| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The problem is that ZipPackageStream::GetEncryptionData() doesn't handle
the checksum correctly; what is required here is *no checksum* but the
check of m_oImportedChecksumAlgorithm results in calling
m_rZipPackage.GetChecksumAlgID() instead, so it ends up in invalid
situation and assert:
package/source/zippackage/ZipPackageStream.cxx:656: virtual bool ZipPackageStream::saveChild(): Assertion `xEncData->m_nEncAlg != xml::crypto::CipherID::AES_GCM_W3C' failed.
Refactor this so all the imported algorithm identifiers are in a struct
in a std::optional member.
(regression from commit 09f23a3dc5cd571df347cba9b003195de35f3ddd)
Change-Id: I4b705520cd9bc800ce3c8611f8ad01a1e1008929
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173342
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Tested-by: Jenkins
|
|
Change-Id: Idc32af25b7835b04b777a2a0767e1982d074f6d4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/173322
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Seeing as since:
commit e9531b792ddf0cfc2db11713b574c5fc7ae09e2c
Date: Tue Feb 6 14:39:47 2024 +0100
sal: rtlRandomPool: require OS random device, abort if not present
Both rtl_random_createPool() and rtl_random_getBytes() first try to get
random data from the OS, via /dev/urandom or rand_s() (documented to
call RtlGenRandom(), see [1]).
we don't use the initial arg to rtl_random_getBytes anymore, drop the
requirement to have one. Then simplify our usages of that, and
addtionally deprecate rtl_random_createPool and rtl_random_destroyPool.
Change-Id: I13dcc067714a8a741a4e8f2bfcf2006373f832c4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167067
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
|
|
https://www.rfc-editor.org/rfc/rfc9106.html
* add css::xml::crypto::KDFID constant group
* add "KeyDerivationFunction" to setEncryptionAlgorithms sequence
* Argon2 is used by default for wholesome ODF encryption, but
$LO_ARGON2_DISABLE can be set to use PBKDF2
* extend various structs in package
* use 3 new ODF attributes "loext:argon2-iterations" "loext:argon2-memory"
"loext:argon2-lanes" to store the arguments
* use this URL for now:
"urn:org:documentfoundation:names:experimental:office:manifest:argon2id"
* use default arguments according to second recommendation from "7.4.
Recommendations" of RFC9106; 64 MiB RAM should hopefully not be too
much even for 32 bit builds
Change-Id: I683118cc5e0706bd6544db6fb909096768ac9920
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161009
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
AEAD provides the verification of the password automatically, by reading
the entire stream the tag at the end will be verified.
The existing attributes manifest:checksum-type/manifest:checksum leak
information about the plain text.
This was mitigated with the addChaffWhenEncryptedStorage() functions
(see commit f57baefbd3c4c5d8e5ec28e8702c91d60ffc5de2) but a better
solution that also works for non-XML streams is to simply omit the
attributes; authenticated encryption provides better verification
without any leak.
* "ChecksumAlgorithm" property can be set to void now to remove the
checksum
* change a bunch of members in EncryptionData, ZipPackage,
ZipPackageStream to optional
* change ZipFile::checkValidPassword() to open the stream and return it
Change-Id: Id95288d0c238c4f9940fc5a185df814e8edcbad3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160711
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
... and use it in the new experimental ODF encryption mode.
https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM
Unfortunately it turned out that NSS PK11_CipherOp() does not work with
CKM_AES_GCM because it is initialized with "context->multi = PR_FALSE"
in sftk_CryptInit(), so the one-step functions PK11_Encrypt() and
PK11_Decrypt() have to be used.
NSS 3.52 also changed a parameter struct definition - see
https://fedoraproject.org/wiki/Changes/NssGCMParams - which is not a
problem for RHEL or SUSE system NSS since those are rebased, but it
is likely a problem for less well maintained Ubuntu LTS, so use
the old struct definition which evidently still works with NSS 3.94.
