diff -up vim74/runtime/doc/editing.txt.blowfish2 vim74/runtime/doc/editing.txt

--- vim74/runtime/doc/editing.txt.blowfish2	2013-08-10 13:24:53.000000000 +0200

+++ vim74/runtime/doc/editing.txt	2017-09-05 14:47:34.915912305 +0200

@@ -1364,8 +1364,13 @@ The text in the swap file and the undo f

 Note: The text in memory is not encrypted.  A system administrator may be able

 to see your text while you are editing it.  When filtering text with

-":!filter" or using ":w !command" the text is not encrypted, this may reveal

-it to others.  The 'viminfo' file is not encrypted.

+":!filter" or using ":w !command" the text is also not encrypted, this may

+reveal it to others.  The 'viminfo' file is not encrypted.

+

+You could do this to edit very secret text: >

+       :set noundofile viminfo=

+       :noswapfile edit secrets.txt

+Keep in mind that without a swap file you risk loosing your work in a crash.

 WARNING: If you make a typo when entering the key and then write the file and

 exit, the text will be lost!

@@ -1392,18 +1397,24 @@ To disable the encryption, reset the 'ke

 	:set key=

 You can use the 'cryptmethod' option to select the type of encryption, use one

-of these two: >

-	:setlocal cm=zip       " weak method, backwards compatible

-	:setlocal cm=blowfish  " strong method

+of these: >

+       :setlocal cm=zip        " weak method, backwards compatible

+       :setlocal cm=blowfish   " method with flaws

+       :setlocal cm=blowfish2  " medium strong method

+

 Do this before writing the file.  When reading an encrypted file it will be

 set automatically to the method used when that file was written.  You can

 change 'cryptmethod' before writing that file to change the method.

 To set the default method, used for new files, use one of these in your

 |vimrc| file: >

 	set cm=zip

-	set cm=blowfish

+        set cm=blowfish2

+Use the first one if you need to be compatible with Vim 7.2 and older.  Using

+"blowfish2" is highly recommended if you can use a Vim version that supports

+it.

+

 The message given for reading and writing a file will show "[crypted]" when

-using zip, "[blowfish]" when using blowfish.

+using zip, "[blowfish]" when using blowfish, etc.

 When writing an undo file, the same key and method will be used for the text

 in the undo file. |persistent-undo|.

@@ -1438,7 +1449,7 @@ lines to "/etc/magic", "/usr/share/misc/

      0	string	VimCrypt~	Vim encrypted file

      >9	string	01	- "zip" cryptmethod

      >9	string	02	- "blowfish" cryptmethod

-

+     >9        string  03      - "blowfish2" cryptmethod

 Notes:

 - Encryption is not possible when doing conversion with 'charconvert'.

@@ -1462,6 +1473,10 @@ Notes:

 - Pkzip uses the same encryption as 'cryptmethod' "zip", and US Govt has no

   objection to its export.  Pkzip's public file APPNOTE.TXT describes this

   algorithm in detail.

+- The implementation of 'cryptmethod' "blowfish" has a flaw.  It is possible to

+  crack the first 64 bytes of a file and in some circumstances more of the

+  file. Use of it is not recommended, but it's still the strongest method

+  supported by Vim 7.3 and 7.4.  The "zip" method is even weaker.

 - Vim originates from the Netherlands.  That is where the sources come from.

   Thus the encryption code is not exported from the USA.

diff -up vim74/runtime/doc/options.txt.blowfish2 vim74/runtime/doc/options.txt

--- vim74/runtime/doc/options.txt.blowfish2	2017-09-05 14:47:33.976919884 +0200

+++ vim74/runtime/doc/options.txt	2017-09-05 14:47:34.925912224 +0200

@@ -2197,10 +2197,18 @@ A jump table for the options with a shor

 	   zip		PkZip compatible method.  A weak kind of encryption.

 			Backwards compatible with Vim 7.2 and older.

 							*blowfish*

-	   blowfish	Blowfish method.  Strong encryption.  Requires Vim 7.3

-			or later, files can NOT be read by Vim 7.2 and older.

-			This adds a "seed" to the file, every time you write

-			the file the encrypted bytes will be different.

+          blowfish     Blowfish method.  Medium strong encryption but it has

+                       an implementation flaw.  Requires Vim 7.3 or later,

+                       files can NOT be read by Vim 7.2 and older.  This adds

+                       a "seed" to the file, every time you write the file

+                       the encrypted bytes will be different.

