Related rhbz#1618703: Properly handle failure encoding zip file
...when e.g. FIPS mode makes ZipFile::StaticGetCipher fail by throwing an exception which would be caught by ZipPackageStream::saveChild (in package/source/zippackage/ZipPackageStream.cxx) alright (and translated into bSuccess = false), if ZipFile::StaticGetCipher didn't unhelpfully swallow and ignore all exceptions in an outer try-catch. Change-Id: I14376128515df1dd4bdac921edd8ab94cc9b7617 Reviewed-on: https://gerrit.libreoffice.org/59514 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
This commit is contained in:
Stephan Bergmann
@@ -163,54 +163,47 @@ uno::Reference< xml::crypto::XCipherContext > ZipFile::StaticGetCipher( const un
|
|||||||
{
|
{
|
||||||
uno::Reference< xml::crypto::XCipherContext > xResult;
|
uno::Reference< xml::crypto::XCipherContext > xResult;
|
||||||
|
|
||||||
try
|
if (xEncryptionData->m_nDerivedKeySize < 0)
|
||||||
{
|
{
|
||||||
if (xEncryptionData->m_nDerivedKeySize < 0)
|
throw ZipIOException("Invalid derived key length!" );
|
||||||
{
|
|
||||||
throw ZipIOException("Invalid derived key length!" );
|
|
||||||
}
|
|
||||||
|
|
||||||
uno::Sequence< sal_Int8 > aDerivedKey( xEncryptionData->m_nDerivedKeySize );
|
|
||||||
if ( !xEncryptionData->m_nIterationCount &&
|
|
||||||
xEncryptionData->m_nDerivedKeySize == xEncryptionData->m_aKey.getLength() )
|
|
||||||
{
|
|
||||||
// gpg4libre: no need to derive key, m_aKey is already
|
|
||||||
// usable as symmetric session key
|
|
||||||
aDerivedKey = xEncryptionData->m_aKey;
|
|
||||||
}
|
|
||||||
else if ( rtl_Digest_E_None != rtl_digest_PBKDF2( reinterpret_cast< sal_uInt8* >( aDerivedKey.getArray() ),
|
|
||||||
aDerivedKey.getLength(),
|
|
||||||
reinterpret_cast< const sal_uInt8 * > (xEncryptionData->m_aKey.getConstArray() ),
|
|
||||||
xEncryptionData->m_aKey.getLength(),
|
|
||||||
reinterpret_cast< const sal_uInt8 * > ( xEncryptionData->m_aSalt.getConstArray() ),
|
|
||||||
xEncryptionData->m_aSalt.getLength(),
|
|
||||||
xEncryptionData->m_nIterationCount ) )
|
|
||||||
{
|
|
||||||
throw ZipIOException("Can not create derived key!" );
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::AES_CBC_W3C_PADDING )
|
|
||||||
{
|
|
||||||
uno::Reference< uno::XComponentContext > xContext = xArgContext;
|
|
||||||
if ( !xContext.is() )
|
|
||||||
xContext = comphelper::getProcessComponentContext();
|
|
||||||
|
|
||||||
uno::Reference< xml::crypto::XNSSInitializer > xCipherContextSupplier = xml::crypto::NSSInitializer::create( xContext );
|
|
||||||
|
|
||||||
xResult = xCipherContextSupplier->getCipherContext( xEncryptionData->m_nEncAlg, aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt, uno::Sequence< beans::NamedValue >() );
|
|
||||||
}
|
|
||||||
else if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::BLOWFISH_CFB_8 )
|
|
||||||
{
|
|
||||||
xResult = BlowfishCFB8CipherContext::Create( aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
throw ZipIOException("Unknown cipher algorithm is requested!" );
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
catch( ... )
|
|
||||||
|
uno::Sequence< sal_Int8 > aDerivedKey( xEncryptionData->m_nDerivedKeySize );
|
||||||
|
if ( !xEncryptionData->m_nIterationCount &&
|
||||||
|
xEncryptionData->m_nDerivedKeySize == xEncryptionData->m_aKey.getLength() )
|
||||||
{
|
{
|
||||||
OSL_ENSURE( false, "Can not create cipher context!" );
|
// gpg4libre: no need to derive key, m_aKey is already
|
||||||
|
// usable as symmetric session key
|
||||||
|
aDerivedKey = xEncryptionData->m_aKey;
|
||||||
|
}
|
||||||
|
else if ( rtl_Digest_E_None != rtl_digest_PBKDF2( reinterpret_cast< sal_uInt8* >( aDerivedKey.getArray() ),
|
||||||
|
aDerivedKey.getLength(),
|
||||||
|
reinterpret_cast< const sal_uInt8 * > (xEncryptionData->m_aKey.getConstArray() ),
|
||||||
|
xEncryptionData->m_aKey.getLength(),
|
||||||
|
reinterpret_cast< const sal_uInt8 * > ( xEncryptionData->m_aSalt.getConstArray() ),
|
||||||
|
xEncryptionData->m_aSalt.getLength(),
|
||||||
|
xEncryptionData->m_nIterationCount ) )
|
||||||
|
{
|
||||||
|
throw ZipIOException("Can not create derived key!" );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::AES_CBC_W3C_PADDING )
|
||||||
|
{
|
||||||
|
uno::Reference< uno::XComponentContext > xContext = xArgContext;
|
||||||
|
if ( !xContext.is() )
|
||||||
|
xContext = comphelper::getProcessComponentContext();
|
||||||
|
|
||||||
|
uno::Reference< xml::crypto::XNSSInitializer > xCipherContextSupplier = xml::crypto::NSSInitializer::create( xContext );
|
||||||
|
|
||||||
|
xResult = xCipherContextSupplier->getCipherContext( xEncryptionData->m_nEncAlg, aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt, uno::Sequence< beans::NamedValue >() );
|
||||||
|
}
|
||||||
|
else if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::BLOWFISH_CFB_8 )
|
||||||
|
{
|
||||||
|
xResult = BlowfishCFB8CipherContext::Create( aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
throw ZipIOException("Unknown cipher algorithm is requested!" );
|
||||||
}
|
}
|
||||||
|
|
||||||
return xResult;
|
return xResult;
|
||||||
|
|||||||
Reference in New Issue
Block a user