octoleo/qpdf
2
1
Fork 0
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 19:08:59 +00:00
Code Issues Releases Wiki Activity

Warn when -accessibility=n will be ignored

Browse Source 
Also accept -accessibility=n with 256 bit keys even though it will be
ignored.
This commit is contained in:
Jay Berkenbilt 2013-10-18 09:18:45 -04:00
parent ac9c1f0d56
commit a237e92445
4 changed files with 73 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -1,3 +1,11 @@
2013-10-18 Jay Berkenbilt <ejb@ql.org>
* Warn when -accessibility=n is specified with a modern encryption
format (R > 3). Also, accept this flag (and ignore with warning)
with 256-bit encryption. qpdf has always ignored the
accessibility setting with R > 3, but it previously did so
silently.
2013-10-05 Jay Berkenbilt <ejb@ql.org> 2013-10-05 Jay Berkenbilt <ejb@ql.org>
* Replace operator[] in std::string and std::vector with "at" in * Replace operator[] in std::string and std::vector with "at" in

4
libqpdf/QPDFWriter.cc
View File

@ -462,7 +462,9 @@ QPDFWriter::setEncryptionParameters(
if (R > 3) if (R > 3)
{ {
// Bit 10 is deprecated and should always be set. // Bit 10 is deprecated and should always be set. This used
// to mean accessibility. There is no way to disable
// accessibility with R > 3.
bits_to_clear.erase(10); bits_to_clear.erase(10);
} }

70
qpdf/qpdf.cc
View File

@ -740,13 +740,13 @@ parse_encrypt_options(
{ {
usage("invalid -accessibility parameter"); usage("invalid -accessibility parameter");
} }
if (keylen == 128) if (keylen == 40)
{ {
r3_accessibility = result; usage("-accessibility invalid for 40-bit keys");
} }
else else
{ {
usage("-accessibility invalid for 40-bit keys"); r3_accessibility = result;
} }
} }
else if (strcmp(arg, "cleartext-metadata") == 0) else if (strcmp(arg, "cleartext-metadata") == 0)
@ -1730,49 +1730,77 @@ int main(int argc, char* argv[])
} }
if (encrypt) if (encrypt)
{ {
int R = 0;
if (keylen == 40) if (keylen == 40)
{ {
w.setR2EncryptionParameters( R = 2;
user_password.c_str(), owner_password.c_str(),
r2_print, r2_modify, r2_extract, r2_annotate);
} }
else if (keylen == 128) else if (keylen == 128)
{ {
if (force_V4 || cleartext_metadata || use_aes) if (force_V4 || cleartext_metadata || use_aes)
{ {
w.setR4EncryptionParameters( R = 4;
user_password.c_str(), owner_password.c_str(),
r3_accessibility, r3_extract, r3_print, r3_modify,
!cleartext_metadata, use_aes);
} }
else else
{ {
w.setR3EncryptionParameters( R = 3;
user_password.c_str(), owner_password.c_str(),
r3_accessibility, r3_extract, r3_print, r3_modify);
} }
} }
else if (keylen == 256) else if (keylen == 256)
{ {
if (force_R5) if (force_R5)
{ {
w.setR5EncryptionParameters( R = 5;
user_password.c_str(), owner_password.c_str(),
r3_accessibility, r3_extract, r3_print, r3_modify,
!cleartext_metadata);
} }
else else
{ {
w.setR6EncryptionParameters( R = 6;
user_password.c_str(), owner_password.c_str(),
r3_accessibility, r3_extract, r3_print, r3_modify,
!cleartext_metadata);
} }
} }
else else
{ {
throw std::logic_error("bad encryption keylen"); throw std::logic_error("bad encryption keylen");
} }
if ((R > 3) && (r3_accessibility == false))
{
std::cerr << whoami
<< ": -accessibility=n is ignored for modern"
<< " encryption formats" << std::endl;
}
switch (R)
{
case 2:
w.setR2EncryptionParameters(
user_password.c_str(), owner_password.c_str(),
r2_print, r2_modify, r2_extract, r2_annotate);
break;
case 3:
w.setR3EncryptionParameters(
user_password.c_str(), owner_password.c_str(),
r3_accessibility, r3_extract, r3_print, r3_modify);
break;
case 4:
w.setR4EncryptionParameters(
user_password.c_str(), owner_password.c_str(),
r3_accessibility, r3_extract, r3_print, r3_modify,
!cleartext_metadata, use_aes);
break;
case 5:
w.setR5EncryptionParameters(
user_password.c_str(), owner_password.c_str(),
r3_accessibility, r3_extract, r3_print, r3_modify,
!cleartext_metadata);
break;
case 6:
w.setR6EncryptionParameters(
user_password.c_str(), owner_password.c_str(),
r3_accessibility, r3_extract, r3_print, r3_modify,
!cleartext_metadata);
break;
default:
throw std::logic_error("bad encryption R value");
break;
}
} }
if (linearize) if (linearize)
{ {

15
qpdf/qtest/qpdf.test
View File

@ -1399,6 +1399,9 @@ my @encrypted_files =
['XI-R6,V5,U=view,O=master', 'master', ['XI-R6,V5,U=view,O=master', 'master',
'-print=low', -2052, '-print=low', -2052,
1, 1, 1, 0, 1, 1, 1, 1, 1], 1, 1, 1, 0, 1, 1, 1, 1, 1],
['XI-R6,V5,U=view,O=master', 'master',
'-accessibility=n', -4, # -accessibility=n has no effect
1, 1, 1, 1, 1, 1, 1, 1, 1],
['XI-long-password', 'qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnm'], ['XI-long-password', 'qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnm'],
['XI-long-password', 'qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcv'], ['XI-long-password', 'qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcv'],
); );
@ -1501,12 +1504,20 @@ foreach my $d (@encrypted_files)
# password. # password.
$upass = ""; $upass = "";
} }
my $accessibility_warning = "";
if (($R > 3) && ($eflags =~ /accessibility=n/))
{
$accessibility_warning =
"qpdf: -accessibility=n is ignored" .
" for modern encryption formats\n";
}
$td->runtest("encrypt $file", $td->runtest("encrypt $file",
{$td->COMMAND => {$td->COMMAND =>
"qpdf --static-id --no-original-object-ids -qdf" . "qpdf --static-id --no-original-object-ids -qdf" .
" $eflags $file.enc $file.enc2"}, " $eflags $file.enc $file.enc2"},
{$td->STRING => "", {$td->STRING => $accessibility_warning,
$td->EXIT_STATUS => 0}); $td->EXIT_STATUS => 0},
$td->NORMALIZE_NEWLINES);
$td->runtest("check /P", $td->runtest("check /P",
{$td->COMMAND => {$td->COMMAND =>
"qpdf --show-encryption --password=\"$pass\"" . "qpdf --show-encryption --password=\"$pass\"" .