diff --git a/SOURCES/vim-7.4-blowfish2.patch b/SOURCES/vim-7.4-blowfish2.patch
new file mode 100644
index 0000000..08dab82
--- /dev/null
+++ b/SOURCES/vim-7.4-blowfish2.patch
@@ -0,0 +1,4045 @@
+diff -up vim74/runtime/doc/editing.txt.blowfish2 vim74/runtime/doc/editing.txt
+--- vim74/runtime/doc/editing.txt.blowfish2 2013-08-10 13:24:53.000000000 +0200
++++ vim74/runtime/doc/editing.txt 2017-09-05 14:47:34.915912305 +0200
+@@ -1364,8 +1364,13 @@ The text in the swap file and the undo f
+
+ Note: The text in memory is not encrypted. A system administrator may be able
+ to see your text while you are editing it. When filtering text with
+-":!filter" or using ":w !command" the text is not encrypted, this may reveal
+-it to others. The 'viminfo' file is not encrypted.
++":!filter" or using ":w !command" the text is also not encrypted, this may
++reveal it to others. The 'viminfo' file is not encrypted.
++
++You could do this to edit very secret text: >
++ :set noundofile viminfo=
++ :noswapfile edit secrets.txt
++Keep in mind that without a swap file you risk loosing your work in a crash.
+
+ WARNING: If you make a typo when entering the key and then write the file and
+ exit, the text will be lost!
+@@ -1392,18 +1397,24 @@ To disable the encryption, reset the 'ke
+ :set key=
+
+ You can use the 'cryptmethod' option to select the type of encryption, use one
+-of these two: >
+- :setlocal cm=zip " weak method, backwards compatible
+- :setlocal cm=blowfish " strong method
++of these: >
++ :setlocal cm=zip " weak method, backwards compatible
++ :setlocal cm=blowfish " method with flaws
++ :setlocal cm=blowfish2 " medium strong method
++
+ Do this before writing the file. When reading an encrypted file it will be
+ set automatically to the method used when that file was written. You can
+ change 'cryptmethod' before writing that file to change the method.
+ To set the default method, used for new files, use one of these in your
+ |vimrc| file: >
+ set cm=zip
+- set cm=blowfish
++ set cm=blowfish2
++Use the first one if you need to be compatible with Vim 7.2 and older. Using
++"blowfish2" is highly recommended if you can use a Vim version that supports
++it.
++
+ The message given for reading and writing a file will show "[crypted]" when
+-using zip, "[blowfish]" when using blowfish.
++using zip, "[blowfish]" when using blowfish, etc.
+
+ When writing an undo file, the same key and method will be used for the text
+ in the undo file. |persistent-undo|.
+@@ -1438,7 +1449,7 @@ lines to "/etc/magic", "/usr/share/misc/
+ 0 string VimCrypt~ Vim encrypted file
+ >9 string 01 - "zip" cryptmethod
+ >9 string 02 - "blowfish" cryptmethod
+-
++ >9 string 03 - "blowfish2" cryptmethod
+
+ Notes:
+ - Encryption is not possible when doing conversion with 'charconvert'.
+@@ -1462,6 +1473,10 @@ Notes:
+ - Pkzip uses the same encryption as 'cryptmethod' "zip", and US Govt has no
+ objection to its export. Pkzip's public file APPNOTE.TXT describes this
+ algorithm in detail.
++- The implementation of 'cryptmethod' "blowfish" has a flaw. It is possible to
++ crack the first 64 bytes of a file and in some circumstances more of the
++ file. Use of it is not recommended, but it's still the strongest method
++ supported by Vim 7.3 and 7.4. The "zip" method is even weaker.
+ - Vim originates from the Netherlands. That is where the sources come from.
+ Thus the encryption code is not exported from the USA.
+
+diff -up vim74/runtime/doc/options.txt.blowfish2 vim74/runtime/doc/options.txt
+--- vim74/runtime/doc/options.txt.blowfish2 2017-09-05 14:47:33.976919884 +0200
++++ vim74/runtime/doc/options.txt 2017-09-05 14:47:34.925912224 +0200
+@@ -2197,10 +2197,18 @@ A jump table for the options with a shor
+ zip PkZip compatible method. A weak kind of encryption.
+ Backwards compatible with Vim 7.2 and older.
+ *blowfish*
+- blowfish Blowfish method. Strong encryption. Requires Vim 7.3
+- or later, files can NOT be read by Vim 7.2 and older.
+- This adds a "seed" to the file, every time you write
+- the file the encrypted bytes will be different.
++ blowfish Blowfish method. Medium strong encryption but it has
++ an implementation flaw. Requires Vim 7.3 or later,
++ files can NOT be read by Vim 7.2 and older. This adds
++ a "seed" to the file, every time you write the file
++ the encrypted bytes will be different.
++ *blowfish2*
++ blowfish2 Blowfish method. Medium strong encryption. Requires
++ Vim 7.4.399 or later, files can NOT be read by Vim 7.3
++ and older. This adds a "seed" to the file, every time
++ you write the file the encrypted bytes will be
++ different. The whole undo file is encrypted, not just
++ the pieces of text.
+
+ When reading an encrypted file 'cryptmethod' will be set automatically
+ to the detected method of the file being read. Thus if you write it
+diff -up vim74/src/blowfish.c.blowfish2 vim74/src/blowfish.c
+--- vim74/src/blowfish.c.blowfish2 2010-12-17 19:58:18.000000000 +0100
++++ vim74/src/blowfish.c 2017-09-05 14:47:34.926912216 +0200
+@@ -9,17 +9,25 @@
+ * Blowfish encryption for Vim; in Blowfish output feedback mode.
+ * Contributed by Mohsin Ahmed, http://www.cs.albany.edu/~mosh
+ * Based on http://www.schneier.com/blowfish.html by Bruce Schneier.
++ *
++ * There are two variants:
++ * - The old one "blowfish" has a flaw which makes it much easier to crack the
++ * key. To see this, make a text file with one line of 1000 "x" characters
++ * and write it encrypted. Use "xxd" to inspect the bytes in the file. You
++ * will see that a block of 8 bytes repeats 8 times.
++ * - The new one "blowfish2" is better. It uses an 8 byte CFB to avoid the
++ * repeats.
