config_host/config_crypto.h.in | 36 ++++++++++++
config_host/config_features.h.in | 5 -
configure.ac | 19 ++++++
include/svl/cryptosign.hxx | 15 +++++
svl/Library_svl.mk | 11 ---
svl/source/crypto/cryptosign.cxx | 97 +++++++++++----------------------
vcl/source/filter/ipdf/pdfdocument.cxx | 2
vcl/source/gdi/pdfwriter_impl.cxx | 27 ---------
8 files changed, 104 insertions(+), 108 deletions(-)
New commits:
commit 07556be594c77f9b7886ff31c2e1752f937cacd4
Author: Jan-Marek Glogowski <glo...@fbihome.de>
AuthorDate: Fri May 28 13:52:37 2021 +0200
Commit: Jan-Marek Glogowski <glo...@fbihome.de>
CommitDate: Fri May 28 20:28:17 2021 +0200
Select svl crypto backend in configure.ac
And define USE_CRYPTO_* macros to select it in code. This way we
can get rid of all the HAVE_FEATURE_NSS and _WIN32 variations.
This also reverts 1f6b98f21495f0ecc5ded493cb3273da03852191.
Change-Id: I101e4ae2f49cdb127d59bd49a4f1c86304ca2238
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116338
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glo...@fbihome.de>
diff --git a/config_host/config_crypto.h.in b/config_host/config_crypto.h.in
new file mode 100644
index 000000000000..106485d55213
--- /dev/null
+++ b/config_host/config_crypto.h.in
@@ -0,0 +1,36 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4;
fill-column: 100 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#ifndef CONFIG_CRYPTO_H
+#define CONFIG_CRYPTO_H
+
+/*
+ * Whether NSS is available
+ */
+#define HAVE_FEATURE_NSS 0
+
+/*
+ * Use MS CAPI for crypto operations
+ */
+#define USE_CRYPTO_MSCAPI 0
+
+/*
+ * Use Mozilla for crypto operations
+ */
+#define USE_CRYPTO_NSS 0
+
+#if USE_CRYPTO_MSCAPI || USE_CRYPTO_NSS
+#define USE_CRYPTO_ANY 1
+#else
+#define USE_CRYPTO_ANY 0
+#endif
+
+#endif
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s
cinkeys+=0=break: */
diff --git a/config_host/config_features.h.in b/config_host/config_features.h.in
index a4ecdd76af8b..c557a405ceb1 100644
--- a/config_host/config_features.h.in
+++ b/config_host/config_features.h.in
@@ -126,11 +126,6 @@
*/
#define HAVE_FEATURE_PDFIMPORT 0
-/*
- * Whether NSS is available
- */
-#define HAVE_FEATURE_NSS 0
-
/*
* Whether poppler is available
*/
diff --git a/configure.ac b/configure.ac
index c4dc0c5545fe..7a1ef29ee9ff 100644
--- a/configure.ac
+++ b/configure.ac
@@ -804,6 +804,7 @@ dnl Sequential to keep the logic very simple
dnl These values may be checked and reset later.
dnl ===================================================================
#defaults unless the os test overrides this:
+build_crypto=yes
test_cmis=yes
test_curl=yes
test_randr=yes
@@ -962,6 +963,7 @@ darwin*|macos*) # macOS
;;
ios*) # iOS
+ build_crypto=no
test_cmis=no
test_randr=no
test_xrender=no
@@ -1071,6 +1073,7 @@ dragonfly*)
;;
linux-android*)
+ build_crypto=no
build_gstreamer_1_0=no
enable_lotuswordpro=no
enable_mpl_subset=yes
@@ -10290,7 +10293,6 @@ if test "$enable_fuzzers" != "yes" -a "$enable_nss" =
"yes"; then
libo_CHECK_SYSTEM_MODULE([nss],[NSS],[nss >= 3.9.3 nspr >= 4.8])
AC_DEFINE(HAVE_FEATURE_NSS)
ENABLE_NSS=TRUE
- AC_DEFINE(ENABLE_NSS)
elif test $_os != iOS ; then
with_tls=openssl
fi
@@ -10863,6 +10865,20 @@ else
fi
AC_SUBST([ENABLE_CIPHER_OPENSSL_BACKEND])
+dnl ===================================================================
+dnl Select the crypto backends used by LO
+dnl ===================================================================
+
+if test "$build_crypto" = yes; then
+ if test "$OS" = WNT; then
+ BUILD_TARGET="$BUILD_TARGET CRYPTO_MSCAPI"
+ AC_DEFINE([USE_CRYPTO_MSCAPI])
+ elif test "$ENABLE_NSS" = TRUE; then
+ BUILD_TARGET="$BUILD_TARGET CRYPTO_NSS"
+ AC_DEFINE([USE_CRYPTO_NSS])
+ fi
+fi
+
dnl ===================================================================
dnl Check for building gnutls
dnl ===================================================================
@@ -14253,6 +14269,7 @@ AC_CONFIG_FILES([config_host.mk
AC_CONFIG_HEADERS([config_host/config_buildid.h])
AC_CONFIG_HEADERS([config_host/config_box2d.h])
AC_CONFIG_HEADERS([config_host/config_clang.h])
+AC_CONFIG_HEADERS([config_host/config_crypto.h])
AC_CONFIG_HEADERS([config_host/config_dconf.h])
AC_CONFIG_HEADERS([config_host/config_eot.h])
AC_CONFIG_HEADERS([config_host/config_extensions.h])
diff --git a/include/svl/cryptosign.hxx b/include/svl/cryptosign.hxx
index 4171807be89c..fbc6121ff49d 100644
--- a/include/svl/cryptosign.hxx
+++ b/include/svl/cryptosign.hxx
@@ -18,6 +18,21 @@
#include <svl/svldllapi.h>
+// Is this length truly the maximum possible, or just a number that
+// seemed large enough when the author tested this (with some type of
+// certificates)? I suspect the latter.
