Skip to content

C
core
Kaydet (Commit) 4bc16aeb authored tarafından Stephan Bergmann's avatar Stephan Bergmann
Dosyalara gözat
Seçenekler

rhbz#1618703: Allow to use OpenSSL as backend for rtl/cipher.h 

...with new configuration option --enable-cipher-openssl-backend

rtl/cipher.h (which is part of the stable URE interface) offers functionality to
en-/decrypt data with Blowfish in ECB, CBC, and streaming CFB mode, and with RC4
(aka ARCFOUR; which is a stream cipher).  LO itself only uses Blowfish CFB and
RC4, so only those are wired to OpenSSL for now, for simplicity.  Using Blowfish
ECB and CBC, or Blowfish CFB in DirectionBoth mode would cause failures for now
(cf. sal/qa/rtl/cipher/rtl_cipher.cxx); the assumption is that no external code
actually makes use of this functionality.

Using NSS instead of OpenSSL could be an alternative, but there appears to be no
support in NSS for Blowfish in streaming CFB mode, only CKM_BLOWFISH_CBC for
CBC mode.

Change-Id: I0bc042961539ed46844c96cb1c808209578528a0
Reviewed-on: https://gerrit.libreoffice.org/59428
Tested-by: Jenkins
Reviewed-by: 's avatarStephan Bergmann <sbergman@redhat.com>
üst 22934081
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 97 additions and 0 deletions
config_host.mk.in
Dosyayı görüntüle @ 4bc16aeb
......@@ -115,6 +115,7 @@ export ENABLE_AVAHI=@ENABLE_AVAHI@
export ENABLE_BREAKPAD=@ENABLE_BREAKPAD@
export ENABLE_CAIRO_CANVAS=@ENABLE_CAIRO_CANVAS@
export ENABLE_CHART_TESTS=@ENABLE_CHART_TESTS@
export ENABLE_CIPHER_OPENSSL_BACKEND=@ENABLE_CIPHER_OPENSSL_BACKEND@
export ENABLE_LIBCMIS=@ENABLE_LIBCMIS@
export ENABLE_COINMP=@ENABLE_COINMP@
export SYSTEM_COINMP=@SYSTEM_COINMP@
......
configure.ac
Dosyayı görüntüle @ 4bc16aeb
......@@ -1480,6 +1480,11 @@ AC_ARG_ENABLE(openssl,
use only if you are hacking on it.]),
,enable_openssl=yes)
libo_FUZZ_ARG_ENABLE(cipher-openssl-backend,
AS_HELP_STRING([--enable-cipher-openssl-backend],
[Enable using OpenSSL as the actual implementation of the rtl/cipher.h functionality.
Requires --enable-openssl.]))
AC_ARG_ENABLE(library-bin-tar,
AS_HELP_STRING([--enable-library-bin-tar],
[Enable the building and reused of tarball of binary build for some 'external' libraries.
......@@ -9471,6 +9476,24 @@ fi
AC_SUBST([DISABLE_OPENSSL])
if test "$enable_cipher_openssl_backend" = yes && test "$DISABLE_OPENSSL" = TRUE; then
if test "$libo_fuzzed_enable_cipher_openssl_backend" = yes; then
AC_MSG_NOTICE([Resetting --enable-cipher-openssl-backend=no])
enable_cipher_openssl_backend=no
else
AC_MSG_ERROR([--enable-cipher-openssl-backend needs OpenSSL, but --disable-openssl was given.])
fi
fi
AC_MSG_CHECKING([whether to enable the OpenSSL backend for rtl/cipher.h])
ENABLE_CIPHER_OPENSSL_BACKEND=
if test "$enable_cipher_openssl_backend" = yes; then
AC_MSG_RESULT([yes])
ENABLE_CIPHER_OPENSSL_BACKEND=TRUE
else
AC_MSG_RESULT([no])
fi
AC_SUBST([ENABLE_CIPHER_OPENSSL_BACKEND])
dnl ===================================================================
dnl Check for building gnutls
dnl ===================================================================
......
sal/CppunitTest_sal_rtl.mk
Dosyayı görüntüle @ 4bc16aeb
......@@ -63,4 +63,8 @@ $(call gb_CppunitTest_get_target,sal_rtl) : \
