store/source/storbase.hxx | 1
svl/source/crypto/cryptosign.cxx | 54 ++++++++++++++------------
vcl/qa/cppunit/pdfexport/pdfexport.cxx | 28 +++++++++++--
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 5 +-
xmlsecurity/qa/unit/signing/signing.cxx | 5 +-
5 files changed, 63 insertions(+), 30 deletions(-)
New commits:
commit 33a4c667148490491e1c0bcc29e1a8aece56ed18
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Dec 17 13:41:33 2024 +0100
Commit: Michael Stahl <michael.st...@collabora.com>
CommitDate: Wed Jun 25 19:38:35 2025 +0200
xmlsecurity: fix tests to run with system NSS on Fedora 40
testDropMacroTemplateSignature fails printing this:
warn:xmlsecurity.xmlsec:3511616:3511616:xmlsecurity/source/xmlsec/errorcallback.cxx:53:
signatures.c:599: xmlSecNssSignatureSetKey() 'rsa-sha1' 'VFY_CreateContext' 4
'NSS error: -8011'
because policy sets NSS_RSA_MIN_KEY_SIZE to 2048.
testPDFGood fails printing this:
warn:svl.crypto:3587940:3587940:svl/source/crypto/cryptosign.cxx:1941:
ValidateSignature: message is not signed
warn:xmlsecurity.helper:3587940:3587940:xmlsecurity/source/helper/pdfsignaturehelper.cxx:482:
failed to determine digest match
because enabling SEC_OID_SHA1 for NSS_USE_ALG_IN_ANY_SIGNATURE doesn't
enable it for SMIME signatures, so smime_allowed_by_policy() fails -
obviously one has to use NSS_USE_ALG_IN_SIGNATURE to enable it in any
signature.
Change-Id: I59ffaf0994eee6b51362fd3296f61465d0fc7903
(cherry picked from commit a7b7b00b78426bff8607c77106ea62dd213f0821)
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index c4c5dcf077b3..2fb5100c3a4f 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -13,6 +13,7 @@
#if USE_CRYPTO_NSS
#include <secoid.h>
+#include <nss.h>
#endif
#include <string_view>
@@ -81,7 +82,9 @@ void PDFSigningTest::setUp()
#ifdef NSS_USE_ALG_IN_ANY_SIGNATURE
// policy may disallow using SHA1 for signatures but unit test documents
// have such existing signatures (call this after createSecurityContext!)
- NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
+ NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SIGNATURE, 0);
+ // the minimum is 2048 in Fedora 40
+ NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 1024);
#endif
#endif
}
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx
b/xmlsecurity/qa/unit/signing/signing.cxx
index bb7e050a3886..1286a0bff8b5 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -15,6 +15,7 @@
#if USE_CRYPTO_NSS
#include <secoid.h>
+#include <nss.h>
#endif
#include <test/unoapixml_test.hxx>
@@ -101,7 +102,9 @@ void SigningTest::setUp()
#ifdef NSS_USE_ALG_IN_ANY_SIGNATURE
// policy may disallow using SHA1 for signatures but unit test documents
// have such existing signatures (call this after createSecurityContext!)
- NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
+ NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SIGNATURE, 0);
+ // the minimum is 2048 in Fedora 40
+ NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 1024);
#endif
#endif
}
commit 3646455712dc339580ab29d957c4b69d790e57ea
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Aug 27 15:52:27 2024 +0200
Commit: Michael Stahl <michael.st...@collabora.com>
CommitDate: Wed Jun 25 19:29:39 2025 +0200
vcl: fix testMultiPagePDF with zlib-ng
After upgrading to Fedora 40, which replaced zlib with zlib-ng, this
test fails on different compressed stream sizes, but the uncompressed
content of the stream is the same as before (only checked first one).
vcl/qa/cppunit/pdfexport/pdfexport2.cxx:808:(anonymous
namespace)::testMultiPagePDF::TestBody
equality assertion failed
- Expected: 230
- Actual : 228
Change-Id: I27a6d4ac47691258793e18442fb1b59ac1b581c1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172471
Reviewed-by: David Gilbert <freedesk...@treblig.org>
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit ffcd44ce7c109ca6daf9b9a339609af92f163ecf)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172492
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 36f7a3ca8cb8df257134e69c588657ed6fac2074)
diff --git a/vcl/qa/cppunit/pdfexport/pdfexport.cxx
b/vcl/qa/cppunit/pdfexport/pdfexport.cxx
index 483910dcf07f..e605c86ee966 100644
--- a/vcl/qa/cppunit/pdfexport/pdfexport.cxx
+++ b/vcl/qa/cppunit/pdfexport/pdfexport.cxx
@@ -4013,8 +4013,14 @@ CPPUNIT_TEST_FIXTURE(PdfExportTest, testMultiPagePDF)
SvMemoryStream& rObjectStream = pStream->GetMemory();
rObjectStream.Seek(STREAM_SEEK_TO_BEGIN);
+ SvMemoryStream aUncompressed;
+ ZCodec aZCodec;
+ aZCodec.BeginCompression();
+ aZCodec.Decompress(rObjectStream, aUncompressed);
+ CPPUNIT_ASSERT(aZCodec.EndCompression());
+
// Just check that the size of the page stream is what is expected.
