tdf#159519 comphelper,package: do not store document without SHA256

The problem is that on Windows 7 the password-encrypted documents are
stored unencrypted, without any error message.

This is due to defensive programming in
OStorageHelper::CreatePackageEncryptionData(), which happily continues
if creating the SHA256 hash fails, which is the one required for storing
anything newer than ODF 1.1.

Also, the poorly named ZipPackage::GetEncryptionKey() should check for
consistency, the expectation is that either there's no encryption key
(empty sequence), or the expected one is in the sequence.

Creating the SHA256 uses the crypto::NSSInitializer component, which is
in xsec_xmlsec.dll, which is linked to libxmlsec-mscng.dll, which is
linked to Win32 bcrypt.dll, which doesn't have BCryptKeyDerivation on
Windows 7; to reproduce elsewhere, rm instdir/program/libxsec_xmlsec.so

(regression from commit 26bf26272bf525b59b4a4ce18b3ce14c1febfd7b
and (due to revert) commit bfd479abf0d1d8ce36c3b0dcc6c824216f88a95b)

Change-Id: I0b22e20f6d4d0b1a12ed7d99fac7b5243910f9ba
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163708
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>

1 files changed, 5 insertions, 0 deletions

diff --git a/package/source/zippackage/ZipPackage.cxx b/package/source/zippackage/ZipPackage.cxx
index 8c09bfefcbb6..32b506953422 100644
--- a/package/source/zippackage/ZipPackage.cxx
+++ b/package/source/zippackage/ZipPackage.cxx
@@ -1728,6 +1728,11 @@ uno::Sequence< sal_Int8 > ZipPackage::GetEncryptionKey()
         for (const auto& rKey : m_aStorageEncryptionKeys)
             if ( rKey.Name == aNameToFind )
                 rKey.Value >>= aResult;
+
+        if (!aResult.hasElements() && m_aStorageEncryptionKeys.hasElements())
+        {   // tdf#159519 sanity check
+            throw uno::RuntimeException(THROW_WHERE "Expected key is missing!");
+        }
     }
     else
         aResult = m_aEncryptionKey;