+ */
+
+ #include "vim.h"
+
+-#if defined(FEAT_CRYPT)
++#if defined(FEAT_CRYPT) || defined(PROTO)
+
+ #define ARRAY_LENGTH(A) (sizeof(A)/sizeof(A[0]))
+
+ #define BF_BLOCK 8
+ #define BF_BLOCK_MASK 7
+-#define BF_OFB_LEN (8*(BF_BLOCK))
++#define BF_MAX_CFB_LEN (8 * BF_BLOCK)
+
+ typedef union {
+ UINT32_T ul[2];
+@@ -37,14 +45,26 @@ typedef union {
+ # endif
+ #endif
+
+-static void bf_e_block __ARGS((UINT32_T *p_xl, UINT32_T *p_xr));
+-static void bf_e_cblock __ARGS((char_u *block));
+-static int bf_check_tables __ARGS((UINT32_T a_ipa[18], UINT32_T a_sbi[4][256], UINT32_T val));
++/* The state of encryption, referenced by cryptstate_T. */
++typedef struct {
++ UINT32_T pax[18]; /* P-array */
++ UINT32_T sbx[4][256]; /* S-boxes */
++ int randbyte_offset;
++ int update_offset;
++ char_u cfb_buffer[BF_MAX_CFB_LEN]; /* up to 64 bytes used */
++ int cfb_len; /* size of cfb_buffer actually used */
++} bf_state_T;
++
++
++static void bf_e_block __ARGS((bf_state_T *state, UINT32_T *p_xl, UINT32_T *p_xr));
++static void bf_e_cblock __ARGS((bf_state_T *state, char_u *block));
++static int bf_check_tables __ARGS((UINT32_T pax[18], UINT32_T sbx[4][256], UINT32_T val));
+ static int bf_self_test __ARGS((void));
++static void bf_key_init __ARGS((bf_state_T *state, char_u *password, char_u *salt, int salt_len));
++static void bf_cfb_init __ARGS((bf_state_T *state, char_u *seed, int seed_len));
+
+ /* Blowfish code */
+-static UINT32_T pax[18];
+-static UINT32_T ipa[18] = {
++static UINT32_T pax_init[18] = {
+ 0x243f6a88u, 0x85a308d3u, 0x13198a2eu,
+ 0x03707344u, 0xa4093822u, 0x299f31d0u,
+ 0x082efa98u, 0xec4e6c89u, 0x452821e6u,
+@@ -53,8 +73,7 @@ static UINT32_T ipa[18] = {
+ 0xb5470917u, 0x9216d5d9u, 0x8979fb1bu
+ };
+
+-static UINT32_T sbx[4][256];
+-static UINT32_T sbi[4][256] = {
++static UINT32_T sbx_init[4][256] = {
+ {0xd1310ba6u, 0x98dfb5acu, 0x2ffd72dbu, 0xd01adfb7u,
+ 0xb8e1afedu, 0x6a267e96u, 0xba7c9045u, 0xf12c7f99u,
+ 0x24a19947u, 0xb3916cf7u, 0x0801f2e2u, 0x858efc16u,
+@@ -314,33 +333,40 @@ static UINT32_T sbi[4][256] = {
+ }
+ };
+
+-
+ #define F1(i) \
+- xl ^= pax[i]; \
+- xr ^= ((sbx[0][xl >> 24] + \
+- sbx[1][(xl & 0xFF0000) >> 16]) ^ \
+- sbx[2][(xl & 0xFF00) >> 8]) + \
+- sbx[3][xl & 0xFF];
++ xl ^= bfs->pax[i]; \
++ xr ^= ((bfs->sbx[0][xl >> 24] + \
++ bfs->sbx[1][(xl & 0xFF0000) >> 16]) ^ \
++ bfs->sbx[2][(xl & 0xFF00) >> 8]) + \
++ bfs->sbx[3][xl & 0xFF];
+
+ #define F2(i) \
+- xr ^= pax[i]; \
+- xl ^= ((sbx[0][xr >> 24] + \
+- sbx[1][(xr & 0xFF0000) >> 16]) ^ \
+- sbx[2][(xr & 0xFF00) >> 8]) + \
+- sbx[3][xr & 0xFF];
+-
++ xr ^= bfs->pax[i]; \
++ xl ^= ((bfs->sbx[0][xr >> 24] + \
++ bfs->sbx[1][(xr & 0xFF0000) >> 16]) ^ \
++ bfs->sbx[2][(xr & 0xFF00) >> 8]) + \
++ bfs->sbx[3][xr & 0xFF];
+
+ static void
+-bf_e_block(p_xl, p_xr)
++bf_e_block(bfs, p_xl, p_xr)
++ bf_state_T *bfs;
+ UINT32_T *p_xl;
+ UINT32_T *p_xr;
+ {
+- UINT32_T temp, xl = *p_xl, xr = *p_xr;
+-
+- F1(0) F2(1) F1(2) F2(3) F1(4) F2(5) F1(6) F2(7)
+- F1(8) F2(9) F1(10) F2(11) F1(12) F2(13) F1(14) F2(15)
+- xl ^= pax[16];
+- xr ^= pax[17];
++ UINT32_T temp;
++ UINT32_T xl = *p_xl;
++ UINT32_T xr = *p_xr;
++
++ F1(0) F2(1)
++ F1(2) F2(3)
++ F1(4) F2(5)
++ F1(6) F2(7)
++ F1(8) F2(9)
++ F1(10) F2(11)
++ F1(12) F2(13)
++ F1(14) F2(15)
++ xl ^= bfs->pax[16];
++ xr ^= bfs->pax[17];
+ temp = xl;
+ xl = xr;
+ xr = temp;
+@@ -348,23 +374,6 @@ bf_e_block(p_xl, p_xr)
+ *p_xr = xr;
+ }
+
+-#if 0 /* not used */
+- static void
+-bf_d_block(p_xl, p_xr)
+- UINT32_T *p_xl;
+- UINT32_T *p_xr;
+-{
+- UINT32_T temp, xl = *p_xl, xr = *p_xr;
+- F1(17) F2(16) F1(15) F2(14) F1(13) F2(12) F1(11) F2(10)
+- F1(9) F2(8) F1(7) F2(6) F1(5) F2(4) F1(3) F2(2)
+- xl ^= pax[1];
+- xr ^= pax[0];
+- temp = xl; xl = xr; xr = temp;
+- *p_xl = xl; *p_xr = xr;
+-}
+-#endif
+-
+-
+ #ifdef WORDS_BIGENDIAN
+ # define htonl2(x) \
+ x = ((((x) & 0xffL) << 24) | (((x) & 0xff00L) << 8) | \
+@@ -374,7 +383,8 @@ bf_d_block(p_xl, p_xr)
+ #endif
+
+ static void
+-bf_e_cblock(block)
++bf_e_cblock(bfs, block)
++ bf_state_T *bfs;
+ char_u *block;
+ {
+ block8 bk;
+@@ -382,35 +392,22 @@ bf_e_cblock(block)
+ memcpy(bk.uc, block, 8);
+ htonl2(bk.ul[0]);
+ htonl2(bk.ul[1]);
+- bf_e_block(&bk.ul[0], &bk.ul[1]);
++ bf_e_block(bfs, &bk.ul[0], &bk.ul[1]);
+ htonl2(bk.ul[0]);
+ htonl2(bk.ul[1]);
+ memcpy(block, bk.uc, 8);
+ }
+
+-#if 0 /* not used */
+- void
+-bf_d_cblock(block)
+- char_u *block;
+-{
+- block8 bk;
+- memcpy(bk.uc, block, 8);
+- htonl2(bk.ul[0]); htonl2(bk.ul[1]);
+- bf_d_block(&bk.ul[0], &bk.ul[1]);
+- htonl2(bk.ul[0]); htonl2(bk.ul[1]);
+- memcpy(block, bk.uc, 8);
+-}
+-#endif
+-
+ /*
+ * Initialize the crypt method using "password" as the encryption key and
+ * "salt[salt_len]" as the salt.
