[Libreoffice-commits] core.git: config_host/config_crypto.h.in config_host/config_features.h.in configure.ac include/svl svl/Library_svl.mk svl/source vcl/source

Jan-Marek Glogowski (via logerrit) logerrit at kemper.freedesktop.org
Fri May 28 18:28:57 UTC 2021 

 config_host/config_crypto.h.in         |   36 ++++++++++++
 config_host/config_features.h.in       |    5 -
 configure.ac                           |   19 ++++++
 include/svl/cryptosign.hxx             |   15 +++++
 svl/Library_svl.mk                     |   11 ---
 svl/source/crypto/cryptosign.cxx       |   97 +++++++++++----------------------
 vcl/source/filter/ipdf/pdfdocument.cxx |    2 
 vcl/source/gdi/pdfwriter_impl.cxx      |   27 ---------
 8 files changed, 104 insertions(+), 108 deletions(-)

New commits:
commit 07556be594c77f9b7886ff31c2e1752f937cacd4
Author:     Jan-Marek Glogowski <glogow at fbihome.de>
AuthorDate: Fri May 28 13:52:37 2021 +0200
Commit:     Jan-Marek Glogowski <glogow at fbihome.de>
CommitDate: Fri May 28 20:28:17 2021 +0200

    Select svl crypto backend in configure.ac
    
    And define USE_CRYPTO_* macros to select it in code. This way we
    can get rid of all the HAVE_FEATURE_NSS and _WIN32 variations.
    
    This also reverts 1f6b98f21495f0ecc5ded493cb3273da03852191.
    
    Change-Id: I101e4ae2f49cdb127d59bd49a4f1c86304ca2238
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116338
    Tested-by: Jenkins
    Reviewed-by: Jan-Marek Glogowski <glogow at fbihome.de>

diff --git a/config_host/config_crypto.h.in b/config_host/config_crypto.h.in
new file mode 100644
index 000000000000..106485d55213
--- /dev/null
+++ b/config_host/config_crypto.h.in
@@ -0,0 +1,36 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#ifndef CONFIG_CRYPTO_H
+#define CONFIG_CRYPTO_H
+
+/*
+ * Whether NSS is available
+ */
+#define HAVE_FEATURE_NSS 0
+
+/*
+ * Use MS CAPI for crypto operations
+ */
+#define USE_CRYPTO_MSCAPI 0
+
+/*
+ * Use Mozilla for crypto operations
+ */
+#define USE_CRYPTO_NSS 0
+
+#if USE_CRYPTO_MSCAPI || USE_CRYPTO_NSS
+#define USE_CRYPTO_ANY 1
+#else
+#define USE_CRYPTO_ANY 0
+#endif
+
+#endif
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */
diff --git a/config_host/config_features.h.in b/config_host/config_features.h.in
index a4ecdd76af8b..c557a405ceb1 100644
--- a/config_host/config_features.h.in
+++ b/config_host/config_features.h.in
@@ -126,11 +126,6 @@
  */
 #define HAVE_FEATURE_PDFIMPORT 0
 
-/*
- * Whether NSS is available
- */
-#define HAVE_FEATURE_NSS 0
-
 /*
  * Whether poppler is available
  */
diff --git a/configure.ac b/configure.ac
index c4dc0c5545fe..7a1ef29ee9ff 100644
--- a/configure.ac
+++ b/configure.ac
@@ -804,6 +804,7 @@ dnl Sequential to keep the logic very simple
 dnl These values may be checked and reset later.
 dnl ===================================================================
 #defaults unless the os test overrides this:
+build_crypto=yes
 test_cmis=yes
 test_curl=yes
 test_randr=yes
@@ -962,6 +963,7 @@ darwin*|macos*) # macOS
 ;;
 
 ios*) # iOS
+    build_crypto=no
     test_cmis=no
     test_randr=no
     test_xrender=no
@@ -1071,6 +1073,7 @@ dragonfly*)
     ;;
 
 linux-android*)
+    build_crypto=no
     build_gstreamer_1_0=no
     enable_lotuswordpro=no
     enable_mpl_subset=yes
@@ -10290,7 +10293,6 @@ if test "$enable_fuzzers" != "yes" -a "$enable_nss" = "yes"; then
     libo_CHECK_SYSTEM_MODULE([nss],[NSS],[nss >= 3.9.3 nspr >= 4.8])
     AC_DEFINE(HAVE_FEATURE_NSS)
     ENABLE_NSS=TRUE
-    AC_DEFINE(ENABLE_NSS)
 elif test $_os != iOS ; then
     with_tls=openssl
 fi
@@ -10863,6 +10865,20 @@ else
 fi
 AC_SUBST([ENABLE_CIPHER_OPENSSL_BACKEND])
 
