diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2019-04-18 17:29:57 +0100 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2019-04-23 15:34:53 +0200 |
| commit | 790bdd69926cf53359b35a105c3e9e1f61314aa7 (patch) | |
| tree | 0f079c14a437ad905a9a89dccf362ca603b8cc61 /svl | |
| parent | 6de6f97e775d0c9426b51471d742ab5dd461b9df (diff) | |
crashtesting: tdf#122599 NSS_CMSMessage_CreateFromDER asserts
because NSS_Init wasn't called first
Change-Id: Ib1b4c950dc2773af1fea7b64339b86566ee412e7
Reviewed-on: https://gerrit.libreoffice.org/70949
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Tested-by: Jenkins
Diffstat (limited to 'svl')
| -rw-r--r-- | svl/Library_svl.mk | 5 | ||||
| -rw-r--r-- | svl/source/crypto/cryptosign.cxx | 33 |
2 files changed, 35 insertions, 3 deletions
diff --git a/svl/Library_svl.mk b/svl/Library_svl.mk index aacbb273d87c..2103a1483a45 100644 --- a/svl/Library_svl.mk +++ b/svl/Library_svl.mk @@ -111,6 +111,11 @@ $(eval $(call gb_Library_use_externals,svl,\ nss3 \ plc4 \ )) +ifeq ($(OS),LINUX) +$(eval $(call gb_Library_add_libs,svl, \ + -lpthread \ +)) +endif endif # BUILD_TYPE=DESKTOP endif diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx index 9f18e53a3eca..617c926201fa 100644 --- a/svl/source/crypto/cryptosign.cxx +++ b/svl/source/crypto/cryptosign.cxx @@ -18,8 +18,9 @@ #include <tools/datetime.hxx> #include <tools/stream.hxx> #include <comphelper/base64.hxx> -#include <comphelper/random.hxx> #include <comphelper/hash.hxx> +#include <comphelper/processfactory.hxx> +#include <comphelper/random.hxx> #include <com/sun/star/security/XCertificate.hpp> #include <com/sun/star/uno/Sequence.hxx> #include <filter/msfilter/mscodec.hxx> @@ -54,6 +55,13 @@ #endif #if HAVE_FEATURE_NSS + +#include <com/sun/star/xml/crypto/XDigestContext.hpp> +#include <com/sun/star/xml/crypto/XDigestContextSupplier.hpp> +#include <com/sun/star/xml/crypto/DigestID.hpp> +#include <com/sun/star/xml/crypto/NSSInitializer.hpp> +#include <mutex> + // Is this length truly the maximum possible, or just a number that // seemed large enough when the author tested this (with some type of // certificates)? I suspect the latter. @@ -1962,15 +1970,34 @@ OUString GetSubjectName(PCCERT_CONTEXT pCertContext) #endif } +#ifdef SVL_CRYPTO_NSS +namespace +{ + void ensureNssInit() + { + // e.g. tdf#122599 ensure NSS library is initialized for NSS_CMSMessage_CreateFromDER + css::uno::Reference<css::xml::crypto::XNSSInitializer> + xNSSInitializer = css::xml::crypto::NSSInitializer::create(comphelper::getProcessComponentContext()); + + // this calls NSS_Init + css::uno::Reference<css::xml::crypto::XDigestContext> xDigestContext( + xNSSInitializer->getDigestContext(css::xml::crypto::DigestID::SHA256, + uno::Sequence<beans::NamedValue>())); + } +} +#endif + bool Signing::Verify(const std::vector<unsigned char>& aData, const bool bNonDetached, const std::vector<unsigned char>& aSignature, SignatureInformation& rInformation) { #ifdef SVL_CRYPTO_NSS - // Validate the signature. No need to call NSS_Init() here, assume that the - // caller did that already. + // ensure NSS_Init() is called before using NSS_CMSMessage_CreateFromDER + static std::once_flag aInitOnce; + std::call_once(aInitOnce, ensureNssInit); + // Validate the signature. SECItem aSignatureItem; aSignatureItem.data = const_cast<unsigned char*>(aSignature.data()); aSignatureItem.len = aSignature.size(); |