- CPPUNIT_ASSERT_EQUAL(sal_uInt64(230), rObjectStream.remainingSize());
+ CPPUNIT_ASSERT_EQUAL(sal_uInt64(1236), aUncompressed.Tell());
}
{ // embedded PDF page 2
@@ -4041,8 +4047,14 @@ CPPUNIT_TEST_FIXTURE(PdfExportTest, testMultiPagePDF)
SvMemoryStream& rObjectStream = pStream->GetMemory();
rObjectStream.Seek(STREAM_SEEK_TO_BEGIN);
- // Just check that the size of the page stream is what is expected
- CPPUNIT_ASSERT_EQUAL(sal_uInt64(309), rObjectStream.remainingSize());
+ SvMemoryStream aUncompressed;
+ ZCodec aZCodec;
+ aZCodec.BeginCompression();
+ aZCodec.Decompress(rObjectStream, aUncompressed);
+ CPPUNIT_ASSERT(aZCodec.EndCompression());
+
+ // Just check that the size of the page stream is what is expected.
+ CPPUNIT_ASSERT_EQUAL(sal_uInt64(3911), aUncompressed.Tell());
}
{ // embedded PDF page 3
@@ -4069,8 +4081,14 @@ CPPUNIT_TEST_FIXTURE(PdfExportTest, testMultiPagePDF)
SvMemoryStream& rObjectStream = pStream->GetMemory();
rObjectStream.Seek(STREAM_SEEK_TO_BEGIN);
- // Just check that the size of the page stream is what is expected
- CPPUNIT_ASSERT_EQUAL(sal_uInt64(193), rObjectStream.remainingSize());
+ SvMemoryStream aUncompressed;
+ ZCodec aZCodec;
+ aZCodec.BeginCompression();
+ aZCodec.Decompress(rObjectStream, aUncompressed);
+ CPPUNIT_ASSERT(aZCodec.EndCompression());
+
+ // Just check that the size of the page stream is what is expected.
+ CPPUNIT_ASSERT_EQUAL(sal_uInt64(373), aUncompressed.Tell());
}
#endif
}
commit 435b8ccd0f303a16d9fd8e2935c104c6b28d9699
Author: Juraj Šarinay <ju...@sarinay.com>
AuthorDate: Thu Mar 6 16:44:01 2025 +0100
Commit: Michael Stahl <michael.st...@collabora.com>
CommitDate: Wed Jun 25 19:20:24 2025 +0200
Improve adbe.pkcs7.sha1 signature verification
For PDF signatures with SubFilter == adbe.pkcs7.sha1, we only
compared hash values and never actually checked SignatureValue
within SignerInfo.
Fix bugs introduced by 055fd58711d57af4d96214aebd71b713303d5527 and
e58ed17e35989350afe3e9fd77b24515df782eac by verifying the actual
(public-key) signature after the hash values compare equal.
Change-Id: I5fa3d60df214cc5efedd1c0eba6cf1b9faf05360
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/183059
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
Tested-by: Jenkins
(cherry picked from commit 9f687b06fc25156a2a3f4d688b56542612995aa9)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/183079
Tested-by: Xisco Fauli <xiscofa...@libreoffice.org>
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit d4158cb720099c7554a8ae26a7998faeae0500f9)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/183684
Tested-by: allotropia jenkins <jenk...@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit 06860da8529de61aab6df216bf4a3c68f6766380)
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index 378a62f1ea56..89806b232a65 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -2096,23 +2096,30 @@ bool Signing::Verify(const std::vector<unsigned char>&
aData,
if (pAttribute)
rInformation.bHasSigningCertificate = true;
+ SECItem aSignedDigestItem {siBuffer, nullptr, 0};
+
SECItem* pContentInfoContentData =
pCMSSignedData->contentInfo.content.data;
if (bNonDetached && pContentInfoContentData &&
pContentInfoContentData->data)
{
// Not a detached signature.
- if (!std::memcmp(pActualResultBuffer, pContentInfoContentData->data,
nMaxResultLen) && nActualResultLen == pContentInfoContentData->len)
- rInformation.nStatus =
xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
+ if (nActualResultLen == pContentInfoContentData->len &&
+ !std::memcmp(pActualResultBuffer, pContentInfoContentData->data,
nMaxResultLen) &&
+ HASH_HashBuf(eHashType, pActualResultBuffer,
pContentInfoContentData->data, nActualResultLen) == SECSuccess)
+ {
+ aSignedDigestItem.data = pActualResultBuffer;
+ aSignedDigestItem.len = nActualResultLen;
+ }
}
else
{
// Detached, the usual case.