NSS 3.52 also added a new PK11_AEADOp() API but it looks like this
doesn't support incremental encryption either.
Change-Id: Ibd4a672db74b65b1218926ba35ff8d2f70444c7e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160505
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
|
|
Change-Id: I0c49ebcb0ed16ab5b90c0cfa1417f002b5dad7b8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145632
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I336fd329b577b6fa141265d8bc7ce67784bd7306
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133210
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
See tdf#42949 for motivation
Change-Id: I6b4b05a5e59b256653c4caf5297fffd601b45083
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128845
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
|
|
Change-Id: I2908abc13f16b0011fcb326e8405080cc30df74a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86684
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Adapt getUnoTunnelId methods where required: rename or make public.
Change-Id: I0fd2120bf9f0ff1aa690329a65ff64a154c89315
Reviewed-on: https://gerrit.libreoffice.org/78680
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I44bc86a179164e1d039dd3a5f2c8a23396d870b3
Reviewed-on: https://gerrit.libreoffice.org/77931
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
and fix the fallout
Change-Id: I15bc5d626f4d157cbc69a87392078b41e621d14e
Reviewed-on: https://gerrit.libreoffice.org/54882
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
|
|
No need to derive password-based key, simply skip rtl_digest_PBKDF2
for the gpg4libre case.
Also pass down PBKDF2 iteration count from ZipPackage, which knows
about GPG encryption, instead of just always setting it in package
stream.
We otherwise needlessly iterate session key also for gpg encrypted
storages.
Change-Id: Ic96b2193f8541bbd109795fb9c0212a0a10c7344
Reviewed-on: https://gerrit.libreoffice.org/47783
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
|
|
Change-Id: I20d4965cc467df56536ca03b773b3f0f61b1f2a3
|
|
... when importing ODF documents.
In CreatePackageEncryptionData(), add a 3rd SHA1 password hash,
PackageSHA1CorrectEncryptionKey, to EncryptionData.
Use it in ZipPackageStream::getDataStream(), which has 3 fall-backs
for SHA1 bugs now.
Also add a CorrectSHA1DigestContext, to be used together with
PackageSHA1CorrectEncryptionKey, and rename the existing one to
StarOfficeSHA1DigestContext, to be used together with the existing
2 PackageSHA1{UTF8,MS1252}EncryptionKey.
The fallback won't be used very often anyway: for the password SHA1
to be wrong, you need a password between 52 and 55 bytes long,
and for the SHA1/1K checksum to be wrong, you need a file
smaller than 1K with compressed size mod 64 between 52 and 55;
all XML files have enough random "chaff" added to be too large.
Test that we can read both correct SHA1 and StarOffice SHA1.
Change-Id: I988fa489b5e40c7657f404f18538f637d54d28f1
|
|
first, since those are safer to change than virtual methods
Change-Id: Ie3b624019d75ee2b793cee33b3c5f64e994e8bfe
Reviewed-on: https://gerrit.libreoffice.org/45798
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: I64200b2d03d579c5c83d1ec0cc8aaa839edaa7ed
|
|
Change-Id: Ib92aba17c46a4ada75c2a0630f281759d995f32e
Reviewed-on: https://gerrit.libreoffice.org/40843
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
ZipPackageStream::saveChild seeks and reads on the same
stream, so it cannot be done parallely. Also, read on
BufferedStream tries to aquire the same mutes, which is
already aquired by the calling method resulting in
deadlock. Using UnbufferedStream here should solve both.
Change-Id: I25b7ca2ff3c31125cf107fe404f9af66435bec7d
Reviewed-on: https://gerrit.libreoffice.org/40160
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
|
|
Change-Id: I78386422f90f860647c844666548cd63e630b9a7
Reviewed-on: https://gerrit.libreoffice.org/40125
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
and merge the two existing implementations of the idea - SotMutexHolder
from package and RefCountedMutex from connectivity
Change-Id: I87f09f359ac798cf934381a2c75225dab71dd43e
Reviewed-on: https://gerrit.libreoffice.org/38972
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
...(for now, from LIBO_INTERNAL_CODE only). See the mail thread starting at
<https://lists.freedesktop.org/archives/libreoffice/2017-January/076665.html>
"Dynamic Exception Specifications" for details.
