diff options
| author | Caolán McNamara <caolan.mcnamara@collabora.com> | 2024-05-03 16:33:11 +0100 |
|---|---|---|
| committer | Caolán McNamara <caolan.mcnamara@collabora.com> | 2024-05-08 11:29:54 +0200 |
| commit | e5aa87aeeb66a8f8068b41275d23c491f2dbd0f2 (patch) | |
| tree | d3ac3b25fdbfec19e77599fd860016f661f9f5fb /package | |
| parent | 1eaae3966db362b5094feee4ac9a462ee9993d90 (diff) | |
drop requirement for rtl_random_getBytes to have "Pool" arg
Seeing as since:
commit e9531b792ddf0cfc2db11713b574c5fc7ae09e2c
Date: Tue Feb 6 14:39:47 2024 +0100
sal: rtlRandomPool: require OS random device, abort if not present
Both rtl_random_createPool() and rtl_random_getBytes() first try to get
random data from the OS, via /dev/urandom or rand_s() (documented to
call RtlGenRandom(), see [1]).
we don't use the initial arg to rtl_random_getBytes anymore, drop the
requirement to have one. Then simplify our usages of that, and
addtionally deprecate rtl_random_createPool and rtl_random_destroyPool.
Change-Id: I13dcc067714a8a741a4e8f2bfcf2006373f832c4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167067
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Diffstat (limited to 'package')
| -rw-r--r-- | package/inc/ZipPackageEntry.hxx | 4 | ||||
| -rw-r--r-- | package/inc/ZipPackageFolder.hxx | 6 | ||||
| -rw-r--r-- | package/inc/ZipPackageStream.hxx | 3 | ||||
| -rw-r--r-- | package/source/zippackage/ZipPackage.cxx | 28 | ||||
| -rw-r--r-- | package/source/zippackage/ZipPackageFolder.cxx | 14 | ||||
| -rw-r--r-- | package/source/zippackage/ZipPackageStream.cxx | 7 |
6 files changed, 14 insertions, 48 deletions
diff --git a/package/inc/ZipPackageEntry.hxx b/package/inc/ZipPackageEntry.hxx index f25cdc19bdc9..412b0d5f37f2 100644 --- a/package/inc/ZipPackageEntry.hxx +++ b/package/inc/ZipPackageEntry.hxx @@ -32,7 +32,6 @@ #include <optional> #include <tuple> -typedef void* rtlRandomPool; class ZipOutputStream; class ZipPackageFolder; @@ -69,8 +68,7 @@ public: ZipOutputStream & rZipOut, const css::uno::Sequence < sal_Int8 >& rEncryptionKey, ::std::optional<sal_Int32> oPBKDF2IterationCount, - ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> oArgon2Args, - const rtlRandomPool &rRandomPool ) = 0; + ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> oArgon2Args) = 0; void clearParent() { diff --git a/package/inc/ZipPackageFolder.hxx b/package/inc/ZipPackageFolder.hxx index 2b1b98191302..7598c25c304d 100644 --- a/package/inc/ZipPackageFolder.hxx +++ b/package/inc/ZipPackageFolder.hxx @@ -99,8 +99,7 @@ public: ZipOutputStream & rZipOut, const css::uno::Sequence < sal_Int8 >& rEncryptionKey, ::std::optional<sal_Int32> oPBKDF2IterationCount, - ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> oArgon2Args, - const rtlRandomPool &rRandomPool ) override; + ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> oArgon2Args) override; // Recursive functions /// @throws css::uno::RuntimeException @@ -110,8 +109,7 @@ public: ZipOutputStream & rZipOut, const css::uno::Sequence< sal_Int8 > &rEncryptionKey, ::std::optional<sal_Int32> oPBKDF2IterationCount, - ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> oArgon2Args, - const rtlRandomPool & rRandomPool) const; + ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> oArgon2Args) const; // XNameContainer virtual void SAL_CALL insertByName( const OUString& aName, const css::uno::Any& aElement ) override; diff --git a/package/inc/ZipPackageStream.hxx b/package/inc/ZipPackageStream.hxx index 0cb52e88c892..a6f874b0d4d7 100644 --- a/package/inc/ZipPackageStream.hxx +++ b/package/inc/ZipPackageStream.hxx @@ -139,8 +139,7 @@ public: ZipOutputStream & rZipOut, const css::uno::Sequence < sal_Int8 >& rEncryptionKey, ::std::optional<sal_Int32> oPBKDF2IterationCount, - ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> oArgon2Args, - const rtlRandomPool &rRandomPool ) override; + ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> oArgon2Args) override; void setZipEntryOnLoading( const ZipEntry &rInEntry); void successfullyWritten( ZipEntry const *pEntry ); diff --git a/package/source/zippackage/ZipPackage.cxx b/package/source/zippackage/ZipPackage.cxx index 27770c2288d8..c2ccd2762af0 100644 --- a/package/source/zippackage/ZipPackage.cxx +++ b/package/source/zippackage/ZipPackage.cxx @@ -1216,28 +1216,6 @@ void ZipPackage::ConnectTo( const uno::Reference< io::XInputStream >& xInStream m_pZipFile.emplace(m_aMutexHolder, m_xContentStream, m_xContext, false); } -namespace -{ - class RandomPool - { - private: - rtlRandomPool m_aRandomPool; - public: - RandomPool() : m_aRandomPool(rtl_random_createPool ()) - { - } - rtlRandomPool get() - { - return m_aRandomPool; - } - ~RandomPool() - { - // Clean up random pool memory - rtl_random_destroyPool(m_aRandomPool); - } - }; -} - uno::Reference< io::XInputStream > ZipPackage::writeTempFile() { // In case the target local file does not exist or empty @@ -1349,10 +1327,6 @@ uno::Reference< io::XInputStream > ZipPackage::writeTempFile() } { - // This will be used to generate random salt and initialisation vectors - // for encrypted streams - RandomPool aRandomPool; - ::std::optional<sal_Int32> oPBKDF2IterationCount; ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> oArgon2Args; @@ -1371,7 +1345,7 @@ uno::Reference< io::XInputStream > ZipPackage::writeTempFile() // call saveContents - it will recursively save sub-directories m_xRootFolder->saveContents(u""_ustr, aManList, aZipOut, GetEncryptionKey(), - oPBKDF2IterationCount, oArgon2Args, aRandomPool.get()); + oPBKDF2IterationCount, oArgon2Args); } if( m_nFormat == embed::StorageFormats::PACKAGE ) diff --git a/package/source/zippackage/ZipPackageFolder.cxx b/package/source/zippackage/ZipPackageFolder.cxx index 86cafeab55ba..b819874a3f3f 100644 --- a/package/source/zippackage/ZipPackageFolder.cxx +++ b/package/source/zippackage/ZipPackageFolder.cxx @@ -232,8 +232,7 @@ bool ZipPackageFolder::saveChild( ZipOutputStream & rZipOut, const uno::Sequence < sal_Int8 >& rEncryptionKey, ::std::optional<sal_Int32> const oPBKDF2IterationCount, - ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> const oArgon2Args, - const rtlRandomPool &rRandomPool) + ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> const oArgon2Args) { uno::Sequence < PropertyValue > aPropSet (PKG_SIZE_NOENCR_MNFST); OUString sTempName = rPath + "/"; @@ -251,7 +250,7 @@ bool ZipPackageFolder::saveChild( else aPropSet.realloc( 0 ); - saveContents(sTempName, rManList, rZipOut, rEncryptionKey, oPBKDF2IterationCount, oArgon2Args, rRandomPool); + saveContents(sTempName, rManList, rZipOut, rEncryptionKey, oPBKDF2IterationCount, oArgon2Args); // folder can have a mediatype only in package format if ( aPropSet.hasElements() && ( m_nFormat == embed::StorageFormats::PACKAGE ) ) @@ -266,8 +265,7 @@ void ZipPackageFolder::saveContents( ZipOutputStream & rZipOut, const uno::Sequence < sal_Int8 >& rEncryptionKey, ::std::optional<sal_Int32> const oPBKDF2IterationCount, - ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> const oArgon2Args, - const rtlRandomPool &rRandomPool ) const + ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> const oArgon2Args) const { if ( maContents.empty() && !rPath.isEmpty() && m_nFormat != embed::StorageFormats::OFOPXML ) { @@ -303,7 +301,7 @@ void ZipPackageFolder::saveContents( { bMimeTypeStreamStored = true; if (!aIter->second.pStream->saveChild(rPath + aIter->first, rManList, rZipOut, - rEncryptionKey, oPBKDF2IterationCount, oArgon2Args, rRandomPool)) + rEncryptionKey, oPBKDF2IterationCount, oArgon2Args)) { throw uno::RuntimeException( THROW_WHERE ); } @@ -317,7 +315,7 @@ void ZipPackageFolder::saveContents( if (rInfo.bFolder) { if (!rInfo.pFolder->saveChild(rPath + rShortName, rManList, rZipOut, - rEncryptionKey, oPBKDF2IterationCount, oArgon2Args, rRandomPool)) + rEncryptionKey, oPBKDF2IterationCount, oArgon2Args)) { throw uno::RuntimeException( THROW_WHERE ); } @@ -325,7 +323,7 @@ void ZipPackageFolder::saveContents( else { if (!rInfo.pStream->saveChild(rPath + rShortName, rManList, rZipOut, - rEncryptionKey, oPBKDF2IterationCount, oArgon2Args, rRandomPool)) + rEncryptionKey, oPBKDF2IterationCount, oArgon2Args)) { throw uno::RuntimeException( THROW_WHERE ); } diff --git a/package/source/zippackage/ZipPackageStream.cxx b/package/source/zippackage/ZipPackageStream.cxx index 59ec5a77b291..d8d71b1ffe8f 100644 --- a/package/source/zippackage/ZipPackageStream.cxx +++ b/package/source/zippackage/ZipPackageStream.cxx @@ -452,8 +452,7 @@ bool ZipPackageStream::saveChild( ZipOutputStream & rZipOut, const uno::Sequence < sal_Int8 >& rEncryptionKey, ::std::optional<sal_Int32> const oPBKDF2IterationCount, - ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> const oArgon2Args, - const rtlRandomPool &rRandomPool) + ::std::optional<::std::tuple<sal_Int32, sal_Int32, sal_Int32>> const oArgon2Args) { bool bSuccess = true; @@ -592,11 +591,11 @@ bool ZipPackageStream::saveChild( uno::Sequence<sal_Int8> aSalt(16); // note: for GCM it's particularly important that IV is unique uno::Sequence<sal_Int8> aVector(GetIVSize()); - if (rtl_random_getBytes(rRandomPool, aSalt.getArray(), 16) != rtl_Random_E_None) + if (rtl_random_getBytes(nullptr, aSalt.getArray(), 16) != rtl_Random_E_None) { throw uno::RuntimeException(u"rtl_random_getBytes failed"_ustr); } - if (rtl_random_getBytes(rRandomPool, aVector.getArray(), aVector.getLength()) != rtl_Random_E_None) + if (rtl_random_getBytes(nullptr, aVector.getArray(), aVector.getLength()) != rtl_Random_E_None) { throw uno::RuntimeException(u"rtl_random_getBytes failed"_ustr); } |