[Libreoffice-commits] core.git: vcl/source
Miklos Vajna
vmiklos at collabora.co.uk
Wed Nov 16 15:55:16 UTC 2016
vcl/source/gdi/pdfwriter_impl.cxx | 32 ++++++++++++++++++++++++++++++--
1 file changed, 30 insertions(+), 2 deletions(-)
New commits:
commit 2a5e7c6e59f56fa70a5388cb30c75b06b90eef6f
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Wed Nov 16 15:41:55 2016 +0100
vcl PDF sign: write ESSCertIDv2.hashAlgorithm/certHash
With this, the value of signing-certificate conforms to the RFC.
Change-Id: I27595068be46651efcbf0bd63fc51f79c6e18b4f
Reviewed-on: https://gerrit.libreoffice.org/30907
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
Tested-by: Jenkins <ci at libreoffice.org>
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index 5543ef0..9a3e18a 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -6042,6 +6042,8 @@ typedef struct {
*/
struct ESSCertIDv2
{
+ SECAlgorithmID hashAlgorithm;
+ SECItem certHash;
};
/**
@@ -6273,12 +6275,19 @@ const SEC_ASN1Template TimeStampReq_Template[] =
};
/**
+ * Hash ::= OCTET STRING
+ *
* ESSCertIDv2 ::= SEQUENCE {
+ * hashAlgorithm AlgorithmIdentifier DEFAULT {algorithm id-sha256},
+ * certHash Hash,
+ * issuerSerial IssuerSerial OPTIONAL
* }
*/
const SEC_ASN1Template ESSCertIDv2Template[] =
{
{SEC_ASN1_SEQUENCE, 0, nullptr, sizeof(ESSCertIDv2)},
+ {SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(ESSCertIDv2, hashAlgorithm), SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate), 0},
+ {SEC_ASN1_OCTET_STRING, offsetof(ESSCertIDv2, certHash), nullptr, 0},
{0, 0, nullptr, 0}
};
@@ -7085,6 +7094,26 @@ bool PDFWriter::Sign(PDFSignContext& rContext)
// Add the signing certificate as a signed attribute.
ESSCertIDv2* aCertIDs[2];
ESSCertIDv2 aCertID;
+ // Write ESSCertIDv2.hashAlgorithm.
+ aCertID.hashAlgorithm.algorithm.data = nullptr;
+ aCertID.hashAlgorithm.parameters.data = nullptr;
+ SECOID_SetAlgorithmID(nullptr, &aCertID.hashAlgorithm, SEC_OID_SHA256, nullptr);
+ // Write ESSCertIDv2.certHash.
+ SECItem aCertHashItem;
+ unsigned char aCertHash[SHA256_LENGTH];
+ HashContextScope aCertHashContext(HASH_Create(HASH_AlgSHA256));
+ if (!aCertHashContext.get())
+ {
+ SAL_WARN("vcl.pdfwriter", "HASH_Create() failed");
+ return false;
+ }
+ HASH_Begin(aCertHashContext.get());
+ HASH_Update(aCertHashContext.get(), reinterpret_cast<const unsigned char *>(rContext.m_pDerEncoded), rContext.m_nDerEncoded);
+ aCertHashItem.type = siBuffer;
+ aCertHashItem.data = aCertHash;
+ HASH_End(aCertHashContext.get(), aCertHashItem.data, &aCertHashItem.len, SHA256_LENGTH);
+ aCertID.certHash = aCertHashItem;
+ // Write SigningCertificateV2.certs.
aCertIDs[0] = &aCertID;
aCertIDs[1] = nullptr;
SigningCertificateV2 aCertificate;
@@ -7127,8 +7156,7 @@ bool PDFWriter::Sign(PDFSignContext& rContext)
aAttribute.type = aOidData.oid;
aAttribute.encoded = PR_TRUE;
- // Don't enable this by default till it works completely.
- if (g_bDebugDisableCompression && my_NSS_CMSSignerInfo_AddAuthAttr(cms_signer, &aAttribute) != SECSuccess)
+ if (my_NSS_CMSSignerInfo_AddAuthAttr(cms_signer, &aAttribute) != SECSuccess)
{
SAL_WARN("vcl.pdfwriter", "my_NSS_CMSSignerInfo_AddAuthAttr() failed");
return false;
More information about the Libreoffice-commits
mailing list