmlsec/src/src/CertificateCommon.cpp b/DesktopEditor/xmlsec/src/src/CertificateCommon.cpp index 20ab7a8885..5091110b65 100644 --- a/DesktopEditor/xmlsec/src/src/CertificateCommon.cpp +++ b/DesktopEditor/xmlsec/src/src/CertificateCommon.cpp @@ -317,6 +317,21 @@ namespace NSCertificate return NULL; } + + ICertificate* GenerateByAlg(const std::string& key_alg, const std::map& props) + { +#ifdef SUPPORT_OPENSSL + CCertificate_openssl* pCert = new CCertificate_openssl(); + bool bIsGenerated = pCert->Generate(key_alg, props); + if (!bIsGenerated) + { + delete pCert; + return NULL; + } + return pCert; +#endif + return NULL; + } }; #ifdef SUPPORT_OPENSSL diff --git a/DesktopEditor/xmlsec/src/src/Certificate_openssl.h b/DesktopEditor/xmlsec/src/src/Certificate_openssl.h index d0e369a339..180dc93a1a 100644 --- a/DesktopEditor/xmlsec/src/src/Certificate_openssl.h +++ b/DesktopEditor/xmlsec/src/src/Certificate_openssl.h @@ -24,6 +24,8 @@ #include #include +#include + const EVP_MD* Get_EVP_MD(int nAlg) { switch (nAlg) @@ -121,6 +123,148 @@ public: EVP_PKEY_FREE(m_key); } + bool Generate(const std::string& key_alg, const std::map& props = std::map()) + { + EVP_PKEY_CTX* pctx = nullptr; + int nRsaKeyLen = 0; + + if (key_alg == "ed25519") + { + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); + m_alg = OOXML_HASH_ALG_ED25519; + } + else if (key_alg == "x25519") + { + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); + m_alg = OOXML_HASH_ALG_ED448; + } + else if (0 == key_alg.find("rsa")) + { + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + std::string sKeyLen = key_alg.substr(3); + nRsaKeyLen = 2048; + if (!sKeyLen.empty()) + nRsaKeyLen = std::stoi(sKeyLen); + + m_alg = OOXML_HASH_ALG_SHA256; + } + else + return false; + + EVP_PKEY_keygen_init(pctx); + + if (0 != nRsaKeyLen && EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, nRsaKeyLen) <= 0) + return false; + + EVP_PKEY_keygen(pctx, &m_key); + + m_cert = X509_new(); + X509_set_version(m_cert, 2); + + ASN1_STRING* serialNumber = X509_get_serialNumber(m_cert); + if (serialNumber) + { + const int nBytesCount = 16; + unsigned char pSerialNumber[nBytesCount]; + RAND_bytes(pSerialNumber, nBytesCount); + + if (1 != ASN1_STRING_set(serialNumber, pSerialNumber, nBytesCount) == 1) + ASN1_INTEGER_set(serialNumber, 1); + } + + X509_gmtime_adj(X509_get_notBefore(m_cert), 0); + X509_gmtime_adj(X509_get_notAfter(m_cert), 31536000L); + + if (X509_set_pubkey(m_cert, m_key) == 0) + { + if (NULL != m_cert) + X509_free(m_cert); + m_cert = NULL; + + if (NULL != m_key) + EVP_PKEY_free(m_key); + m_key = NULL; + + EVP_PKEY_CTX_free(pctx); + return false; + } + + X509_NAME* name_record = X509_get_subject_name(m_cert); + + std::wstring sC = L"US"; + std::wstring sO = L"Ascensio System SIA"; + std::wstring sCN = L"AOSign Certificate"; + + std::map::const_iterator iter_prop = props.find(L"C"); + if (iter_prop != props.end()) + sC = iter_prop->second; + + iter_prop = props.find(L"O"); + if (iter_prop != props.end()) + sO = iter_prop->second; + + iter_prop = props.find(L"CN"); + if (iter_prop != props.end()) + sCN = iter_prop->second; + + std::string sC_A = U_TO_UTF8(sC); + std::string sO_A = U_TO_UTF8(sO); + std::string sCN_A = U_TO_UTF8(sCN); + + X509_NAME_add_entry_by_txt(name_record, "C", MBSTRING_ASC, (unsigned char *)sC_A.c_str(), -1, -1, 0); + X509_NAME_add_entry_by_txt(name_record, "O", MBSTRING_ASC, (unsigned char *)sO_A.c_str(), -1, -1, 0); + X509_NAME_add_entry_by_txt(name_record, "CN", MBSTRING_ASC, (unsigned char *)sCN_A.c_str(), -1, -1, 0); + + X509_set_issuer_name(m_cert, name_record); + + if (!props.empty()) + { + std::string sAdditions = ""; + for (std::map::const_iterator iter = props.begin(); iter != props.end(); iter++) + { + std::string sKey = U_TO_UTF8(iter->first); + std::string sValue = U_TO_UTF8(iter->second); + + string_replace(sKey, ";", ";"); + string_replace(sKey, "=", "="); + string_replace(sValue, ";", ";"); + + sAdditions += (sKey + "=" + sValue + ";"); + } + + if (!sAdditions.empty()) + { + //const int nid_user = OBJ_create("1.2.3", "key", "value"); + ASN1_OCTET_STRING* oDataAdditions = ASN1_OCTET_STRING_new(); + int nError = ASN1_OCTET_STRING_set(oDataAdditions, (unsigned