Blame SOURCES/0003-CVE-2022-26306-add-Initialization-Vectors-to-passwor.patch

35e961
From a3046cfa58bdfa2a1b9ea6287a021230830f056f Mon Sep 17 00:00:00 2001
35e961
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
35e961
Date: Tue, 22 Mar 2022 17:22:22 +0000
35e961
Subject: [PATCH] add Initialization Vectors to password storage
35e961
35e961
old ones default to the current all zero case and continue to work
35e961
as before
35e961
35e961
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131974
35e961
Tested-by: Jenkins
35e961
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
35e961
(cherry picked from commit 192fa1e3bfc6269f2ebb91716471485a56074aea)
35e961
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132306
35e961
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
35e961
(cherry picked from commit ab77587ec300f5c30084471000663c46ddf25dad)
35e961
35e961
Change-Id: I6fe3b02fafcce1b5e7133e77e76a5118177d77af
35e961
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133907
35e961
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
35e961
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
35e961
---
35e961
 .../schema/org/openoffice/Office/Common.xcs   |  10 ++
35e961
 .../passwordcontainer/passwordcontainer.cxx   | 127 ++++++++++++------
35e961
 .../passwordcontainer/passwordcontainer.hxx   |  63 +++++++--
35e961
 3 files changed, 151 insertions(+), 49 deletions(-)
35e961
35e961
diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
35e961
index b033b29b60d7..e57d26ab3366 100644
35e961
--- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
35e961
+++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
35e961
@@ -27,6 +27,11 @@
35e961
       <info>
35e961
         <desc>Contains a container for passwords.</desc>
35e961
       </info>
35e961
+      <prop oor:name="InitializationVector" oor:type="xs:string">
35e961
+        <info>
35e961
+          <desc>Contains an initialization vector for the password encryption.</desc>
35e961
+        </info>
35e961
+      </prop>
35e961
       <prop oor:name="Password" oor:type="xs:string" oor:localized="false">
35e961
         <info>
35e961
           <desc>Contains a password encoded with the master password.</desc>
35e961
@@ -923,6 +928,11 @@
35e961
         </info>
35e961
         <value>false</value>
35e961
       </prop>
35e961
+      <prop oor:name="MasterInitializationVector" oor:type="xs:string">
35e961
+        <info>
35e961
+          <desc>Contains an initialization vector for the master password encryption.</desc>
35e961
+        </info>
35e961
+      </prop>
35e961
       <prop oor:name="Master" oor:type="xs:string" oor:nillable="false">
35e961
         <info>
35e961
           <desc>Contains the master password encrypted by itself.</desc>
35e961
diff --git a/svl/source/passwordcontainer/passwordcontainer.cxx b/svl/source/passwordcontainer/passwordcontainer.cxx
35e961
index ff0b40df4016..380188ef495c 100644
35e961
--- a/svl/source/passwordcontainer/passwordcontainer.cxx
35e961
+++ b/svl/source/passwordcontainer/passwordcontainer.cxx
35e961
@@ -184,15 +184,18 @@ PassMap StorageItem::getInfo()
35e961
 
35e961
     Sequence< OUString > aNodeNames     = ConfigItem::GetNodeNames( "Store" );
35e961
     sal_Int32 aNodeCount = aNodeNames.getLength();
35e961
-    Sequence< OUString > aPropNames( aNodeCount );
35e961
+    Sequence< OUString > aPropNames( aNodeCount * 2);
35e961
 
35e961
     std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.begin(),
35e961
         [](const OUString& rName) -> OUString {
35e961
             return "Store/Passwordstorage['" + rName + "']/Password"; });
35e961
+    std::transform(aNodeNames.begin(), aNodeNames.end(), aPropNames.getArray() + aNodeCount,
35e961
+        [](const OUString& rName) -> OUString {
35e961
+            return "Store/Passwordstorage['" + rName + "']/InitializationVector"; });
35e961
 
35e961
     Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aPropNames );
35e961
 
