From 9836e7e2fe333a433733625c4b8cacb88e4d9171 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Mon, 2 Jun 2025 21:20:58 +0200 Subject: [PATCH] zip: Better detect no encryption support Some functions might return -1 in case of library error. Use an own return value if a stub function was used for better error messages. Signed-off-by: Tobias Stoeckmann --- libarchive/archive_cryptor.c | 8 ++++---- libarchive/archive_cryptor_private.h | 3 +++ libarchive/archive_read_support_format_zip.c | 4 ++-- libarchive/archive_write_set_format_zip.c | 10 ++++++++-- 4 files changed, 17 insertions(+), 8 deletions(-) diff --git a/libarchive/archive_cryptor.c b/libarchive/archive_cryptor.c index 1825af4dc..9f03f9ca6 100644 --- a/libarchive/archive_cryptor.c +++ b/libarchive/archive_cryptor.c @@ -151,7 +151,7 @@ pbkdf2_sha1(const char *pw, size_t pw_len, const uint8_t *salt, (void)rounds; /* UNUSED */ (void)derived_key; /* UNUSED */ (void)derived_key_len; /* UNUSED */ - return -1; /* UNSUPPORTED */ + return CRYPTOR_STUB_FUNCTION; /* UNSUPPORTED */ } #endif @@ -439,14 +439,14 @@ aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len) (void)ctx; /* UNUSED */ (void)key; /* UNUSED */ (void)key_len; /* UNUSED */ - return -1; + return CRYPTOR_STUB_FUNCTION; } static int aes_ctr_encrypt_counter(archive_crypto_ctx *ctx) { (void)ctx; /* UNUSED */ - return -1; + return CRYPTOR_STUB_FUNCTION; } static int @@ -469,7 +469,7 @@ aes_ctr_update(archive_crypto_ctx *ctx, const uint8_t * const in, (void)out; /* UNUSED */ (void)out_len; /* UNUSED */ aes_ctr_encrypt_counter(ctx); /* UNUSED */ /* Fix unused function warning */ - return -1; + return CRYPTOR_STUB_FUNCTION; } #else diff --git a/libarchive/archive_cryptor_private.h b/libarchive/archive_cryptor_private.h index 4b3c6c161..891c9c819 100644 --- a/libarchive/archive_cryptor_private.h +++ b/libarchive/archive_cryptor_private.h @@ -172,6 +172,9 @@ typedef int archive_crypto_ctx; #define archive_encrypto_aes_ctr_release(ctx) \ __archive_cryptor.encrypto_aes_ctr_release(ctx) +/* Stub return value if no encryption support exists. */ +#define CRYPTOR_STUB_FUNCTION -2 + /* Minimal interface to cryptographic functionality for internal use in * libarchive */ struct archive_cryptor diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c index daf51933d..9abd55709 100644 --- a/libarchive/archive_read_support_format_zip.c +++ b/libarchive/archive_read_support_format_zip.c @@ -3015,8 +3015,8 @@ init_WinZip_AES_decryption(struct archive_read *a) p, salt_len, 1000, derived_key, key_len * 2 + 2); if (r != 0) { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, - "Decryption is unsupported due to lack of " - "crypto library"); + r == CRYPTOR_STUB_FUNCTION ? "Decryption is unsupported due " + "to lack of crypto library" : "Failed to process passphrase"); return (ARCHIVE_FAILED); } diff --git a/libarchive/archive_write_set_format_zip.c b/libarchive/archive_write_set_format_zip.c index 3630b9f2b..ee69a922c 100644 --- a/libarchive/archive_write_set_format_zip.c +++ b/libarchive/archive_write_set_format_zip.c @@ -2434,13 +2434,19 @@ init_winzip_aes_encryption(struct archive_write *a) "Can't generate random number for encryption"); return (ARCHIVE_FATAL); } - archive_pbkdf2_sha1(passphrase, strlen(passphrase), + ret = archive_pbkdf2_sha1(passphrase, strlen(passphrase), salt, salt_len, 1000, derived_key, key_len * 2 + 2); + if (ret != 0) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, + ret == CRYPTOR_STUB_FUNCTION ? "Encryption is unsupported due to " + "lack of crypto library" : "Failed to process passphrase"); + return (ARCHIVE_FAILED); + } ret = archive_encrypto_aes_ctr_init(&zip->cctx, derived_key, key_len); if (ret != 0) { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, - "Decryption is unsupported due to lack of crypto library"); + "Failed to initialize AES CTR mode"); return (ARCHIVE_FAILED); } ret = archive_hmac_sha1_init(&zip->hctx, derived_key + key_len, -- 2.47.2