commit 6c6723b398819ed13fd3482d78be8db67d7c815d
author Tom Sepez <tsepez@chromium.org> Fri Aug 23 19:30:31 2024 +0000
committer Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri Aug 23 19:30:31 2024 +0000
tree 872df13c09efb75a16969fc0f9b6bcdebaa6d2d9
parent 75efe99a5adbd2a44444e2298ecaa19f6521780c

Revert "Spanify Revision6_Hash() arguments."

This reverts commit 3a72d7c09795b919afe458cfe64e3bc1f01e2821.

Reason for revert: likely crbug.com/361709064 [2 of 2]

Original change's description:
> Spanify Revision6_Hash() arguments.
>
> Then convert a few local variables to span, as well.
>
> -- Use span functions for copies, etc.
>
> Bug: 42271176
> Change-Id: I86eb2a2ad7f03bd2a618c13c0a137a082581b00c
> Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/121873
> Reviewed-by: Lei Zhang <thestig@chromium.org>
> Reviewed-by: Tom Sepez <tsepez@google.com>
> Commit-Queue: Tom Sepez <tsepez@chromium.org>

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: 42271176
Change-Id: I866c86fe5a090ad67664234d3f28bdeb07461376
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/123750
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Tom Sepez <tsepez@google.com>
Reviewed-by: Tom Sepez <tsepez@chromium.org>

core/fpdfapi/parser/cpdf_security_handler.cpp

diff --git a/core/fpdfapi/parser/cpdf_security_handler.cpp b/core/fpdfapi/parser/cpdf_security_handler.cpp
index c03d5db..b96ccd8 100644
--- a/core/fpdfapi/parser/cpdf_security_handler.cpp
+++ b/core/fpdfapi/parser/cpdf_security_handler.cpp
@@ -112,53 +112,50 @@
 }
 
 void Revision6_Hash(const ByteString& password,
-                    pdfium::span<const uint8_t, 8> salt,
-                    std::optional<pdfium::span<const uint8_t, 48>> vector,
-                    pdfium::span<uint8_t, 32> hash) {
+                    const uint8_t* salt,
+                    const uint8_t* vector,
+                    uint8_t* hash) {
   CRYPT_sha2_context sha;
   CRYPT_SHA256Start(&sha);
   CRYPT_SHA256Update(&sha, password.unsigned_span());
-  CRYPT_SHA256Update(&sha, salt);
-  if (vector.has_value()) {
-    CRYPT_SHA256Update(&sha, vector.value());
+  CRYPT_SHA256Update(&sha, UNSAFE_TODO(pdfium::make_span(salt, 8)));
+  if (vector) {
+    CRYPT_SHA256Update(&sha, UNSAFE_TODO(pdfium::make_span(vector, 48)));
   }
   uint8_t digest[32];
   CRYPT_SHA256Finish(&sha, digest);
 
   DataVector<uint8_t> encrypted_output;
   DataVector<uint8_t> inter_digest;
-  pdfium::span<uint8_t> input = digest;
+  uint8_t* input = digest;
+  uint8_t* key = input;
+  uint8_t* iv = UNSAFE_TODO(input + 16);
   int i = 0;
   size_t block_size = 32;
   CRYPT_aes_context aes = {};
   do {
     size_t round_size = password.GetLength() + block_size;
-    if (vector.has_value()) {
+    if (vector) {
       round_size += 48;
     }
     encrypted_output.resize(round_size * 64);
     auto encrypted_output_span = pdfium::make_span(encrypted_output);
-    auto pass_span = password.unsigned_span();
-    auto input_span = input.first(block_size);
     DataVector<uint8_t> content;
     for (int j = 0; j < 64; ++j) {
-      content.insert(std::end(content), pass_span.begin(), pass_span.end());
-      content.insert(std::end(content), input_span.begin(), input_span.end());
-      if (vector.has_value()) {
-        content.insert(std::end(content), vector.value().begin(),
-                       vector.value().end());
-      }
+      UNSAFE_TODO({
+        content.insert(std::end(content), password.unsigned_str(),
+                       password.unsigned_str() + password.GetLength());
+        content.insert(std::end(content), input, input + block_size);
+        if (vector) {
+          content.insert(std::end(content), vector, vector + 48);
+        }
+      });
     }
     CHECK_EQ(content.size(), encrypted_output.size());
-    {
-      pdfium::span<uint8_t> key = input.first<16u>();
-      pdfium::span<uint8_t> iv = input.subspan<16u>();
-      CRYPT_AESSetKey(&aes, key.data(), 16);
-      CRYPT_AESSetIV(&aes, iv.data());
-    }
+    CRYPT_AESSetKey(&aes, key, 16);
+    CRYPT_AESSetIV(&aes, iv);
     CRYPT_AESEncrypt(&aes, encrypted_output_span, content);
 