+
+// Used to be 0x4000 = 16384, but a sample signed PDF (produced by
+// some other software) provided by the customer has a signature
+// content that is 30000 bytes. The SampleSignedPDFDocument.pdf from
+// Adobe has one that is 21942 bytes. So let's be careful. Pity this
+// can't be dynamic, at least not without restructuring the code. Also
+// note that the checks in the code for this being too small
+// apparently are broken, if this overflows you end up with an invalid
+// PDF. Need to fix that.
+
+#define MAX_SIGNATURE_CONTENT_LENGTH 50000
+
namespace com::sun::star::security { class XCertificate; }
class SvStream;
struct SignatureInformation;
diff --git a/svl/Library_svl.mk b/svl/Library_svl.mk
index a4e41b6f9984..17d64fe971fd 100644
--- a/svl/Library_svl.mk
+++ b/svl/Library_svl.mk
@@ -97,20 +97,11 @@ $(eval $(call gb_Library_use_system_win32_libs,svl,\
shlwapi \
))
-ifeq ($(OS),WNT)
-$(eval $(call gb_Library_use_system_win32_libs,svl,\
- crypt32 \
-))
-else
-ifneq (,$(filter DESKTOP,$(BUILD_TYPE))$(filter ANDROID iOS,$(OS)))
-$(eval $(call gb_Library_add_defs,svl,\
- -DSVL_CRYPTO_NSS \
-))
+ifneq (,$(filter CRYPTO_NSS,$(BUILD_TYPE)))
$(eval $(call gb_Library_use_externals,svl,\
nss3 \
plc4 \
))
-endif # BUILD_TYPE=DESKTOP
endif
$(eval $(call gb_Library_add_exception_objects,svl,\
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index 61e9f6649cd9..6177dbb9d29c 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -9,7 +9,7 @@
#include <svl/cryptosign.hxx>
#include <svl/sigstruct.hxx>
-#include <config_features.h>
+#include <config_crypto.h>
#include <rtl/character.hxx>
#include <rtl/strbuf.hxx>
@@ -26,7 +26,7 @@
#include <com/sun/star/uno/Sequence.hxx>
#include <o3tl/char16_t2wchar_t.hxx>
-#if HAVE_FEATURE_NSS && !defined(_WIN32)
+#if USE_CRYPTO_NSS
// NSS headers for PDF signing
#include <cert.h>
#include <hasht.h>
@@ -37,9 +37,13 @@
// We use curl for RFC3161 time stamp requests
#include <curl/curl.h>
+
+#include <com/sun/star/xml/crypto/DigestID.hpp>
+#include <com/sun/star/xml/crypto/NSSInitializer.hpp>
+#include <mutex>
#endif
-#ifdef _WIN32
+#if USE_CRYPTO_MSCAPI
// WinCrypt headers for PDF signing
// Note: this uses Windows 7 APIs and requires the relevant data types
#include <prewin.h>
@@ -48,33 +52,11 @@
#include <comphelper/windowserrorstring.hxx>
#endif
-#if HAVE_FEATURE_NSS
-
-#include <com/sun/star/xml/crypto/DigestID.hpp>
-#include <com/sun/star/xml/crypto/NSSInitializer.hpp>
-#include <mutex>
-
-// Is this length truly the maximum possible, or just a number that
-// seemed large enough when the author tested this (with some type of
-// certificates)? I suspect the latter.
