From c6c51663479fa036f70b182b5892a23235bbde5f Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Thu, 14 Dec 2023 12:08:20 +0100 Subject: tdf#105844 package: increase PBKDF2 iterations for wholesome ODF encryption The government recommends 600k iterations. Change-Id: I8d4137ca8a08c2b3ac0e7724de1c87c2117ec7c4 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160768 Tested-by: Jenkins Reviewed-by: Michael Stahl --- package/Library_package2.mk | 4 ++++ package/source/zippackage/ZipPackage.cxx | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'package') diff --git a/package/Library_package2.mk b/package/Library_package2.mk index c78786632555..6f29bf002a6b 100644 --- a/package/Library_package2.mk +++ b/package/Library_package2.mk @@ -24,6 +24,10 @@ $(eval $(call gb_Library_add_defs,package2,\ $(eval $(call gb_Library_set_precompiled_header,package2,package/inc/pch/precompiled_package2)) +$(eval $(call gb_Library_use_custom_headers,package2,\ + officecfg/registry \ +)) + $(eval $(call gb_Library_use_libraries,package2,\ comphelper \ cppu \ diff --git a/package/source/zippackage/ZipPackage.cxx b/package/source/zippackage/ZipPackage.cxx index 8fb6c27876ab..54b8099e38d1 100644 --- a/package/source/zippackage/ZipPackage.cxx +++ b/package/source/zippackage/ZipPackage.cxx @@ -41,6 +41,7 @@ #include #include #include +#include #include #include #include @@ -1308,7 +1309,9 @@ uno::Reference< io::XInputStream > ZipPackage::writeTempFile() // for encrypted streams RandomPool aRandomPool; - sal_Int32 const nPBKDF2IterationCount = 100000; + // if there is only one KDF invocation, increase the safety margin + sal_Int32 const nPBKDF2IterationCount = + officecfg::Office::Common::Misc::ExperimentalMode::get() ? 600000 : 100000; // call saveContents ( it will recursively save sub-directories m_xRootFolder->saveContents("", aManList, aZipOut, GetEncryptionKey(), bIsGpgEncrypt ? 0 : nPBKDF2IterationCount, aRandomPool.get()); -- cgit