+                                                       *blowfish2*

+          blowfish2    Blowfish method.  Medium strong encryption.  Requires

+                       Vim 7.4.399 or later, files can NOT be read by Vim 7.3

+                       and older.  This adds a "seed" to the file, every time

+                       you write the file the encrypted bytes will be

+                       different.  The whole undo file is encrypted, not just

+                       the pieces of text.

 	When reading an encrypted file 'cryptmethod' will be set automatically

 	to the detected method of the file being read.  Thus if you write it

diff -up vim74/src/blowfish.c.blowfish2 vim74/src/blowfish.c

--- vim74/src/blowfish.c.blowfish2	2010-12-17 19:58:18.000000000 +0100

+++ vim74/src/blowfish.c	2017-09-05 14:47:34.926912216 +0200

@@ -9,17 +9,25 @@

  * Blowfish encryption for Vim; in Blowfish output feedback mode.

  * Contributed by Mohsin Ahmed, http://www.cs.albany.edu/~mosh

  * Based on http://www.schneier.com/blowfish.html by Bruce Schneier.

+ *

+ * There are two variants:

+ * - The old one "blowfish" has a flaw which makes it much easier to crack the

+ *   key.  To see this, make a text file with one line of 1000 "x" characters

+ *   and write it encrypted.  Use "xxd" to inspect the bytes in the file.  You

+ *   will see that a block of 8 bytes repeats 8 times.

+ * - The new one "blowfish2" is better.  It uses an 8 byte CFB to avoid the

+ *   repeats.

  */

 #include "vim.h"

-#if defined(FEAT_CRYPT)

+#if defined(FEAT_CRYPT) || defined(PROTO)

 #define ARRAY_LENGTH(A)      (sizeof(A)/sizeof(A[0]))

 #define BF_BLOCK    8

 #define BF_BLOCK_MASK 7

-#define BF_OFB_LEN  (8*(BF_BLOCK))

+#define BF_MAX_CFB_LEN  (8 * BF_BLOCK)

 typedef union {

     UINT32_T ul[2];

@@ -37,14 +45,26 @@ typedef union {

 # endif

 #endif

-static void bf_e_block __ARGS((UINT32_T *p_xl, UINT32_T *p_xr));

-static void bf_e_cblock __ARGS((char_u *block));

-static int bf_check_tables __ARGS((UINT32_T a_ipa[18], UINT32_T a_sbi[4][256], UINT32_T val));

+/* The state of encryption, referenced by cryptstate_T. */

+typedef struct {

+    UINT32_T	pax[18];	    /* P-array */

+    UINT32_T	sbx[4][256];	    /* S-boxes */

+    int		randbyte_offset;

+    int		update_offset;

+    char_u	cfb_buffer[BF_MAX_CFB_LEN]; /* up to 64 bytes used */

+    int		cfb_len;	    /* size of cfb_buffer actually used */

+} bf_state_T;

+

+

+static void bf_e_block __ARGS((bf_state_T *state, UINT32_T *p_xl, UINT32_T *p_xr));

+static void bf_e_cblock __ARGS((bf_state_T *state, char_u *block));

+static int bf_check_tables __ARGS((UINT32_T pax[18], UINT32_T sbx[4][256], UINT32_T val));

 static int bf_self_test __ARGS((void));

+static void bf_key_init __ARGS((bf_state_T *state, char_u *password, char_u *salt, int salt_len));

+static void bf_cfb_init __ARGS((bf_state_T *state, char_u *seed, int seed_len));

 /* Blowfish code */

-static UINT32_T pax[18];

-static UINT32_T ipa[18] = {

+static UINT32_T pax_init[18] = {

     0x243f6a88u, 0x85a308d3u, 0x13198a2eu,

     0x03707344u, 0xa4093822u, 0x299f31d0u,

     0x082efa98u, 0xec4e6c89u, 0x452821e6u,

@@ -53,8 +73,7 @@ static UINT32_T ipa[18] = {

     0xb5470917u, 0x9216d5d9u, 0x8979fb1bu

 };

-static UINT32_T sbx[4][256];