-
-// Used to be 0x4000 = 16384, but a sample signed PDF (produced by
-// some other software) provided by the customer has a signature
-// content that is 30000 bytes. The SampleSignedPDFDocument.pdf from
-// Adobe has one that is 21942 bytes. So let's be careful. Pity this
-// can't be dynamic, at least not without restructuring the code. Also
-// note that the checks in the code for this being too small
-// apparently are broken, if this overflows you end up with an invalid
-// PDF. Need to fix that.
-
-#define MAX_SIGNATURE_CONTENT_LENGTH 50000
-#endif
-
using namespace com::sun::star;
namespace {
-#if HAVE_FEATURE_NSS
+#if USE_CRYPTO_ANY
void appendHex( sal_Int8 nInt, OStringBuffer& rBuffer )
{
static const char pHexDigits[] = { '0', '1', '2', '3', '4', '5', '6', '7',
@@ -82,10 +64,9 @@ void appendHex( sal_Int8 nInt, OStringBuffer& rBuffer )
rBuffer.append( pHexDigits[ (nInt >> 4) & 15 ] );
rBuffer.append( pHexDigits[ nInt & 15 ] );
}
-#endif // HAVE_FEATURE_NSS
-
-#if HAVE_FEATURE_NSS && !defined(_WIN32)
+#endif
+#if USE_CRYPTO_NSS
char *PDFSigningPKCS7PasswordCallback(PK11SlotInfo * /*slot*/, PRBool
/*retry*/, void *arg)
{
return PL_strdup(static_cast<char *>(arg));
@@ -701,13 +682,7 @@ NSSCMSMessage *CreateCMSMessage(const PRTime* time,
return result;
}
-#endif // HAVE_FEATURE_NSS && !_WIN32
-
-} // Anonymous namespace
-
-#ifdef _WIN32
-namespace
-{
+#elif USE_CRYPTO_MSCAPI // ends USE_CRYPTO_NSS
/// Counts how many bytes are needed to encode a given length.
size_t GetDERLengthOfLength(size_t nLength)
@@ -876,8 +851,9 @@ bool CreateSigningCertificateAttribute(void const *
pDerEncoded, int nDerEncoded
return true;
}
+#endif // USE_CRYPTO_MSCAPI
+
} // anonymous namespace
-#endif //_WIN32
namespace svl::crypto {
@@ -929,11 +905,12 @@ std::vector<unsigned char> DecodeHexString(const OString&
rHex)
return aRet;
}
-
-#if defined(SVL_CRYPTO_NSS) || defined(_WIN32)
-
bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
{
+#if !USE_CRYPTO_ANY
+ (void)rCMSHexBuffer;
+ return false;
+#else
// Create the PKCS#7 object.
css::uno::Sequence<sal_Int8> aDerEncoded = m_xCertificate->getEncoded();
if (!aDerEncoded.hasElements())
@@ -942,8 +919,7 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
return false;
}
-#ifndef _WIN32
-
+#if USE_CRYPTO_NSS
CERTCertificate *cert = CERT_DecodeCertFromPackage(reinterpret_cast<char
*>(aDerEncoded.getArray()), aDerEncoded.getLength());
if (!cert)
@@ -1334,7 +1310,8 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
return true;
-#else // _WIN32
+#elif USE_CRYPTO_MSCAPI // ends USE_CRYPTO_NSS
+
PCCERT_CONTEXT pCertContext =
CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
reinterpret_cast<const BYTE*>(aDerEncoded.getArray()), aDerEncoded.getLength());
if (pCertContext == nullptr)
{
@@ -1633,19 +1610,13 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
appendHex(pSig[i], rCMSHexBuffer);
return true;
-#endif
+#endif // USE_CRYPTO_MSCAPI
+#endif // USE_CRYPTO_ANY
}
-#else
-bool Signing::Sign(OStringBuffer&)
-{
- return false;
-}
-#endif //!SVL_CRYPTO_NSS && !_WIN32
-
namespace
{
-#ifdef SVL_CRYPTO_NSS
+#if USE_CRYPTO_NSS
/// Similar to NSS_CMSAttributeArray_FindAttrByOidTag(), but works directly
with a SECOidData.
