forked from aniani/vim
patch 9.0.1481: decrypting with libsodium may fail if the library changes
Problem: Decrypting with libsodium may fail if the library changes.
Solution: Add parameters used to the encrypted file header. (Christian
Brabandt, closes #12279)
This commit is contained in:
Christian Brabandt
committed by
Bram Moolenaar
Bram Moolenaar
parent
dcd40cfca0
commit
aae583441b
@@ -436,7 +436,7 @@ ml_set_mfp_crypt(buf_T *buf)
|
||||
sha2_seed(buf->b_ml.ml_mfp->mf_seed, MF_SEED_LEN, NULL, 0);
|
||||
}
|
||||
#ifdef FEAT_SODIUM
|
||||
else if (method_nr == CRYPT_M_SOD)
|
||||
else if (crypt_method_is_sodium(method_nr))
|
||||
crypt_sodium_randombytes_buf(buf->b_ml.ml_mfp->mf_seed,
|
||||
MF_SEED_LEN);
|
||||
#endif
|
||||
@@ -495,7 +495,7 @@ ml_set_crypt_key(
|
||||
old_method = crypt_method_nr_from_name(old_cm);
|
||||
|
||||
// Swapfile encryption not supported by XChaCha20
|
||||
if (crypt_get_method_nr(buf) == CRYPT_M_SOD && *buf->b_p_key != NUL)
|
||||
if (crypt_method_is_sodium(crypt_get_method_nr(buf)) && *buf->b_p_key != NUL)
|
||||
{
|
||||
// close the swapfile
|
||||
mf_close_file(buf, TRUE);
|
||||
@@ -5512,6 +5512,7 @@ ml_decrypt_data(
|
||||
/*
|
||||
* Prepare for encryption/decryption, using the key, seed and offset.
|
||||
* Return an allocated cryptstate_T *.
|
||||
* Note: Encryption not supported for SODIUM
|
||||
*/
|
||||
static cryptstate_T *
|
||||
ml_crypt_prepare(memfile_T *mfp, off_T offset, int reading)
|
||||
@@ -5520,21 +5521,23 @@ ml_crypt_prepare(memfile_T *mfp, off_T offset, int reading)
|
||||
char_u salt[50];
|
||||
int method_nr;
|
||||
char_u *key;
|
||||
char_u *seed;
|
||||
crypt_arg_T arg;
|
||||
|
||||
CLEAR_FIELD(arg);
|
||||
if (reading && mfp->mf_old_key != NULL)
|
||||
{
|
||||
// Reading back blocks with the previous key/method/seed.
|
||||
method_nr = mfp->mf_old_cm;
|
||||
key = mfp->mf_old_key;
|
||||
seed = mfp->mf_old_seed;
|
||||
arg.cat_seed = mfp->mf_old_seed;
|
||||
}
|
||||
else
|
||||
{
|
||||
method_nr = crypt_get_method_nr(buf);
|
||||
key = buf->b_p_key;
|
||||
seed = mfp->mf_seed;
|
||||
arg.cat_seed = mfp->mf_seed;
|
||||
}
|
||||
|
||||
if (*key == NUL)
|
||||
return NULL;
|
||||
|
||||
@@ -5543,14 +5546,24 @@ ml_crypt_prepare(memfile_T *mfp, off_T offset, int reading)
|
||||
// For PKzip: Append the offset to the key, so that we use a different
|
||||
// key for every block.
|
||||
vim_snprintf((char *)salt, sizeof(salt), "%s%ld", key, (long)offset);
|
||||
return crypt_create(method_nr, salt, NULL, 0, NULL, 0);
|
||||
arg.cat_seed = NULL;
|
||||
arg.cat_init_from_file = FALSE;
|
||||
|
||||
return crypt_create(method_nr, salt, &arg);
|
||||
}
|
||||
|
||||
// Using blowfish or better: add salt and seed. We use the byte offset
|
||||
// of the block for the salt.
|
||||
vim_snprintf((char *)salt, sizeof(salt), "%ld", (long)offset);
|
||||
return crypt_create(method_nr, key, salt, (int)STRLEN(salt),
|
||||
seed, MF_SEED_LEN);
|
||||
|
||||
arg.cat_salt = salt;
|
||||
arg.cat_salt_len = (int)STRLEN(salt);
|
||||
arg.cat_seed_len = MF_SEED_LEN;
|
||||
arg.cat_add_len = 0;
|
||||
arg.cat_add = NULL;
|
||||
arg.cat_init_from_file = FALSE;
|
||||
|
||||
return crypt_create(method_nr, key, &arg);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user