From 0df85fe6a19d90d73397f8006c62d61e96976817 Mon Sep 17 00:00:00 2001 From: Stephan Bergmann Date: Thu, 23 Aug 2018 16:55:40 +0200 Subject: [PATCH 2/5] Related rhbz#1618703: Properly handle failure encoding zip file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ...when e.g. FIPS mode makes ZipFile::StaticGetCipher fail by throwing an exception which would be caught by ZipPackageStream::saveChild (in package/source/zippackage/ZipPackageStream.cxx) alright (and translated into bSuccess = false), if ZipFile::StaticGetCipher didn't unhelpfully swallow and ignore all exceptions in an outer try-catch. Change-Id: I14376128515df1dd4bdac921edd8ab94cc9b7617 Reviewed-on: https://gerrit.libreoffice.org/59514 Tested-by: Jenkins Reviewed-by: Stephan Bergmann (cherry picked from commit 3cc6d3611ac8cbbfb9803f3a084d02edde470ad3) Reviewed-on: https://gerrit.libreoffice.org/59569 Reviewed-by: Caolán McNamara Tested-by: Caolán McNamara (cherry picked from commit 2b5ff36afab8888cdbc879ae2f34903ede190c04) --- package/source/zipapi/ZipFile.cxx | 75 ++++++++++++++----------------- 1 file changed, 34 insertions(+), 41 deletions(-) diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx index 1ef81bf582a5..8126ebba305b 100644 --- a/package/source/zipapi/ZipFile.cxx +++ b/package/source/zipapi/ZipFile.cxx @@ -162,54 +162,47 @@ uno::Reference< xml::crypto::XCipherContext > ZipFile::StaticGetCipher( const un { uno::Reference< xml::crypto::XCipherContext > xResult; - try + if (xEncryptionData->m_nDerivedKeySize < 0) { - if (xEncryptionData->m_nDerivedKeySize < 0) - { - throw ZipIOException("Invalid derived key length!" ); - } + throw ZipIOException("Invalid derived key length!" ); + } - uno::Sequence< sal_Int8 > aDerivedKey( xEncryptionData->m_nDerivedKeySize ); - if ( !xEncryptionData->m_nIterationCount && - xEncryptionData->m_nDerivedKeySize == xEncryptionData->m_aKey.getLength() ) - { - // gpg4libre: no need to derive key, m_aKey is already - // usable as symmetric session key - aDerivedKey = xEncryptionData->m_aKey; - } - else if ( rtl_Digest_E_None != rtl_digest_PBKDF2( reinterpret_cast< sal_uInt8* >( aDerivedKey.getArray() ), - aDerivedKey.getLength(), - reinterpret_cast< const sal_uInt8 * > (xEncryptionData->m_aKey.getConstArray() ), - xEncryptionData->m_aKey.getLength(), - reinterpret_cast< const sal_uInt8 * > ( xEncryptionData->m_aSalt.getConstArray() ), - xEncryptionData->m_aSalt.getLength(), - xEncryptionData->m_nIterationCount ) ) - { - throw ZipIOException("Can not create derived key!" ); - } + uno::Sequence< sal_Int8 > aDerivedKey( xEncryptionData->m_nDerivedKeySize ); + if ( !xEncryptionData->m_nIterationCount && + xEncryptionData->m_nDerivedKeySize == xEncryptionData->m_aKey.getLength() ) + { + // gpg4libre: no need to derive key, m_aKey is already + // usable as symmetric session key + aDerivedKey = xEncryptionData->m_aKey; + } + else if ( rtl_Digest_E_None != rtl_digest_PBKDF2( reinterpret_cast< sal_uInt8* >( aDerivedKey.getArray() ), + aDerivedKey.getLength(), + reinterpret_cast< const sal_uInt8 * > (xEncryptionData->m_aKey.getConstArray() ), + xEncryptionData->m_aKey.getLength(), + reinterpret_cast< const sal_uInt8 * > ( xEncryptionData->m_aSalt.getConstArray() ), + xEncryptionData->m_aSalt.getLength(), + xEncryptionData->m_nIterationCount ) ) + { + throw ZipIOException("Can not create derived key!" ); + } - if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::AES_CBC_W3C_PADDING ) - { - uno::Reference< uno::XComponentContext > xContext = xArgContext; - if ( !xContext.is() ) - xContext = comphelper::getProcessComponentContext(); + if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::AES_CBC_W3C_PADDING ) + { + uno::Reference< uno::XComponentContext > xContext = xArgContext; + if ( !xContext.is() ) + xContext = comphelper::getProcessComponentContext(); - uno::Reference< xml::crypto::XNSSInitializer > xCipherContextSupplier = xml::crypto::NSSInitializer::create( xContext ); + uno::Reference< xml::crypto::XNSSInitializer > xCipherContextSupplier = xml::crypto::NSSInitializer::create( xContext ); - xResult = xCipherContextSupplier->getCipherContext( xEncryptionData->m_nEncAlg, aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt, uno::Sequence< beans::NamedValue >() ); - } - else if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::BLOWFISH_CFB_8 ) - { - xResult = BlowfishCFB8CipherContext::Create( aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt ); - } - else - { - throw ZipIOException("Unknown cipher algorithm is requested!" ); - } + xResult = xCipherContextSupplier->getCipherContext( xEncryptionData->m_nEncAlg, aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt, uno::Sequence< beans::NamedValue >() ); } - catch( ... ) + else if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::BLOWFISH_CFB_8 ) + { + xResult = BlowfishCFB8CipherContext::Create( aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt ); + } + else { - OSL_ENSURE( false, "Can not create cipher context!" ); + throw ZipIOException("Unknown cipher algorithm is requested!" ); } return xResult; -- 2.17.1