35e961
-    if( aPropertyValues.getLength() != aNodeCount )
35e961
+    if( aPropertyValues.getLength() != aNodeCount * 2)
35e961
     {
35e961
         OSL_FAIL( "Problems during reading" );
35e961
         return aResult;
35e961
@@ -208,14 +211,16 @@ PassMap StorageItem::getInfo()
35e961
             OUString aName = aUrlUsr[1];
35e961
 
35e961
             OUString aEPasswd;
35e961
+            OUString aIV;
35e961
             aPropertyValues[aNodeInd] >>= aEPasswd;
35e961
+            aPropertyValues[aNodeInd + aNodeCount] >>= aIV;
35e961
 
35e961
             PassMap::iterator aIter = aResult.find( aUrl );
35e961
             if( aIter != aResult.end() )
35e961
-                aIter->second.emplace_back( aName, aEPasswd );
35e961
+                aIter->second.emplace_back( aName, aEPasswd, aIV );
35e961
             else
35e961
             {
35e961
-                NamePassRecord aNewRecord( aName, aEPasswd );
35e961
+                NamePassRecord aNewRecord( aName, aEPasswd, aIV );
35e961
                 std::vector< NamePassRecord > listToAdd( 1, aNewRecord );
35e961
 
35e961
                 aResult.insert( PairUrlRecord( aUrl, listToAdd ) );
35e961
@@ -279,17 +284,19 @@ sal_Int32 StorageItem::getStorageVersion()
35e961
     return nResult;
35e961
 }
35e961
 
35e961
-bool StorageItem::getEncodedMP( OUString& aResult )
35e961
+bool StorageItem::getEncodedMP( OUString& aResult, OUString& aResultIV )
35e961
 {
35e961
     if( hasEncoded )
35e961
     {
35e961
         aResult = mEncoded;
35e961
+        aResultIV = mEncodedIV;
35e961
         return true;
35e961
     }
35e961
 
35e961
-    Sequence< OUString > aNodeNames( 2 );
35e961
+    Sequence< OUString > aNodeNames( 3 );
35e961
     aNodeNames[0] = "HasMaster";
35e961
     aNodeNames[1] = "Master";
35e961
+    aNodeNames[2] = "MasterInitializationVector";
35e961
 
35e961
     Sequence< Any > aPropertyValues = ConfigItem::GetProperties( aNodeNames );
35e961
 
35e961
@@ -301,32 +308,37 @@ bool StorageItem::getEncodedMP( OUString& aResult )
35e961
 
35e961
     aPropertyValues[0] >>= hasEncoded;
35e961
     aPropertyValues[1] >>= mEncoded;
35e961
+    aPropertyValues[2] >>= mEncodedIV;
35e961
 
35e961
     aResult = mEncoded;
35e961
+    aResultIV = mEncodedIV;
35e961
 
35e961
     return hasEncoded;
35e961
 }
35e961
 
35e961
 
35e961
-void StorageItem::setEncodedMP( const OUString& aEncoded, bool bAcceptEmpty )
35e961
+void StorageItem::setEncodedMP( const OUString& aEncoded, const OUString& aEncodedIV, bool bAcceptEmpty )
35e961
 {
35e961
-    Sequence< OUString > sendNames(3);
35e961
-    Sequence< uno::Any > sendVals(3);
35e961
+    Sequence< OUString > sendNames(4);
35e961
+    Sequence< uno::Any > sendVals(4);
35e961
 
35e961
     sendNames[0] = "HasMaster";
35e961
     sendNames[1] = "Master";
35e961
-    sendNames[2] = "StorageVersion";
35e961
+    sendNames[2] = "MasterInitializationVector";
35e961
+    sendNames[3] = "StorageVersion";
35e961
 
35e961
     bool bHasMaster = ( !aEncoded.isEmpty() || bAcceptEmpty );
35e961
     sendVals[0] <<= bHasMaster;
35e961
     sendVals[1] <<= aEncoded;
35e961
-    sendVals[2] <<= nCurrentStorageVersion;
35e961
+    sendVals[2] <<= aEncodedIV;
35e961
+    sendVals[3] <<= nCurrentStorageVersion;
35e961
 