- SECItem aActualResultItem;
- aActualResultItem.data = pActualResultBuffer;
- aActualResultItem.len = nActualResultLen;
- if (NSS_CMSSignerInfo_Verify(pCMSSignerInfo, &aActualResultItem,
nullptr) == SECSuccess)
- rInformation.nStatus =
xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
+ aSignedDigestItem.data = pActualResultBuffer;
+ aSignedDigestItem.len = nActualResultLen;
}
+ if (aSignedDigestItem.data && NSS_CMSSignerInfo_Verify(pCMSSignerInfo,
&aSignedDigestItem, nullptr) == SECSuccess)
+ rInformation.nStatus =
xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
+
// Everything went fine
SECITEM_FreeItem(&aOidData.oid, false);
PORT_Free(pActualResultBuffer);
@@ -2145,19 +2152,21 @@ bool Signing::Verify(const std::vector<unsigned char>&
aData,
return false;
}
- // Update the message with the content blob.
- if (!CryptMsgUpdate(hMsg, aData.data(), aData.size(), FALSE))
+ if (!bNonDetached)
{
- SAL_WARN("svl.crypto", "ValidateSignature, CryptMsgUpdate() for the
content failed: " << WindowsErrorString(GetLastError()));
- return false;
- }
+ // Update the message with the content blob.
+ if (!CryptMsgUpdate(hMsg, aData.data(), aData.size(), FALSE))
+ {
+ SAL_WARN("svl.crypto", "ValidateSignature, CryptMsgUpdate() for
the content failed: " << WindowsErrorString(GetLastError()));
+ return false;
+ }
- if (!CryptMsgUpdate(hMsg, nullptr, 0, TRUE))
- {
- SAL_WARN("svl.crypto", "ValidateSignature, CryptMsgUpdate() for the
last content failed: " << WindowsErrorString(GetLastError()));
- return false;
+ if (!CryptMsgUpdate(hMsg, nullptr, 0, TRUE))
+ {
+ SAL_WARN("svl.crypto", "ValidateSignature, CryptMsgUpdate() for
the last content failed: " << WindowsErrorString(GetLastError()));
+ return false;
+ }
}
-
// Get the CRYPT_ALGORITHM_IDENTIFIER from the message.
DWORD nDigestID = 0;
if (!CryptMsgGetParam(hMsg, CMSG_SIGNER_HASH_ALGORITHM_PARAM, 0, nullptr,
&nDigestID))
@@ -2233,6 +2242,8 @@ bool Signing::Verify(const std::vector<unsigned char>&
aData,
rInformation.X509Datas.emplace_back(temp);
}
+ std::vector<BYTE> aContentParam;
+
if (bNonDetached)
{
// Not a detached signature.
@@ -2243,19 +2254,16 @@ bool Signing::Verify(const std::vector<unsigned char>&
aData,
return false;
}
- std::vector<BYTE> aContentParam(nContentParam);
+ aContentParam.resize(nContentParam);
if (!CryptMsgGetParam(hMsg, CMSG_CONTENT_PARAM, 0,
aContentParam.data(), &nContentParam))
{
SAL_WARN("svl.crypto", "ValidateSignature: CryptMsgGetParam()
failed");
return false;
}
-
- if (VerifyNonDetachedSignature(aData, aContentParam))
- rInformation.nStatus =
xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
}
- else
+
+ if (!bNonDetached || VerifyNonDetachedSignature(aData, aContentParam))
{
- // Detached, the usual case.
// Use the CERT_INFO from the signer certificate to verify the
signature.
if (CryptMsgControl(hMsg, 0, CMSG_CTRL_VERIFY_SIGNATURE,
pSignerCertContext->pCertInfo))
rInformation.nStatus =
xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
commit f06e1120b07f561a9c78644066d2226a12d1ed16
Author: Martin Jambor <mjam...@suse.cz>
AuthorDate: Wed Jun 7 18:11:45 2023 +0200
Commit: Michael Stahl <michael.st...@collabora.com>
CommitDate: Wed Jun 25 17:30:27 2025 +0200
Add cstdlib include necessary to build with gcc14 libstdc++ (tdf#155715)
Without explicitely including <cstdlib>, compiling some files
including store/source/storbase.hxx (such as store/source/storpage.cxx
which includes it through store/source/storpage.hxx) will result in
errors:
error: ‘malloc’ is not a member of ‘std’
and
error: ‘free’ is not a member of ‘std’
This patch simply adds the necessary include.
Change-Id: I3d1fa2a17c5ae9d512f1de9d434dac3d82fc353f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152712
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
(cherry picked from commit db98a3f1b1a703ea8e1284b8815eea2274abb2db)
diff --git a/store/source/storbase.hxx b/store/source/storbase.hxx
index feac0db96227..207cbf40a8d3 100644
--- a/store/source/storbase.hxx
+++ b/store/source/storbase.hxx
@@ -32,6 +32,7 @@
#include <store/types.h>
+#include <cstdlib>
#include <memory>
#include <utility>