+ */
+- void
+-bf_key_init(password, salt, salt_len)
+- char_u *password;
+- char_u *salt;
+- int salt_len;
++ static void
++bf_key_init(bfs, password, salt, salt_len)
++ bf_state_T *bfs;
++ char_u *password;
++ char_u *salt;
++ int salt_len;
+ {
+ int i, j, keypos = 0;
+ unsigned u;
+@@ -418,7 +415,7 @@ bf_key_init(password, salt, salt_len)
+ char_u *key;
+ int keylen;
+
+- /* Process the key 1000 times.
++ /* Process the key 1001 times.
+ * See http://en.wikipedia.org/wiki/Key_strengthening. */
+ key = sha256_key(password, salt, salt_len);
+ for (i = 0; i < 1000; i++)
+@@ -437,52 +434,54 @@ bf_key_init(password, salt, salt_len)
+ key[i] = u;
+ }
+
+- mch_memmove(sbx, sbi, 4 * 4 * 256);
++ /* Use "key" to initialize the P-array ("pax") and S-boxes ("sbx") of
++ * Blowfish. */
++ mch_memmove(bfs->sbx, sbx_init, 4 * 4 * 256);
+
+ for (i = 0; i < 18; ++i)
+ {
+ val = 0;
+ for (j = 0; j < 4; ++j)
+ val = (val << 8) | key[keypos++ % keylen];
+- pax[i] = ipa[i] ^ val;
++ bfs->pax[i] = pax_init[i] ^ val;
+ }
+
+ data_l = data_r = 0;
+ for (i = 0; i < 18; i += 2)
+ {
+- bf_e_block(&data_l, &data_r);
+- pax[i + 0] = data_l;
+- pax[i + 1] = data_r;
++ bf_e_block(bfs, &data_l, &data_r);
++ bfs->pax[i + 0] = data_l;
++ bfs->pax[i + 1] = data_r;
+ }
+
+ for (i = 0; i < 4; ++i)
+ {
+ for (j = 0; j < 256; j += 2)
+ {
+- bf_e_block(&data_l, &data_r);
+- sbx[i][j + 0] = data_l;
+- sbx[i][j + 1] = data_r;
++ bf_e_block(bfs, &data_l, &data_r);
++ bfs->sbx[i][j + 0] = data_l;
++ bfs->sbx[i][j + 1] = data_r;
+ }
+ }
+ }
+
+ /*
+- * BF Self test for corrupted tables or instructions
++ * Blowfish self-test for corrupted tables or instructions.
+ */
+ static int
+-bf_check_tables(a_ipa, a_sbi, val)
+- UINT32_T a_ipa[18];
+- UINT32_T a_sbi[4][256];
++bf_check_tables(pax, sbx, val)
++ UINT32_T pax[18];
++ UINT32_T sbx[4][256];
+ UINT32_T val;
+ {
+ int i, j;
+ UINT32_T c = 0;
+
+ for (i = 0; i < 18; i++)
+- c ^= a_ipa[i];
++ c ^= pax[i];
+ for (i = 0; i < 4; i++)
+ for (j = 0; j < 256; j++)
+- c ^= a_sbi[i][j];
++ c ^= sbx[i][j];
+ return c == val;
+ }
+
+@@ -520,6 +519,10 @@ bf_self_test()
+ int err = 0;
+ block8 bk;
+ UINT32_T ui = 0xffffffffUL;
++ bf_state_T state;
++
++ vim_memset(&state, 0, sizeof(bf_state_T));
++ state.cfb_len = BF_MAX_CFB_LEN;
+
+ /* We can't simply use sizeof(UINT32_T), it would generate a compiler
+ * warning. */
+@@ -528,21 +531,21 @@ bf_self_test()
+ EMSG(_("E820: sizeof(uint32_t) != 4"));
+ }
+
+- if (!bf_check_tables(ipa, sbi, 0x6ffa520a))
++ if (!bf_check_tables(pax_init, sbx_init, 0x6ffa520a))
+ err++;
+
+ bn = ARRAY_LENGTH(bf_test_data);
+ for (i = 0; i < bn; i++)
+ {
+- bf_key_init((char_u *)(bf_test_data[i].password),
++ bf_key_init(&state, (char_u *)(bf_test_data[i].password),
+ bf_test_data[i].salt,
+ (int)STRLEN(bf_test_data[i].salt));
+- if (!bf_check_tables(pax, sbx, bf_test_data[i].keysum))
++ if (!bf_check_tables(state.pax, state.sbx, bf_test_data[i].keysum))
+ err++;
+
+ /* Don't modify bf_test_data[i].plaintxt, self test is idempotent. */
+ memcpy(bk.uc, bf_test_data[i].plaintxt, 8);
+- bf_e_cblock(bk.uc);
++ bf_e_cblock(&state, bk.uc);
+ if (memcmp(bk.uc, bf_test_data[i].cryptxt, 8) != 0)
+ {
+ if (err == 0 && memcmp(bk.uc, bf_test_data[i].badcryptxt, 8) == 0)
+@@ -554,43 +557,43 @@ bf_self_test()
+ return err > 0 ? FAIL : OK;
+ }
+
+-/* Output feedback mode. */
+-static int randbyte_offset = 0;
+-static int update_offset = 0;
+-static char_u ofb_buffer[BF_OFB_LEN]; /* 64 bytes */
++/*
++ * CFB: Cipher Feedback Mode.
++ */
+
+ /*
+- * Initialize with seed "iv[iv_len]".
++ * Initialize with seed "seed[seed_len]".
+ */
+- void
+-bf_ofb_init(iv, iv_len)
+- char_u *iv;
+- int iv_len;
++ static void
++bf_cfb_init(bfs, seed, seed_len)
++ bf_state_T *bfs;
++ char_u *seed;
++ int seed_len;
+ {
+ int i, mi;
+
+- randbyte_offset = update_offset = 0;
+- vim_memset(ofb_buffer, 0, BF_OFB_LEN);
+- if (iv_len > 0)
++ bfs->randbyte_offset = bfs->update_offset = 0;
++ vim_memset(bfs->cfb_buffer, 0, bfs->cfb_len);
++ if (seed_len > 0)
+ {
+- mi = iv_len > BF_OFB_LEN ? iv_len : BF_OFB_LEN;
++ mi = seed_len > bfs->cfb_len ? seed_len : bfs->cfb_len;
+ for (i = 0; i < mi; i++)
+- ofb_buffer[i % BF_OFB_LEN] ^= iv[i % iv_len];
++ bfs->cfb_buffer[i % bfs->cfb_len] ^= seed[i % seed_len];
+ }
+ }
+
+-#define BF_OFB_UPDATE(c) { \
+- ofb_buffer[update_offset] ^= (char_u)c; \
+- if (++update_offset == BF_OFB_LEN) \
+- update_offset = 0; \
++#define BF_CFB_UPDATE(bfs, c) { \
++ bfs->cfb_buffer[bfs->update_offset] ^= (char_u)c; \
++ if (++bfs->update_offset == bfs->cfb_len) \
++ bfs->update_offset = 0; \
+ }
+
+-#define BF_RANBYTE(t) { \
+- if ((randbyte_offset & BF_BLOCK_MASK) == 0) \
+- bf_e_cblock(&ofb_buffer[randbyte_offset]); \
+- t = ofb_buffer[randbyte_offset]; \
+- if (++randbyte_offset == BF_OFB_LEN) \
+- randbyte_offset = 0; \
++#define BF_RANBYTE(bfs, t) { \
++ if ((bfs->randbyte_offset & BF_BLOCK_MASK) == 0) \
++ bf_e_cblock(bfs, &(bfs->cfb_buffer[bfs->randbyte_offset])); \
++ t = bfs->cfb_buffer[bfs->randbyte_offset]; \
++ if (++bfs->randbyte_offset == bfs->cfb_len) \
++ bfs->randbyte_offset = 0; \
+ }
+
+ /*
+@@ -598,90 +601,69 @@ bf_ofb_init(iv, iv_len)
+ * "from" and "to" can be equal to encrypt in place.