-static UINT32_T sbi[4][256] = {

+static UINT32_T sbx_init[4][256] = {

    {0xd1310ba6u, 0x98dfb5acu, 0x2ffd72dbu, 0xd01adfb7u,

     0xb8e1afedu, 0x6a267e96u, 0xba7c9045u, 0xf12c7f99u,

     0x24a19947u, 0xb3916cf7u, 0x0801f2e2u, 0x858efc16u,

@@ -314,33 +333,40 @@ static UINT32_T sbi[4][256] = {

  }

 };

-

 #define F1(i) \

-    xl ^= pax[i]; \

-    xr ^= ((sbx[0][xl >> 24] + \

-    sbx[1][(xl & 0xFF0000) >> 16]) ^ \

-    sbx[2][(xl & 0xFF00) >> 8]) + \

-    sbx[3][xl & 0xFF];

+    xl ^= bfs->pax[i]; \

+    xr ^= ((bfs->sbx[0][xl >> 24] + \

+    bfs->sbx[1][(xl & 0xFF0000) >> 16]) ^ \

+    bfs->sbx[2][(xl & 0xFF00) >> 8]) + \

+    bfs->sbx[3][xl & 0xFF];

 #define F2(i) \

-    xr ^= pax[i]; \

-    xl ^= ((sbx[0][xr >> 24] + \

-    sbx[1][(xr & 0xFF0000) >> 16]) ^ \

-    sbx[2][(xr & 0xFF00) >> 8]) + \

-    sbx[3][xr & 0xFF];

-

+    xr ^= bfs->pax[i]; \

+    xl ^= ((bfs->sbx[0][xr >> 24] + \

+    bfs->sbx[1][(xr & 0xFF0000) >> 16]) ^ \

+    bfs->sbx[2][(xr & 0xFF00) >> 8]) + \

+    bfs->sbx[3][xr & 0xFF];

     static void

-bf_e_block(p_xl, p_xr)

+bf_e_block(bfs, p_xl, p_xr)

+    bf_state_T *bfs;

     UINT32_T *p_xl;

     UINT32_T *p_xr;

 {

-    UINT32_T temp, xl = *p_xl, xr = *p_xr;

-

-    F1(0) F2(1) F1(2) F2(3) F1(4) F2(5) F1(6) F2(7)

-    F1(8) F2(9) F1(10) F2(11) F1(12) F2(13) F1(14) F2(15)

-    xl ^= pax[16];

-    xr ^= pax[17];

+    UINT32_T temp;

+    UINT32_T xl = *p_xl;

+    UINT32_T xr = *p_xr;

+

+    F1(0) F2(1)

+    F1(2) F2(3)

+    F1(4) F2(5)

+    F1(6) F2(7)

+    F1(8) F2(9)

+    F1(10) F2(11)

+    F1(12) F2(13)

+    F1(14) F2(15)

+    xl ^= bfs->pax[16];

+    xr ^= bfs->pax[17];

     temp = xl;

     xl = xr;

     xr = temp;

@@ -348,23 +374,6 @@ bf_e_block(p_xl, p_xr)

     *p_xr = xr;

 }

-#if 0  /* not used */

-    static void

-bf_d_block(p_xl, p_xr)

-    UINT32_T *p_xl;

-    UINT32_T *p_xr;

-{

-    UINT32_T temp, xl = *p_xl, xr = *p_xr;

-    F1(17) F2(16) F1(15) F2(14) F1(13) F2(12) F1(11) F2(10)

-    F1(9) F2(8) F1(7) F2(6) F1(5) F2(4) F1(3) F2(2)

-    xl ^= pax[1];

-    xr ^= pax[0];

-    temp = xl; xl = xr; xr = temp;

-    *p_xl = xl; *p_xr = xr;

-}

-#endif

-

-

 #ifdef WORDS_BIGENDIAN

 # define htonl2(x) \

     x = ((((x) &     0xffL) << 24) | (((x) & 0xff00L)     <<  8) | \

@@ -374,7 +383,8 @@ bf_d_block(p_xl, p_xr)

 #endif

     static void

-bf_e_cblock(block)

+bf_e_cblock(bfs, block)

+    bf_state_T *bfs;

     char_u *block;

 {

     block8	bk;

@@ -382,35 +392,22 @@ bf_e_cblock(block)

     memcpy(bk.uc, block, 8);

     htonl2(bk.ul[0]);

     htonl2(bk.ul[1]);

-    bf_e_block(&bk.ul[0], &bk.ul[1]);