Most changes have been done automatically by the rewriting loplugin:dynexcspec
(after enabling the rewriting mode, to be committed shortly). The way it only
removes exception specs from declarations if it also sees a definition, it
identified some dead declarations-w/o-definitions (that have been removed
manually) and some cases where a definition appeared in multiple include files
(which have also been cleaned up manually). There's also been cases of macro
paramters (that were used to abstract over exception specs) that have become
unused now (and been removed).
Furthermore, some code needed to be cleaned up manually
(avmedia/source/quicktime/ and connectivity/source/drivers/kab/), as I had no
configurations available that would actually build that code. Missing @throws
documentation has not been applied in such manual clean-up.
Change-Id: I3408691256c9b0c12bc5332de976743626e13960
Reviewed-on: https://gerrit.libreoffice.org/33574
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
|
|
Change-Id: I5d30cc2483452ba140cdce341677e872bffce6d1
|
|
Change-Id: Ic9827c998f4f78775fdf5c1eaf9d4749d4986102
Reviewed-on: https://gerrit.libreoffice.org/30682
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
Change-Id: Id33d88edc4be00f4238792d885e392cc08e72386
Reviewed-on: https://gerrit.libreoffice.org/30017
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
|
|
The issue of 362d4f0cd4e50111edfae9d30c90602c37ed65a2 "Explicitly mark
overriding destructors as 'virtual'" appears to no longer be a problem with
MSVC 2013.
(The little change in the rewriting code of compilerplugins/clang/override.cxx
was necessary to prevent an endless loop when adding "override" to
OOO_DLLPUBLIC_CHARTTOOLS virtual ~CloseableLifeTimeManager();
in chart2/source/inc/LifeTime.hxx, getting stuck in the leading
OOO_DLLPUBLIC_CHARTTOOLS macro. Can't remember what that
isAtEndOfImmediateMacroExpansion thing was originally necessary for, anyway.)
Change-Id: I534c634504d7216b9bb632c2775c04eaf27e927e
|
|
Change-Id: I4258bcc97273d8bb7a8c4879fac02a427f76e18c
Reviewed-on: https://gerrit.libreoffice.org/27317
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
|
|
Change-Id: I7b7b0e7fea2d1a2b9f6f5501ad5e0b8c1b4a17b9
|
|
Change-Id: I2ea407acd763ef2d7dae2d3b8f32525523ac8274
|
|
with the variadic variants.
Change-Id: If88e1d741075e86997c91dc2c59eeebe45f67c1f
Reviewed-on: https://gerrit.libreoffice.org/17980
Reviewed-by: Noel Grandin <noelgrandin@gmail.com>
Tested-by: Noel Grandin <noelgrandin@gmail.com>
|
|
ie.
void f(void);
becomes
void f();
I used the following command to make the changes:
git grep -lP '\(\s*void\s*\)' -- *.cxx \
| xargs perl -pi -w -e 's/(\w+)\s*\(\s*void\s*\)/$1\(\)/g;'
and ran it for both .cxx and .hxx files.
Change-Id: I314a1b56e9c14d10726e32841736b0ad5eef8ddd
|
|
Change-Id: I66cbbfb2aa6abc6c8ebe34d9ea69855436c23edd
|
|
For that:
1, create ZipPackageStream::successfullyWritten to be called after
the content is written
2, Do not take mutex when reading from WrapStreamForShare - threads should
be using different streams anyway, but there is only one common mutex. :-/
Change-Id: I90303e49206b19454dd4141e24cc8be29c433045
|
|
Change-Id: Id43ec2e7ddb1035d3306170523764bb9a74c03b8
|
|
..and adapt what needs to be changed.
