https://bugs.documentfoundation.org/show_bug.cgi?id=99327
--- Comment #10 from Daniel Miranda <daniel_a_mira...@yahoo.com.br> ---
Hi, I am seeing the same problem here and the culprit seems to be this line in
LibreOffice's source code:
https://cgit.freedesktop.org/libreoffice/core/tree/vcl/source/gdi/pdfwriter_impl.cxx#n7188
The following line:
aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_RSA_SHA1RSA);
Should probably read:
aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_OIWSEC_sha1);
I have traced that path from the pdfexport.cxx code, which creates an aContext
structure and creates a pPDFWriter object at:
https://cgit.freedesktop.org/libreoffice/core/tree/filter/source/pdf/pdfexport.cxx#n787
The implementation of the code that does the actual signing is in
pdfwriter_impl.cxx and creates the aSignerInfo structure of type
CMSG_SIGNER_ENCODE_INFO, documented in
https://msdn.microsoft.com/pt-br/library/aa925156.aspx
The specific field that is set is aSignerInfo.HashAlgorithm.pszObjId, which is
documented at:
https://msdn.microsoft.com/pt-br/library/office/aa381133.aspx.
The value currently in the code is:
szOID_RSA_SHA1RSA
"1.2.840.113549.1.1.5"
which is NOT a digest algorithm, but an encryption and signing algorithn.
The likely value for that should be:
szOID_OIWSEC_sha1
"1.3.14.3.2.26"
Or, while we are at that, upgrade the algorithm to a more modern one not
relying on sha1. It should have minor performance impact:
szOID_NIST_sha256
"2.16.840.1.101.3.4.2.1"
or
szOID_NIST_sha512
"2.16.840.1.101.3.4.2.3"
Other parts of the file should also be updated:
https://cgit.freedesktop.org/libreoffice/core/tree/vcl/source/gdi/pdfwriter_impl.cxx#n7159
(although it seems the aPara structure is not actually being used anywhere
else)
CAVEAT:
1. I am not familiar with LibreOffice's codebase, please check if these two
lines are really all it takes.
2. The digest algorithm upgrade seems to be a bit more complex than a fix for
this bug, it requires changes in other parts of the file. Nonetheless, I think
this is a wonderful time to do it, since sha1 is showing it's age. Bruce
Scheiner blogged in 2005 - 11 years ago - that it was no longer safe even then.
See https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs