vcl/source/gdi/pdfwriter_impl.cxx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
New commits: commit f099e1396f40584aebf3562873046f549139d042 Author: Miklos Vajna <[email protected]> Date: Thu Nov 17 10:16:31 2016 +0100 vcl PDF NSS sign: don't embed signed timestamp to the signature blob There are several reasons to avoid doing so: - The mscrypto backend doesn't do that, so the previous situation was inconsistent. - PDF provides markup to provide a timestamp, and that's automatically part of the signed data. - Page 10 of "PAdES Basic" specification from <http://www.etsi.org/deliver/etsi_ts%5C102700_102799%5C10277802%5C01.02.01_60%5Cts_10277802v010201p.pdf> explicitly requests either not writing that data, or writing it as an unsigned attribute (probably to underline that the value is from untrusted source, it's the signer's computer clock). Change-Id: I35b1a9ef4a391a24e6695353d617f27c7d96d93b Reviewed-on: https://gerrit.libreoffice.org/30926 Reviewed-by: Miklos Vajna <[email protected]> Tested-by: Jenkins <[email protected]> diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx index 9a3e18a..47be24f 100644 --- a/vcl/source/gdi/pdfwriter_impl.cxx +++ b/vcl/source/gdi/pdfwriter_impl.cxx @@ -6621,7 +6621,7 @@ my_NSS_CMSSignerInfo_AddAuthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute * return my_NSS_CMSAttributeArray_AddAttr(signerinfo->cmsg->poolp, &(signerinfo->authAttr), attr); } -NSSCMSMessage *CreateCMSMessage(PRTime time, +NSSCMSMessage *CreateCMSMessage(PRTime* time, NSSCMSSignedData **cms_sd, NSSCMSSignerInfo **cms_signer, CERTCertificate *cert, @@ -6671,7 +6671,7 @@ NSSCMSMessage *CreateCMSMessage(PRTime time, return nullptr; } - if (NSS_CMSSignerInfo_AddSigningTime(*cms_signer, time) != SECSuccess) + if (time && NSS_CMSSignerInfo_AddSigningTime(*cms_signer, *time) != SECSuccess) { SAL_WARN("vcl.pdfwriter", "NSS_CMSSignerInfo_AddSigningTime failed"); NSS_CMSSignedData_Destroy(*cms_sd); @@ -6778,7 +6778,7 @@ bool PDFWriter::Sign(PDFSignContext& rContext) PRTime now = PR_Now(); NSSCMSSignedData *cms_sd; NSSCMSSignerInfo *cms_signer; - NSSCMSMessage *cms_msg = CreateCMSMessage(now, &cms_sd, &cms_signer, cert, &digest); + NSSCMSMessage *cms_msg = CreateCMSMessage(nullptr, &cms_sd, &cms_signer, cert, &digest); if (!cms_msg) return false; @@ -6803,7 +6803,7 @@ bool PDFWriter::Sign(PDFSignContext& rContext) NSSCMSSignedData *ts_cms_sd; NSSCMSSignerInfo *ts_cms_signer; - NSSCMSMessage *ts_cms_msg = CreateCMSMessage(now, &ts_cms_sd, &ts_cms_signer, cert, &digest); + NSSCMSMessage *ts_cms_msg = CreateCMSMessage(&now, &ts_cms_sd, &ts_cms_signer, cert, &digest); if (!ts_cms_msg) { free(pass); _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
