diff options
| author | Michael Stahl <mstahl@redhat.com> | 2018-01-11 15:55:25 +0100 |
|---|---|---|
| committer | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2018-01-16 17:55:49 +0100 |
| commit | 47c97efb78a574ba080e953ed219515ea71c2569 (patch) | |
| tree | 3633facf50585fe6e713e5abd20b42748297364a | |
| parent | 26c4a36cad9aca8e07abcbfeddf744ae112a4bc0 (diff) | |
tdf#114939 officecfg,sfx2: always use AES/SHA256 in ODF 1.2
The setting ODFVER_012_EXT_COMPAT "1.2 Extended (compatibility mode)"
no longer has an effect on the encryption algorithms.
API CHANGE: Remove the configuration settings:
Office.Common.Save.ODF.UseSHA1InODF12
Office.Common.Save.ODF.UseBlowfishInODF12
Rationale:
* Every release since 2012, from LO >= 3.4 and AOO >= 3.4,
can read AES/SHA256 encrypted files.
* SHA1 is broken anyway
* tdf#114939 causes SHA1 interop issues
Retain SHA1/Blowfish only for ODF 1.1 export.
(cherry picked from commit 0b7c3b7d9fa71f59eed75c3e80e5e12245c5e1c5)
Change-Id: I007511d4830a90121e38bf5bb4534df5695621e9
Reviewed-on: https://gerrit.libreoffice.org/47999
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
| -rw-r--r-- | officecfg/registry/schema/org/openoffice/Office/Common.xcs | 15 | ||||
| -rw-r--r-- | sfx2/source/doc/objstor.cxx | 15 |
2 files changed, 3 insertions, 27 deletions
diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs index f9816fc7dfb6..6ec7ec487676 100644 --- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs +++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs @@ -2409,21 +2409,6 @@ </constraints> <value>3</value> </prop> - <prop oor:name="UseSHA1InODF12" oor:type="xs:boolean" oor:nillable="false"> - <info> - <desc>Specifies whether SHA1 algorithm instead of SHA256 should be - used in ODF12 for StartKey and Checksum generation during - encryption.</desc> - </info> - <value>false</value> - </prop> - <prop oor:name="UseBlowfishInODF12" oor:type="xs:boolean" oor:nillable="false"> - <info> - <desc>Specifies whether Blowfish algorithm instead of AES should be - used in ODF12 for encryption.</desc> - </info> - <value>false</value> - </prop> </group> </group> <group oor:name="Load"> diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx index da74a0a5d075..a82821922606 100644 --- a/sfx2/source/doc/objstor.cxx +++ b/sfx2/source/doc/objstor.cxx @@ -360,15 +360,10 @@ void SfxObjectShell::SetupStorage( const uno::Reference< embed::XStorage >& xSto } SvtSaveOptions::ODFDefaultVersion nDefVersion = SvtSaveOptions::ODFVER_012; - bool bUseSHA1InODF12 = false; - bool bUseBlowfishInODF12 = false; - if (!utl::ConfigManager::IsFuzzing()) { SvtSaveOptions aSaveOpt; nDefVersion = aSaveOpt.GetODFDefaultVersion(); - bUseSHA1InODF12 = aSaveOpt.IsUseSHA1InODF12(); - bUseBlowfishInODF12 = aSaveOpt.IsUseBlowfishInODF12(); } // the default values, that should be used for ODF1.1 and older formats @@ -390,13 +385,9 @@ void SfxObjectShell::SetupStorage( const uno::Reference< embed::XStorage >& xSto { } - if ( !bUseSHA1InODF12 && nDefVersion != SvtSaveOptions::ODFVER_012_EXT_COMPAT ) - { - aEncryptionAlgs[0].Value <<= xml::crypto::DigestID::SHA256; - aEncryptionAlgs[2].Value <<= xml::crypto::DigestID::SHA256_1K; - } - if ( !bUseBlowfishInODF12 && nDefVersion != SvtSaveOptions::ODFVER_012_EXT_COMPAT ) - aEncryptionAlgs[1].Value <<= xml::crypto::CipherID::AES_CBC_W3C_PADDING; + aEncryptionAlgs[0].Value <<= xml::crypto::DigestID::SHA256; + aEncryptionAlgs[2].Value <<= xml::crypto::DigestID::SHA256_1K; + aEncryptionAlgs[1].Value <<= xml::crypto::CipherID::AES_CBC_W3C_PADDING; } try |