comphelper/source/misc/storagehelper.cxx | 1 +
package/source/zippackage/ZipPackage.cxx | 5 +++++
sc/CppunitTest_sc_filters_test.mk | 1 +
3 files changed, 7 insertions(+)
New commits:
commit 96861294836862f8a051a9d6dd390ab15c0460e4
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Feb 21 18:01:41 2024 +0100
Commit: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
CommitDate: Sun Feb 25 14:32:28 2024 +0100
tdf#159519 comphelper,package: do not store document without SHA256
The problem is that on Windows 7 the password-encrypted documents are
stored unencrypted, without any error message.
This is due to defensive programming in
OStorageHelper::CreatePackageEncryptionData(), which happily continues
if creating the SHA256 hash fails, which is the one required for storing
anything newer than ODF 1.1.
Also, the poorly named ZipPackage::GetEncryptionKey() should check for
consistency, the expectation is that either there's no encryption key
(empty sequence), or the expected one is in the sequence.
Creating the SHA256 uses the crypto::NSSInitializer component, which is
in xsec_xmlsec.dll, which is linked to libxmlsec-mscng.dll, which is
linked to Win32 bcrypt.dll, which doesn't have BCryptKeyDerivation on
Windows 7; to reproduce elsewhere, rm instdir/program/libxsec_xmlsec.so
(regression from commit 26bf26272bf525b59b4a4ce18b3ce14c1febfd7b
and (due to revert) commit bfd479abf0d1d8ce36c3b0dcc6c824216f88a95b)
Change-Id: I0b22e20f6d4d0b1a12ed7d99fac7b5243910f9ba
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163708
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 58c31ded0264103769595a1b25739b0e8df571cd)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163750
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 003f2ac9fcac9be5156adf280beaf4e2aa499ea5)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163762
Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakan...@libreoffice.org>
Reviewed-by: Hossein <hoss...@libreoffice.org>
Tested-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
diff --git a/comphelper/source/misc/storagehelper.cxx
b/comphelper/source/misc/storagehelper.cxx
index c190d099ea00..1d504cb91725 100644
--- a/comphelper/source/misc/storagehelper.cxx
+++ b/comphelper/source/misc/storagehelper.cxx
@@ -390,6 +390,7 @@ uno::Sequence< beans::NamedValue >
OStorageHelper::CreatePackageEncryptionData(
catch ( uno::Exception& )
{
TOOLS_WARN_EXCEPTION("comphelper", "Can not create SHA256 digest!"
);
+ throw; // tdf#159519 DO NOT RETURN SUCCESS
}
// MS_1252 encoding was used for SO60 document format password
encoding,
diff --git a/package/source/zippackage/ZipPackage.cxx
b/package/source/zippackage/ZipPackage.cxx
index c4de219f80de..0f3fa6ff7dba 100644
--- a/package/source/zippackage/ZipPackage.cxx
+++ b/package/source/zippackage/ZipPackage.cxx
@@ -1728,6 +1728,11 @@ uno::Sequence< sal_Int8 > ZipPackage::GetEncryptionKey()
for ( const auto& rKey : std::as_const(m_aStorageEncryptionKeys) )
if ( rKey.Name == aNameToFind )
rKey.Value >>= aResult;
+
+ if (!aResult.hasElements() && m_aStorageEncryptionKeys.hasElements())
+ { // tdf#159519 sanity check
+ throw uno::RuntimeException(THROW_WHERE "Expected key is
missing!");
+ }
}
else
aResult = m_aEncryptionKey;
diff --git a/sc/CppunitTest_sc_filters_test.mk
b/sc/CppunitTest_sc_filters_test.mk
index 67ef60664081..3dae5136e1e3 100644
--- a/sc/CppunitTest_sc_filters_test.mk
+++ b/sc/CppunitTest_sc_filters_test.mk
@@ -118,6 +118,7 @@ $(eval $(call
gb_CppunitTest_use_components,sc_filters_test,\
uui/util/uui \
vcl/vcl.common \
xmloff/util/xo \
+ xmlsecurity/util/xsec_xmlsec \
))
$(eval $(call gb_CppunitTest_use_configuration,sc_filters_test))
