Spanify CalcEncryptKey, CRYPT_SHA1* and CRYPT_SHA256*
-- convert to kConstant naming style.
Bug: 42271176
Change-Id: I683914ef0365adc086a13f71f31478c761d7f16b
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/120671
Reviewed-by: Thomas Sepez <tsepez@google.com>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
diff --git a/core/fdrm/fx_crypt_sha.cpp b/core/fdrm/fx_crypt_sha.cpp
index e79188b..eb429ab 100644
--- a/core/fdrm/fx_crypt_sha.cpp
+++ b/core/fdrm/fx_crypt_sha.cpp
@@ -8,6 +8,7 @@
#include "core/fxcrt/compiler_specific.h"
#include "core/fxcrt/fx_memcpy_wrappers.h"
+#include "core/fxcrt/span_util.h"
#include "core/fxcrt/stl_util.h"
#define SHA_GET_UINT32(n, b, i) \
@@ -149,7 +150,8 @@
digest[4] += e;
}
-void sha256_process(CRYPT_sha2_context* ctx, const uint8_t data[64]) {
+void sha256_process(CRYPT_sha2_context* ctx,
+ pdfium::span<const uint8_t, 64> data) {
uint32_t W[64];
SHA_GET_UINT32(W[0], data, 0);
SHA_GET_UINT32(W[1], data, 4);
@@ -250,12 +252,12 @@
ctx->state[7] += H;
}
-const uint8_t sha256_padding[64] = {
+const uint8_t kSha256Padding[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-const uint8_t sha384_padding[128] = {
+const uint8_t kSha384Padding[128] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -369,21 +371,19 @@
}
void CRYPT_SHA1Update(CRYPT_sha1_context* context,
- const uint8_t* data,
- uint32_t size) {
- context->total_bytes += size;
- if (context->blkused && size < 64 - context->blkused) {
- UNSAFE_TODO(
- FXSYS_memcpy(context->block.data() + context->blkused, data, size));
- context->blkused += size;
+ pdfium::span<const uint8_t> data) {
+ const auto block_span = pdfium::make_span(context->block);
+ context->total_bytes += data.size();
+ if (context->blkused && data.size() < 64 - context->blkused) {
+ fxcrt::spancpy(block_span.subspan(context->blkused), data);
+ context->blkused += data.size();
return;
}
std::array<uint32_t, 16> wordblock;
- while (size >= 64 - context->blkused) {
- UNSAFE_TODO(FXSYS_memcpy(context->block.data() + context->blkused, data,
- 64 - context->blkused));
- UNSAFE_TODO(data += 64 - context->blkused);
- size -= 64 - context->blkused;
+ while (data.size() >= 64 - context->blkused) {
+ fxcrt::spancpy(block_span.subspan(context->blkused),
+ data.first(64 - context->blkused));
+ data = data.subspan(64 - context->blkused);
for (int i = 0; i < 16; i++) {
wordblock[i] = (((uint32_t)context->block[i * 4 + 0]) << 24) |
(((uint32_t)context->block[i * 4 + 1]) << 16) |
@@ -393,8 +393,8 @@
SHATransform(context->h, wordblock);
context->blkused = 0;
}
- UNSAFE_TODO(FXSYS_memcpy(context->block.data(), data, size));
- context->blkused = size;
+ fxcrt::spancpy(block_span, data);
+ context->blkused = static_cast<uint32_t>(data.size());
}
void CRYPT_SHA1Finish(CRYPT_sha1_context* context,
@@ -407,9 +407,9 @@
} else {
pad = 56 - context->blkused;
}
- UNSAFE_TODO(FXSYS_memset(c.data(), 0, pad));
+ fxcrt::Fill(pdfium::make_span(c).first(pad), 0);
c[0] = 0x80;
- CRYPT_SHA1Update(context, c.data(), pad);
+ CRYPT_SHA1Update(context, pdfium::make_span(c).first(pad));
c[0] = (total_bits >> 56) & 0xFF;
c[1] = (total_bits >> 48) & 0xFF;
c[2] = (total_bits >> 40) & 0xFF;
@@ -418,7 +418,7 @@
c[5] = (total_bits >> 16) & 0xFF;
c[6] = (total_bits >> 8) & 0xFF;
c[7] = (total_bits >> 0) & 0xFF;
- CRYPT_SHA1Update(context, c.data(), 8);
+ CRYPT_SHA1Update(context, pdfium::make_span(c).first(8u));
for (int i = 0; i < 5; i++) {