35e961
     ConfigItem::SetModified();
35e961
     ConfigItem::PutProperties( sendNames, sendVals );
35e961
 
35e961
     hasEncoded = bHasMaster;
35e961
     mEncoded = aEncoded;
35e961
+    mEncodedIV = aEncodedIV;
35e961
 }
35e961
 
35e961
 
35e961
@@ -362,11 +374,13 @@ void StorageItem::update( const OUString& aURL, const NamePassRecord& aRecord )
35e961
     forIndex.push_back( aURL );
35e961
     forIndex.push_back( aRecord.GetUserName() );
35e961
 
35e961
-    Sequence< beans::PropertyValue > sendSeq(1);
35e961
+    Sequence< beans::PropertyValue > sendSeq(2);
35e961
 
35e961
-    sendSeq[0].Name  = "Store/Passwordstorage['" + createIndex( forIndex ) + "']/Password";
35e961
+    sendSeq[0].Name  = "Store/Passwordstorage['" + createIndex( { aURL, aRecord.GetUserName() } ) + "']/InitializationVector";
35e961
+    sendSeq[0].Value <<= aRecord.GetPersistentIV();
35e961
 
35e961
-    sendSeq[0].Value <<= aRecord.GetPersPasswords();
35e961
+    sendSeq[1].Name  = "Store/Passwordstorage['" + createIndex( forIndex ) + "']/Password";
35e961
+    sendSeq[1].Value <<= aRecord.GetPersPasswords();
35e961
 
35e961
     ConfigItem::SetModified();
35e961
     ConfigItem::SetSetProperties( "Store", sendSeq );
35e961
@@ -427,7 +441,7 @@ void SAL_CALL PasswordContainer::disposing( const EventObject& )
35e961
     }
35e961
 }
35e961
 
35e961
-std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLine, const OUString& aMasterPasswd, css::task::PasswordRequestMode mode )
35e961
+std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLine, const OUString& aIV, const OUString& aMasterPasswd, css::task::PasswordRequestMode mode )
35e961
 {
35e961
     if( !aMasterPasswd.isEmpty() )
35e961
     {
35e961
@@ -442,9 +456,16 @@ std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLin
35e961
             for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
35e961
                 code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2 ).toUInt32(16));
35e961
 
35e961
+            unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0};
35e961
+            if (!aIV.isEmpty())
35e961
+            {
35e961
+                for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
35e961
+                    iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2 ).toUInt32(16));
35e961
+            }
35e961
+
35e961
             rtlCipherError result = rtl_cipher_init (
35e961
                     aDecoder, rtl_Cipher_DirectionDecode,
35e961
-                    code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 );
35e961
+                    code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 );
35e961
 
35e961
             if( result == rtl_Cipher_E_None )
35e961
             {
35e961
@@ -477,7 +498,7 @@ std::vector< OUString > PasswordContainer::DecodePasswords( const OUString& aLin
35e961
         "Can't decode!", css::uno::Reference<css::uno::XInterface>(), mode);
35e961
 }
35e961
 
35e961
-OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines, const OUString& aMasterPasswd )
35e961
+OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines, const OUString& aIV, const OUString& aMasterPasswd)
35e961
 {
35e961
     if( !aMasterPasswd.isEmpty() )
35e961
     {
35e961
@@ -494,9 +515,16 @@ OUString PasswordContainer::EncodePasswords(const std::vector< OUString >& lines
35e961
             for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
35e961
                 code[ ind ] = static_cast<char>(aMasterPasswd.copy( ind*2, 2 ).toUInt32(16));
35e961
 