+    bf_e_block(bfs, &bk.ul[0], &bk.ul[1]);

     htonl2(bk.ul[0]);

     htonl2(bk.ul[1]);

     memcpy(block, bk.uc, 8);

 }

-#if 0  /* not used */

-    void

-bf_d_cblock(block)

-    char_u *block;

-{

-    block8 bk;

-    memcpy(bk.uc, block, 8);

-    htonl2(bk.ul[0]); htonl2(bk.ul[1]);

-    bf_d_block(&bk.ul[0], &bk.ul[1]);

-    htonl2(bk.ul[0]); htonl2(bk.ul[1]);

-    memcpy(block, bk.uc, 8);

-}

-#endif

-

 /*

  * Initialize the crypt method using "password" as the encryption key and

  * "salt[salt_len]" as the salt.

  */

-    void

-bf_key_init(password, salt, salt_len)

-    char_u *password;

-    char_u *salt;

-    int    salt_len;

+    static void

+bf_key_init(bfs, password, salt, salt_len)

+    bf_state_T	*bfs;

+    char_u	*password;

+    char_u	*salt;

+    int		salt_len;

 {

     int      i, j, keypos = 0;

     unsigned u;

@@ -418,7 +415,7 @@ bf_key_init(password, salt, salt_len)

     char_u   *key;

     int      keylen;

-    /* Process the key 1000 times.

+    /* Process the key 1001 times.

      * See http://en.wikipedia.org/wiki/Key_strengthening. */

     key = sha256_key(password, salt, salt_len);

     for (i = 0; i < 1000; i++)

@@ -437,52 +434,54 @@ bf_key_init(password, salt, salt_len)

 	key[i] = u;

     }

-    mch_memmove(sbx, sbi, 4 * 4 * 256);

+    /* Use "key" to initialize the P-array ("pax") and S-boxes ("sbx") of

+     * Blowfish. */

+    mch_memmove(bfs->sbx, sbx_init, 4 * 4 * 256);

     for (i = 0; i < 18; ++i)

     {

 	val = 0;

 	for (j = 0; j < 4; ++j)

 	    val = (val << 8) | key[keypos++ % keylen];

-	pax[i] = ipa[i] ^ val;

+	bfs->pax[i] = pax_init[i] ^ val;

     }

     data_l = data_r = 0;

     for (i = 0; i < 18; i += 2)

     {

-	bf_e_block(&data_l, &data_r);

-	pax[i + 0] = data_l;

-	pax[i + 1] = data_r;

+	bf_e_block(bfs, &data_l, &data_r);

+	bfs->pax[i + 0] = data_l;

+	bfs->pax[i + 1] = data_r;

     }

     for (i = 0; i < 4; ++i)

     {

 	for (j = 0; j < 256; j += 2)

 	{

-	    bf_e_block(&data_l, &data_r);

-	    sbx[i][j + 0] = data_l;

-	    sbx[i][j + 1] = data_r;

+	    bf_e_block(bfs, &data_l, &data_r);

+	    bfs->sbx[i][j + 0] = data_l;

+	    bfs->sbx[i][j + 1] = data_r;

 	}

     }

 }

 /*

- * BF Self test for corrupted tables or instructions

+ * Blowfish self-test for corrupted tables or instructions.

  */

     static int

-bf_check_tables(a_ipa, a_sbi, val)

-    UINT32_T a_ipa[18];

-    UINT32_T a_sbi[4][256];

+bf_check_tables(pax, sbx, val)

+    UINT32_T pax[18];

+    UINT32_T sbx[4][256];

     UINT32_T val;

 {

     int i, j;

     UINT32_T c = 0;

     for (i = 0; i < 18; i++)

-	c ^= a_ipa[i];

+	c ^= pax[i];

     for (i = 0; i < 4; i++)

 	for (j = 0; j < 256; j++)

-	    c ^= a_sbi[i][j];

+	    c ^= sbx[i][j];

     return c == val;

 }

@@ -520,6 +519,10 @@ bf_self_test()

     int    err = 0;

     block8 bk;

     UINT32_T ui = 0xffffffffUL;

+    bf_state_T state;

+

+    vim_memset(&state, 0, sizeof(bf_state_T));

+    state.cfb_len = BF_MAX_CFB_LEN;

