diff options
author | Michael Stahl <michael.stahl@allotropia.de> | 2023-12-13 18:36:15 +0100 |
---|---|---|
committer | Michael Stahl <michael.stahl@allotropia.de> | 2023-12-14 09:09:57 +0100 |
commit | 309558858d2b37cbad04b3000391ad9ba570708d (patch) | |
tree | e3edfa89d99522af0ea962265bb05f4e39fbeb23 /sfx2 | |
parent | 25d902054715bb89cad5ec3f82a81bacb8d4cf02 (diff) |
tdf#105844 package,sfx2: remove checksum infoleak when using AEAD
AEAD provides the verification of the password automatically, by reading
the entire stream the tag at the end will be verified.
The existing attributes manifest:checksum-type/manifest:checksum leak
information about the plain text.
This was mitigated with the addChaffWhenEncryptedStorage() functions
(see commit f57baefbd3c4c5d8e5ec28e8702c91d60ffc5de2) but a better
solution that also works for non-XML streams is to simply omit the
attributes; authenticated encryption provides better verification
without any leak.
* "ChecksumAlgorithm" property can be set to void now to remove the
checksum
* change a bunch of members in EncryptionData, ZipPackage,
ZipPackageStream to optional
* change ZipFile::checkValidPassword() to open the stream and return it
Change-Id: Id95288d0c238c4f9940fc5a185df814e8edcbad3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160711
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 09f23a3dc5cd571df347cba9b003195de35f3ddd)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160694
Diffstat (limited to 'sfx2')
-rw-r--r-- | sfx2/source/doc/objstor.cxx | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx index 8a303d1c331f..40449b004713 100644 --- a/sfx2/source/doc/objstor.cxx +++ b/sfx2/source/doc/objstor.cxx @@ -366,7 +366,7 @@ void SfxObjectShell::SetupStorage( const uno::Reference< embed::XStorage >& xSto if (UseODFWholesomeEncryption(nDefVersion)) { pEncryptionAlgs[1].Value <<= xml::crypto::CipherID::AES_GCM_W3C; - pEncryptionAlgs[2].Value <<= xml::crypto::DigestID::SHA256_1K; + pEncryptionAlgs[2].Value.clear(); } else { |