digest[i * 4] = (context->h[i] >> 24) & 0xFF;
digest[i * 4 + 1] = (context->h[i] >> 16) & 0xFF;
@@ -427,12 +427,11 @@
}
}
-void CRYPT_SHA1Generate(const uint8_t* data,
- uint32_t size,
+void CRYPT_SHA1Generate(pdfium::span<const uint8_t> data,
pdfium::span<uint8_t, 20> digest) {
CRYPT_sha1_context s;
CRYPT_SHA1Start(&s);
- CRYPT_SHA1Update(&s, data, size);
+ CRYPT_SHA1Update(&s, data);
CRYPT_SHA1Finish(&s, digest);
}
@@ -450,39 +449,38 @@
}
void CRYPT_SHA256Update(CRYPT_sha2_context* context,
- const uint8_t* data,
- uint32_t size) {
- if (!size)
+ pdfium::span<const uint8_t> data) {
+ if (data.empty()) {
return;
-
+ }
+ const auto buffer_span = pdfium::make_span(context->buffer);
uint32_t left = context->total_bytes & 0x3F;
uint32_t fill = 64 - left;
- context->total_bytes += size;
- if (left && size >= fill) {
- UNSAFE_TODO(FXSYS_memcpy(context->buffer + left, data, fill));
- sha256_process(context, context->buffer);
- size -= fill;
- UNSAFE_TODO(data += fill);
+ context->total_bytes += data.size();
+ if (left && data.size() >= fill) {
+ fxcrt::spancpy(buffer_span.subspan(left), data.first(fill));
+ sha256_process(context, buffer_span);
+ data = data.subspan(fill);
left = 0;
}
- while (size >= 64) {
- sha256_process(context, data);
- size -= 64;
- UNSAFE_TODO(data += 64);
+ while (data.size() >= 64) {
+ sha256_process(context, data.first(64u));
+ data = data.subspan(64u);
}
- if (size) {
- UNSAFE_TODO(FXSYS_memcpy(context->buffer + left, data, size));
+ if (!data.empty()) {
+ fxcrt::spancpy(buffer_span.subspan(left), data);
}
}
-void CRYPT_SHA256Finish(CRYPT_sha2_context* context, uint8_t digest[32]) {
+void CRYPT_SHA256Finish(CRYPT_sha2_context* context,
+ pdfium::span<uint8_t, 32> digest) {
uint8_t msglen[8];
uint64_t total_bits = 8 * context->total_bytes; // Prior to padding.
SHA_PUT_UINT64(total_bits, msglen, 0);
uint32_t last = context->total_bytes & 0x3F;
uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
- CRYPT_SHA256Update(context, sha256_padding, padn);
- CRYPT_SHA256Update(context, msglen, 8);
+ CRYPT_SHA256Update(context, pdfium::span(kSha256Padding).first(padn));
+ CRYPT_SHA256Update(context, msglen);
SHA_PUT_UINT32(context->state[0], digest, 0);
SHA_PUT_UINT32(context->state[1], digest, 4);
SHA_PUT_UINT32(context->state[2], digest, 8);
@@ -493,12 +491,11 @@
SHA_PUT_UINT32(context->state[7], digest, 28);
}
-void CRYPT_SHA256Generate(const uint8_t* data,
- uint32_t size,
- uint8_t digest[32]) {
+void CRYPT_SHA256Generate(pdfium::span<const uint8_t> data,
+ pdfium::span<uint8_t, 32> digest) {
CRYPT_sha2_context ctx;
CRYPT_SHA256Start(&ctx);
- CRYPT_SHA256Update(&ctx, data, size);
+ CRYPT_SHA256Update(&ctx, data);
CRYPT_SHA256Finish(&ctx, digest);
}
@@ -548,7 +545,7 @@
SHA_PUT_UINT64(total_bits, msglen, 8);
uint32_t last = context->total_bytes & 0x7F;
uint32_t padn = (last < 112) ? (112 - last) : (240 - last);
- CRYPT_SHA384Update(context, sha384_padding, padn);
+ CRYPT_SHA384Update(context, kSha384Padding, padn);
CRYPT_SHA384Update(context, msglen, 16);
SHA_PUT_UINT64(context->state[0], digest, 0);
SHA_PUT_UINT64(context->state[1], digest, 8);
@@ -593,7 +590,7 @@
SHA_PUT_UINT64(total_bits, msglen, 8);
uint32_t last = context->total_bytes & 0x7F;
uint32_t padn = (last < 112) ? (112 - last) : (240 - last);
- CRYPT_SHA512Update(context, sha384_padding, padn);
+ CRYPT_SHA512Update(context, kSha384Padding, padn);
CRYPT_SHA512Update(context, msglen, 16);
SHA_PUT_UINT64(context->state[0], digest, 0);
SHA_PUT_UINT64(context->state[1], digest, 8);
diff --git a/core/fdrm/fx_crypt_sha.h b/core/fdrm/fx_crypt_sha.h
index f4254e4..b4af2a1 100644
--- a/core/fdrm/fx_crypt_sha.h
+++ b/core/fdrm/fx_crypt_sha.h
@@ -28,22 +28,19 @@
void CRYPT_SHA1Start(CRYPT_sha1_context* context);
void CRYPT_SHA1Update(CRYPT_sha1_context* context,
- const uint8_t* data,
- uint32_t size);
+ pdfium::span<const uint8_t> data);
void CRYPT_SHA1Finish(CRYPT_sha1_context* context,
pdfium::span<uint8_t, 20> digest);
-void CRYPT_SHA1Generate(const uint8_t* data,
- uint32_t size,
+void CRYPT_SHA1Generate(pdfium::span<const uint8_t> data,
pdfium::span<uint8_t, 20> digest);
void CRYPT_SHA256Start(CRYPT_sha2_context* context);
void CRYPT_SHA256Update(CRYPT_sha2_context* context,
- const uint8_t* data,
- uint32_t size);
-void CRYPT_SHA256Finish(CRYPT_sha2_context* context, uint8_t digest[32]);
-void CRYPT_SHA256Generate(const uint8_t* data,
- uint32_t size,
- uint8_t digest[32]);
+ pdfium::span<const uint8_t> data);
+void CRYPT_SHA256Finish(CRYPT_sha2_context* context,
+ pdfium::span<uint8_t, 32> digest);
+void CRYPT_SHA256Generate(pdfium::span<const uint8_t> data,
+ pdfium::span<uint8_t, 32> digest);
void CRYPT_SHA384Start(CRYPT_sha2_context* context);
void CRYPT_SHA384Update(CRYPT_sha2_context* context,
diff --git a/core/fdrm/fx_crypt_unittest.cpp b/core/fdrm/fx_crypt_unittest.cpp
index 6c774fe..4a4d0b6 100644
--- a/core/fdrm/fx_crypt_unittest.cpp
+++ b/core/fdrm/fx_crypt_unittest.cpp
@@ -179,8 +179,7 @@
TEST(FXCRYPT, Sha1Empty) {
static const char kInput[] = "";
uint8_t actual[20];
- CRYPT_SHA1Generate(reinterpret_cast<const uint8_t*>(kInput), strlen(kInput),
- actual);
+ CRYPT_SHA1Generate(ByteStringView(kInput).unsigned_span(), actual);
EXPECT_THAT(actual, ElementsAre(0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b,
0x0d, 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60,
0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09));
@@ -191,8 +190,7 @@
// Example A.1 from FIPS 180-2: one-block message.
static const char kInput[] = "abc";
uint8_t actual[20];
- CRYPT_SHA1Generate(reinterpret_cast<const uint8_t*>(kInput), strlen(kInput),
- actual);
+ CRYPT_SHA1Generate(ByteStringView(kInput).unsigned_span(), actual);
EXPECT_THAT(actual, ElementsAre(0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81,
0x6a, 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50,
0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d));
@@ -203,8 +201,7 @@
static const char kInput[] =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
uint8_t actual[20];
- CRYPT_SHA1Generate(reinterpret_cast<const uint8_t*>(kInput), strlen(kInput),
- actual);
+ CRYPT_SHA1Generate(ByteStringView(kInput).unsigned_span(), actual);
EXPECT_THAT(actual, ElementsAre(0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2,
0x6e, 0xba, 0xae, 0x4a, 0xa1, 0xf9, 0x51,
0x29, 0xe5, 0xe5, 0x46, 0x70, 0xf1));
@@ -213,8 +210,7 @@
TEST(FXCRYPT, Sha256Empty) {
static const char kInput[] = "";
uint8_t actual[32];
- CRYPT_SHA256Generate(reinterpret_cast<const uint8_t*>(kInput), strlen(kInput),
- actual);
+ CRYPT_SHA256Generate(ByteStringView(kInput).unsigned_span(), actual);
EXPECT_THAT(actual,
ElementsAre(0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a,
0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae,
@@ -226,8 +222,7 @@
// Example B.1 from FIPS 180-2: one-block message.
static const char kInput[] = "abc";
uint8_t actual[32];
- CRYPT_SHA256Generate(reinterpret_cast<const uint8_t*>(kInput), strlen(kInput),
- actual);
+ CRYPT_SHA256Generate(ByteStringView(kInput).unsigned_span(), actual);
EXPECT_THAT(actual,
ElementsAre(0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41,
0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03,
@@ -240,8 +235,7 @@
static const char kInput[] =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
uint8_t actual[32];
- CRYPT_SHA256Generate(reinterpret_cast<const uint8_t*>(kInput), strlen(kInput),
- actual);
+ CRYPT_SHA256Generate(ByteStringView(kInput).unsigned_span(), actual);
EXPECT_THAT(actual,
ElementsAre(0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5,
0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c,
diff --git a/core/fpdfapi/parser/cpdf_security_handler.cpp b/core/fpdfapi/parser/cpdf_security_handler.cpp
index 9c255f0..28d76aa 100644
--- a/core/fpdfapi/parser/cpdf_security_handler.cpp
+++ b/core/fpdfapi/parser/cpdf_security_handler.cpp
@@ -28,6 +28,7 @@
#include "core/fxcrt/notreached.h"
#include "core/fxcrt/span.h"
#include "core/fxcrt/span_util.h"
+#include "core/fxcrt/stl_util.h"
namespace {
@@ -39,49 +40,50 @@
void GetPassCode(const ByteString& password, pdfium::span<uint8_t> output) {
DCHECK_EQ(sizeof(kDefaultPasscode), output.size());
size_t len = std::min(password.GetLength(), output.size());
- size_t remaining = output.size() - len;
- UNSAFE_TODO({
- FXSYS_memcpy(output.data(), password.unsigned_str(), len);
- if (remaining) {
- FXSYS_memcpy(&output[len], kDefaultPasscode, remaining);
- }
- });
+ auto remaining = fxcrt::spancpy(output, password.unsigned_span().first(len));
+ if (!remaining.empty()) {
+ auto default_span = pdfium::make_span(kDefaultPasscode);
+ fxcrt::spancpy(remaining, default_span.first(remaining.size()));
+ }
}
void CalcEncryptKey(const CPDF_Dictionary* pEncrypt,
const ByteString& password,
- uint8_t* key,
- size_t keylen,
+ pdfium::span<uint8_t> key,
bool ignore_metadata,
const ByteString& file_id) {
+ fxcrt::Fill(key, 0);
+
uint8_t passcode[32];
GetPassCode(password, passcode);
+
CRYPT_md5_context md5 = CRYPT_MD5Start();
CRYPT_MD5Update(&md5, passcode);
+
ByteString okey = pEncrypt->GetByteStringFor("O");
CRYPT_MD5Update(&md5, okey.unsigned_span());
+
uint32_t perm = pEncrypt->GetIntegerFor("P");
CRYPT_MD5Update(&md5, pdfium::as_bytes(pdfium::span_from_ref(perm)));
- if (!file_id.IsEmpty())
+ if (!file_id.IsEmpty()) {
CRYPT_MD5Update(&md5, file_id.unsigned_span());
+ }
const bool is_revision_3_or_greater = pEncrypt->GetIntegerFor("R") >= 3;
if (!ignore_metadata && is_revision_3_or_greater &&
!pEncrypt->GetBooleanFor("EncryptMetadata", true)) {
constexpr uint32_t tag = 0xFFFFFFFF;
- CRYPT_MD5Update(&md5, pdfium::as_bytes(pdfium::span_from_ref(tag)));
+ CRYPT_MD5Update(&md5, pdfium::byte_span_from_ref(tag));
}
uint8_t digest[16];
CRYPT_MD5Finish(&md5, digest);
- size_t copy_len = std::min(keylen, sizeof(digest));