$(eval $(call gb_CppunitTest_use_external,sal_rtl,boost_headers))
ifeq ($(ENABLE_CIPHER_OPENSSL_BACKEND),TRUE)
$(eval $(call gb_CppunitTest_add_defs,sal_rtl,-DLIBO_CIPHER_OPENSSL_BACKEND))
endif
# vim: set noet sw=4 ts=4:
sal/Library_sal.mk
Dosyayı görüntüle @ 4bc16aeb
......@@ -254,4 +254,12 @@ $(eval $(call gb_Library_add_exception_objects,sal,\
endif # ifneq ($(OS),WNT)
ifeq ($(ENABLE_CIPHER_OPENSSL_BACKEND),TRUE)
$(eval $(call gb_Library_add_defs,sal,-DLIBO_CIPHER_OPENSSL_BACKEND))
$(eval $(call gb_Library_use_externals,sal, \
openssl \
openssl_headers \
))
endif
# vim: set noet sw=4 ts=4:
sal/qa/rtl/cipher/rtl_cipher.cxx
Dosyayı görüntüle @ 4bc16aeb
......@@ -37,8 +37,12 @@ public:
void create_001()
{
rtlCipher aCipher = rtl_cipher_create(rtl_Cipher_AlgorithmBF, rtl_Cipher_ModeECB);
#if defined LIBO_CIPHER_OPENSSL_BACKEND
CPPUNIT_ASSERT_EQUAL(rtlCipher(nullptr), aCipher);
#else
CPPUNIT_ASSERT_MESSAGE("create failed.", aCipher != nullptr);
rtl_cipher_destroy(aCipher);
#endif
}
void create_002()
{
......@@ -48,8 +52,12 @@ public:
void create_003()
{
rtlCipher aCipher = rtl_cipher_create(rtl_Cipher_AlgorithmBF, rtl_Cipher_ModeCBC);
#if defined LIBO_CIPHER_OPENSSL_BACKEND
CPPUNIT_ASSERT_EQUAL(rtlCipher(nullptr), aCipher);
#else
CPPUNIT_ASSERT_MESSAGE("create failed.", aCipher != nullptr);
rtl_cipher_destroy(aCipher);
#endif
}
void create_004()
{
......@@ -101,14 +109,22 @@ public:
void createBF_001()
{
rtlCipher aCipher = rtl_cipher_createBF(rtl_Cipher_ModeECB);
#if defined LIBO_CIPHER_OPENSSL_BACKEND
CPPUNIT_ASSERT_EQUAL(rtlCipher(nullptr), aCipher);
#else
CPPUNIT_ASSERT_MESSAGE("create failed.", aCipher != nullptr);
rtl_cipher_destroy(aCipher);
#endif
}
void createBF_002()
{
rtlCipher aCipher = rtl_cipher_createBF(rtl_Cipher_ModeCBC);
#if defined LIBO_CIPHER_OPENSSL_BACKEND
CPPUNIT_ASSERT_EQUAL(rtlCipher(nullptr), aCipher);
#else
CPPUNIT_ASSERT_MESSAGE("create failed.", aCipher != nullptr);
rtl_cipher_destroy(aCipher);
#endif
}
void createBF_003()
{
......@@ -141,6 +157,12 @@ public:
void test_encode(sal_uInt8 _nKeyValue, sal_uInt8 _nArgValue, rtl::OString const& _sPlainTextStr)
{
rtlCipher aCipher = rtl_cipher_create(rtl_Cipher_AlgorithmBF, rtl_Cipher_ModeECB);
#if defined LIBO_CIPHER_OPENSSL_BACKEND
CPPUNIT_ASSERT_EQUAL(rtlCipher(nullptr), aCipher);
(void) _nKeyValue;
(void) _nArgValue;
(void) _sPlainTextStr;
#else
CPPUNIT_ASSERT_MESSAGE("create failed.", aCipher != nullptr);
sal_uInt32 nKeyLen = 16;
......@@ -184,11 +206,18 @@ public:
delete [] pKeyBuffer;
rtl_cipher_destroy(aCipher);
#endif
}
void test_encode_and_decode(sal_uInt8 _nKeyValue, sal_uInt8 _nArgValue, rtl::OString const& _sPlainTextStr)
{
rtlCipher aCipher = rtl_cipher_create(rtl_Cipher_AlgorithmBF, rtl_Cipher_ModeECB);
#if defined LIBO_CIPHER_OPENSSL_BACKEND
CPPUNIT_ASSERT_EQUAL(rtlCipher(nullptr), aCipher);
(void) _nKeyValue;
(void) _nArgValue;
(void) _sPlainTextStr;
#else
CPPUNIT_ASSERT_MESSAGE("create failed.", aCipher != nullptr);
sal_uInt32 nKeyLen = 16;
......@@ -236,6 +265,7 @@ public:
delete [] pKeyBuffer;
rtl_cipher_destroy(aCipher);
#endif
}
void decode_001()
......@@ -286,8 +316,12 @@ public:
void destroy_001()
{