-    input = pdfium::span<uint8_t>();  // Dangling after assignments below.
     switch (BigOrder64BitsMod3(encrypted_output_span)) {
       case 0:
         block_size = 32;
@@ -173,11 +170,14 @@
         inter_digest = CRYPT_SHA512Generate(encrypted_output_span);
         break;
     }
-    input = inter_digest;
+    input = inter_digest.data();
+    key = input;
+    iv = UNSAFE_TODO(input + 16);
     ++i;
   } while (i < 64 || i - 32 < encrypted_output.back());
-
-  fxcrt::Copy(input.first<32u>(), hash);
+  if (hash) {
+    UNSAFE_TODO(FXSYS_memcpy(hash, input, 32));
+  }
 }
 
 }  // namespace
@@ -332,30 +332,31 @@
   if (ukey.GetLength() < 48)
     return false;
 
-  auto pkey = bOwner ? okey.unsigned_span() : ukey.unsigned_span();
-  auto pkey2 = bOwner ? std::optional(ukey.unsigned_span()) : std::nullopt;
+  const uint8_t* pkey = bOwner ? okey.unsigned_str() : ukey.unsigned_str();
   CRYPT_sha2_context sha;
   uint8_t digest[32];
   if (m_Revision >= 6) {
-    Revision6_Hash(password, pkey.subspan(32, 8), pkey2, digest);
+    Revision6_Hash(password, UNSAFE_TODO((const uint8_t*)pkey + 32),
+                   bOwner ? ukey.unsigned_str() : nullptr, digest);
   } else {
     CRYPT_SHA256Start(&sha);
     CRYPT_SHA256Update(&sha, password.unsigned_span());
-    CRYPT_SHA256Update(&sha, pkey.subspan(32, 8));
+    CRYPT_SHA256Update(&sha, UNSAFE_TODO(pdfium::make_span(pkey + 32, 8)));
     if (bOwner) {
-      CRYPT_SHA256Update(&sha, ukey.unsigned_span().first<48u>());
+      CRYPT_SHA256Update(&sha, ukey.unsigned_span().first(48u));
     }
     CRYPT_SHA256Finish(&sha, digest);
   }
-  if (UNSAFE_BUFFERS(FXSYS_memcmp(digest, pkey.data(), 32)) != 0) {
+  if (memcmp(digest, pkey, 32) != 0)
     return false;
-  }
+
   if (m_Revision >= 6) {
-    Revision6_Hash(password, pkey.subspan<40, 8>(), pkey2, digest);
+    Revision6_Hash(password, UNSAFE_TODO(pkey + 40),
+                   bOwner ? ukey.unsigned_str() : nullptr, digest);
   } else {
     CRYPT_SHA256Start(&sha);
     CRYPT_SHA256Update(&sha, password.unsigned_span());
-    CRYPT_SHA256Update(&sha, pkey.subspan<40, 8>());
+    CRYPT_SHA256Update(&sha, UNSAFE_TODO(pdfium::make_span(pkey + 40, 8)));
     if (bOwner) {
       CRYPT_SHA256Update(&sha, ukey.unsigned_span().first(48u));
     }
@@ -627,8 +628,7 @@
   CRYPT_sha2_context sha2;
   uint8_t digest1[48];
   if (m_Revision >= 6) {
-    Revision6_Hash(password, pdfium::make_span(digest).first<8>(), std::nullopt,
-                   pdfium::make_span(digest1).first<32u>());
+    Revision6_Hash(password, digest, nullptr, digest1);
   } else {
     CRYPT_SHA256Start(&sha2);
     CRYPT_SHA256Update(&sha2, password.unsigned_span());
@@ -639,8 +639,7 @@
   pEncryptDict->SetNewFor<CPDF_String>(
       "U", ByteString(ByteStringView(pdfium::make_span(digest1))));
   if (m_Revision >= 6) {
-    Revision6_Hash(password, pdfium::make_span(digest).subspan<8, 8>(),
-                   std::nullopt, pdfium::make_span(digest1).first<32u>());
+    Revision6_Hash(password, UNSAFE_TODO(digest + 8), nullptr, digest1);
   } else {
     CRYPT_SHA256Start(&sha2);
     CRYPT_SHA256Update(&sha2, password.unsigned_span());