+ size_t copy_len = std::min(key.size(), sizeof(digest));
+ auto digest_span = pdfium::make_span(digest).first(copy_len);
if (is_revision_3_or_greater) {
for (int i = 0; i < 50; i++) {
- CRYPT_MD5Generate(pdfium::make_span(digest).first(copy_len), digest);
+ CRYPT_MD5Generate(digest_span, digest);
}
}
- UNSAFE_TODO({
- FXSYS_memset(key, 0, keylen);
- FXSYS_memcpy(key, digest, copy_len);
- });
+ fxcrt::spancpy(key, digest_span);
}
bool IsValidKeyLengthForCipher(CPDF_CryptoHandler::Cipher cipher,
@@ -115,11 +117,11 @@
uint8_t* hash) {
CRYPT_sha2_context sha;
CRYPT_SHA256Start(&sha);
- CRYPT_SHA256Update(&sha, password.unsigned_str(), password.GetLength());
- CRYPT_SHA256Update(&sha, salt, 8);
- if (vector)
- CRYPT_SHA256Update(&sha, vector, 48);
-
+ CRYPT_SHA256Update(&sha, password.unsigned_span());
+ CRYPT_SHA256Update(&sha, UNSAFE_TODO(pdfium::make_span(salt, 8)));
+ if (vector) {
+ CRYPT_SHA256Update(&sha, UNSAFE_TODO(pdfium::make_span(vector, 48)));
+ }
uint8_t digest[32];
CRYPT_SHA256Finish(&sha, digest);
@@ -171,8 +173,7 @@
inter_digest.resize(block_size);
input = inter_digest.data();
if (iHash == 0) {
- CRYPT_SHA256Generate(encrypted_output_span.data(),
- encrypted_output_span.size(), input);
+ CRYPT_SHA256Generate(encrypted_output_span, inter_digest);
} else if (iHash == 1) {
CRYPT_SHA384Generate(encrypted_output_span.data(),
encrypted_output_span.size(), input);
@@ -349,24 +350,26 @@
bOwner ? ukey.unsigned_str() : nullptr, digest);
} else {
CRYPT_SHA256Start(&sha);
- CRYPT_SHA256Update(&sha, password.unsigned_str(), password.GetLength());
- CRYPT_SHA256Update(&sha, UNSAFE_TODO(pkey + 32), 8);
- if (bOwner)
- CRYPT_SHA256Update(&sha, ukey.unsigned_str(), 48);
+ CRYPT_SHA256Update(&sha, password.unsigned_span());
+ CRYPT_SHA256Update(&sha, UNSAFE_TODO(pdfium::make_span(pkey + 32, 8)));
+ if (bOwner) {
+ CRYPT_SHA256Update(&sha, ukey.unsigned_span().first(48u));
+ }
CRYPT_SHA256Finish(&sha, digest);
}
if (memcmp(digest, pkey, 32) != 0)
return false;
if (m_Revision >= 6) {
- Revision6_Hash(password, UNSAFE_TODO((const uint8_t*)pkey + 40),
+ Revision6_Hash(password, UNSAFE_TODO(pkey + 40),
bOwner ? ukey.unsigned_str() : nullptr, digest);
} else {
CRYPT_SHA256Start(&sha);
- CRYPT_SHA256Update(&sha, password.unsigned_str(), password.GetLength());
- CRYPT_SHA256Update(&sha, UNSAFE_TODO(pkey + 40), 8);
- if (bOwner)
- CRYPT_SHA256Update(&sha, ukey.unsigned_str(), 48);
+ CRYPT_SHA256Update(&sha, password.unsigned_span());
+ CRYPT_SHA256Update(&sha, UNSAFE_TODO(pdfium::make_span(pkey + 40, 8)));
+ if (bOwner) {
+ CRYPT_SHA256Update(&sha, ukey.unsigned_span().first(48u));
+ }
CRYPT_SHA256Finish(&sha, digest);
}
ByteString ekey = m_pEncryptDict->GetByteStringFor(bOwner ? "OE" : "UE");
@@ -447,7 +450,8 @@
bool CPDF_SecurityHandler::CheckUserPassword(const ByteString& password,
bool bIgnoreEncryptMeta) {
- CalcEncryptKey(m_pEncryptDict.Get(), password, m_EncryptKey.data(), m_KeyLen,
+ CalcEncryptKey(m_pEncryptDict.Get(), password,
