diff options
| author | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-11-28 15:38:39 +0100 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-11-28 18:21:06 +0000 |
| commit | fd3db1cf77c86cd787f912b7bb2ba3ad894203f3 (patch) | |
| tree | ab8bcf0093a724d522b8c6acc7c08a3028d7a23b /xmlsecurity | |
| parent | 83288089d5efd2cd1d5c76b05a4ba3f782641e88 (diff) | |
CppunitTest_xmlsecurity_signing: fix this on Windows with non-empty cert store
The NSS code earlier started to save the hash algo ID of the signature
into the signature structure and I also added a unit test for this. This
failed on Windows when the system had at least one signing certificate
installed, as the mscrypto part of the patch was missing.
Change-Id: Ib09e9e53292b5beb011c96ecf6f51a5ee10c15b0
Reviewed-on: https://gerrit.libreoffice.org/31323
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
Diffstat (limited to 'xmlsecurity')
| -rw-r--r-- | xmlsecurity/source/pdfio/pdfdocument.cxx | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx index 29b4a026cf2b..aeea58d48267 100644 --- a/xmlsecurity/source/pdfio/pdfdocument.cxx +++ b/xmlsecurity/source/pdfio/pdfdocument.cxx @@ -2315,6 +2315,28 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat return false; } + // Get the CRYPT_ALGORITHM_IDENTIFIER from the message. + DWORD nDigestID = 0; + if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_HASH_ALGORITHM_PARAM, 0, nullptr, &nDigestID)) + { + SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: CryptMsgGetParam() failed: " << WindowsErrorString(GetLastError())); + return false; + } + std::unique_ptr<BYTE[]> pDigestBytes(new BYTE[nDigestID]); + if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_HASH_ALGORITHM_PARAM, 0, pDigestBytes.get(), &nDigestID)) + { + SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: CryptMsgGetParam() failed: " << WindowsErrorString(GetLastError())); + return false; + } + auto pDigestID = reinterpret_cast<CRYPT_ALGORITHM_IDENTIFIER*>(pDigestBytes.get()); + if (OString(szOID_NIST_sha256) == pDigestID->pszObjId) + rInformation.nDigestID = xml::crypto::DigestID::SHA256; + else if (OString(szOID_RSA_SHA1RSA) == pDigestID->pszObjId) + rInformation.nDigestID = xml::crypto::DigestID::SHA1; + else + // Don't error out here, we can still verify the message digest correctly, just the digest ID won't be set. + SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: unhandled algorithm identifier '"<<pDigestID->pszObjId<<"'"); + // Get the signer CERT_INFO from the message. DWORD nSignerCertInfo = 0; if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_CERT_INFO_PARAM, 0, nullptr, &nSignerCertInfo)) |