[Libreoffice-commits] core.git: svl/source sw/qa
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Fri Apr 19 08:16:12 UTC 2019
svl/source/crypto/cryptosign.cxx | 33 ++++++++++++++++++++++++++++---
sw/qa/core/data/odt/pass/tdf122599-1.odt |binary
2 files changed, 30 insertions(+), 3 deletions(-)
New commits:
commit d43cc00cf97fa1151560aa6fe0a3fef38e7507f6
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Thu Apr 18 17:29:57 2019 +0100
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Fri Apr 19 10:15:28 2019 +0200
crashtesting: tdf#122599 NSS_CMSMessage_CreateFromDER asserts
because NSS_Init wasn't called first
Change-Id: Ib1b4c950dc2773af1fea7b64339b86566ee412e7
Reviewed-on: https://gerrit.libreoffice.org/70947
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index 3f0d1019bba3..a6cdd6b2c396 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -18,8 +18,9 @@
#include <tools/datetime.hxx>
#include <tools/stream.hxx>
#include <comphelper/base64.hxx>
-#include <comphelper/random.hxx>
#include <comphelper/hash.hxx>
+#include <comphelper/processfactory.hxx>
+#include <comphelper/random.hxx>
#include <com/sun/star/security/XCertificate.hpp>
#include <com/sun/star/uno/Sequence.hxx>
#include <filter/msfilter/mscodec.hxx>
@@ -54,6 +55,13 @@
#endif
#if HAVE_FEATURE_NSS
+
+#include <com/sun/star/xml/crypto/XDigestContext.hpp>
+#include <com/sun/star/xml/crypto/XDigestContextSupplier.hpp>
+#include <com/sun/star/xml/crypto/DigestID.hpp>
+#include <com/sun/star/xml/crypto/NSSInitializer.hpp>
+#include <mutex>
+
// Is this length truly the maximum possible, or just a number that
// seemed large enough when the author tested this (with some type of
// certificates)? I suspect the latter.
@@ -1962,15 +1970,34 @@ OUString GetSubjectName(PCCERT_CONTEXT pCertContext)
#endif
}
+#ifdef SVL_CRYPTO_NSS
+namespace
+{
+ void ensureNssInit()
+ {
+ // e.g. tdf#122599 ensure NSS library is initialized for NSS_CMSMessage_CreateFromDER
+ css::uno::Reference<css::xml::crypto::XNSSInitializer>
+ xNSSInitializer = css::xml::crypto::NSSInitializer::create(comphelper::getProcessComponentContext());
+
+ // this calls NSS_Init
+ css::uno::Reference<css::xml::crypto::XDigestContext> xDigestContext(
+ xNSSInitializer->getDigestContext(css::xml::crypto::DigestID::SHA256,
+ uno::Sequence<beans::NamedValue>()));
+ }
+}
+#endif
+
bool Signing::Verify(const std::vector<unsigned char>& aData,
const bool bNonDetached,
const std::vector<unsigned char>& aSignature,
SignatureInformation& rInformation)
{
#ifdef SVL_CRYPTO_NSS
- // Validate the signature. No need to call NSS_Init() here, assume that the
- // caller did that already.
+ // ensure NSS_Init() is called before using NSS_CMSMessage_CreateFromDER
+ static std::once_flag aInitOnce;
+ std::call_once(aInitOnce, ensureNssInit);
+ // Validate the signature.
SECItem aSignatureItem;
aSignatureItem.data = const_cast<unsigned char*>(aSignature.data());
aSignatureItem.len = aSignature.size();
diff --git a/sw/qa/core/data/odt/pass/tdf122599-1.odt b/sw/qa/core/data/odt/pass/tdf122599-1.odt
new file mode 100644
index 000000000000..4bbb2dfea00f
Binary files /dev/null and b/sw/qa/core/data/odt/pass/tdf122599-1.odt differ
More information about the Libreoffice-commits
mailing list