+dnl ===================================================================
+dnl Select the crypto backends used by LO
+dnl ===================================================================
+
+if test "$build_crypto" = yes; then
+    if test "$OS" = WNT; then
+        BUILD_TARGET="$BUILD_TARGET CRYPTO_MSCAPI"
+        AC_DEFINE([USE_CRYPTO_MSCAPI])
+    elif test "$ENABLE_NSS" = TRUE; then
+        BUILD_TARGET="$BUILD_TARGET CRYPTO_NSS"
+        AC_DEFINE([USE_CRYPTO_NSS])
+    fi
+fi
+
 dnl ===================================================================
 dnl Check for building gnutls
 dnl ===================================================================
@@ -14253,6 +14269,7 @@ AC_CONFIG_FILES([config_host.mk
 AC_CONFIG_HEADERS([config_host/config_buildid.h])
 AC_CONFIG_HEADERS([config_host/config_box2d.h])
 AC_CONFIG_HEADERS([config_host/config_clang.h])
+AC_CONFIG_HEADERS([config_host/config_crypto.h])
 AC_CONFIG_HEADERS([config_host/config_dconf.h])
 AC_CONFIG_HEADERS([config_host/config_eot.h])
 AC_CONFIG_HEADERS([config_host/config_extensions.h])
diff --git a/include/svl/cryptosign.hxx b/include/svl/cryptosign.hxx
index 4171807be89c..fbc6121ff49d 100644
--- a/include/svl/cryptosign.hxx
+++ b/include/svl/cryptosign.hxx
@@ -18,6 +18,21 @@
 
 #include <svl/svldllapi.h>
 
+// Is this length truly the maximum possible, or just a number that
+// seemed large enough when the author tested this (with some type of
+// certificates)? I suspect the latter.
+
+// Used to be 0x4000 = 16384, but a sample signed PDF (produced by
+// some other software) provided by the customer has a signature
+// content that is 30000 bytes. The SampleSignedPDFDocument.pdf from
+// Adobe has one that is 21942 bytes. So let's be careful. Pity this
+// can't be dynamic, at least not without restructuring the code. Also
+// note that the checks in the code for this being too small
+// apparently are broken, if this overflows you end up with an invalid
+// PDF. Need to fix that.
+
+#define MAX_SIGNATURE_CONTENT_LENGTH 50000
+
 namespace com::sun::star::security { class XCertificate; }
 class SvStream;
 struct SignatureInformation;
diff --git a/svl/Library_svl.mk b/svl/Library_svl.mk
index a4e41b6f9984..17d64fe971fd 100644
--- a/svl/Library_svl.mk
+++ b/svl/Library_svl.mk
@@ -97,20 +97,11 @@ $(eval $(call gb_Library_use_system_win32_libs,svl,\
     shlwapi \
 ))
 
-ifeq ($(OS),WNT)
-$(eval $(call gb_Library_use_system_win32_libs,svl,\
-    crypt32 \
-))
-else
-ifneq (,$(filter DESKTOP,$(BUILD_TYPE))$(filter ANDROID iOS,$(OS)))
-$(eval $(call gb_Library_add_defs,svl,\
-    -DSVL_CRYPTO_NSS \
-))
+ifneq (,$(filter CRYPTO_NSS,$(BUILD_TYPE)))
 $(eval $(call gb_Library_use_externals,svl,\
     nss3 \
     plc4 \
 ))
-endif # BUILD_TYPE=DESKTOP
 endif
 
 $(eval $(call gb_Library_add_exception_objects,svl,\
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index 61e9f6649cd9..6177dbb9d29c 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -9,7 +9,7 @@
 
 #include <svl/cryptosign.hxx>
 #include <svl/sigstruct.hxx>
-#include <config_features.h>
+#include <config_crypto.h>
 
 #include <rtl/character.hxx>
 #include <rtl/strbuf.hxx>
@@ -26,7 +26,7 @@
 #include <com/sun/star/uno/Sequence.hxx>
 #include <o3tl/char16_t2wchar_t.hxx>
 
-#if HAVE_FEATURE_NSS && !defined(_WIN32)
+#if USE_CRYPTO_NSS
 // NSS headers for PDF signing
 #include <cert.h>
 #include <hasht.h>
@@ -37,9 +37,13 @@
 
 // We use curl for RFC3161 time stamp requests
 #include <curl/curl.h>
+
+#include <com/sun/star/xml/crypto/DigestID.hpp>
+#include <com/sun/star/xml/crypto/NSSInitializer.hpp>
+#include <mutex>
 #endif
 
-#ifdef _WIN32
+#if USE_CRYPTO_MSCAPI
 // WinCrypt headers for PDF signing
 // Note: this uses Windows 7 APIs and requires the relevant data types
 #include <prewin.h>
@@ -48,33 +52,11 @@
 #include <comphelper/windowserrorstring.hxx>
 #endif
 