const char*)sAdditions.c_str(), (int)sAdditions.length()); + X509_EXTENSION* ext = X509_EXTENSION_create_by_NID(nullptr, NID_subject_alt_name, false, oDataAdditions); + nError = X509_add_ext(m_cert, ext, -1); + X509_EXTENSION_free(ext); + } + } + + const EVP_MD* pDigest = Get_EVP_MD(this->GetHashAlg()); + if (NULL == pDigest) + pDigest = EVP_md_null(); + + if (X509_sign(m_cert, m_key, pDigest) == 0) + { + if (NULL != m_cert) + X509_free(m_cert); + m_cert = NULL; + + if (NULL != m_key) + EVP_PKEY_free(m_key); + m_key = NULL; + + EVP_PKEY_CTX_free(pctx); + return false; + } + + EVP_PKEY_CTX_free(pctx); + return true; + } + virtual int GetType() { return CERTIFICATE_ENGINE_TYPE_OPENSSL; diff --git a/DesktopEditor/xmlsec/src/test/main.cpp b/DesktopEditor/xmlsec/src/test/main.cpp index 1c109413b4..9ae245cf86 100644 --- a/DesktopEditor/xmlsec/src/test/main.cpp +++ b/DesktopEditor/xmlsec/src/test/main.cpp @@ -1,5 +1,5 @@ #include "../../../common/File.h" -#include "../include/XmlCertificate.h" +#include "../include/CertificateCommon.h" #include "../include/OOXMLSigner.h" #include "../include/OOXMLVerifier.h" @@ -12,56 +12,64 @@ int main() { - std::wstring sTestDir = NSFile::GetProcessDirectory() + L"/../../"; - ICertificate* pCertificate = NULL; + std::wstring sTestDir = NSFile::GetProcessDirectory() + L"/../../"; -#ifdef USE_MS_CRYPTO + //ICertificate* pCertificate = NSCertificate::FromFiles(sTestDir + L"keys/key.key", "", sTestDir + L"keys/cert.crt", ""); - // TODO: Load sertificate from store + std::map properties; + properties.insert(std::make_pair(L"email", L"sign@onlyoffice.com")); + properties.insert(std::make_pair(L"phone", L"+00000000000")); + std::wstring sNameTest = L"NameTest"; + std::wstring sValueTest = L"ValueTest"; + properties.insert(std::make_pair(sNameTest, sValueTest)); -#else + //ICertificate* pCertificate = NSCertificate::GenerateByAlg("rsa2048", properties); + ICertificate* pCertificate = NSCertificate::GenerateByAlg("ed25519", properties); - pCertificate = ICertificate::CreateInstance(); - pCertificate->FromFiles(sTestDir + L"keys/key.key", "", sTestDir + L"keys/cert.crt", ""); -#endif + unsigned char* pSignData = NULL; + unsigned int nSignDataLen = 0; + std::string sSignData = "Hello world!"; + bool bRes = pCertificate->SignPKCS7((unsigned char*)sSignData.c_str(), (unsigned int)sSignData.length(), pSignData, nSignDataLen); - BYTE* pDataDst = NULL; - unsigned long nLenDst = 0; + RELEASEARRAYOBJECTS(pSignData); + + BYTE* pDataDst = NULL; + unsigned long nLenDst = 0; #ifdef USE_SIGN #if 0 - COOXMLSigner oSigner(sTestDir + L"file", pCertificate); - oSigner.Sign(pDataDst, nLenDst); + COOXMLSigner oSigner(sTestDir + L"file", pCertificate); + oSigner.Sign(pDataDst, nLenDst); #else - BYTE* pDataSrc = NULL; - unsigned long nLenSrc = 0; - NSFile::CFileBinary::ReadAllBytes(sTestDir + L"/file.docx", &pDataSrc, nLenSrc); + BYTE* pDataSrc = NULL; + unsigned long nLenSrc = 0; + NSFile::CFileBinary::ReadAllBytes(sTestDir + L"/file.docx", &pDataSrc, nLenSrc); - COOXMLSigner oSigner(pDataSrc, nLenSrc, pCertificate); - oSigner.Sign(pDataDst, nLenDst); - RELEASEARRAYOBJECTS(pDataSrc); + COOXMLSigner oSigner(pDataSrc, nLenSrc, pCertificate); + oSigner.Sign(pDataDst, nLenDst); + RELEASEARRAYOBJECTS(pDataSrc); - NSFile::CFileBinary oFileDst; - oFileDst.CreateFileW(sTestDir + L"/file2.docx"); - oFileDst.WriteFile(pDataDst, nLenDst); - oFileDst.CloseFile(); + NSFile::CFileBinary oFileDst; + oFileDst.CreateFileW(sTestDir + L"/file2.docx"); + oFileDst.WriteFile(pDataDst, nLenDst); + oFileDst.CloseFile(); #endif #endif - RELEASEARRAYOBJECTS(pDataDst); + RELEASEARRAYOBJECTS(pDataDst); #ifdef USE_VERIFY #if 1 - COOXMLVerifier oVerifier(sTestDir + L"file"); - int nCount = oVerifier.GetSignatureCount(); - for (int i = 0; i < nCount; i++) - { - COOXMLSignature* pSign = oVerifier.GetSignature(i); - pSign->Check(); - } + COOXMLVerifier oVerifier(sTestDir + L"file"); + int nCount = oVerifier.GetSignatureCount(); + for (int i = 0; i < nCount; i++) + { + COOXMLSignature* pSign = oVerifier.GetSignature(i); + pSign->Check(); + } #endif #endif - delete pCertificate; - return 0; + delete pCertificate; + return 0; }