From 1fbad81c1e28fae31c655c637a513405c3e62317 Mon Sep 17 00:00:00 2001
From: Michael Stahl <michael.stahl@allotropia.de>
Date: Fri, 8 Dec 2023 21:16:31 +0100
Subject: tdf#105844 offapi,package,sfx2,xmlsecurity: add AEAD w/ AES GCM

... and use it in the new experimental ODF encryption mode.

https://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM

Unfortunately it turned out that NSS PK11_CipherOp() does not work with
CKM_AES_GCM because it is initialized with "context->multi = PR_FALSE"
in sftk_CryptInit(), so the one-step functions PK11_Encrypt() and
PK11_Decrypt() have to be used.

NSS 3.52 also changed a parameter struct definition - see
https://fedoraproject.org/wiki/Changes/NssGCMParams - which is not a
problem for RHEL or SUSE system NSS since those are rebased, but it
is likely a problem for less well maintained Ubuntu LTS, so use
the old struct definition which evidently still works with NSS 3.94.

NSS 3.52 also added a new PK11_AEADOp() API but it looks like this
doesn't support incremental encryption either.

Change-Id: Ibd4a672db74b65b1218926ba35ff8d2f70444c7e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160505
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit f0fda7ad2236f478fea396a23d4f982e5fc37e68)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160581
---
 include/sal/log-areas.dox | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include')

diff --git a/include/sal/log-areas.dox b/include/sal/log-areas.dox
index 15cba1e538b5..a2240a89a803 100644
--- a/include/sal/log-areas.dox
+++ b/include/sal/log-areas.dox
@@ -343,6 +343,7 @@ certain functionality.
 @section package
 
 @li @c package
+@li @c package.manifest
 @li @c package.xstor
 @li @c package.threadeddeflate
 
-- 
cgit