NSSCMSAttribute* CMSAttributeArray_FindAttrByOidData(NSSCMSAttribute** attrs,
SECOidData const * oid, PRBool only)
{
@@ -1796,7 +1767,9 @@ bad_data:
}
return rv;
}
-#elif defined _WIN32
+
+#elif USE_CRYPTO_MSCAPI // ends USE_CRYPTO_NSS
+
/// Verifies a non-detached signature using CryptoAPI.
bool VerifyNonDetachedSignature(const std::vector<unsigned char>& aData, const
std::vector<BYTE>& rExpectedHash)
{
@@ -1885,13 +1858,9 @@ OUString GetSubjectName(PCCERT_CONTEXT pCertContext)
return subjectName;
}
+#endif // USE_CRYPTO_MSCAPI
-#endif
-}
-
-#ifdef SVL_CRYPTO_NSS
-namespace
-{
+#if USE_CRYPTO_NSS
void ensureNssInit()
{
// e.g. tdf#122599 ensure NSS library is initialized for
NSS_CMSMessage_CreateFromDER
@@ -1902,15 +1871,15 @@ namespace
xNSSInitializer->getDigestContext(css::xml::crypto::DigestID::SHA256,
uno::Sequence<beans::NamedValue>());
}
-}
#endif
+} // anonymous namespace
bool Signing::Verify(const std::vector<unsigned char>& aData,
const bool bNonDetached,
const std::vector<unsigned char>& aSignature,
SignatureInformation& rInformation)
{
-#ifdef SVL_CRYPTO_NSS
+#if USE_CRYPTO_NSS
// ensure NSS_Init() is called before using NSS_CMSMessage_CreateFromDER
static std::once_flag aInitOnce;
std::call_once(aInitOnce, ensureNssInit);
@@ -2113,7 +2082,8 @@ bool Signing::Verify(const std::vector<unsigned char>&
aData,
return true;
-#elif defined _WIN32
+#elif USE_CRYPTO_MSCAPI // ends USE_CRYPTO_NSS
+
// Open a message for decoding.
HCRYPTMSG hMsg = CryptMsgOpenToDecode(PKCS_7_ASN_ENCODING |
X509_ASN_ENCODING,
CMSG_DETACHED_FLAG,
@@ -2344,8 +2314,7 @@ bool Signing::Verify(SvStream& rStream,
const std::vector<unsigned char>& aSignature,
SignatureInformation& rInformation)
{
-#if defined(SVL_CRYPTO_NSS) || defined(_WIN32)
-
+#if USE_CRYPTO_ANY
std::vector<unsigned char> buffer;
// Copy the byte ranges into a single buffer.
diff --git a/vcl/source/filter/ipdf/pdfdocument.cxx
b/vcl/source/filter/ipdf/pdfdocument.cxx
index c3f46c339467..e8bca353133d 100644
--- a/vcl/source/filter/ipdf/pdfdocument.cxx
+++ b/vcl/source/filter/ipdf/pdfdocument.cxx
@@ -34,8 +34,6 @@ using namespace com::sun::star;
namespace vcl::filter
{
-const int MAX_SIGNATURE_CONTENT_LENGTH = 50000;
-
XRefEntry::XRefEntry() = default;
PDFDocument::PDFDocument() = default;
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx
b/vcl/source/gdi/pdfwriter_impl.cxx
index 3fa3a10d31a0..5ca3dfd4cf25 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -17,7 +17,7 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
-#include <config_features.h>
+#include <config_crypto.h>
#include <sal/types.h>
@@ -81,14 +81,6 @@
#include "pdfwriter_impl.hxx"
-#ifdef _WIN32
-// WinCrypt headers for PDF signing
-// Note: this uses Windows 7 APIs and requires the relevant data types
-#include <prewin.h>
-#include <wincrypt.h>
-#include <postwin.h>
-#endif
-
#include <config_eot.h>
#if ENABLE_EOT
@@ -99,23 +91,6 @@ using namespace::com::sun::star;
static bool g_bDebugDisableCompression =
getenv("VCL_DEBUG_DISABLE_PDFCOMPRESSION");
-#if HAVE_FEATURE_NSS
-// Is this length truly the maximum possible, or just a number that
-// seemed large enough when the author tested this (with some type of
-// certificates)? I suspect the latter.
-
-// Used to be 0x4000 = 16384, but a sample signed PDF (produced by
-// some other software) provided by the customer has a signature
-// content that is 30000 bytes. The SampleSignedPDFDocument.pdf from
-// Adobe has one that is 21942 bytes. So let's be careful. Pity this
-// can't be dynamic, at least not without restructuring the code. Also
-// note that the checks in the code for this being too small
-// apparently are broken, if this overflows you end up with an invalid
-// PDF. Need to fix that.
-
-#define MAX_SIGNATURE_CONTENT_LENGTH 50000
-#endif
-
namespace
{
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