35e961
+            unsigned char iv[RTL_DIGEST_LENGTH_MD5] = {0};
35e961
+            if (!aIV.isEmpty())
35e961
+            {
35e961
+                for( int ind = 0; ind < RTL_DIGEST_LENGTH_MD5; ind++ )
35e961
+                    iv[ ind ] = static_cast<char>(aIV.copy( ind*2, 2 ).toUInt32(16));
35e961
+            }
35e961
+
35e961
             rtlCipherError result = rtl_cipher_init (
35e961
                     aEncoder, rtl_Cipher_DirectionEncode,
35e961
-                    code, RTL_DIGEST_LENGTH_MD5, nullptr, 0 );
35e961
+                    code, RTL_DIGEST_LENGTH_MD5, iv, RTL_DIGEST_LENGTH_MD5 );
35e961
 
35e961
             if( result == rtl_Cipher_E_None )
35e961
             {
35e961
@@ -564,7 +592,7 @@ void PasswordContainer::UpdateVector( const OUString& aURL, std::vector< NamePas
35e961
 
35e961
             if( aRecord.HasPasswords( PERSISTENT_RECORD ) )
35e961
             {
35e961
-                aNPIter.SetPersPasswords( aRecord.GetPersPasswords() );
35e961
+                aNPIter.SetPersPasswords( aRecord.GetPersPasswords(), aRecord.GetPersistentIV() );
35e961
 
35e961
                 if( writeFile )
35e961
                 {
35e961
@@ -597,7 +625,8 @@ UserRecord PasswordContainer::CopyToUserRecord( const NamePassRecord& aRecord, b
35e961
     {
35e961
         try
35e961
         {
35e961
-            ::std::vector< OUString > aDecodedPasswords = DecodePasswords( aRecord.GetPersPasswords(), GetMasterPassword( aHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER );
35e961
+            ::std::vector< OUString > aDecodedPasswords = DecodePasswords( aRecord.GetPersPasswords(), aRecord.GetPersistentIV(),
35e961
+                                                                           GetMasterPassword( aHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER );
35e961
             aPasswords.insert( aPasswords.end(), aDecodedPasswords.begin(), aDecodedPasswords.end() );
35e961
         }
35e961
         catch( NoMasterException& )
35e961
@@ -642,6 +671,19 @@ void SAL_CALL PasswordContainer::addPersistent( const OUString& Url, const OUStr
35e961
     PrivateAdd( Url, UserName, Passwords, PERSISTENT_RECORD, aHandler );
35e961
 }
35e961
 
35e961
+OUString PasswordContainer::createIV()
35e961
+{
35e961
+    rtlRandomPool randomPool = mRandomPool.get();
35e961
+    unsigned char iv[RTL_DIGEST_LENGTH_MD5];
35e961
+    rtl_random_getBytes(randomPool, iv, RTL_DIGEST_LENGTH_MD5);
35e961
+    OUStringBuffer aBuffer;
35e961
+    for (sal_uInt8 i : iv)
35e961
+    {
35e961
+        aBuffer.append(OUString::number(i >> 4, 16));
35e961
+        aBuffer.append(OUString::number(i & 15, 16));
35e961
+    }
35e961
+    return aBuffer.makeStringAndClear();
35e961
+}
35e961
 
35e961
 void PasswordContainer::PrivateAdd( const OUString& Url, const OUString& UserName, const Sequence< OUString >& Passwords, char Mode, const Reference< XInteractionHandler >& aHandler )
35e961
 {
35e961
@@ -649,7 +691,11 @@ void PasswordContainer::PrivateAdd( const OUString& Url, const OUString& UserNam
35e961
     ::std::vector< OUString > aStorePass = comphelper::sequenceToContainer< std::vector<OUString> >( Passwords );
35e961
 
35e961
     if( Mode == PERSISTENT_RECORD )
35e961
-        aRecord.SetPersPasswords( EncodePasswords( aStorePass, GetMasterPassword( aHandler ) ) );
35e961
+    {
35e961
+        OUString sIV = createIV();
35e961
+        OUString sEncodedPasswords = EncodePasswords( aStorePass, sIV, GetMasterPassword( aHandler ) );
35e961
+        aRecord.SetPersPasswords( sEncodedPasswords, sIV );
35e961
+    }
35e961
     else if( Mode == MEMORY_RECORD )
35e961
         aRecord.SetMemPasswords( aStorePass );
35e961
     else
35e961
@@ -842,10 +888,10 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac
35e961
 