     /* We can't simply use sizeof(UINT32_T), it would generate a compiler

      * warning. */

@@ -528,21 +531,21 @@ bf_self_test()

 	EMSG(_("E820: sizeof(uint32_t) != 4"));

     }

-    if (!bf_check_tables(ipa, sbi, 0x6ffa520a))

+    if (!bf_check_tables(pax_init, sbx_init, 0x6ffa520a))

 	err++;

     bn = ARRAY_LENGTH(bf_test_data);

     for (i = 0; i < bn; i++)

     {

-	bf_key_init((char_u *)(bf_test_data[i].password),

+	bf_key_init(&state, (char_u *)(bf_test_data[i].password),

 		    bf_test_data[i].salt,

 		    (int)STRLEN(bf_test_data[i].salt));

-	if (!bf_check_tables(pax, sbx, bf_test_data[i].keysum))

+	if (!bf_check_tables(state.pax, state.sbx, bf_test_data[i].keysum))

 	    err++;

 	/* Don't modify bf_test_data[i].plaintxt, self test is idempotent. */

 	memcpy(bk.uc, bf_test_data[i].plaintxt, 8);

-	bf_e_cblock(bk.uc);

+	bf_e_cblock(&state, bk.uc);

 	if (memcmp(bk.uc, bf_test_data[i].cryptxt, 8) != 0)

 	{

 	    if (err == 0 && memcmp(bk.uc, bf_test_data[i].badcryptxt, 8) == 0)

@@ -554,43 +557,43 @@ bf_self_test()

     return err > 0 ? FAIL : OK;

 }

-/* Output feedback mode. */

-static int randbyte_offset = 0;

-static int update_offset = 0;

-static char_u ofb_buffer[BF_OFB_LEN]; /* 64 bytes */

+/*

+ * CFB: Cipher Feedback Mode.

+ */

 /*

- * Initialize with seed "iv[iv_len]".

+ * Initialize with seed "seed[seed_len]".

  */

-    void

-bf_ofb_init(iv, iv_len)

-    char_u *iv;

-    int    iv_len;

+    static void

+bf_cfb_init(bfs, seed, seed_len)

+    bf_state_T	*bfs;

+    char_u	*seed;

+    int		seed_len;

 {

     int i, mi;

-    randbyte_offset = update_offset = 0;

-    vim_memset(ofb_buffer, 0, BF_OFB_LEN);

-    if (iv_len > 0)

+    bfs->randbyte_offset = bfs->update_offset = 0;

+    vim_memset(bfs->cfb_buffer, 0, bfs->cfb_len);

+    if (seed_len > 0)

     {

-	mi = iv_len > BF_OFB_LEN ? iv_len : BF_OFB_LEN;

+	mi = seed_len > bfs->cfb_len ? seed_len : bfs->cfb_len;

 	for (i = 0; i < mi; i++)

-	    ofb_buffer[i % BF_OFB_LEN] ^= iv[i % iv_len];

+	    bfs->cfb_buffer[i % bfs->cfb_len] ^= seed[i % seed_len];

     }

 }

-#define BF_OFB_UPDATE(c) { \

-    ofb_buffer[update_offset] ^= (char_u)c; \

-    if (++update_offset == BF_OFB_LEN) \

-	update_offset = 0; \

+#define BF_CFB_UPDATE(bfs, c) { \

+    bfs->cfb_buffer[bfs->update_offset] ^= (char_u)c; \

+    if (++bfs->update_offset == bfs->cfb_len) \

+	bfs->update_offset = 0; \

 }

-#define BF_RANBYTE(t) { \

-    if ((randbyte_offset & BF_BLOCK_MASK) == 0) \

-	bf_e_cblock(&ofb_buffer[randbyte_offset]); \

-    t = ofb_buffer[randbyte_offset]; \

-    if (++randbyte_offset == BF_OFB_LEN) \

-	randbyte_offset = 0; \

+#define BF_RANBYTE(bfs, t) { \

+    if ((bfs->randbyte_offset & BF_BLOCK_MASK) == 0) \

+	bf_e_cblock(bfs, &(bfs->cfb_buffer[bfs->randbyte_offset])); \

+    t = bfs->cfb_buffer[bfs->randbyte_offset]; \

+    if (++bfs->randbyte_offset == bfs->cfb_len) \

+	bfs->randbyte_offset = 0; \

 }

 /*

@@ -598,90 +601,69 @@ bf_ofb_init(iv, iv_len)

  * "from" and "to" can be equal to encrypt in place.