rtlCipher aCipher = rtl_cipher_create(rtl_Cipher_AlgorithmBF, rtl_Cipher_ModeCBC);
#if defined LIBO_CIPHER_OPENSSL_BACKEND
CPPUNIT_ASSERT_EQUAL(rtlCipher(nullptr), aCipher);
#else
CPPUNIT_ASSERT_MESSAGE("create failed.", aCipher != nullptr);
rtl_cipher_destroy(aCipher);
#endif
}
// Change the following lines only, if you add, remove or rename
// member functions of the current class,
......@@ -305,10 +339,14 @@ public:
void destroyBF_001()
{
rtlCipher aCipher = rtl_cipher_createBF(rtl_Cipher_ModeECB);
#if defined LIBO_CIPHER_OPENSSL_BACKEND
CPPUNIT_ASSERT_EQUAL(rtlCipher(nullptr), aCipher);
#else
CPPUNIT_ASSERT_MESSAGE("create failed.", aCipher != nullptr);
rtl_cipher_destroyBF(aCipher);
// more proforma
// should not GPF
#endif
}
// Change the following lines only, if you add, remove or rename
// member functions of the current class,
......@@ -326,6 +364,12 @@ public:
void test_encode(sal_uInt8 _nKeyValue, sal_uInt8 _nArgValue, sal_uInt8 _nDataValue)
{
rtlCipher aCipher = rtl_cipher_create(rtl_Cipher_AlgorithmBF, rtl_Cipher_ModeECB);
#if defined LIBO_CIPHER_OPENSSL_BACKEND
CPPUNIT_ASSERT_EQUAL(rtlCipher(nullptr), aCipher);
(void) _nKeyValue;
(void) _nArgValue;
(void) _nDataValue;
#else
CPPUNIT_ASSERT_MESSAGE("create failed.", aCipher != nullptr);
sal_uInt32 nKeyLen = 16;
......@@ -360,6 +404,7 @@ public:
delete [] pKeyBuffer;
rtl_cipher_destroy(aCipher);
#endif
}
void encode_001()
......@@ -407,6 +452,9 @@ public:
void init_001()
{
rtlCipher aCipher = rtl_cipher_create(rtl_Cipher_AlgorithmBF, rtl_Cipher_ModeECB);
#if defined LIBO_CIPHER_OPENSSL_BACKEND
CPPUNIT_ASSERT_EQUAL(rtlCipher(nullptr), aCipher);
#else
CPPUNIT_ASSERT_MESSAGE("create failed.", aCipher != nullptr);
sal_uInt32 nKeyLen = 16;
......@@ -424,11 +472,15 @@ public:
delete [] pKeyBuffer;
rtl_cipher_destroy(aCipher);
#endif
}
void init_002()
{
rtlCipher aCipher = rtl_cipher_create(rtl_Cipher_AlgorithmBF, rtl_Cipher_ModeECB);
#if defined LIBO_CIPHER_OPENSSL_BACKEND
CPPUNIT_ASSERT_EQUAL(rtlCipher(nullptr), aCipher);
#else
CPPUNIT_ASSERT_MESSAGE("create failed.", aCipher != nullptr);
sal_uInt32 nKeyLen = 16;
......@@ -447,10 +499,14 @@ public:
delete [] pKeyBuffer;
rtl_cipher_destroy(aCipher);
#endif
}
void init_003()
{
rtlCipher aCipher = rtl_cipher_create(rtl_Cipher_AlgorithmBF, rtl_Cipher_ModeECB);
#if defined LIBO_CIPHER_OPENSSL_BACKEND
CPPUNIT_ASSERT_EQUAL(rtlCipher(nullptr), aCipher);
#else
CPPUNIT_ASSERT_MESSAGE("create failed.", aCipher != nullptr);
sal_uInt32 nKeyLen = 16;
......@@ -469,10 +525,14 @@ public:
delete [] pKeyBuffer;
rtl_cipher_destroy(aCipher);
#endif
}
void init_004()
{
rtlCipher aCipher = rtl_cipher_create(rtl_Cipher_AlgorithmBF, rtl_Cipher_ModeECB);
#if defined LIBO_CIPHER_OPENSSL_BACKEND
CPPUNIT_ASSERT_EQUAL(rtlCipher(nullptr), aCipher);
#else
CPPUNIT_ASSERT_MESSAGE("create failed.", aCipher != nullptr);
sal_uInt32 nKeyLen = 16;
......@@ -492,6 +552,7 @@ public:
delete [] pKeyBuffer;
rtl_cipher_destroy(aCipher);
#endif
}
// Change the following lines only, if you add, remove or rename
// member functions of the current class,
......
sal/rtl/cipher.cxx
Dosyayı görüntüle @ 4bc16aeb
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment