Revert "Use even more spans in fx_crypt_aes.cpp"
This reverts commit 8ff4ff79b65aeebc12bd1c6fcbbd275e460914b9.
Reason for revert: likely crbug.com/361709064 [1 of 2]
Original change's description:
> Use even more spans in fx_crypt_aes.cpp
>
> Avoids some UNSAFE_TODO() usage.
>
> Bug: 42271176
> Change-Id: Ifbcc7339145c9fee8347cf9f9c158f981115f896
> Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/121893
> Reviewed-by: Tom Sepez <tsepez@google.com>
> Reviewed-by: Lei Zhang <thestig@chromium.org>
> Commit-Queue: Tom Sepez <tsepez@chromium.org>
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: 42271176
Change-Id: I069a03ef22cb873bc61a5147d2f7ad24cc8f4c13
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/123730
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Tom Sepez <tsepez@google.com>
diff --git a/core/fdrm/fx_crypt_aes.cpp b/core/fdrm/fx_crypt_aes.cpp
index 95acb21..1f373d9 100644
--- a/core/fdrm/fx_crypt_aes.cpp
+++ b/core/fdrm/fx_crypt_aes.cpp
@@ -527,17 +527,18 @@
} // namespace
-void CRYPT_AESSetKey(CRYPT_aes_context* ctx, pdfium::span<const uint8_t> key) {
- size_t keylen = key.size();
- CHECK(keylen == 16 || keylen == 24 || keylen == 32);
-
- int Nk = static_cast<int>(keylen / 4);
+void CRYPT_AESSetKey(CRYPT_aes_context* ctx,
+ const uint8_t* key,
+ uint32_t keylen) {
+ DCHECK(keylen == 16 || keylen == 24 || keylen == 32);
+ auto keyspan = UNSAFE_TODO(pdfium::make_span(key, keylen));
+ int Nk = keylen / 4;
ctx->Nb = 4;
ctx->Nr = 6 + (ctx->Nb > Nk ? ctx->Nb : Nk);
int rconst = 1;
for (int i = 0; i < (ctx->Nr + 1) * ctx->Nb; i++) {
if (i < Nk) {
- ctx->keysched[i] = fxcrt::GetUInt32MSBFirst(key.subspan(4 * i));
+ ctx->keysched[i] = fxcrt::GetUInt32MSBFirst(keyspan.subspan(4 * i));
} else {
uint32_t temp = ctx->keysched[i - 1];
if (i % Nk == 0) {
@@ -582,9 +583,11 @@
}
}
-void CRYPT_AESSetIV(CRYPT_aes_context* ctx, pdfium::span<const uint8_t> iv) {
+void CRYPT_AESSetIV(CRYPT_aes_context* ctx, const uint8_t* iv) {
for (int i = 0; i < ctx->Nb; i++) {
- ctx->iv[i] = fxcrt::GetUInt32MSBFirst(iv.subspan(4u * i, 4u));
+ // TODO(tsepez): Pass actual span.
+ ctx->iv[i] = fxcrt::GetUInt32MSBFirst(
+ UNSAFE_TODO(pdfium::make_span(iv + 4 * i, 4u)));
}
}
diff --git a/core/fdrm/fx_crypt_aes.h b/core/fdrm/fx_crypt_aes.h
index cae3790..ab673d2 100644
--- a/core/fdrm/fx_crypt_aes.h
+++ b/core/fdrm/fx_crypt_aes.h
@@ -25,8 +25,10 @@
std::array<uint32_t, kMaxNb> iv;
};
-void CRYPT_AESSetKey(CRYPT_aes_context* ctx, pdfium::span<const uint8_t> key);
-void CRYPT_AESSetIV(CRYPT_aes_context* ctx, pdfium::span<const uint8_t> iv);
+void CRYPT_AESSetKey(CRYPT_aes_context* ctx,
+ const uint8_t* key,
+ uint32_t keylen);
+void CRYPT_AESSetIV(CRYPT_aes_context* ctx, const uint8_t* iv);
void CRYPT_AESDecrypt(CRYPT_aes_context* ctx,
uint8_t* dest,
const uint8_t* src,
diff --git a/core/fpdfapi/parser/cpdf_crypto_handler.cpp b/core/fpdfapi/parser/cpdf_crypto_handler.cpp
index 91f58e6..86f2ec7 100644
--- a/core/fpdfapi/parser/cpdf_crypto_handler.cpp
