diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2024-12-17 13:41:33 +0100 |
|---|---|---|
| committer | Michael Stahl <michael.stahl@allotropia.de> | 2024-12-17 13:41:33 +0100 |
| commit | a7b7b00b78426bff8607c77106ea62dd213f0821 (patch) | |
| tree | f925c472e333008f45e711ebdcf87238cdcbf729 | |
| parent | 5f5e8da5d0cdf293f590e161d53ef59e0ef2988d (diff) | |
xmlsecurity: fix tests to run with system NSS on Fedora 40
distro/allotropia/zeta-24-2
testDropMacroTemplateSignature fails printing this:
warn:xmlsecurity.xmlsec:3511616:3511616:xmlsecurity/source/xmlsec/errorcallback.cxx:53: signatures.c:599: xmlSecNssSignatureSetKey() 'rsa-sha1' 'VFY_CreateContext' 4 'NSS error: -8011'
because policy sets NSS_RSA_MIN_KEY_SIZE to 2048.
testPDFGood fails printing this:
warn:svl.crypto:3587940:3587940:svl/source/crypto/cryptosign.cxx:1941: ValidateSignature: message is not signed
warn:xmlsecurity.helper:3587940:3587940:xmlsecurity/source/helper/pdfsignaturehelper.cxx:482: failed to determine digest match
because enabling SEC_OID_SHA1 for NSS_USE_ALG_IN_ANY_SIGNATURE doesn't
enable it for SMIME signatures, so smime_allowed_by_policy() fails -
obviously one has to use NSS_USE_ALG_IN_SIGNATURE to enable it in any
signature.
Change-Id: I59ffaf0994eee6b51362fd3296f61465d0fc7903
| -rw-r--r-- | xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 5 | ||||
| -rw-r--r-- | xmlsecurity/qa/unit/signing/signing.cxx | 5 |
2 files changed, 8 insertions, 2 deletions
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx index 46981b250a6f..6786d73ee986 100644 --- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx +++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx @@ -13,6 +13,7 @@ #if USE_CRYPTO_NSS #include <secoid.h> +#include <nss.h> #endif #include <string_view> @@ -80,7 +81,9 @@ void PDFSigningTest::setUp() #ifdef NSS_USE_ALG_IN_ANY_SIGNATURE // policy may disallow using SHA1 for signatures but unit test documents // have such existing signatures (call this after createSecurityContext!) - NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0); + NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SIGNATURE, 0); + // the minimum is 2048 in Fedora 40 + NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 1024); #endif #endif } diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx index caae317f6d5b..8518a50d59f8 100644 --- a/xmlsecurity/qa/unit/signing/signing.cxx +++ b/xmlsecurity/qa/unit/signing/signing.cxx @@ -15,6 +15,7 @@ #if USE_CRYPTO_NSS #include <secoid.h> +#include <nss.h> #endif #include <test/unoapixml_test.hxx> @@ -104,7 +105,9 @@ void SigningTest::setUp() #ifdef NSS_USE_ALG_IN_ANY_SIGNATURE // policy may disallow using SHA1 for signatures but unit test documents // have such existing signatures (call this after createSecurityContext!) - NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0); + NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SIGNATURE, 0); + // the minimum is 2048 in Fedora 40 + NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 1024); #endif #endif } |