[Libreoffice-commits] core.git: Branch 'libreoffice-6-2' - svl/Library_svl.mk svl/source sw/qa
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Tue Apr 23 13:35:36 UTC 2019
svl/Library_svl.mk | 5 ++++
svl/source/crypto/cryptosign.cxx | 33 ++++++++++++++++++++++++++++---
sw/qa/core/data/odt/pass/tdf122599-1.odt |binary
3 files changed, 35 insertions(+), 3 deletions(-)
New commits:
commit 790bdd69926cf53359b35a105c3e9e1f61314aa7
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Thu Apr 18 17:29:57 2019 +0100
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Tue Apr 23 15:34:53 2019 +0200
crashtesting: tdf#122599 NSS_CMSMessage_CreateFromDER asserts
because NSS_Init wasn't called first
Change-Id: Ib1b4c950dc2773af1fea7b64339b86566ee412e7
Reviewed-on: https://gerrit.libreoffice.org/70949
Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
Tested-by: Jenkins
diff --git a/svl/Library_svl.mk b/svl/Library_svl.mk
index aacbb273d87c..2103a1483a45 100644
--- a/svl/Library_svl.mk
+++ b/svl/Library_svl.mk
@@ -111,6 +111,11 @@ $(eval $(call gb_Library_use_externals,svl,\
nss3 \
plc4 \
))
+ifeq ($(OS),LINUX)
+$(eval $(call gb_Library_add_libs,svl, \
+ -lpthread \
+))
+endif
endif # BUILD_TYPE=DESKTOP
endif
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index 9f18e53a3eca..617c926201fa 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -18,8 +18,9 @@
#include <tools/datetime.hxx>
#include <tools/stream.hxx>
#include <comphelper/base64.hxx>
-#include <comphelper/random.hxx>
#include <comphelper/hash.hxx>
+#include <comphelper/processfactory.hxx>
+#include <comphelper/random.hxx>
#include <com/sun/star/security/XCertificate.hpp>
#include <com/sun/star/uno/Sequence.hxx>
#include <filter/msfilter/mscodec.hxx>
@@ -54,6 +55,13 @@
#endif
#if HAVE_FEATURE_NSS
+
+#include <com/sun/star/xml/crypto/XDigestContext.hpp>
+#include <com/sun/star/xml/crypto/XDigestContextSupplier.hpp>
+#include <com/sun/star/xml/crypto/DigestID.hpp>
+#include <com/sun/star/xml/crypto/NSSInitializer.hpp>
+#include <mutex>
+
// Is this length truly the maximum possible, or just a number that
// seemed large enough when the author tested this (with some type of
// certificates)? I suspect the latter.
@@ -1962,15 +1970,34 @@ OUString GetSubjectName(PCCERT_CONTEXT pCertContext)
#endif
}
+#ifdef SVL_CRYPTO_NSS
+namespace
+{
+ void ensureNssInit()
+ {
+ // e.g. tdf#122599 ensure NSS library is initialized for NSS_CMSMessage_CreateFromDER
+ css::uno::Reference<css::xml::crypto::XNSSInitializer>
+ xNSSInitializer = css::xml::crypto::NSSInitializer::create(comphelper::getProcessComponentContext());
+
+ // this calls NSS_Init
+ css::uno::Reference<css::xml::crypto::XDigestContext> xDigestContext(
+ xNSSInitializer->getDigestContext(css::xml::crypto::DigestID::SHA256,
+ uno::Sequence<beans::NamedValue>()));
+ }
+}
+#endif
+
bool Signing::Verify(const std::vector<unsigned char>& aData,
const bool bNonDetached,
const std::vector<unsigned char>& aSignature,
SignatureInformation& rInformation)
{
#ifdef SVL_CRYPTO_NSS
- // Validate the signature. No need to call NSS_Init() here, assume that the
- // caller did that already.
+ // ensure NSS_Init() is called before using NSS_CMSMessage_CreateFromDER
+ static std::once_flag aInitOnce;
+ std::call_once(aInitOnce, ensureNssInit);
+ // Validate the signature.
SECItem aSignatureItem;
aSignatureItem.data = const_cast<unsigned char*>(aSignature.data());
aSignatureItem.len = aSignature.size();
diff --git a/sw/qa/core/data/odt/pass/tdf122599-1.odt b/sw/qa/core/data/odt/pass/tdf122599-1.odt
new file mode 100644
index 000000000000..4bbb2dfea00f
Binary files /dev/null and b/sw/qa/core/data/odt/pass/tdf122599-1.odt differ
More information about the Libreoffice-commits
mailing list