+ pdfium::make_span(m_EncryptKey).first(m_KeyLen),
bIgnoreEncryptMeta, m_FileId);
ByteString ukey =
m_pEncryptDict ? m_pEncryptDict->GetByteStringFor("U") : ByteString();
@@ -570,9 +574,8 @@
FX_Random_GenerateMT(random);
CRYPT_sha2_context sha;
CRYPT_SHA256Start(&sha);
- CRYPT_SHA256Update(&sha, reinterpret_cast<uint8_t*>(random),
- sizeof(random));
- CRYPT_SHA256Finish(&sha, m_EncryptKey.data());
+ CRYPT_SHA256Update(&sha, pdfium::as_bytes(pdfium::make_span(random)));
+ CRYPT_SHA256Finish(&sha, pdfium::make_span(m_EncryptKey));
AES256_SetPassword(pEncryptDict, password);
AES256_SetPerms(pEncryptDict);
return;
@@ -582,8 +585,9 @@
if (pIdArray)
file_id = pIdArray->GetByteStringAt(0);
- CalcEncryptKey(m_pEncryptDict.Get(), password, m_EncryptKey.data(), key_len,
- false, file_id);
+ CalcEncryptKey(m_pEncryptDict.Get(), password,
+ pdfium::make_span(m_EncryptKey).first(key_len), false,
+ file_id);
if (m_Revision < 3) {
uint8_t tempbuf[32];
UNSAFE_TODO(
@@ -624,8 +628,10 @@
const ByteString& password) {
CRYPT_sha1_context sha;
CRYPT_SHA1Start(&sha);
- CRYPT_SHA1Update(&sha, m_EncryptKey.data(), m_EncryptKey.size());
- CRYPT_SHA1Update(&sha, (uint8_t*)"hello", 5);
+ CRYPT_SHA1Update(&sha, m_EncryptKey);
+ // SAFETY: fixed-length string "hello" contains 5 characters.
+ CRYPT_SHA1Update(
+ &sha, pdfium::as_bytes(UNSAFE_BUFFERS(pdfium::make_span("hello", 5))));
uint8_t digest[20];
CRYPT_SHA1Finish(&sha, digest);
@@ -636,9 +642,9 @@
Revision6_Hash(password, digest, nullptr, digest1);
} else {
CRYPT_SHA256Start(&sha2);
- CRYPT_SHA256Update(&sha2, password.unsigned_str(), password.GetLength());
- CRYPT_SHA256Update(&sha2, digest, 8);
- CRYPT_SHA256Finish(&sha2, digest1);
+ CRYPT_SHA256Update(&sha2, password.unsigned_span());
+ CRYPT_SHA256Update(&sha2, pdfium::make_span(digest).first(8u));
+ CRYPT_SHA256Finish(&sha2, pdfium::make_span(digest1).first(32u));
}
UNSAFE_TODO(FXSYS_memcpy(digest1 + 32, digest, 16));
pEncryptDict->SetNewFor<CPDF_String>(
@@ -647,9 +653,9 @@
Revision6_Hash(password, UNSAFE_TODO(digest + 8), nullptr, digest1);
} else {
CRYPT_SHA256Start(&sha2);
- CRYPT_SHA256Update(&sha2, password.unsigned_str(), password.GetLength());
- CRYPT_SHA256Update(&sha2, UNSAFE_TODO(digest + 8), 8);
- CRYPT_SHA256Finish(&sha2, digest1);
+ CRYPT_SHA256Update(&sha2, password.unsigned_span());
+ CRYPT_SHA256Update(&sha2, pdfium::make_span(digest).subspan(8, 8));
+ CRYPT_SHA256Finish(&sha2, pdfium::make_span(digest1).first(32));
}
CRYPT_aes_context aes = {};
CRYPT_AESSetKey(&aes, digest1, 32);
diff --git a/core/fpdfapi/parser/cpdf_stream_acc.cpp b/core/fpdfapi/parser/cpdf_stream_acc.cpp
index b7d9aec..ffa0567 100644
--- a/core/fpdfapi/parser/cpdf_stream_acc.cpp
+++ b/core/fpdfapi/parser/cpdf_stream_acc.cpp
@@ -86,8 +86,7 @@
DataVector<uint8_t> CPDF_StreamAcc::ComputeDigest() const {
DataVector<uint8_t> digest(20);
- pdfium::span<const uint8_t> span = GetSpan();
- CRYPT_SHA1Generate(span.data(), span.size(), digest);
+ CRYPT_SHA1Generate(GetSpan(), digest);
return digest;
}
