zip: Better detect no encryption support

author Tobias Stoeckmann <tobias@stoeckmann.org>

Mon, 2 Jun 2025 19:20:58 +0000 (21:20 +0200)

committer Tobias Stoeckmann <tobias@stoeckmann.org>

Tue, 3 Jun 2025 15:27:48 +0000 (17:27 +0200)
author Tobias Stoeckmann <tobias@stoeckmann.org>
Mon, 2 Jun 2025 19:20:58 +0000 (21:20 +0200)
committer Tobias Stoeckmann <tobias@stoeckmann.org>
Tue, 3 Jun 2025 15:27:48 +0000 (17:27 +0200)
diff --git a/libarchive/archive_cryptor.c b/libarchive/archive_cryptor.c

index 1825af4dc5100c13b1341c6103dbb31cbd43c9aa..9f03f9ca6dd06bd7de683122e44334105b45385f 100644 (file)
--- a/libarchive/archive_cryptor.c
+++ b/libarchive/archive_cryptor.c
@@ -151,7 +151,7 @@ pbkdf2_sha1(const char *pw, size_t pw_len, const uint8_t *salt,
         (void)rounds; /* UNUSED */
         (void)derived_key; /* UNUSED */
         (void)derived_key_len; /* UNUSED */
-       return -1; /* UNSUPPORTED */
+       return CRYPTOR_STUB_FUNCTION; /* UNSUPPORTED */
  }
  
  #endif
@@ -439,14 +439,14 @@ aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len)
         (void)ctx; /* UNUSED */
         (void)key; /* UNUSED */
         (void)key_len; /* UNUSED */
-       return -1;
+       return CRYPTOR_STUB_FUNCTION;
  }
  
  static int
  aes_ctr_encrypt_counter(archive_crypto_ctx *ctx)
  {
         (void)ctx; /* UNUSED */
-       return -1;
+       return CRYPTOR_STUB_FUNCTION;
  }
  
  static int
@@ -469,7 +469,7 @@ aes_ctr_update(archive_crypto_ctx *ctx, const uint8_t * const in,
         (void)out; /* UNUSED */
         (void)out_len; /* UNUSED */
         aes_ctr_encrypt_counter(ctx); /* UNUSED */ /* Fix unused function warning */
-       return -1;
+       return CRYPTOR_STUB_FUNCTION;
  }
  
  #else
diff --git a/libarchive/archive_cryptor_private.h b/libarchive/archive_cryptor_private.h

index 4b3c6c1614332b54c3edd7af464b131e11e51f22..891c9c819f1b1e65a18b4889a013fb8e534ab60c 100644 (file)
--- a/libarchive/archive_cryptor_private.h
+++ b/libarchive/archive_cryptor_private.h
@@ -172,6 +172,9 @@ typedef int archive_crypto_ctx;
  #define archive_encrypto_aes_ctr_release(ctx) \
    __archive_cryptor.encrypto_aes_ctr_release(ctx)
  
+/* Stub return value if no encryption support exists. */
+#define CRYPTOR_STUB_FUNCTION  -2
+
  /* Minimal interface to cryptographic functionality for internal use in
   * libarchive */
  struct archive_cryptor
diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c

index daf51933d687ac78cd5427a8ec8a6aeb3bb3e402..9abd55709e3fca645163150bb6b54a68db752655 100644 (file)
--- a/libarchive/archive_read_support_format_zip.c
+++ b/libarchive/archive_read_support_format_zip.c
@@ -3015,8 +3015,8 @@ init_WinZip_AES_decryption(struct archive_read *a)
                     p, salt_len, 1000, derived_key, key_len * 2 + 2);
                 if (r != 0) {
                         archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-                           "Decryption is unsupported due to lack of "
-                           "crypto library");
+                           r == CRYPTOR_STUB_FUNCTION ? "Decryption is unsupported due "
+                               "to lack of crypto library" : "Failed to process passphrase");
                         return (ARCHIVE_FAILED);
                 }
  
diff --git a/libarchive/archive_write_set_format_zip.c b/libarchive/archive_write_set_format_zip.c

index 3630b9f2b3a3ce91bd56afe8ce5198fd20b88290..ee69a922c73f9121c3b9c6d85755f84f133f8ab4 100644 (file)
--- a/libarchive/archive_write_set_format_zip.c
+++ b/libarchive/archive_write_set_format_zip.c
@@ -2434,13 +2434,19 @@ init_winzip_aes_encryption(struct archive_write *a)
                     "Can't generate random number for encryption");
                 return (ARCHIVE_FATAL);
         }
-       archive_pbkdf2_sha1(passphrase, strlen(passphrase),
+       ret = archive_pbkdf2_sha1(passphrase, strlen(passphrase),
             salt, salt_len, 1000, derived_key, key_len * 2 + 2);
+       if (ret != 0) {
+               archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+                   ret == CRYPTOR_STUB_FUNCTION ? "Encryption is unsupported due to "
+                       "lack of crypto library" : "Failed to process passphrase");
+               return (ARCHIVE_FAILED);
+       }
  
         ret = archive_encrypto_aes_ctr_init(&zip->cctx, derived_key, key_len);
         if (ret != 0) {
                 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-                   "Decryption is unsupported due to lack of crypto library");
+                   "Failed to initialize AES CTR mode");
                 return (ARCHIVE_FAILED);
         }
         ret = archive_hmac_sha1_init(&zip->hctx, derived_key + key_len,
author	Tobias Stoeckmann <tobias@stoeckmann.org>
	Mon, 2 Jun 2025 19:20:58 +0000 (21:20 +0200)
committer	Tobias Stoeckmann <tobias@stoeckmann.org>
	Tue, 3 Jun 2025 15:27:48 +0000 (17:27 +0200)
libarchive/archive_cryptor.c		patch \| blob \| blame \| history
libarchive/archive_cryptor_private.h		patch \| blob \| blame \| history
libarchive/archive_read_support_format_zip.c		patch \| blob \| blame \| history
libarchive/archive_write_set_format_zip.c		patch \| blob \| blame \| history