You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
62 lines
2.4 KiB
62 lines
2.4 KiB
2 years ago
|
From 599722cf77310429a9b9bd2a348486a08b60de0d Mon Sep 17 00:00:00 2001
|
||
|
From: Miklos Vajna <vmiklos@collabora.com>
|
||
|
Date: Mon, 13 Mar 2023 20:04:17 +0100
|
||
|
Subject: svl: fix CppunitTest_desktop_lib's
|
||
|
DesktopLOKTest::testSignDocument_PEM_PDF
|
||
|
|
||
|
The problem was that this test passed when the entire suite was running,
|
||
|
but not as an individual test.
|
||
|
|
||
|
Digging deeper, this didn't pass in isolation because the test loads a
|
||
|
private key into memory (which is not in the NSS DB) and since commit
|
||
|
5592ee094ca9f09bfcc16537d931518d4e6b2231 (svl: fix
|
||
|
testSignDocument_PEM_PDF with "dbm:" NSS DB, 2022-04-28) we delete that
|
||
|
in-memory key as a workaround for the NSS dbm -> sqlite transition.
|
||
|
|
||
|
Fix the problem by not deleting the in-memory private key in the LOK
|
||
|
case: this makes the test (operating in a stateless mode, with in-memory
|
||
|
keys) pass again and keeps the desktop signing (working with the NSS DB)
|
||
|
working.
|
||
|
|
||
|
I noticed this test failure as a local test update of libxmlsec to 1.3
|
||
|
RC started to fail here even when the whole suite was running, but looks
|
||
|
like this was working by accident before anyway, and the fix doesn't
|
||
|
hurt for libxmlsec 1.2, either.
|
||
|
|
||
|
Change-Id: Id365ddc5c5d04d538609f444c0e3c4ab4b32a6fd
|
||
|
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/148817
|
||
|
Tested-by: Jenkins
|
||
|
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
|
||
|
---
|
||
|
svl/source/crypto/cryptosign.cxx | 7 ++++++-
|
||
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
|
||
|
index 1d6337845569..e68ccb8aafda 100644
|
||
|
--- a/svl/source/crypto/cryptosign.cxx
|
||
|
+++ b/svl/source/crypto/cryptosign.cxx
|
||
|
@@ -26,6 +26,7 @@
|
||
|
#include <comphelper/processfactory.hxx>
|
||
|
#include <comphelper/random.hxx>
|
||
|
#include <comphelper/scopeguard.hxx>
|
||
|
+#include <comphelper/lok.hxx>
|
||
|
#include <com/sun/star/security/XCertificate.hpp>
|
||
|
#include <com/sun/star/uno/Sequence.hxx>
|
||
|
#include <o3tl/char16_t2wchar_t.hxx>
|
||
|
@@ -640,7 +641,11 @@ NSSCMSMessage *CreateCMSMessage(const PRTime* time,
|
||
|
// if it works, and fallback if it doesn't.
|
||
|
if (SECKEYPrivateKey * pPrivateKey = PK11_FindKeyByAnyCert(cert, nullptr))
|
||
|
{
|
||
|
- SECKEY_DestroyPrivateKey(pPrivateKey);
|
||
|
+ if (!comphelper::LibreOfficeKit::isActive())
|
||
|
+ {
|
||
|
+ // pPrivateKey only exists in the memory in the LOK case, don't delete it.
|
||
|
+ SECKEY_DestroyPrivateKey(pPrivateKey);
|
||
|
+ }
|
||
|
*cms_signer = NSS_CMSSignerInfo_Create(result, cert, SEC_OID_SHA256);
|
||
|
}
|
||
|
else
|
||
|
--
|
||
|
cgit v1.2.1
|
||
|
|