35e961
     if( m_aMasterPasswd.isEmpty() && aHandler.is() )
35e961
     {
35e961
-        OUString aEncodedMP;
35e961
+        OUString aEncodedMP, aEncodedMPIV;
35e961
         bool bDefaultPassword = false;
35e961
 
35e961
-        if( !m_pStorageFile->getEncodedMP( aEncodedMP ) )
35e961
+        if( !m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) )
35e961
             aRMode = PasswordRequestMode_PASSWORD_CREATE;
35e961
         else if ( aEncodedMP.isEmpty() )
35e961
         {
35e961
@@ -867,14 +913,15 @@ OUString const & PasswordContainer::GetMasterPassword( const Reference< XInterac
35e961
                         m_aMasterPasswd = aPass;
35e961
                         std::vector< OUString > aMaster( 1, m_aMasterPasswd );
35e961
 
35e961
-                        m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, m_aMasterPasswd ) );
35e961
+                        OUString sIV = createIV();
35e961
+                        m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, sIV, m_aMasterPasswd ), sIV );
35e961
                     }
35e961
                     else
35e961
                     {
35e961
                         if (m_pStorageFile->getStorageVersion() == 0)
35e961
                             aPass = ReencodeAsOldHash(aPass);
35e961
 
35e961
-                        std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aPass, aRMode ) );
35e961
+                        std::vector< OUString > aRM( DecodePasswords( aEncodedMP, aEncodedMPIV, aPass, aRMode ) );
35e961
                         if( aRM.empty() || aPass != aRM[0] )
35e961
                         {
35e961
                             bAskAgain = true;
35e961
@@ -1031,7 +1078,8 @@ Sequence< UrlRecord > SAL_CALL PasswordContainer::getAllPersistent( const Refere
35e961
             {
35e961
                 sal_Int32 oldLen = aUsers.getLength();
35e961
                 aUsers.realloc( oldLen + 1 );
35e961
-                aUsers[ oldLen ] = UserRecord( aNP.GetUserName(), comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(), GetMasterPassword( xHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ) ) );
35e961
+                aUsers[ oldLen ] = UserRecord( aNP.GetUserName(), comphelper::containerToSequence( DecodePasswords( aNP.GetPersPasswords(), aNP.GetPersistentIV(),
35e961
+                                                                                                                    GetMasterPassword( xHandler ), css::task::PasswordRequestMode_PASSWORD_ENTER ) ) );
35e961
             }
35e961
 
35e961
         if( aUsers.hasElements() )
35e961
@@ -1048,12 +1096,12 @@ Sequence< UrlRecord > SAL_CALL PasswordContainer::getAllPersistent( const Refere
35e961
 sal_Bool SAL_CALL PasswordContainer::authorizateWithMasterPassword( const uno::Reference< task::XInteractionHandler >& xHandler )
35e961
 {
35e961
     bool bResult = false;
35e961
-    OUString aEncodedMP;
35e961
+    OUString aEncodedMP, aEncodedMPIV;
35e961
     uno::Reference< task::XInteractionHandler > xTmpHandler = xHandler;
35e961
     ::osl::MutexGuard aGuard( mMutex );
35e961
 
35e961
     // the method should fail if there is no master password
35e961
-    if( m_pStorageFile && m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) )
35e961
+    if( m_pStorageFile && m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) )
35e961
     {
35e961
         if ( aEncodedMP.isEmpty() )
35e961
         {
35e961
@@ -1122,8 +1170,8 @@ sal_Bool SAL_CALL PasswordContainer::changeMasterPassword( const uno::Reference<
35e961
 
35e961
         bool bCanChangePassword = true;
35e961
         // if there is already a stored master password it should be entered by the user before the change happen
35e961
-        OUString aEncodedMP;
35e961
-        if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP( aEncodedMP ) )
35e961
+        OUString aEncodedMP, aEncodedMPIV;
35e961
+        if( !m_aMasterPasswd.isEmpty() || m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) )
35e961
             bCanChangePassword = authorizateWithMasterPassword( xTmpHandler );
35e961
 
