strepsirrhini/office-gobmx
9
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

check that rtl_random_getBytes() was successful

Browse source 
... everywhere it is used to generate material for encryption.

Change-Id: Id3390376bb2f3a5fa1bbfd735850fce886ef7db2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162873
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
This commit is contained in:
Michael Stahl 2024-02-01 11:20:18 +01:00
parent f6083293f4
commit b85c2459ce
10 changed files with 44 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
comphelper/source/misc/docpasswordhelper.cxx
View file

@ -427,7 +427,10 @@ OUString DocPasswordHelper::GetOoxHashAsBase64(
uno::Sequence< sal_Int8 > aResult( nLength );
rtlRandomPool aRandomPool = rtl_random_createPool ();
rtl_random_getBytes ( aRandomPool, aResult.getArray(), nLength );
if (rtl_random_getBytes(aRandomPool, aResult.getArray(), nLength) != rtl_Random_E_None)
{
throw uno::RuntimeException("rtl_random_getBytes failed");
}
rtl_random_destroyPool ( aRandomPool );
return aResult;

5
comphelper/source/misc/storagehelper.cxx
View file

@ -446,7 +446,10 @@ uno::Sequence< beans::NamedValue > OStorageHelper::CreateGpgPackageEncryptionDat
// get 32 random chars out of it
uno::Sequence < sal_Int8 > aVector(32);
rtl_random_getBytes( aRandomPool, aVector.getArray(), aVector.getLength() );
if (rtl_random_getBytes(aRandomPool, aVector.getArray(), aVector.getLength()) != rtl_Random_E_None)
{
throw uno::RuntimeException("rtl_random_getBytes failed");
}
rtl_random_destroyPool(aRandomPool);

5
oox/source/crypto/Standard2007Engine.cxx
View file

@ -28,7 +28,10 @@ namespace
void lclRandomGenerateValues(sal_uInt8* aArray, sal_uInt32 aSize)
{
rtlRandomPool aRandomPool = rtl_random_createPool();
rtl_random_getBytes(aRandomPool, aArray, aSize);
if (rtl_random_getBytes(aRandomPool, aArray, aSize) != rtl_Random_E_None)
{
throw css::uno::RuntimeException("rtl_random_getBytes failed");
}
rtl_random_destroyPool(aRandomPool);
}

10
package/source/zippackage/ZipPackageStream.cxx
View file

@ -592,8 +592,14 @@ bool ZipPackageStream::saveChild(
uno::Sequence<sal_Int8> aSalt(16);
// note: for GCM it's particularly important that IV is unique
uno::Sequence<sal_Int8> aVector(GetIVSize());
rtl_random_getBytes ( rRandomPool, aSalt.getArray(), 16 );
rtl_random_getBytes ( rRandomPool, aVector.getArray(), aVector.getLength() );
if (rtl_random_getBytes(rRandomPool, aSalt.getArray(), 16) != rtl_Random_E_None)
{
throw uno::RuntimeException("rtl_random_getBytes failed");
}
if (rtl_random_getBytes(rRandomPool, aVector.getArray(), aVector.getLength()) != rtl_Random_E_None)
{
throw uno::RuntimeException("rtl_random_getBytes failed");
}
if ( !m_bHaveOwnKey )
{
m_aEncryptionKey = rEncryptionKey;

6
sc/source/filter/excel/xeroot.cxx
View file

@ -317,8 +317,10 @@ uno::Sequence< beans::NamedValue > XclExpRoot::GenerateEncryptionData( std::u16s
{
rtlRandomPool aRandomPool = rtl_random_createPool ();
sal_uInt8 pnDocId[16];
rtl_random_getBytes( aRandomPool, pnDocId, 16 );
if (rtl_random_getBytes(aRandomPool, pnDocId, 16) != rtl_Random_E_None)
{
throw uno::RuntimeException("rtl_random_getBytes failed");
}
rtl_random_destroyPool( aRandomPool );
sal_uInt16 pnPasswd[16] = {};

5
sc/source/filter/excel/xestream.cxx
View file

@ -564,7 +564,10 @@ void XclExpBiff8Encrypter::Init( const Sequence< NamedValue >& rEncryptionData )
// generate the salt here
rtlRandomPool aRandomPool = rtl_random_createPool ();
rtl_random_getBytes( aRandomPool, mpnSalt, 16 );
if (rtl_random_getBytes(aRandomPool, mpnSalt, 16) != rtl_Random_E_None)
{
throw uno::RuntimeException("rtl_random_getBytes failed");
}
rtl_random_destroyPool( aRandomPool );
memset( mpnSaltDigest, 0, sizeof( mpnSaltDigest ) );

5
svl/source/passwordcontainer/passwordcontainer.cxx
View file

@ -654,7 +654,10 @@ OUString PasswordContainer::createIV()
{
rtlRandomPool randomPool = mRandomPool.get();
unsigned char iv[RTL_DIGEST_LENGTH_MD5];
rtl_random_getBytes(randomPool, iv, RTL_DIGEST_LENGTH_MD5);
if (rtl_random_getBytes(randomPool, iv, RTL_DIGEST_LENGTH_MD5) != rtl_Random_E_None)
{
throw uno::RuntimeException("rtl_random_getBytes failed");
}
OUStringBuffer aBuffer;
for (sal_uInt8 i : iv)
{

6
sw/source/filter/ww8/wrtww8.cxx
View file

@ -3519,8 +3519,10 @@ bool SwWW8Writer::InitStd97CodecUpdateMedium( ::msfilter::MSCodec_Std97& rCodec
// Generate random number with a seed of time as salt.
rtlRandomPool aRandomPool = rtl_random_createPool ();
sal_uInt8 pDocId[ 16 ];
rtl_random_getBytes( aRandomPool, pDocId, 16 );
if (rtl_random_getBytes(aRandomPool, pDocId, 16) != rtl_Random_E_None)
{
throw uno::RuntimeException("rtl_random_getBytes failed");
}
rtl_random_destroyPool( aRandomPool );
sal_uInt16 aPassword[16] = {};

6
sw/source/filter/ww8/ww8par.cxx
View file

@ -5662,8 +5662,10 @@ namespace
rtlRandomPool aRandomPool = rtl_random_createPool();
sal_uInt8 pDocId[ 16 ];
rtl_random_getBytes( aRandomPool, pDocId, 16 );
if (rtl_random_getBytes(aRandomPool, pDocId, 16) != rtl_Random_E_None)
{
throw uno::RuntimeException("rtl_random_getBytes failed");
}
rtl_random_destroyPool( aRandomPool );
sal_uInt16 pStd97Pass[16] = {};

5
xmlsecurity/source/xmlsec/nss/ciphercontext.cxx
View file

@ -326,7 +326,10 @@ uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::finalizeCipherContextAndDis
if ( nPaddingSize > 1 )
{
rtlRandomPool aRandomPool = rtl_random_createPool();
rtl_random_getBytes( aRandomPool, pLastBlock + nOldLastBlockLen, nPaddingSize - 1 );
if (rtl_random_getBytes(aRandomPool, pLastBlock + nOldLastBlockLen, nPaddingSize - 1) != rtl_Random_E_None)
{
throw uno::RuntimeException("rtl_random_getBytes failed");
}
rtl_random_destroyPool ( aRandomPool );
}
pLastBlock[m_aLastBlock.getLength() - 1] = static_cast< sal_Int8 >( nPaddingSize );