-#if HAVE_FEATURE_NSS
-
-#include <com/sun/star/xml/crypto/DigestID.hpp>
-#include <com/sun/star/xml/crypto/NSSInitializer.hpp>
-#include <mutex>
-
-// Is this length truly the maximum possible, or just a number that
-// seemed large enough when the author tested this (with some type of
-// certificates)? I suspect the latter.
-
-// Used to be 0x4000 = 16384, but a sample signed PDF (produced by
-// some other software) provided by the customer has a signature
-// content that is 30000 bytes. The SampleSignedPDFDocument.pdf from
-// Adobe has one that is 21942 bytes. So let's be careful. Pity this
-// can't be dynamic, at least not without restructuring the code. Also
-// note that the checks in the code for this being too small
-// apparently are broken, if this overflows you end up with an invalid
-// PDF. Need to fix that.
-
-#define MAX_SIGNATURE_CONTENT_LENGTH 50000
-#endif
-
 using namespace com::sun::star;
 
 namespace {
 
-#if HAVE_FEATURE_NSS
+#if USE_CRYPTO_ANY
 void appendHex( sal_Int8 nInt, OStringBuffer& rBuffer )
 {
     static const char pHexDigits[] = { '0', '1', '2', '3', '4', '5', '6', '7',
@@ -82,10 +64,9 @@ void appendHex( sal_Int8 nInt, OStringBuffer& rBuffer )
     rBuffer.append( pHexDigits[ (nInt >> 4) & 15 ] );
     rBuffer.append( pHexDigits[ nInt & 15 ] );
 }
-#endif // HAVE_FEATURE_NSS
-
-#if HAVE_FEATURE_NSS && !defined(_WIN32)
+#endif
 
+#if USE_CRYPTO_NSS
 char *PDFSigningPKCS7PasswordCallback(PK11SlotInfo * /*slot*/, PRBool /*retry*/, void *arg)
 {
     return PL_strdup(static_cast<char *>(arg));
@@ -701,13 +682,7 @@ NSSCMSMessage *CreateCMSMessage(const PRTime* time,
     return result;
 }
 
-#endif // HAVE_FEATURE_NSS && !_WIN32
-
-} // Anonymous namespace
-
-#ifdef _WIN32
-namespace
-{
+#elif USE_CRYPTO_MSCAPI // ends USE_CRYPTO_NSS
 
 /// Counts how many bytes are needed to encode a given length.
 size_t GetDERLengthOfLength(size_t nLength)
@@ -876,8 +851,9 @@ bool CreateSigningCertificateAttribute(void const * pDerEncoded, int nDerEncoded
 
     return true;
 }
+#endif // USE_CRYPTO_MSCAPI
+
 } // anonymous namespace
-#endif //_WIN32
 
 namespace svl::crypto {
 
@@ -929,11 +905,12 @@ std::vector<unsigned char> DecodeHexString(const OString& rHex)
     return aRet;
 }
 
-
-#if defined(SVL_CRYPTO_NSS) || defined(_WIN32)
-
 bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
 {
+#if !USE_CRYPTO_ANY
+    (void)rCMSHexBuffer;
+    return false;
+#else
     // Create the PKCS#7 object.
     css::uno::Sequence<sal_Int8> aDerEncoded = m_xCertificate->getEncoded();
     if (!aDerEncoded.hasElements())
@@ -942,8 +919,7 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
         return false;
     }
 
-#ifndef _WIN32
-
+#if USE_CRYPTO_NSS
     CERTCertificate *cert = CERT_DecodeCertFromPackage(reinterpret_cast<char *>(aDerEncoded.getArray()), aDerEncoded.getLength());
 
     if (!cert)
@@ -1334,7 +1310,8 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
 
     return true;
 
-#else // _WIN32
+#elif USE_CRYPTO_MSCAPI // ends USE_CRYPTO_NSS
+
     PCCERT_CONTEXT pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, reinterpret_cast<const BYTE*>(aDerEncoded.getArray()), aDerEncoded.getLength());
     if (pCertContext == nullptr)
     {
@@ -1633,19 +1610,13 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
         appendHex(pSig[i], rCMSHexBuffer);
 
     return true;
-#endif
+#endif // USE_CRYPTO_MSCAPI
+#endif // USE_CRYPTO_ANY
 }
-#else
-bool Signing::Sign(OStringBuffer&)
-{
-    return false;
-}
-#endif //!SVL_CRYPTO_NSS && !_WIN32
-
 
