include/sal/log-areas.dox | 1
xmlsecurity/source/xmlsec/nss/ciphercontext.cxx | 63 ++++++++++++++---------
xmlsecurity/source/xmlsec/nss/nssinitializer.cxx | 1
3 files changed, 43 insertions(+), 22 deletions(-)
New commits:
commit 328b135f0decbab475c16560f4b366559f2d0e66
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Thu Dec 7 16:00:17 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Dec 7 21:46:00 2023 +0100
xmlsecurity: check for errors in OCipherContext::Create()
If this function returns null, storing a document will proceed without
reporting an error to the user, and lose all the data.
Change-Id: I0f9fd53702321e7997b28e12eb5bed3349bbcc13
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160435
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/include/sal/log-areas.dox b/include/sal/log-areas.dox
index ef7d9b07363b..15cba1e538b5 100644
--- a/include/sal/log-areas.dox
+++ b/include/sal/log-areas.dox
@@ -593,6 +593,7 @@ certain functionality.
@li @c xmlsecurity.comp - xml security component
@li @c xmlsecurity.dialogs - xml security dialogs
@li @c xmlsecurity.helper
+@li @c xmlsecurity.nss
@li @c xmlsecurity.ooxml - OOXML signature support
@li @c xmlsecurity.qa
@li @c xmlsecurity.workben
diff --git a/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx
b/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx
index 5be6eb26c6d2..bf0a16bfca38 100644
--- a/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx
+++ b/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx
@@ -35,31 +35,50 @@ uno::Reference< xml::crypto::XCipherContext >
OCipherContext::Create( CK_MECHANI
::rtl::Reference< OCipherContext > xResult = new OCipherContext;
xResult->m_pSlot = PK11_GetBestSlot( nNSSCipherID, nullptr );
- if ( xResult->m_pSlot )
+ if (!xResult->m_pSlot)
{
- SECItem aKeyItem = { siBuffer, const_cast< unsigned char* >(
reinterpret_cast< const unsigned char* >( aKey.getConstArray() ) ),
sal::static_int_cast<unsigned>( aKey.getLength() ) };
- xResult->m_pSymKey = PK11_ImportSymKey( xResult->m_pSlot,
nNSSCipherID, PK11_OriginDerive, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT,
&aKeyItem, nullptr );
- if ( xResult->m_pSymKey )
- {
- SECItem aIVItem = { siBuffer, const_cast< unsigned char* >(
reinterpret_cast< const unsigned char* >( aInitializationVector.getConstArray()
) ), sal::static_int_cast<unsigned>( aInitializationVector.getLength() ) };
- xResult->m_pSecParam = PK11_ParamFromIV( nNSSCipherID, &aIVItem );
- if ( xResult->m_pSecParam )
- {
- xResult->m_pContext = PK11_CreateContextBySymKey(
nNSSCipherID, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, xResult->m_pSymKey,
xResult->m_pSecParam);
- if ( xResult->m_pContext )
- {
- xResult->m_bEncryption = bEncryption;
- xResult->m_bW3CPadding = bW3CPadding;
- xResult->m_bPadding = bW3CPadding || (
PK11_GetPadMechanism( nNSSCipherID ) == nNSSCipherID );
- xResult->m_nBlockSize = PK11_GetBlockSize( nNSSCipherID,
xResult->m_pSecParam );
- if ( xResult->m_nBlockSize <= SAL_MAX_INT8 )
- return xResult;
- }
- }
- }
+ SAL_WARN("xmlsecurity.nss", "PK11_GetBestSlot failed");
+ throw uno::RuntimeException("PK11_GetBestSlot failed");
}
- return uno::Reference< xml::crypto::XCipherContext >();
+ SECItem aKeyItem = { siBuffer,
+ const_cast<unsigned char*>(reinterpret_cast<const unsigned
char*>(aKey.getConstArray())),
+ sal::static_int_cast<unsigned>(aKey.getLength()) };
+ xResult->m_pSymKey = PK11_ImportSymKey(xResult->m_pSlot, nNSSCipherID,
+ PK11_OriginDerive, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, &aKeyItem,
nullptr);
+ if (!xResult->m_pSymKey)
+ {
+ SAL_WARN("xmlsecurity.nss", "PK11_ImportSymKey failed");
+ throw uno::RuntimeException("PK11_ImportSymKey failed");
+ }
+
+ SECItem aIVItem = { siBuffer,
+ const_cast<unsigned char*>(reinterpret_cast<const unsigned
char*>(aInitializationVector.getConstArray())),
+ sal::static_int_cast<unsigned>(aInitializationVector.getLength()) };
+ xResult->m_pSecParam = PK11_ParamFromIV(nNSSCipherID, &aIVItem);
+ if (!xResult->m_pSecParam)
+ {
+ SAL_WARN("xmlsecurity.nss", "PK11_ParamFromIV failed");
+ throw uno::RuntimeException("PK11_ParamFromIV failed");
+ }
+
+ xResult->m_pContext = PK11_CreateContextBySymKey( nNSSCipherID,
bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, xResult->m_pSymKey,
xResult->m_pSecParam);
+ if (!xResult->m_pContext)
+ {
+ SAL_WARN("xmlsecurity.nss", "PK11_CreateContextBySymKey failed");
+ throw uno::RuntimeException("PK11_CreateContextBySymKey failed");
+ }
+
+ xResult->m_bEncryption = bEncryption;
+ xResult->m_bW3CPadding = bW3CPadding;
+ xResult->m_bPadding = bW3CPadding || ( PK11_GetPadMechanism( nNSSCipherID
) == nNSSCipherID );
+ xResult->m_nBlockSize = PK11_GetBlockSize(nNSSCipherID,
xResult->m_pSecParam);
+ if (SAL_MAX_INT8 < xResult->m_nBlockSize)
+ {
+ SAL_WARN("xmlsecurity.nss", "PK11_GetBlockSize unexpected result");
+ throw uno::RuntimeException("PK11_GetBlockSize unexpected result");
+ }
+ return xResult;
}
void OCipherContext::Dispose()
diff --git a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
index 69e165c550fc..83a83a9ea551 100644
--- a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
+++ b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
@@ -606,6 +606,7 @@ css::uno::Reference< css::xml::crypto::XCipherContext >
SAL_CALL ONSSInitializer
throw css::lang::IllegalArgumentException("Unexpected length of
initialization vector.", css::uno::Reference< css::uno::XInterface >(), 3 );
xResult = OCipherContext::Create( nNSSCipherID, aKey,
aInitializationVector, bEncryption, bW3CPadding );
+ assert(xResult.is());
}
return xResult;