  */

     void

-bf_crypt_encode(from, len, to)

+crypt_blowfish_encode(state, from, len, to)

+    cryptstate_T *state;

     char_u	*from;

     size_t	len;

     char_u	*to;

 {

+    bf_state_T *bfs = state->method_state;

     size_t	i;

     int		ztemp, t;

     for (i = 0; i < len; ++i)

     {

 	ztemp = from[i];

-	BF_RANBYTE(t);

-	BF_OFB_UPDATE(ztemp);

+	BF_RANBYTE(bfs, t);

+	BF_CFB_UPDATE(bfs, ztemp);

 	to[i] = t ^ ztemp;

     }

 }

 /*

- * Decrypt "ptr[len]" in place.

+ * Decrypt "from[len]" into "to[len]".

  */

     void

-bf_crypt_decode(ptr, len)

-    char_u	*ptr;

-    long	len;

+crypt_blowfish_decode(state, from, len, to)

+    cryptstate_T *state;

+    char_u	*from;

+    size_t	len;

+    char_u	*to;

 {

-    char_u	*p;

+    bf_state_T *bfs = state->method_state;

+    size_t	i;

     int		t;

-    for (p = ptr; p < ptr + len; ++p)

+    for (i = 0; i < len; ++i)

     {

-	BF_RANBYTE(t);

-	*p ^= t;

-	BF_OFB_UPDATE(*p);

+	BF_RANBYTE(bfs, t);

+	to[i] = from[i] ^ t;

+	BF_CFB_UPDATE(bfs, to[i]);

     }

 }

-/*

- * Initialize the encryption keys and the random header according to

- * the given password.

- */

     void

-bf_crypt_init_keys(passwd)

-    char_u *passwd;		/* password string with which to modify keys */

-{

-    char_u *p;

-

-    for (p = passwd; *p != NUL; ++p)

-    {

-	BF_OFB_UPDATE(*p);

-    }

-}

+crypt_blowfish_init(state, key, salt, salt_len, seed, seed_len)

+    cryptstate_T	*state;

+    char_u*		key;

+    char_u*		salt;

+    int			salt_len;

+    char_u*		seed;

+    int			seed_len;

+{

+    bf_state_T	*bfs = (bf_state_T *)alloc_clear(sizeof(bf_state_T));

+

+    state->method_state = bfs;

+

+    /* "blowfish" uses a 64 byte buffer, causing it to repeat 8 byte groups 8

+     * times.  "blowfish2" uses a 8 byte buffer to avoid repeating. */

+    bfs->cfb_len = state->method_nr == CRYPT_M_BF ? BF_MAX_CFB_LEN : BF_BLOCK;

-static int save_randbyte_offset;

-static int save_update_offset;

-static char_u save_ofb_buffer[BF_OFB_LEN];

-static UINT32_T save_pax[18];

-static UINT32_T save_sbx[4][256];

-

-/*

- * Save the current crypt state.  Can only be used once before

- * bf_crypt_restore().

- */

-    void

-bf_crypt_save()

-{

-    save_randbyte_offset = randbyte_offset;

-    save_update_offset = update_offset;

-    mch_memmove(save_ofb_buffer, ofb_buffer, BF_OFB_LEN);

-    mch_memmove(save_pax, pax, 4 * 18);

-    mch_memmove(save_sbx, sbx, 4 * 4 * 256);

-}

+    if (blowfish_self_test() == FAIL)

+	return;

-/*

- * Restore the current crypt state.  Can only be used after

- * bf_crypt_save().

- */

-    void

-bf_crypt_restore()

-{

-    randbyte_offset = save_randbyte_offset;

-    update_offset = save_update_offset;

-    mch_memmove(ofb_buffer, save_ofb_buffer, BF_OFB_LEN);

-    mch_memmove(pax, save_pax, 4 * 18);

-    mch_memmove(sbx, save_sbx, 4 * 4 * 256);

+    bf_key_init(bfs, key, salt, salt_len);

+    bf_cfb_init(bfs, seed, seed_len);

 }

 /*

diff -up vim74/src/crypt.c.blowfish2 vim74/src/crypt.c

--- vim74/src/crypt.c.blowfish2	2017-09-05 14:47:34.933912159 +0200

+++ vim74/src/crypt.c	2017-09-05 14:47:34.933912159 +0200

@@ -0,0 +1,585 @@

+/* vi:set ts=8 sts=4 sw=4:

+ *

+ * VIM - Vi IMproved	by Bram Moolenaar

+ *

+ * Do ":help uganda"  in Vim to read copying and usage conditions.