So that, we can kill at least some usages of horrible ContentInfo struct.
Change-Id: I32d41f3b8ce2dfb65f0d1df18a540a3f67dcab6d
|
|
Change-Id: I02a1c3189c6b52f4f539b0eaa8878985cae8b321
|
|
Change-Id: Ic8d2963536b793f0a229901d9e13d8e54842d9b9
|
|
Change-Id: I3ec05ae695428f92b7424295b6f2d3e833c6b162
|
|
Change-Id: I05dd5070d0618ef7539b26c7edcaf01b0a84732c
|
|
Change-Id: Ia66d825baad3315c34bd579dc804f607bc6be30b
|
|
...mostly done with a rewriting Clang plugin, with just some manual tweaking
necessary to fix poor macro usage.
Change-Id: I71fa20213e86be10de332ece0aa273239df7b61a
|
|
Change-Id: I564ec761b7a7b3488682acfb3aff56beb3f68213
|
|
Change-Id: I56e32131b7991ee9948ce46765632eb823d463b3
|
|
Modules sal, salhelper, cppu, cppuhelper, codemaker (selectively) and odk
have kept them, in order not to break external API (the automatic using declaration
is LO-internal).
Change-Id: I588fc9e0c45b914f824f91c0376980621d730f09
|
|
Change-Id: I1b322e57d27e16d177ffa87d3cd42a7d06f3dfab
|
|
Prepare for a ZIP64 implementation.
Audit all "Size" property fetches through Anys.
Audit all uses of nSize, nCompressedSize, nOffset through the code.
Add FIXME64: comments to all points requiring future work.
|
|
|
|
|
|
Conflicts:
extensions/source/svg/svgaction.cxx
extensions/source/svg/svgaction.hxx
extensions/source/svg/svgcom.hxx
extensions/source/svg/svgprinter.cxx
extensions/source/svg/svgprinter.hxx
extensions/source/svg/svguno.cxx
extensions/source/svg/svgwriter.cxx
extensions/source/svg/svgwriter.hxx
javainstaller2/src/JavaSetup/org/openoffice/setup/Controller/InstallationOngoingCtrl.java
javainstaller2/src/JavaSetup/org/openoffice/setup/InstallData.java
javainstaller2/src/JavaSetup/org/openoffice/setup/Installer/LinuxInstaller.java
package/inc/ZipFile.hxx
package/inc/ZipOutputStream.hxx
package/inc/ZipPackage.hxx
package/inc/ZipPackageStream.hxx
package/source/manifest/ManifestExport.cxx
package/source/manifest/ManifestImport.cxx
package/source/manifest/UnoRegister.cxx
package/source/xstor/owriteablestream.cxx
package/source/xstor/xstorage.cxx
package/source/xstor/xstorage.hxx
package/source/zipapi/EntryInputStream.cxx
package/source/zipapi/EntryInputStream.hxx
package/source/zipapi/XFileStream.cxx
package/source/zipapi/XFileStream.hxx
package/source/zipapi/XMemoryStream.cxx
package/source/zipapi/XUnbufferedStream.cxx
package/source/zipapi/XUnbufferedStream.hxx
package/source/zipapi/ZipFile.cxx
package/source/zipapi/ZipOutputStream.cxx
package/source/zipapi/sha1context.hxx
package/source/zippackage/ZipPackage.cxx
package/source/zippackage/ZipPackageFolder.cxx
package/source/zippackage/ZipPackageStream.cxx
setup_native/source/win32/customactions/shellextensions/registerextensions.cxx
wizards/com/sun/star/wizards/letter/LetterWizardDialogImpl.java
xmlsecurity/prj/build.lst
xmlsecurity/source/helper/xmlsignaturehelper.cxx
xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx
xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx
|
