diff options
author | Michael Stahl <mstahl@redhat.com> | 2018-01-11 15:55:25 +0100 |
---|---|---|
committer | Michael Stahl <mstahl@redhat.com> | 2018-01-12 23:31:43 +0100 |
commit | 0b7c3b7d9fa71f59eed75c3e80e5e12245c5e1c5 (patch) | |
tree | 2f29a16b67ce118c5eb7ab3579c469e2cf0915cf | |
parent | 42e90b44ee9de1c5e0b324e492949ff6f345461b (diff) |
tdf#114939 officecfg,sfx2: always use AES/SHA256 in ODF 1.2
The setting ODFVER_012_EXT_COMPAT "1.2 Extended (compatibility mode)"
no longer has an effect on the encryption algorithms.
API CHANGE: Remove the configuration settings:
Office.Common.Save.ODF.UseSHA1InODF12
Office.Common.Save.ODF.UseBlowfishInODF12
Rationale:
* Every release since 2012, from LO >= 3.4 and AOO >= 3.4,
can read AES/SHA256 encrypted files.
* SHA1 is broken anyway
* tdf#114939 causes SHA1 interop issues
Retain SHA1/Blowfish only for ODF 1.1 export.
Change-Id: I007511d4830a90121e38bf5bb4534df5695621e9
-rw-r--r-- | officecfg/registry/schema/org/openoffice/Office/Common.xcs | 15 | ||||
-rw-r--r-- | sfx2/source/doc/objstor.cxx | 15 |
2 files changed, 3 insertions, 27 deletions
diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs index 2884179d0800..2901733cabc0 100644 --- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs +++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs @@ -2409,21 +2409,6 @@ </constraints> <value>3</value> </prop> - <prop oor:name="UseSHA1InODF12" oor:type="xs:boolean" oor:nillable="false"> - <info> - <desc>Specifies whether SHA1 algorithm instead of SHA256 should be - used in ODF12 for StartKey and Checksum generation during - encryption.</desc> - </info> - <value>false</value> - </prop> - <prop oor:name="UseBlowfishInODF12" oor:type="xs:boolean" oor:nillable="false"> - <info> - <desc>Specifies whether Blowfish algorithm instead of AES should be - used in ODF12 for encryption.</desc> - </info> - <value>false</value> - </prop> </group> </group> <group oor:name="Load"> diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx index 44f6f1556f75..3bac7ae20b97 100644 --- a/sfx2/source/doc/objstor.cxx +++ b/sfx2/source/doc/objstor.cxx @@ -362,15 +362,10 @@ void SfxObjectShell::SetupStorage( const uno::Reference< embed::XStorage >& xSto } SvtSaveOptions::ODFDefaultVersion nDefVersion = SvtSaveOptions::ODFVER_012; - bool bUseSHA1InODF12 = false; - bool bUseBlowfishInODF12 = false; - if (!utl::ConfigManager::IsFuzzing()) { SvtSaveOptions aSaveOpt; nDefVersion = aSaveOpt.GetODFDefaultVersion(); - bUseSHA1InODF12 = officecfg::Office::Common::Save::ODF::UseSHA1InODF12::get(); - bUseBlowfishInODF12 = officecfg::Office::Common::Save::ODF::UseBlowfishInODF12::get(); } // the default values, that should be used for ODF1.1 and older formats @@ -392,13 +387,9 @@ void SfxObjectShell::SetupStorage( const uno::Reference< embed::XStorage >& xSto { } - if ( !bUseSHA1InODF12 && nDefVersion != SvtSaveOptions::ODFVER_012_EXT_COMPAT ) - { - aEncryptionAlgs[0].Value <<= xml::crypto::DigestID::SHA256; - aEncryptionAlgs[2].Value <<= xml::crypto::DigestID::SHA256_1K; - } - if ( !bUseBlowfishInODF12 && nDefVersion != SvtSaveOptions::ODFVER_012_EXT_COMPAT ) - aEncryptionAlgs[1].Value <<= xml::crypto::CipherID::AES_CBC_W3C_PADDING; + aEncryptionAlgs[0].Value <<= xml::crypto::DigestID::SHA256; + aEncryptionAlgs[2].Value <<= xml::crypto::DigestID::SHA256_1K; + aEncryptionAlgs[1].Value <<= xml::crypto::CipherID::AES_CBC_W3C_PADDING; } try |