diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2019-04-18 17:29:57 +0100 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2019-04-19 10:15:28 +0200 |
| commit | d43cc00cf97fa1151560aa6fe0a3fef38e7507f6 (patch) | |
| tree | 91420a92a5b9fede263cd20de6ca2700ecbb34a4 /svl | |
| parent | vcl: Allow for rounding errors on Win32 in testAlphaVirtualDevice (diff) | |
| download | core-d43cc00cf97fa1151560aa6fe0a3fef38e7507f6.tar.gz core-d43cc00cf97fa1151560aa6fe0a3fef38e7507f6.zip | |
crashtesting: tdf#122599 NSS_CMSMessage_CreateFromDER asserts
because NSS_Init wasn't called first
Change-Id: Ib1b4c950dc2773af1fea7b64339b86566ee412e7
Reviewed-on: https://gerrit.libreoffice.org/70947
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'svl')
| -rw-r--r-- | svl/source/crypto/cryptosign.cxx | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx index 3f0d1019bba3..a6cdd6b2c396 100644 --- a/svl/source/crypto/cryptosign.cxx +++ b/svl/source/crypto/cryptosign.cxx @@ -18,8 +18,9 @@ #include <tools/datetime.hxx> #include <tools/stream.hxx> #include <comphelper/base64.hxx> -#include <comphelper/random.hxx> #include <comphelper/hash.hxx> +#include <comphelper/processfactory.hxx> +#include <comphelper/random.hxx> #include <com/sun/star/security/XCertificate.hpp> #include <com/sun/star/uno/Sequence.hxx> #include <filter/msfilter/mscodec.hxx> @@ -54,6 +55,13 @@ #endif #if HAVE_FEATURE_NSS + +#include <com/sun/star/xml/crypto/XDigestContext.hpp> +#include <com/sun/star/xml/crypto/XDigestContextSupplier.hpp> +#include <com/sun/star/xml/crypto/DigestID.hpp> +#include <com/sun/star/xml/crypto/NSSInitializer.hpp> +#include <mutex> + // Is this length truly the maximum possible, or just a number that // seemed large enough when the author tested this (with some type of // certificates)? I suspect the latter. @@ -1962,15 +1970,34 @@ OUString GetSubjectName(PCCERT_CONTEXT pCertContext) #endif } +#ifdef SVL_CRYPTO_NSS +namespace +{ + void ensureNssInit() + { + // e.g. tdf#122599 ensure NSS library is initialized for NSS_CMSMessage_CreateFromDER + css::uno::Reference<css::xml::crypto::XNSSInitializer> + xNSSInitializer = css::xml::crypto::NSSInitializer::create(comphelper::getProcessComponentContext()); + + // this calls NSS_Init + css::uno::Reference<css::xml::crypto::XDigestContext> xDigestContext( + xNSSInitializer->getDigestContext(css::xml::crypto::DigestID::SHA256, + uno::Sequence<beans::NamedValue>())); + } +} +#endif + bool Signing::Verify(const std::vector<unsigned char>& aData, const bool bNonDetached, const std::vector<unsigned char>& aSignature, SignatureInformation& rInformation) { #ifdef SVL_CRYPTO_NSS - // Validate the signature. No need to call NSS_Init() here, assume that the - // caller did that already. + // ensure NSS_Init() is called before using NSS_CMSMessage_CreateFromDER + static std::once_flag aInitOnce; + std::call_once(aInitOnce, ensureNssInit); + // Validate the signature. SECItem aSignatureItem; aSignatureItem.data = const_cast<unsigned char*>(aSignature.data()); aSignatureItem.len = aSignature.size(); |