+ */
+ void
+-bf_crypt_encode(from, len, to)
++crypt_blowfish_encode(state, from, len, to)
++ cryptstate_T *state;
+ char_u *from;
+ size_t len;
+ char_u *to;
+ {
++ bf_state_T *bfs = state->method_state;
+ size_t i;
+ int ztemp, t;
+
+ for (i = 0; i < len; ++i)
+ {
+ ztemp = from[i];
+- BF_RANBYTE(t);
+- BF_OFB_UPDATE(ztemp);
++ BF_RANBYTE(bfs, t);
++ BF_CFB_UPDATE(bfs, ztemp);
+ to[i] = t ^ ztemp;
+ }
+ }
+
+ /*
+- * Decrypt "ptr[len]" in place.
++ * Decrypt "from[len]" into "to[len]".
+ */
+ void
+-bf_crypt_decode(ptr, len)
+- char_u *ptr;
+- long len;
++crypt_blowfish_decode(state, from, len, to)
++ cryptstate_T *state;
++ char_u *from;
++ size_t len;
++ char_u *to;
+ {
+- char_u *p;
++ bf_state_T *bfs = state->method_state;
++ size_t i;
+ int t;
+
+- for (p = ptr; p < ptr + len; ++p)
++ for (i = 0; i < len; ++i)
+ {
+- BF_RANBYTE(t);
+- *p ^= t;
+- BF_OFB_UPDATE(*p);
++ BF_RANBYTE(bfs, t);
++ to[i] = from[i] ^ t;
++ BF_CFB_UPDATE(bfs, to[i]);
+ }
+ }
+
+-/*
+- * Initialize the encryption keys and the random header according to
+- * the given password.
+- */
+ void
+-bf_crypt_init_keys(passwd)
+- char_u *passwd; /* password string with which to modify keys */
+-{
+- char_u *p;
+-
+- for (p = passwd; *p != NUL; ++p)
+- {
+- BF_OFB_UPDATE(*p);
+- }
+-}
++crypt_blowfish_init(state, key, salt, salt_len, seed, seed_len)
++ cryptstate_T *state;
++ char_u* key;
++ char_u* salt;
++ int salt_len;
++ char_u* seed;
++ int seed_len;
++{
++ bf_state_T *bfs = (bf_state_T *)alloc_clear(sizeof(bf_state_T));
++
++ state->method_state = bfs;
++
++ /* "blowfish" uses a 64 byte buffer, causing it to repeat 8 byte groups 8
++ * times. "blowfish2" uses a 8 byte buffer to avoid repeating. */
++ bfs->cfb_len = state->method_nr == CRYPT_M_BF ? BF_MAX_CFB_LEN : BF_BLOCK;
+
+-static int save_randbyte_offset;
+-static int save_update_offset;
+-static char_u save_ofb_buffer[BF_OFB_LEN];
+-static UINT32_T save_pax[18];
+-static UINT32_T save_sbx[4][256];
+-
+-/*
+- * Save the current crypt state. Can only be used once before
+- * bf_crypt_restore().
+- */
+- void
+-bf_crypt_save()
+-{
+- save_randbyte_offset = randbyte_offset;
+- save_update_offset = update_offset;
+- mch_memmove(save_ofb_buffer, ofb_buffer, BF_OFB_LEN);
+- mch_memmove(save_pax, pax, 4 * 18);
+- mch_memmove(save_sbx, sbx, 4 * 4 * 256);
+-}
++ if (blowfish_self_test() == FAIL)
++ return;
+
+-/*
+- * Restore the current crypt state. Can only be used after
+- * bf_crypt_save().
+- */
+- void
+-bf_crypt_restore()
+-{
+- randbyte_offset = save_randbyte_offset;
+- update_offset = save_update_offset;
+- mch_memmove(ofb_buffer, save_ofb_buffer, BF_OFB_LEN);
+- mch_memmove(pax, save_pax, 4 * 18);
+- mch_memmove(sbx, save_sbx, 4 * 4 * 256);
++ bf_key_init(bfs, key, salt, salt_len);
++ bf_cfb_init(bfs, seed, seed_len);
+ }
+
+ /*
+diff -up vim74/src/crypt.c.blowfish2 vim74/src/crypt.c
+--- vim74/src/crypt.c.blowfish2 2017-09-05 14:47:34.933912159 +0200
++++ vim74/src/crypt.c 2017-09-05 14:47:34.933912159 +0200
+@@ -0,0 +1,585 @@
++/* vi:set ts=8 sts=4 sw=4:
++ *
++ * VIM - Vi IMproved by Bram Moolenaar
++ *
++ * Do ":help uganda" in Vim to read copying and usage conditions.
++ * Do ":help credits" in Vim to see a list of people who contributed.
++ * See README.txt for an overview of the Vim source code.
++ */
++
++/*
++ * crypt.c: Generic encryption support.
++ */
++#include "vim.h"
++
++#if defined(FEAT_CRYPT) || defined(PROTO)
++/*
++ * Optional encryption support.
++ * Mohsin Ahmed, mosh@sasi.com, 1998-09-24
++ * Based on zip/crypt sources.
++ * Refactored by David Leadbeater, 2014.
++ *
++ * NOTE FOR USA: Since 2000 exporting this code from the USA is allowed to
++ * most countries. There are a few exceptions, but that still should not be a
++ * problem since this code was originally created in Europe and India.
++ *
++ * Blowfish addition originally made by Mohsin Ahmed,
++ * http://www.cs.albany.edu/~mosh 2010-03-14
++ * Based on blowfish by Bruce Schneier (http://www.schneier.com/blowfish.html)
++ * and sha256 by Christophe Devine.
++ */
++
++typedef struct {
++ char *name; /* encryption name as used in 'cryptmethod' */
++ char *magic; /* magic bytes stored in file header */
++ int salt_len; /* length of salt, or 0 when not using salt */
++ int seed_len; /* length of seed, or 0 when not using salt */
++ int works_inplace; /* encryption/decryption can be done in-place */
++ int whole_undofile; /* whole undo file is encrypted */
++
++ /* Optional function pointer for a self-test. */
++ int (* self_test_fn)();
++
++ /* Function pointer for initializing encryption/decription. */
++ void (* init_fn)(cryptstate_T *state, char_u *key,
++ char_u *salt, int salt_len, char_u *seed, int seed_len);
++
++ /* Function pointers for encoding/decoding from one buffer into another.