35e961
         if ( bCanChangePassword )
35e961
@@ -1142,7 +1190,8 @@ sal_Bool SAL_CALL PasswordContainer::changeMasterPassword( const uno::Reference<
35e961
                 // store the new master password
35e961
                 m_aMasterPasswd = aPass;
35e961
                 std::vector< OUString > aMaster( 1, m_aMasterPasswd );
35e961
-                m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, m_aMasterPasswd ) );
35e961
+                OUString aIV = createIV();
35e961
+                m_pStorageFile->setEncodedMP( EncodePasswords( aMaster, aIV, m_aMasterPasswd ), aIV );
35e961
 
35e961
                 // store all the entries with the new password
35e961
                 for ( const auto& rURL : aPersistent )
35e961
@@ -1167,7 +1216,7 @@ void SAL_CALL PasswordContainer::removeMasterPassword()
35e961
     if ( m_pStorageFile )
35e961
     {
35e961
         m_aMasterPasswd.clear();
35e961
-        m_pStorageFile->setEncodedMP( OUString() ); // let the master password be removed from configuration
35e961
+        m_pStorageFile->setEncodedMP( OUString(), OUString() ); // let the master password be removed from configuration
35e961
     }
35e961
 }
35e961
 
35e961
@@ -1178,8 +1227,8 @@ sal_Bool SAL_CALL PasswordContainer::hasMasterPassword(  )
35e961
     if ( !m_pStorageFile )
35e961
         throw uno::RuntimeException();
35e961
 
35e961
-    OUString aEncodedMP;
35e961
-    return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) );
35e961
+    OUString aEncodedMP, aEncodedMPIV;
35e961
+    return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) );
35e961
 }
35e961
 
35e961
 sal_Bool SAL_CALL PasswordContainer::allowPersistentStoring( sal_Bool bAllow )
35e961
@@ -1226,8 +1275,8 @@ sal_Bool SAL_CALL PasswordContainer::useDefaultMasterPassword( const uno::Refere
35e961
 
35e961
         bool bCanChangePassword = true;
35e961
         // if there is already a stored nondefault master password it should be entered by the user before the change happen
35e961
-        OUString aEncodedMP;
35e961
-        if( m_pStorageFile->getEncodedMP( aEncodedMP ) && !aEncodedMP.isEmpty() )
35e961
+        OUString aEncodedMP, aEncodedMPIV;
35e961
+        if( m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) && !aEncodedMP.isEmpty() )
35e961
             bCanChangePassword = authorizateWithMasterPassword( xTmpHandler );
35e961
 
35e961
         if ( bCanChangePassword )
35e961
@@ -1244,7 +1293,7 @@ sal_Bool SAL_CALL PasswordContainer::useDefaultMasterPassword( const uno::Refere
35e961
 
35e961
                 // store the empty string to flag the default master password
35e961
                 m_aMasterPasswd = aPass;
35e961
-                m_pStorageFile->setEncodedMP( OUString(), true );
35e961
+                m_pStorageFile->setEncodedMP( OUString(), OUString(), true );
35e961
 
35e961
                 // store all the entries with the new password
35e961
                 for ( const auto& rURL : aPersistent )
35e961
@@ -1268,8 +1317,8 @@ sal_Bool SAL_CALL PasswordContainer::isDefaultMasterPasswordUsed()
35e961
     if ( !m_pStorageFile )
35e961
         throw uno::RuntimeException();
35e961
 
35e961
-    OUString aEncodedMP;
35e961
-    return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP ) && aEncodedMP.isEmpty() );
35e961
+    OUString aEncodedMP, aEncodedMPIV;
35e961
+    return ( m_pStorageFile->useStorage() && m_pStorageFile->getEncodedMP( aEncodedMP, aEncodedMPIV ) && aEncodedMP.isEmpty() );
35e961
 }
35e961
 
