From 0df85fe6a19d90d73397f8006c62d61e96976817 Mon Sep 17 00:00:00 2001

From: Stephan Bergmann <sbergman@redhat.com>

Date: Thu, 23 Aug 2018 16:55:40 +0200

Subject: [PATCH 2/5] Related rhbz#1618703: Properly handle failure encoding

 zip file

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

...when e.g. FIPS mode makes ZipFile::StaticGetCipher fail by throwing an

exception which would be caught by ZipPackageStream::saveChild (in

package/source/zippackage/ZipPackageStream.cxx) alright (and translated into

bSuccess = false), if ZipFile::StaticGetCipher didn't unhelpfully swallow and

ignore all exceptions in an outer try-catch.

Change-Id: I14376128515df1dd4bdac921edd8ab94cc9b7617

Reviewed-on: https://gerrit.libreoffice.org/59514

Tested-by: Jenkins

Reviewed-by: Stephan Bergmann <sbergman@redhat.com>

(cherry picked from commit 3cc6d3611ac8cbbfb9803f3a084d02edde470ad3)

Reviewed-on: https://gerrit.libreoffice.org/59569

Reviewed-by: Caolán McNamara <caolanm@redhat.com>

Tested-by: Caolán McNamara <caolanm@redhat.com>

(cherry picked from commit 2b5ff36afab8888cdbc879ae2f34903ede190c04)

---

 package/source/zipapi/ZipFile.cxx | 75 ++++++++++++++-----------------

 1 file changed, 34 insertions(+), 41 deletions(-)

diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx

index 1ef81bf582a5..8126ebba305b 100644

--- a/package/source/zipapi/ZipFile.cxx

+++ b/package/source/zipapi/ZipFile.cxx

@@ -162,54 +162,47 @@ uno::Reference< xml::crypto::XCipherContext > ZipFile::StaticGetCipher( const un

 {

     uno::Reference< xml::crypto::XCipherContext > xResult;

-    try

+    if (xEncryptionData->m_nDerivedKeySize < 0)

     {

-        if (xEncryptionData->m_nDerivedKeySize < 0)

-        {

-            throw ZipIOException("Invalid derived key length!" );

-        }

+        throw ZipIOException("Invalid derived key length!" );

+    }

-        uno::Sequence< sal_Int8 > aDerivedKey( xEncryptionData->m_nDerivedKeySize );

-        if ( !xEncryptionData->m_nIterationCount &&

-             xEncryptionData->m_nDerivedKeySize == xEncryptionData->m_aKey.getLength() )

-        {

-            // gpg4libre: no need to derive key, m_aKey is already

-            // usable as symmetric session key

-            aDerivedKey = xEncryptionData->m_aKey;

-        }

-        else if ( rtl_Digest_E_None != rtl_digest_PBKDF2( reinterpret_cast< sal_uInt8* >( aDerivedKey.getArray() ),

-                            aDerivedKey.getLength(),

-                            reinterpret_cast< const sal_uInt8 * > (xEncryptionData->m_aKey.getConstArray() ),

-                            xEncryptionData->m_aKey.getLength(),

-                            reinterpret_cast< const sal_uInt8 * > ( xEncryptionData->m_aSalt.getConstArray() ),

-                            xEncryptionData->m_aSalt.getLength(),

-                            xEncryptionData->m_nIterationCount ) )

-        {

-            throw ZipIOException("Can not create derived key!" );

-        }

+    uno::Sequence< sal_Int8 > aDerivedKey( xEncryptionData->m_nDerivedKeySize );

+    if ( !xEncryptionData->m_nIterationCount &&

+         xEncryptionData->m_nDerivedKeySize == xEncryptionData->m_aKey.getLength() )

+    {

+        // gpg4libre: no need to derive key, m_aKey is already

+        // usable as symmetric session key

+        aDerivedKey = xEncryptionData->m_aKey;

+    }

+    else if ( rtl_Digest_E_None != rtl_digest_PBKDF2( reinterpret_cast< sal_uInt8* >( aDerivedKey.getArray() ),

+                        aDerivedKey.getLength(),

+                        reinterpret_cast< const sal_uInt8 * > (xEncryptionData->m_aKey.getConstArray() ),

+                        xEncryptionData->m_aKey.getLength(),

+                        reinterpret_cast< const sal_uInt8 * > ( xEncryptionData->m_aSalt.getConstArray() ),

+                        xEncryptionData->m_aSalt.getLength(),

+                        xEncryptionData->m_nIterationCount ) )

+    {

+        throw ZipIOException("Can not create derived key!" );

+    }

-        if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::AES_CBC_W3C_PADDING )

-        {

-            uno::Reference< uno::XComponentContext > xContext = xArgContext;

-            if ( !xContext.is() )

-                xContext = comphelper::getProcessComponentContext();

+    if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::AES_CBC_W3C_PADDING )

+    {

+        uno::Reference< uno::XComponentContext > xContext = xArgContext;

+        if ( !xContext.is() )

+            xContext = comphelper::getProcessComponentContext();

-            uno::Reference< xml::crypto::XNSSInitializer > xCipherContextSupplier = xml::crypto::NSSInitializer::create( xContext );

+        uno::Reference< xml::crypto::XNSSInitializer > xCipherContextSupplier = xml::crypto::NSSInitializer::create( xContext );

-            xResult = xCipherContextSupplier->getCipherContext( xEncryptionData->m_nEncAlg, aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt, uno::Sequence< beans::NamedValue >() );

-        }

-        else if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::BLOWFISH_CFB_8 )

-        {

-            xResult = BlowfishCFB8CipherContext::Create( aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt );

-        }

-        else

-        {

-            throw ZipIOException("Unknown cipher algorithm is requested!" );

-        }

+        xResult = xCipherContextSupplier->getCipherContext( xEncryptionData->m_nEncAlg, aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt, uno::Sequence< beans::NamedValue >() );

     }

-    catch( ... )

+    else if ( xEncryptionData->m_nEncAlg == xml::crypto::CipherID::BLOWFISH_CFB_8 )

+    {

+        xResult = BlowfishCFB8CipherContext::Create( aDerivedKey, xEncryptionData->m_aInitVector, bEncrypt );

+    }

+    else

     {

-        OSL_ENSURE( false, "Can not create cipher context!" );

+        throw ZipIOException("Unknown cipher algorithm is requested!" );

     }

     return xResult;

-- 

2.17.1