++ * Optional, however, these or the _buffer ones should be configured. */
++ void (*encode_fn)(cryptstate_T *state, char_u *from, size_t len,
++ char_u *to);
++ void (*decode_fn)(cryptstate_T *state, char_u *from, size_t len,
++ char_u *to);
++
++ /* Function pointers for encoding and decoding, can buffer data if needed.
++ * Optional (however, these or the above should be configured). */
++ long (*encode_buffer_fn)(cryptstate_T *state, char_u *from, size_t len,
++ char_u **newptr);
++ long (*decode_buffer_fn)(cryptstate_T *state, char_u *from, size_t len,
++ char_u **newptr);
++
++ /* Function pointers for in-place encoding and decoding, used for
++ * crypt_*_inplace(). "from" and "to" arguments will be equal.
++ * These may be the same as decode_fn and encode_fn above, however an
++ * algorithm may implement them in a way that is not interchangeable with
++ * the crypt_(en|de)code() interface (for example because it wishes to add
++ * padding to files).
++ * This method is used for swap and undo files which have a rigid format.
++ */
++ void (*encode_inplace_fn)(cryptstate_T *state, char_u *p1, size_t len,
++ char_u *p2);
++ void (*decode_inplace_fn)(cryptstate_T *state, char_u *p1, size_t len,
++ char_u *p2);
++} cryptmethod_T;
++
++/* index is method_nr of cryptstate_T, CRYPT_M_* */
++static cryptmethod_T cryptmethods[CRYPT_M_COUNT] = {
++ /* PK_Zip; very weak */
++ {
++ "zip",
++ "VimCrypt~01!",
++ 0,
++ 0,
++ TRUE,
++ FALSE,
++ NULL,
++ crypt_zip_init,
++ crypt_zip_encode, crypt_zip_decode,
++ NULL, NULL,
++ crypt_zip_encode, crypt_zip_decode,
++ },
++
++ /* Blowfish/CFB + SHA-256 custom key derivation; implementation issues. */
++ {
++ "blowfish",
++ "VimCrypt~02!",
++ 8,
++ 8,
++ TRUE,
++ FALSE,
++ blowfish_self_test,
++ crypt_blowfish_init,
++ crypt_blowfish_encode, crypt_blowfish_decode,
++ NULL, NULL,
++ crypt_blowfish_encode, crypt_blowfish_decode,
++ },
++
++ /* Blowfish/CFB + SHA-256 custom key derivation; fixed. */
++ {
++ "blowfish2",
++ "VimCrypt~03!",
++ 8,
++ 8,
++ TRUE,
++ TRUE,
++ blowfish_self_test,
++ crypt_blowfish_init,
++ crypt_blowfish_encode, crypt_blowfish_decode,
++ NULL, NULL,
++ crypt_blowfish_encode, crypt_blowfish_decode,
++ },
++};
++
++#define CRYPT_MAGIC_LEN 12 /* cannot change */
++static char crypt_magic_head[] = "VimCrypt~";
++
++/*
++ * Return int value for crypt method name.
++ * 0 for "zip", the old method. Also for any non-valid value.
++ * 1 for "blowfish".
++ * 2 for "blowfish2".
++ */
++ int
++crypt_method_nr_from_name(name)
++ char_u *name;
++{
++ int i;
++
++ for (i = 0; i < CRYPT_M_COUNT; ++i)
++ if (STRCMP(name, cryptmethods[i].name) == 0)
++ return i;
++ return 0;
++}
++
++/*
++ * Get the crypt method used for a file from "ptr[len]", the magic text at the
++ * start of the file.
++ * Returns -1 when no encryption used.
++ */
++ int
++crypt_method_nr_from_magic(ptr, len)
++ char *ptr;
++ int len;
++{
++ int i;
++
++ if (len < CRYPT_MAGIC_LEN)
++ return -1;
++
++ for (i = 0; i < CRYPT_M_COUNT; i++)
++ if (memcmp(ptr, cryptmethods[i].magic, CRYPT_MAGIC_LEN) == 0)
++ return i;
++
++ i = (int)STRLEN(crypt_magic_head);
++ if (len >= i && memcmp(ptr, crypt_magic_head, i) == 0)
++ EMSG(_("E821: File is encrypted with unknown method"));
++
++ return -1;
++}
++
++/*
++ * Return TRUE if the crypt method for "method_nr" can be done in-place.
++ */
++ int
++crypt_works_inplace(state)
++ cryptstate_T *state;
++{
++ return cryptmethods[state->method_nr].works_inplace;
++}
++
++/*
++ * Get the crypt method for buffer "buf" as a number.
++ */
++ int
++crypt_get_method_nr(buf)
++ buf_T *buf;
++{
++ return crypt_method_nr_from_name(*buf->b_p_cm == NUL ? p_cm : buf->b_p_cm);
++}
++
++/*
++ * Return TRUE when the buffer uses an encryption method that encrypts the
++ * whole undo file, not only the text.
++ */
++ int
++crypt_whole_undofile(method_nr)
++ int method_nr;
++{
++ return cryptmethods[method_nr].whole_undofile;
++}
++
++/*
++ * Get crypt method specifc length of the file header in bytes.
++ */
++ int
++crypt_get_header_len(method_nr)
++ int method_nr;
++{
++ return CRYPT_MAGIC_LEN
++ + cryptmethods[method_nr].salt_len
++ + cryptmethods[method_nr].seed_len;
++}
++
++/*
++ * Set the crypt method for buffer "buf" to "method_nr" using the int value as
++ * returned by crypt_method_nr_from_name().
++ */
++ void
++crypt_set_cm_option(buf, method_nr)
++ buf_T *buf;
++ int method_nr;
++{
++ free_string_option(buf->b_p_cm);
++ buf->b_p_cm = vim_strsave((char_u *)cryptmethods[method_nr].name);
++}
++
++/*
++ * If the crypt method for the current buffer has a self-test, run it and
++ * return OK/FAIL.
++ */
++ int
++crypt_self_test()
++{
++ int method_nr = crypt_get_method_nr(curbuf);
++
++ if (cryptmethods[method_nr].self_test_fn == NULL)
++ return OK;
++ return cryptmethods[method_nr].self_test_fn();
++}
++
++/*
++ * Allocate a crypt state and initialize it.
++ */
++ cryptstate_T *
++crypt_create(method_nr, key, salt, salt_len, seed, seed_len)
++ int method_nr;
++ char_u *key;
++ char_u *salt;
++ int salt_len;
++ char_u *seed;
++ int seed_len;
++{
++ cryptstate_T *state = (cryptstate_T *)alloc((int)sizeof(cryptstate_T));
++
++ state->method_nr = method_nr;
++ cryptmethods[method_nr].init_fn(state, key, salt, salt_len, seed, seed_len);
++ return state;
++}
++
++/*
++ * Allocate a crypt state from a file header and initialize it.
++ * Assumes that header contains at least the number of bytes that
++ * crypt_get_header_len() returns for "method_nr".