+++ b/core/fpdfapi/parser/cpdf_crypto_handler.cpp
@@ -69,9 +69,7 @@
}
if (m_Cipher == Cipher::kAES) {
CRYPT_AESSetKey(m_pAESContext.get(),
- m_KeyLen == 32
- ? pdfium::span<const uint8_t>(m_EncryptKey)
- : pdfium::span<const uint8_t>(realkey).first(m_KeyLen));
+ m_KeyLen == 32 ? m_EncryptKey.data() : realkey, m_KeyLen);
constexpr size_t kIVSize = 16;
constexpr size_t kPaddingSize = 16;
@@ -87,7 +85,8 @@
for (auto& v : dest_iv_span) {
v = static_cast<uint8_t>(rand());
}
- CRYPT_AESSetIV(m_pAESContext.get(), dest_iv_span);
+ CRYPT_AESSetIV(m_pAESContext.get(), dest_iv_span.data());
+
CRYPT_AESEncrypt(m_pAESContext.get(), dest_data_span,
source.first(source_data_size));
@@ -118,7 +117,7 @@
AESCryptContext* pContext = FX_Alloc(AESCryptContext, 1);
pContext->m_bIV = true;
pContext->m_BlockOffset = 0;
- CRYPT_AESSetKey(&pContext->m_Context, m_EncryptKey);
+ CRYPT_AESSetKey(&pContext->m_Context, m_EncryptKey.data(), 32);
return pContext;
}
uint8_t key1[48];
@@ -137,7 +136,7 @@
AESCryptContext* pContext = FX_Alloc(AESCryptContext, 1);
pContext->m_bIV = true;
pContext->m_BlockOffset = 0;
- CRYPT_AESSetKey(&pContext->m_Context, realkey);
+ CRYPT_AESSetKey(&pContext->m_Context, realkey, 16);
return pContext;
}
CRYPT_rc4_context* pContext = FX_Alloc(CRYPT_rc4_context, 1);
diff --git a/core/fpdfapi/parser/cpdf_security_handler.cpp b/core/fpdfapi/parser/cpdf_security_handler.cpp
index ec3694a..c03d5db 100644
--- a/core/fpdfapi/parser/cpdf_security_handler.cpp
+++ b/core/fpdfapi/parser/cpdf_security_handler.cpp
@@ -150,8 +150,12 @@
}
}
CHECK_EQ(content.size(), encrypted_output.size());
- CRYPT_AESSetKey(&aes, input.first<16u>());
- CRYPT_AESSetIV(&aes, input.subspan<16u>());
+ {
+ pdfium::span<uint8_t> key = input.first<16u>();
+ pdfium::span<uint8_t> iv = input.subspan<16u>();
+ CRYPT_AESSetKey(&aes, key.data(), 16);
+ CRYPT_AESSetIV(&aes, iv.data());
+ }
CRYPT_AESEncrypt(&aes, encrypted_output_span, content);
input = pdfium::span<uint8_t>(); // Dangling after assignments below.
@@ -362,11 +366,11 @@
return false;
CRYPT_aes_context aes = {};
- CRYPT_AESSetKey(&aes, digest);
+ CRYPT_AESSetKey(&aes, digest, sizeof(digest));
uint8_t iv[16] = {};
CRYPT_AESSetIV(&aes, iv);
CRYPT_AESDecrypt(&aes, m_EncryptKey.data(), ekey.unsigned_str(), 32);
- CRYPT_AESSetKey(&aes, m_EncryptKey);
+ CRYPT_AESSetKey(&aes, m_EncryptKey.data(), m_EncryptKey.size());
CRYPT_AESSetIV(&aes, iv);
ByteString perms = m_pEncryptDict->GetByteStringFor("Perms");
if (perms.IsEmpty())
@@ -644,7 +648,7 @@
CRYPT_SHA256Finish(&sha2, pdfium::make_span(digest1).first<32>());
}
CRYPT_aes_context aes = {};
- CRYPT_AESSetKey(&aes, pdfium::make_span(digest1).first<32u>());
+ CRYPT_AESSetKey(&aes, digest1, 32);
uint8_t iv[16] = {};
CRYPT_AESSetIV(&aes, iv);
CRYPT_AESEncrypt(&aes, digest1, m_EncryptKey);
@@ -675,7 +679,7 @@
pdfium::make_span(buf).subspan<12, 4>());
CRYPT_aes_context aes = {};
- CRYPT_AESSetKey(&aes, m_EncryptKey);
+ CRYPT_AESSetKey(&aes, m_EncryptKey.data(), m_EncryptKey.size());
uint8_t iv[16] = {};
CRYPT_AESSetIV(&aes, iv);
