Description of problem:
Version-Release number of selected component (if applicable):
- FIPS mode
- kernel 3.10.0-862.9.1
Steps to Reproduce:
1. Boot system in FIPS mode
2. Open a new spreadhsheet in Libreoffice-calc
3. Add some random data to a few cells
4. Save as xlsx or ods format, and password protect the document
- crashes in nss code
- reproduced on server and worksation
Created attachment 1474720 [details]
Backtrace from while attempting to save password protected document
I guess this might be solved with https://cgit.freedesktop.org/libreoffice/core/commit/?id=0498b983cc62bc37dacd246ed6480563ede470b1
regression vs what versions of what component, when did it last work ?
In RHEL-7 FIPS mode I can reproduce the crash on saving to xlsx with a password set, and the commit referenced above does turn that from a crash to a warning dialog about the inability to use nss to encrypt the document.
I don't see a save to ods problem however.
The customer is not sure when this changed. The user in this case just migrated, but this should have been working.
for the xlxs case the problem is that PK11_ImportSymKey fails and returns null and that's unexpected so libreoffice goes on to crash. I can add the fix that detects PK11_ImportSymKey failure and go on to report inability to save rather than crash, which fixes the crash. Not sure that actually gains the customer a whole pile though, it won't crash, but it won't work either.
bug 1461450 has a similar problem and the workaround there works for us too to give functional encryption without a crash, so I could do that.
upstreaming that as https://gerrit.libreoffice.org/#/c/58816/ and committed a backport of that to our package, so xlsx encryption now works under FIPS without a crash
Works fine with:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.