++ */
++ cryptstate_T *
++crypt_create_from_header(method_nr, key, header)
++ int method_nr;
++ char_u *key;
++ char_u *header;
++{
++ char_u *salt = NULL;
++ char_u *seed = NULL;
++ int salt_len = cryptmethods[method_nr].salt_len;
++ int seed_len = cryptmethods[method_nr].seed_len;
++
++ if (salt_len > 0)
++ salt = header + CRYPT_MAGIC_LEN;
++ if (seed_len > 0)
++ seed = header + CRYPT_MAGIC_LEN + salt_len;
++
++ return crypt_create(method_nr, key, salt, salt_len, seed, seed_len);
++}
++
++/*
++ * Read the crypt method specific header data from "fp".
++ * Return an allocated cryptstate_T or NULL on error.
++ */
++ cryptstate_T *
++crypt_create_from_file(fp, key)
++ FILE *fp;
++ char_u *key;
++{
++ int method_nr;
++ int header_len;
++ char magic_buffer[CRYPT_MAGIC_LEN];
++ char_u *buffer;
++ cryptstate_T *state;
++
++ if (fread(magic_buffer, CRYPT_MAGIC_LEN, 1, fp) != 1)
++ return NULL;
++ method_nr = crypt_method_nr_from_magic(magic_buffer, CRYPT_MAGIC_LEN);
++ if (method_nr < 0)
++ return NULL;
++
++ header_len = crypt_get_header_len(method_nr);
++ if ((buffer = alloc(header_len)) == NULL)
++ return NULL;
++ mch_memmove(buffer, magic_buffer, CRYPT_MAGIC_LEN);
++ if (header_len > CRYPT_MAGIC_LEN
++ && fread(buffer + CRYPT_MAGIC_LEN,
++ header_len - CRYPT_MAGIC_LEN, 1, fp) != 1)
++ {
++ vim_free(buffer);
++ return NULL;
++ }
++
++ state = crypt_create_from_header(method_nr, key, buffer);
++ vim_free(buffer);
++ return state;
++}
++
++/*
++ * Allocate a cryptstate_T for writing and initialize it with "key".
++ * Allocates and fills in the header and stores it in "header", setting
++ * "header_len". The header may include salt and seed, depending on
++ * cryptmethod. Caller must free header.
++ * Returns the state or NULL on failure.
++ */
++ cryptstate_T *
++crypt_create_for_writing(method_nr, key, header, header_len)
++ int method_nr;
++ char_u *key;
++ char_u **header;
++ int *header_len;
++{
++ int len = crypt_get_header_len(method_nr);
++ char_u *salt = NULL;
++ char_u *seed = NULL;
++ int salt_len = cryptmethods[method_nr].salt_len;
++ int seed_len = cryptmethods[method_nr].seed_len;
++ cryptstate_T *state;
++
++ *header_len = len;
++ *header = alloc(len);
++ if (*header == NULL)
++ return NULL;
++
++ mch_memmove(*header, cryptmethods[method_nr].magic, CRYPT_MAGIC_LEN);
++ if (salt_len > 0 || seed_len > 0)
++ {
++ if (salt_len > 0)
++ salt = *header + CRYPT_MAGIC_LEN;
++ if (seed_len > 0)
++ seed = *header + CRYPT_MAGIC_LEN + salt_len;
++
++ /* TODO: Should this be crypt method specific? (Probably not worth
++ * it). sha2_seed is pretty bad for large amounts of entropy, so make
++ * that into something which is suitable for anything. */
++ sha2_seed(salt, salt_len, seed, seed_len);
++ }
++
++ state = crypt_create(method_nr, key, salt, salt_len, seed, seed_len);
++ if (state == NULL)
++ {
++ vim_free(*header);
++ *header = NULL;
++ }
++ return state;
++}
++
++/*
++ * Free the crypt state.
++ */
++ void
++crypt_free_state(state)
++ cryptstate_T *state;
++{
++ vim_free(state->method_state);
++ vim_free(state);
++}
++
++/*
++ * Encode "from[len]" and store the result in a newly allocated buffer, which
++ * is stored in "newptr".
++ * Return number of bytes in "newptr", 0 for need more or -1 on error.
++ */
++ long
++crypt_encode_alloc(state, from, len, newptr)
++ cryptstate_T *state;
++ char_u *from;
++ size_t len;
++ char_u **newptr;
++{
++ cryptmethod_T *method = &cryptmethods[state->method_nr];
++
++ if (method->encode_buffer_fn != NULL)
++ /* Has buffer function, pass through. */
++ return method->encode_buffer_fn(state, from, len, newptr);
++ if (len == 0)
++ /* Not buffering, just return EOF. */
++ return len;
++
++ *newptr = alloc(len);
++ if (*newptr == NULL)
++ return -1;
++ method->encode_fn(state, from, len, *newptr);
++ return len;
++}
++
++/*
++ * Decrypt "ptr[len]" and store the result in a newly allocated buffer, which
++ * is stored in "newptr".
++ * Return number of bytes in "newptr", 0 for need more or -1 on error.
++ */
++ long
++crypt_decode_alloc(state, ptr, len, newptr)
++ cryptstate_T *state;
++ char_u *ptr;
++ long len;
++ char_u **newptr;
++{
++ cryptmethod_T *method = &cryptmethods[state->method_nr];
++
++ if (method->decode_buffer_fn != NULL)
++ /* Has buffer function, pass through. */
++ return method->decode_buffer_fn(state, ptr, len, newptr);
++
++ if (len == 0)
++ /* Not buffering, just return EOF. */
++ return len;
++
++ *newptr = alloc(len);
++ if (*newptr == NULL)
++ return -1;
++ method->decode_fn(state, ptr, len, *newptr);
++ return len;
++}
++
++/*
++ * Encrypting "from[len]" into "to[len]".
++ */
++ void
++crypt_encode(state, from, len, to)
++ cryptstate_T *state;
++ char_u *from;
++ size_t len;
++ char_u *to;
++{
++ cryptmethods[state->method_nr].encode_fn(state, from, len, to);
++}
++
++/*
++ * decrypting "from[len]" into "to[len]".
++ */
++ void
++crypt_decode(state, from, len, to)
++ cryptstate_T *state;
++ char_u *from;
++ size_t len;
++ char_u *to;
++{
++ cryptmethods[state->method_nr].decode_fn(state, from, len, to);
++}
++
++/*
++ * Simple inplace encryption, modifies "buf[len]" in place.
++ */
++ void
++crypt_encode_inplace(state, buf, len)
++ cryptstate_T *state;
++ char_u *buf;
++ size_t len;
++{
++ cryptmethods[state->method_nr].encode_inplace_fn(state, buf, len, buf);
++}
++
++/*
++ * Simple inplace decryption, modifies "buf[len]" in place.
++ */
++ void
++crypt_decode_inplace(state, buf, len)
++ cryptstate_T *state;
++ char_u *buf;
++ size_t len;
++{
++ cryptmethods[state->method_nr].decode_inplace_fn(state, buf, len, buf);
++}
++
++/*
++ * Free an allocated crypt key. Clear the text to make sure it doesn't stay
++ * in memory anywhere.
++ */
++ void
++crypt_free_key(key)
++ char_u *key;
++{
++ char_u *p;
++
++ if (key != NULL)
++ {
++ for (p = key; *p != NUL; ++p)
++ *p = 0;
++ vim_free(key);
++ }
++}
++
++/*
++ * Ask the user for a crypt key.