35e961
 
35e961
diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx b/svl/source/passwordcontainer/passwordcontainer.hxx
35e961
index cf5c717d0c9e..4e3a6629139e 100644
35e961
--- a/svl/source/passwordcontainer/passwordcontainer.hxx
35e961
+++ b/svl/source/passwordcontainer/passwordcontainer.hxx
35e961
@@ -33,6 +33,7 @@
35e961
 #include <unotools/configitem.hxx>
35e961
 #include <ucbhelper/interactionrequest.hxx>
35e961
 
35e961
+#include <rtl/random.h>
35e961
 #include <rtl/ref.hxx>
35e961
 #include <osl/mutex.hxx>
35e961
 
35e961
@@ -51,11 +52,12 @@ class NamePassRecord
35e961
     ::std::vector< OUString >                      m_aMemPass;
35e961
 
35e961
     // persistent passwords are encrypted in one string
35e961
-    bool                                                  m_bHasPersPass;
35e961
+    bool                                           m_bHasPersPass;
35e961
     OUString                                       m_aPersPass;
35e961
+    OUString                                       m_aPersistentIV;
35e961
 
35e961
     void InitArrays( bool bHasMemoryList, const ::std::vector< OUString >& aMemoryList,
35e961
-                     bool bHasPersistentList, const OUString& aPersistentList )
35e961
+                     bool bHasPersistentList, const OUString& aPersistentList, const OUString& aPersistentIV )
35e961
     {
35e961
         m_bHasMemPass = bHasMemoryList;
35e961
         if ( bHasMemoryList )
35e961
@@ -63,7 +65,10 @@ class NamePassRecord
35e961
 
35e961
         m_bHasPersPass = bHasPersistentList;
35e961
         if ( bHasPersistentList )
35e961
+        {
35e961
             m_aPersPass = aPersistentList;
35e961
+            m_aPersistentIV = aPersistentIV;
35e961
+        }
35e961
     }
35e961
 
35e961
 public:
35e961
@@ -75,11 +80,12 @@ public:
35e961
     {
35e961
     }
35e961
 
35e961
-    NamePassRecord( const OUString& aName, const OUString& aPersistentList )
35e961
+    NamePassRecord( const OUString& aName, const OUString& aPersistentList, const OUString& aPersistentIV )
35e961
         : m_aName( aName )
35e961
         , m_bHasMemPass( false )
35e961
         , m_bHasPersPass( true )
35e961
         , m_aPersPass( aPersistentList )
35e961
+        , m_aPersistentIV( aPersistentIV )
35e961
     {
35e961
     }
35e961
 
35e961
@@ -88,7 +94,8 @@ public:
35e961
         , m_bHasMemPass( false )
35e961
         , m_bHasPersPass( false )
35e961
     {
35e961
-        InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, aRecord.m_bHasPersPass, aRecord.m_aPersPass );
35e961
+        InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
35e961
+                    aRecord.m_bHasPersPass, aRecord.m_aPersPass, aRecord.m_aPersistentIV );
35e961
     }
35e961
 
35e961
     NamePassRecord& operator=( const NamePassRecord& aRecord )
35e961
@@ -99,7 +106,9 @@ public:
35e961
 
35e961
             m_aMemPass.clear();
35e961
             m_aPersPass.clear();
35e961
-            InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, aRecord.m_bHasPersPass, aRecord.m_aPersPass );
35e961
+            m_aPersistentIV.clear();
35e961
+            InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
35e961
+                        aRecord.m_bHasPersPass, aRecord.m_aPersPass, aRecord.m_aPersistentIV );
35e961
         }
35e961
         return *this;
35e961
     }
35e961
@@ -135,15 +144,24 @@ public:
35e961
         return OUString();
35e961
     }
35e961
 
35e961
+    OUString GetPersistentIV() const
35e961
+    {
35e961
+        if ( m_bHasPersPass )
35e961
+            return m_aPersistentIV;
35e961
+
35e961
+        return OUString();
35e961
+    }
35e961
+
35e961
     void SetMemPasswords( const ::std::vector< OUString >& aMemList )
35e961
     {
35e961
         m_aMemPass = aMemList;
35e961
         m_bHasMemPass = true;
35e961
     }
35e961
 