+ * Do ":help credits" in Vim to see a list of people who contributed.

+ * See README.txt for an overview of the Vim source code.

+ */

+

+/*

+ * crypt.c: Generic encryption support.

+ */

+#include "vim.h"

+

+#if defined(FEAT_CRYPT) || defined(PROTO)

+/*

+ * Optional encryption support.

+ * Mohsin Ahmed, mosh@sasi.com, 1998-09-24

+ * Based on zip/crypt sources.

+ * Refactored by David Leadbeater, 2014.

+ *

+ * NOTE FOR USA: Since 2000 exporting this code from the USA is allowed to

+ * most countries.  There are a few exceptions, but that still should not be a

+ * problem since this code was originally created in Europe and India.

+ *

+ * Blowfish addition originally made by Mohsin Ahmed,

+ * http://www.cs.albany.edu/~mosh 2010-03-14

+ * Based on blowfish by Bruce Schneier (http://www.schneier.com/blowfish.html)

+ * and sha256 by Christophe Devine.

+ */

+

+typedef struct {

+    char    *name;	/* encryption name as used in 'cryptmethod' */

+    char    *magic;	/* magic bytes stored in file header */

+    int	    salt_len;	/* length of salt, or 0 when not using salt */

+    int	    seed_len;	/* length of seed, or 0 when not using salt */

+    int	    works_inplace; /* encryption/decryption can be done in-place */

+    int	    whole_undofile; /* whole undo file is encrypted */

+

+    /* Optional function pointer for a self-test. */

+    int (* self_test_fn)();

+

+    /* Function pointer for initializing encryption/decription. */

+    void (* init_fn)(cryptstate_T *state, char_u *key,

+		      char_u *salt, int salt_len, char_u *seed, int seed_len);

+

+    /* Function pointers for encoding/decoding from one buffer into another.

+     * Optional, however, these or the _buffer ones should be configured. */

+    void (*encode_fn)(cryptstate_T *state, char_u *from, size_t len,

+								  char_u *to);

+    void (*decode_fn)(cryptstate_T *state, char_u *from, size_t len,

+								  char_u *to);

+

+    /* Function pointers for encoding and decoding, can buffer data if needed.

+     * Optional (however, these or the above should be configured). */

+    long (*encode_buffer_fn)(cryptstate_T *state, char_u *from, size_t len,

+							     char_u **newptr);

+    long (*decode_buffer_fn)(cryptstate_T *state, char_u *from, size_t len,

+							     char_u **newptr);

+

+    /* Function pointers for in-place encoding and decoding, used for

+     * crypt_*_inplace(). "from" and "to" arguments will be equal.

+     * These may be the same as decode_fn and encode_fn above, however an

+     * algorithm may implement them in a way that is not interchangeable with

+     * the crypt_(en|de)code() interface (for example because it wishes to add

+     * padding to files).

+     * This method is used for swap and undo files which have a rigid format.

+     */

+    void (*encode_inplace_fn)(cryptstate_T *state, char_u *p1, size_t len,

+								  char_u *p2);

+    void (*decode_inplace_fn)(cryptstate_T *state, char_u *p1, size_t len,

+								  char_u *p2);

+} cryptmethod_T;

+

+/* index is method_nr of cryptstate_T, CRYPT_M_* */

+static cryptmethod_T cryptmethods[CRYPT_M_COUNT] = {

+    /* PK_Zip; very weak */

+    {

+	"zip",

+	"VimCrypt~01!",

+	0,

+	0,

+	TRUE,

+	FALSE,

+	NULL,

+	crypt_zip_init,

+	crypt_zip_encode, crypt_zip_decode,

+	NULL, NULL,

+	crypt_zip_encode, crypt_zip_decode,

+    },

+

+    /* Blowfish/CFB + SHA-256 custom key derivation; implementation issues. */

+    {

+	"blowfish",

+	"VimCrypt~02!",

+	8,

+	8,

+	TRUE,

+	FALSE,

+	blowfish_self_test,