++ * When "store" is TRUE, the new key is stored in the 'key' option, and the
++ * 'key' option value is returned: Don't free it.
++ * When "store" is FALSE, the typed key is returned in allocated memory.
++ * Returns NULL on failure.
++ */
++ char_u *
++crypt_get_key(store, twice)
++ int store;
++ int twice; /* Ask for the key twice. */
++{
++ char_u *p1, *p2 = NULL;
++ int round;
++
++ for (round = 0; ; ++round)
++ {
++ cmdline_star = TRUE;
++ cmdline_row = msg_row;
++ p1 = getcmdline_prompt(NUL, round == 0
++ ? (char_u *)_("Enter encryption key: ")
++ : (char_u *)_("Enter same key again: "), 0, EXPAND_NOTHING,
++ NULL);
++ cmdline_star = FALSE;
++
++ if (p1 == NULL)
++ break;
++
++ if (round == twice)
++ {
++ if (p2 != NULL && STRCMP(p1, p2) != 0)
++ {
++ MSG(_("Keys don't match!"));
++ crypt_free_key(p1);
++ crypt_free_key(p2);
++ p2 = NULL;
++ round = -1; /* do it again */
++ continue;
++ }
++
++ if (store)
++ {
++ set_option_value((char_u *)"key", 0L, p1, OPT_LOCAL);
++ crypt_free_key(p1);
++ p1 = curbuf->b_p_key;
++ }
++ break;
++ }
++ p2 = p1;
++ }
++
++ /* since the user typed this, no need to wait for return */
++ if (msg_didout)
++ msg_putchar('\n');
++ need_wait_return = FALSE;
++ msg_didout = FALSE;
++
++ crypt_free_key(p2);
++ return p1;
++}
++
++
++/*
++ * Append a message to IObuff for the encryption/decryption method being used.
++ */
++ void
++crypt_append_msg(buf)
++ buf_T *buf;
++{
++ if (crypt_get_method_nr(buf) == 0)
++ STRCAT(IObuff, _("[crypted]"));
++ else
++ {
++ STRCAT(IObuff, "[");
++ STRCAT(IObuff, *buf->b_p_cm == NUL ? p_cm : buf->b_p_cm);
++ STRCAT(IObuff, "]");
++ }
++}
++
++#endif /* FEAT_CRYPT */
+diff -up vim74/src/crypt_zip.c.blowfish2 vim74/src/crypt_zip.c
+--- vim74/src/crypt_zip.c.blowfish2 2017-09-05 14:47:34.934912151 +0200
++++ vim74/src/crypt_zip.c 2017-09-05 14:47:34.934912151 +0200
+@@ -0,0 +1,158 @@
++/* vi:set ts=8 sts=4 sw=4:
++ *
++ * VIM - Vi IMproved by Bram Moolenaar
++ *
++ * Do ":help uganda" in Vim to read copying and usage conditions.
++ * Do ":help credits" in Vim to see a list of people who contributed.
++ * See README.txt for an overview of the Vim source code.
++ */
++
++/*
++ * crypt_zip.c: Zip encryption support.
++ */
++#include "vim.h"
++
++#if defined(FEAT_CRYPT) || defined(PROTO)
++/*
++ * Optional encryption support.
++ * Mohsin Ahmed, mosh@sasi.com, 98-09-24
++ * Based on zip/crypt sources.
++ *
++ * NOTE FOR USA: Since 2000 exporting this code from the USA is allowed to
++ * most countries. There are a few exceptions, but that still should not be a
++ * problem since this code was originally created in Europe and India.
++ */
++
++/* Need a type that should be 32 bits. 64 also works but wastes space. */
++# if VIM_SIZEOF_INT >= 4
++typedef unsigned int u32_T; /* int is at least 32 bits */
++# else
++typedef unsigned long u32_T; /* long should be 32 bits or more */
++# endif
++
++/* The state of encryption, referenced by cryptstate_T. */
++typedef struct {
++ u32_T keys[3];
++} zip_state_T;
++
++
++static void make_crc_tab __ARGS((void));
++
++static u32_T crc_32_table[256];
++
++/*
++ * Fill the CRC table, if not done already.
++ */
++ static void
++make_crc_tab()
++{
++ u32_T s, t, v;
++ static int done = FALSE;
++
++ if (done)
++ return;
++ for (t = 0; t < 256; t++)
++ {
++ v = t;
++ for (s = 0; s < 8; s++)
++ v = (v >> 1) ^ ((v & 1) * (u32_T)0xedb88320L);
++ crc_32_table[t] = v;
++ }
++ done = TRUE;
++}
++
++#define CRC32(c, b) (crc_32_table[((int)(c) ^ (b)) & 0xff] ^ ((c) >> 8))
++
++/*
++ * Return the next byte in the pseudo-random sequence.
++ */
++#define DECRYPT_BYTE_ZIP(keys, t) { \
++ short_u temp = (short_u)keys[2] | 2; \
++ t = (int)(((unsigned)(temp * (temp ^ 1U)) >> 8) & 0xff); \
++}
++
++/*
++ * Update the encryption keys with the next byte of plain text.
++ */
++#define UPDATE_KEYS_ZIP(keys, c) { \
++ keys[0] = CRC32(keys[0], (c)); \
++ keys[1] += keys[0] & 0xff; \
++ keys[1] = keys[1] * 134775813L + 1; \
++ keys[2] = CRC32(keys[2], (int)(keys[1] >> 24)); \
++}
++
++/*
++ * Initialize for encryption/decryption.
++ */
++ void
++crypt_zip_init(state, key, salt, salt_len, seed, seed_len)
++ cryptstate_T *state;
++ char_u *key;
++ char_u *salt UNUSED;
++ int salt_len UNUSED;
++ char_u *seed UNUSED;
++ int seed_len UNUSED;
++{
++ char_u *p;
++ zip_state_T *zs;
++
++ zs = (zip_state_T *)alloc(sizeof(zip_state_T));
++ state->method_state = zs;
++
++ make_crc_tab();
++ zs->keys[0] = 305419896L;
++ zs->keys[1] = 591751049L;
++ zs->keys[2] = 878082192L;
++ for (p = key; *p != NUL; ++p)
++ {
++ UPDATE_KEYS_ZIP(zs->keys, (int)*p);
++ }
++}
++
++/*
++ * Encrypt "from[len]" into "to[len]".
++ * "from" and "to" can be equal to encrypt in place.
++ */
++ void
++crypt_zip_encode(state, from, len, to)
++ cryptstate_T *state;
++ char_u *from;
++ size_t len;
++ char_u *to;
++{
++ zip_state_T *zs = state->method_state;
++ size_t i;
++ int ztemp, t;
++
++ for (i = 0; i < len; ++i)
++ {
++ ztemp = from[i];
++ DECRYPT_BYTE_ZIP(zs->keys, t);
++ UPDATE_KEYS_ZIP(zs->keys, ztemp);
++ to[i] = t ^ ztemp;
++ }
++}
++
++/*
++ * Decrypt "from[len]" into "to[len]".