35e961
-    void SetPersPasswords( const OUString& aPersList )
35e961
+    void SetPersPasswords( const OUString& aPersList, const OUString& aPersIV )
35e961
     {
35e961
         m_aPersPass = aPersList;
35e961
+        m_aPersistentIV = aPersIV;
35e961
         m_bHasPersPass = true;
35e961
     }
35e961
 
35e961
@@ -158,6 +176,7 @@ public:
35e961
         {
35e961
             m_bHasPersPass = false;
35e961
             m_aPersPass.clear();
35e961
+            m_aPersistentIV.clear();
35e961
         }
35e961
     }
35e961
 
35e961
@@ -181,6 +200,7 @@ private:
35e961
     PasswordContainer*     mainCont;
35e961
     bool                   hasEncoded;
35e961
     OUString        mEncoded;
35e961
+    OUString        mEncodedIV;
35e961
 
35e961
     virtual void            ImplCommit() override;
35e961
 
35e961
@@ -201,8 +221,8 @@ public:
35e961
 
35e961
     sal_Int32 getStorageVersion();
35e961
 
35e961
-    bool getEncodedMP( OUString& aResult );
35e961
-    void setEncodedMP( const OUString& aResult, bool bAcceptEnmpty = false );
35e961
+    bool getEncodedMP( OUString& aResult, OUString& aResultIV );
35e961
+    void setEncodedMP( const OUString& aResult, const OUString& aResultIV, bool bAcceptEmpty = false );
35e961
     void setUseStorage( bool bUse );
35e961
     bool useStorage();
35e961
 
35e961
@@ -223,6 +243,29 @@ private:
35e961
     css::uno::Reference< css::lang::XComponent > mComponent;
35e961
     SysCredentialsConfig mUrlContainer;
35e961
 
35e961
+    class RandomPool
35e961
+    {
35e961
+    private:
35e961
+        rtlRandomPool m_aRandomPool;
35e961
+    public:
35e961
+        RandomPool() : m_aRandomPool(rtl_random_createPool())
35e961
+        {
35e961
+        }
35e961
+        rtlRandomPool get()
35e961
+        {
35e961
+            return m_aRandomPool;
35e961
+        }
35e961
+        ~RandomPool()
35e961
+        {
35e961
+            // Clean up random pool memory
35e961
+            rtl_random_destroyPool(m_aRandomPool);
35e961
+        }
35e961
+    };
35e961
+
35e961
+    RandomPool mRandomPool;
35e961
+
35e961
+    OUString createIV();
35e961
+
35e961
     /// @throws css::uno::RuntimeException
35e961
     css::uno::Sequence< css::task::UserRecord > CopyToUserRecordSequence(
35e961
                                         const ::std::vector< NamePassRecord >& original,
35e961
@@ -273,10 +316,10 @@ css::task::UrlRecord find(
35e961
                               const css::uno::Reference< css::task::XInteractionHandler >& Handler );
35e961
 
35e961
     /// @throws css::uno::RuntimeException
35e961
-    static ::std::vector< OUString > DecodePasswords( const OUString& aLine, const OUString& aMasterPassword, css::task::PasswordRequestMode mode );
35e961
+    static ::std::vector< OUString > DecodePasswords( const OUString& aLine, const OUString& aIV, const OUString& aMasterPassword, css::task::PasswordRequestMode mode );
35e961
 
35e961
     /// @throws css::uno::RuntimeException
35e961
-    static OUString EncodePasswords(const std::vector< OUString >& lines, const OUString& aMasterPassword );
35e961
+    static OUString EncodePasswords(const std::vector< OUString >& lines, const OUString& aIV, const OUString& aMasterPassword );
35e961
 
35e961
 public:
35e961
     PasswordContainer( const css::uno::Reference< css::lang::XMultiServiceFactory >& );
35e961
-- 
35e961
2.37.1
35e961