core.git: package/Library_package2.mk package/source

Thu, 14 Dec 2023 09:32:50 -0800 

 package/Library_package2.mk              |    4 ++++
 package/source/zippackage/ZipPackage.cxx |    5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

New commits:
commit c6c51663479fa036f70b182b5892a23235bbde5f
Author:     Michael Stahl <[email protected]>
AuthorDate: Thu Dec 14 12:08:20 2023 +0100
Commit:     Michael Stahl <[email protected]>
CommitDate: Thu Dec 14 18:32:25 2023 +0100

    tdf#105844 package: increase PBKDF2 iterations for wholesome ODF encryption
    
    The government recommends 600k iterations.
    
    Change-Id: I8d4137ca8a08c2b3ac0e7724de1c87c2117ec7c4
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160768
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <[email protected]>

diff --git a/package/Library_package2.mk b/package/Library_package2.mk
index c78786632555..6f29bf002a6b 100644
--- a/package/Library_package2.mk
+++ b/package/Library_package2.mk
@@ -24,6 +24,10 @@ $(eval $(call gb_Library_add_defs,package2,\
 
 $(eval $(call 
gb_Library_set_precompiled_header,package2,package/inc/pch/precompiled_package2))
 
+$(eval $(call gb_Library_use_custom_headers,package2,\
+       officecfg/registry \
+))
+
 $(eval $(call gb_Library_use_libraries,package2,\
        comphelper \
        cppu \
diff --git a/package/source/zippackage/ZipPackage.cxx 
b/package/source/zippackage/ZipPackage.cxx
index 8fb6c27876ab..54b8099e38d1 100644
--- a/package/source/zippackage/ZipPackage.cxx
+++ b/package/source/zippackage/ZipPackage.cxx
@@ -41,6 +41,7 @@
 #include <com/sun/star/io/XSeekable.hpp>
 #include <com/sun/star/lang/WrappedTargetRuntimeException.hpp>
 #include <com/sun/star/container/XNameContainer.hpp>
+#include <officecfg/Office/Common.hxx>
 #include <comphelper/fileurl.hxx>
 #include <comphelper/processfactory.hxx>
 #include <ucbhelper/content.hxx>
@@ -1308,7 +1309,9 @@ uno::Reference< io::XInputStream > 
ZipPackage::writeTempFile()
             // for encrypted streams
             RandomPool aRandomPool;
 
-            sal_Int32 const nPBKDF2IterationCount = 100000;
+            // if there is only one KDF invocation, increase the safety margin
+            sal_Int32 const nPBKDF2IterationCount =
+                officecfg::Office::Common::Misc::ExperimentalMode::get() ? 
600000 : 100000;
 
             // call saveContents ( it will recursively save sub-directories
             m_xRootFolder->saveContents("", aManList, aZipOut, 
GetEncryptionKey(), bIsGpgEncrypt ? 0 : nPBKDF2IterationCount, 
aRandomPool.get());

Reply via email to