 namespace
 {
-#ifdef SVL_CRYPTO_NSS
+#if USE_CRYPTO_NSS
 /// Similar to NSS_CMSAttributeArray_FindAttrByOidTag(), but works directly with a SECOidData.
 NSSCMSAttribute* CMSAttributeArray_FindAttrByOidData(NSSCMSAttribute** attrs, SECOidData const * oid, PRBool only)
 {
@@ -1796,7 +1767,9 @@ bad_data:
     }
     return rv;
 }
-#elif defined _WIN32
+
+#elif USE_CRYPTO_MSCAPI // ends USE_CRYPTO_NSS
+
 /// Verifies a non-detached signature using CryptoAPI.
 bool VerifyNonDetachedSignature(const std::vector<unsigned char>& aData, const std::vector<BYTE>& rExpectedHash)
 {
@@ -1885,13 +1858,9 @@ OUString GetSubjectName(PCCERT_CONTEXT pCertContext)
 
     return subjectName;
 }
+#endif // USE_CRYPTO_MSCAPI
 
-#endif
-}
-
-#ifdef SVL_CRYPTO_NSS
-namespace
-{
+#if USE_CRYPTO_NSS
     void ensureNssInit()
     {
         // e.g. tdf#122599 ensure NSS library is initialized for NSS_CMSMessage_CreateFromDER
@@ -1902,15 +1871,15 @@ namespace
         xNSSInitializer->getDigestContext(css::xml::crypto::DigestID::SHA256,
                                           uno::Sequence<beans::NamedValue>());
     }
-}
 #endif
+} // anonymous namespace
 
 bool Signing::Verify(const std::vector<unsigned char>& aData,
                      const bool bNonDetached,
                      const std::vector<unsigned char>& aSignature,
                      SignatureInformation& rInformation)
 {
-#ifdef SVL_CRYPTO_NSS
+#if USE_CRYPTO_NSS
     // ensure NSS_Init() is called before using NSS_CMSMessage_CreateFromDER
     static std::once_flag aInitOnce;
     std::call_once(aInitOnce, ensureNssInit);
@@ -2113,7 +2082,8 @@ bool Signing::Verify(const std::vector<unsigned char>& aData,
 
     return true;
 
-#elif defined _WIN32
+#elif USE_CRYPTO_MSCAPI // ends USE_CRYPTO_NSS
+
     // Open a message for decoding.
     HCRYPTMSG hMsg = CryptMsgOpenToDecode(PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
                                           CMSG_DETACHED_FLAG,
@@ -2344,8 +2314,7 @@ bool Signing::Verify(SvStream& rStream,
                      const std::vector<unsigned char>& aSignature,
                      SignatureInformation& rInformation)
 {
-#if defined(SVL_CRYPTO_NSS) || defined(_WIN32)
-
+#if USE_CRYPTO_ANY
     std::vector<unsigned char> buffer;
 
     // Copy the byte ranges into a single buffer.
diff --git a/vcl/source/filter/ipdf/pdfdocument.cxx b/vcl/source/filter/ipdf/pdfdocument.cxx
index c3f46c339467..e8bca353133d 100644
--- a/vcl/source/filter/ipdf/pdfdocument.cxx
+++ b/vcl/source/filter/ipdf/pdfdocument.cxx
@@ -34,8 +34,6 @@ using namespace com::sun::star;
 
 namespace vcl::filter
 {
-const int MAX_SIGNATURE_CONTENT_LENGTH = 50000;
-
 XRefEntry::XRefEntry() = default;
 
 PDFDocument::PDFDocument() = default;
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index 3fa3a10d31a0..5ca3dfd4cf25 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -17,7 +17,7 @@
  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
  */
 
-#include <config_features.h>
+#include <config_crypto.h>
 
 #include <sal/types.h>
 
@@ -81,14 +81,6 @@
 
 #include "pdfwriter_impl.hxx"
 
-#ifdef _WIN32
-// WinCrypt headers for PDF signing
-// Note: this uses Windows 7 APIs and requires the relevant data types
-#include <prewin.h>
-#include <wincrypt.h>
-#include <postwin.h>
-#endif
-
 #include <config_eot.h>
 
 #if ENABLE_EOT
@@ -99,23 +91,6 @@ using namespace::com::sun::star;
 
 static bool g_bDebugDisableCompression = getenv("VCL_DEBUG_DISABLE_PDFCOMPRESSION");
 
-#if HAVE_FEATURE_NSS
-// Is this length truly the maximum possible, or just a number that
-// seemed large enough when the author tested this (with some type of
-// certificates)? I suspect the latter.
-
-// Used to be 0x4000 = 16384, but a sample signed PDF (produced by
-// some other software) provided by the customer has a signature
-// content that is 30000 bytes. The SampleSignedPDFDocument.pdf from
-// Adobe has one that is 21942 bytes. So let's be careful. Pity this
-// can't be dynamic, at least not without restructuring the code. Also
-// note that the checks in the code for this being too small
-// apparently are broken, if this overflows you end up with an invalid
-// PDF. Need to fix that.
-
-#define MAX_SIGNATURE_CONTENT_LENGTH 50000
-#endif
-
 namespace
 {

More information about the Libreoffice-commits mailing list