crashtesting: tdf#122599 NSS_CMSMessage_CreateFromDER asserts
because NSS_Init wasn't called first
Change-Id: Ib1b4c950dc2773af1fea7b64339b86566ee412e7
Reviewed-on: https://gerrit.libreoffice.org/70949
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Tested-by: Jenkins
diff --git a/svl/Library_svl.mk b/svl/Library_svl.mk
index aacbb27..2103a14 100644
--- a/svl/Library_svl.mk
+++ b/svl/Library_svl.mk
@@ -111,6 +111,11 @@ $(eval $(call gb_Library_use_externals,svl,\
nss3 \
plc4 \
))
ifeq ($(OS),LINUX)
$(eval $(call gb_Library_add_libs,svl, \
-lpthread \
))
endif
endif # BUILD_TYPE=DESKTOP
endif
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index 9f18e53..617c926 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -18,8 +18,9 @@
#include <tools/datetime.hxx>
#include <tools/stream.hxx>
#include <comphelper/base64.hxx>
#include <comphelper/random.hxx>
#include <comphelper/hash.hxx>
#include <comphelper/processfactory.hxx>
#include <comphelper/random.hxx>
#include <com/sun/star/security/XCertificate.hpp>
#include <com/sun/star/uno/Sequence.hxx>
#include <filter/msfilter/mscodec.hxx>
@@ -54,6 +55,13 @@
#endif
#if HAVE_FEATURE_NSS
#include <com/sun/star/xml/crypto/XDigestContext.hpp>
#include <com/sun/star/xml/crypto/XDigestContextSupplier.hpp>
#include <com/sun/star/xml/crypto/DigestID.hpp>
#include <com/sun/star/xml/crypto/NSSInitializer.hpp>
#include <mutex>
// Is this length truly the maximum possible, or just a number that
// seemed large enough when the author tested this (with some type of
// certificates)? I suspect the latter.
@@ -1962,15 +1970,34 @@ OUString GetSubjectName(PCCERT_CONTEXT pCertContext)
#endif
}
#ifdef SVL_CRYPTO_NSS
namespace
{
void ensureNssInit()
{
// e.g. tdf#122599 ensure NSS library is initialized for NSS_CMSMessage_CreateFromDER
css::uno::Reference<css::xml::crypto::XNSSInitializer>
xNSSInitializer = css::xml::crypto::NSSInitializer::create(comphelper::getProcessComponentContext());
// this calls NSS_Init
css::uno::Reference<css::xml::crypto::XDigestContext> xDigestContext(
xNSSInitializer->getDigestContext(css::xml::crypto::DigestID::SHA256,
uno::Sequence<beans::NamedValue>()));
}
}
#endif
bool Signing::Verify(const std::vector<unsigned char>& aData,
const bool bNonDetached,
const std::vector<unsigned char>& aSignature,
SignatureInformation& rInformation)
{
#ifdef SVL_CRYPTO_NSS
// Validate the signature. No need to call NSS_Init() here, assume that the
// caller did that already.
// ensure NSS_Init() is called before using NSS_CMSMessage_CreateFromDER
static std::once_flag aInitOnce;
std::call_once(aInitOnce, ensureNssInit);
// Validate the signature.
SECItem aSignatureItem;
aSignatureItem.data = const_cast<unsigned char*>(aSignature.data());
aSignatureItem.len = aSignature.size();
diff --git a/sw/qa/core/data/odt/pass/tdf122599-1.odt b/sw/qa/core/data/odt/pass/tdf122599-1.odt
new file mode 100644
index 0000000..4bbb2df
--- /dev/null
+++ b/sw/qa/core/data/odt/pass/tdf122599-1.odt
Binary files differ