++ */
++ void
++crypt_zip_decode(state, from, len, to)
++ cryptstate_T *state;
++ char_u *from;
++ size_t len;
++ char_u *to;
++{
++ zip_state_T *zs = state->method_state;
++ size_t i;
++ short_u temp;
++
++ for (i = 0; i < len; ++i)
++ {
++ temp = (short_u)zs->keys[2] | 2;
++ temp = (int)(((unsigned)(temp * (temp ^ 1U)) >> 8) & 0xff);
++ UPDATE_KEYS_ZIP(zs->keys, to[i] = from[i] ^ temp);
++ }
++}
++
++#endif /* FEAT_CRYPT */
+diff -up vim74/src/eval.c.blowfish2 vim74/src/eval.c
+--- vim74/src/eval.c.blowfish2 2017-09-05 14:47:34.837912934 +0200
++++ vim74/src/eval.c 2017-09-05 14:47:34.939912111 +0200
+@@ -12228,6 +12228,8 @@ f_has(argvars, rettv)
+ #endif
+ #ifdef FEAT_CRYPT
+ "cryptv",
++ "crypt-blowfish",
++ "crypt-blowfish2",
+ #endif
+ #ifdef FEAT_CSCOPE
+ "cscope",
+diff -up vim74/src/ex_docmd.c.blowfish2 vim74/src/ex_docmd.c
+--- vim74/src/ex_docmd.c.blowfish2 2017-09-05 14:47:34.782913378 +0200
++++ vim74/src/ex_docmd.c 2017-09-05 14:47:34.945912063 +0200
+@@ -11497,8 +11497,7 @@ ex_match(eap)
+ ex_X(eap)
+ exarg_T *eap UNUSED;
+ {
+- if (get_crypt_method(curbuf) == 0 || blowfish_self_test() == OK)
+- (void)get_crypt_key(TRUE, TRUE);
++ (void)crypt_get_key(TRUE, TRUE);
+ }
+ #endif
+
+diff -up vim74/src/fileio.c.blowfish2 vim74/src/fileio.c
+--- vim74/src/fileio.c.blowfish2 2017-09-05 14:47:34.245917713 +0200
++++ vim74/src/fileio.c 2017-09-05 14:47:34.947912046 +0200
+@@ -24,20 +24,6 @@
+ #define BUFSIZE 8192 /* size of normal write buffer */
+ #define SMBUFSIZE 256 /* size of emergency write buffer */
+
+-#ifdef FEAT_CRYPT
+-/* crypt_magic[0] is pkzip crypt, crypt_magic[1] is sha2+blowfish */
+-static char *crypt_magic[] = {"VimCrypt~01!", "VimCrypt~02!"};
+-static char crypt_magic_head[] = "VimCrypt~";
+-# define CRYPT_MAGIC_LEN 12 /* must be multiple of 4! */
+-
+-/* For blowfish, after the magic header, we store 8 bytes of salt and then 8
+- * bytes of seed (initialisation vector). */
+-static int crypt_salt_len[] = {0, 8};
+-static int crypt_seed_len[] = {0, 8};
+-#define CRYPT_SALT_LEN_MAX 8
+-#define CRYPT_SEED_LEN_MAX 8
+-#endif
+-
+ /* Is there any system that doesn't have access()? */
+ #define USE_MCH_ACCESS
+
+@@ -55,7 +41,6 @@ static char_u *readfile_charconvert __AR
+ static void check_marks_read __ARGS((void));
+ #endif
+ #ifdef FEAT_CRYPT
+-static int crypt_method_from_magic __ARGS((char *ptr, int len));
+ static char_u *check_for_cryptkey __ARGS((char_u *cryptkey, char_u *ptr, long *sizep, off_t *filesizep, int newfile, char_u *fname, int *did_ask));
+ #endif
+ #ifdef UNIX
+@@ -116,6 +101,9 @@ struct bw_info
+ #ifdef HAS_BW_FLAGS
+ int bw_flags; /* FIO_ flags */
+ #endif
++#ifdef FEAT_CRYPT
++ buf_T *bw_buffer; /* buffer being written */
++#endif
+ #ifdef FEAT_MBYTE
+ char_u bw_rest[CONV_RESTLEN]; /* not converted bytes */
+ int bw_restlen; /* nr of bytes in bw_rest[] */
+@@ -250,7 +238,6 @@ readfile(fname, sfname, from, lines_to_s
+ #ifdef FEAT_CRYPT
+ char_u *cryptkey = NULL;
+ int did_ask_for_key = FALSE;
+- int crypt_method_used;
+ #endif
+ #ifdef FEAT_PERSISTENT_UNDO
+ context_sha256_T sha_ctx;
+@@ -966,13 +953,6 @@ retry:
+ #endif
+ }
+
+-#ifdef FEAT_CRYPT
+- if (cryptkey != NULL)
+- /* Need to reset the state, but keep the key, don't want to ask for it
+- * again. */
+- crypt_pop_state();
+-#endif
+-
+ /*
+ * When retrying with another "fenc" and the first time "fileformat"
+ * will be reset.
+@@ -1175,6 +1155,15 @@ retry:
+ if (read_undo_file)
+ sha256_start(&sha_ctx);
+ #endif
++#ifdef FEAT_CRYPT
++ if (curbuf->b_cryptstate != NULL)
++ {
++ /* Need to free the state, but keep the key, don't want to ask for
++ * it again. */
++ crypt_free_state(curbuf->b_cryptstate);
++ curbuf->b_cryptstate = NULL;
++ }
++#endif
+ }
+
+ while (!error && !got_int)
+@@ -1339,6 +1328,76 @@ retry:
+ size = read_eintr(fd, ptr, size);
+ }
+
++#ifdef FEAT_CRYPT
++ /*
++ * At start of file: Check for magic number of encryption.
++ */
++ if (filesize == 0 && size > 0)
++ cryptkey = check_for_cryptkey(cryptkey, ptr, &size,
++ &filesize, newfile, sfname,
++ &did_ask_for_key);
++ /*
++ * Decrypt the read bytes. This is done before checking for
++ * EOF because the crypt layer may be buffering.
++ */
++ if (cryptkey != NULL && curbuf->b_cryptstate != NULL && size > 0)
++ {
++ if (crypt_works_inplace(curbuf->b_cryptstate))
++ {
++ crypt_decode_inplace(curbuf->b_cryptstate, ptr, size);
++ }
++ else
++ {
++ char_u *newptr = NULL;
++ int decrypted_size;
++
++ decrypted_size = crypt_decode_alloc(
++ curbuf->b_cryptstate, ptr, size, &newptr);
++
++ /* If the crypt layer is buffering, not producing
++ * anything yet, need to read more. */
++ if (size > 0 && decrypted_size == 0)
++ continue;
++
++ if (linerest == 0)
++ {
++ /* Simple case: reuse returned buffer (may be
++ * NULL, checked later). */
++ new_buffer = newptr;
++ }
++ else
++ {
++ long_u new_size;
++
++ /* Need new buffer to add bytes carried over. */
++ new_size = (long_u)(decrypted_size + linerest + 1);
++ new_buffer = lalloc(new_size, FALSE);
++ if (new_buffer == NULL)
++ {
++ do_outofmem_msg(new_size);
++ error = TRUE;
++ break;
++ }
++
++ mch_memmove(new_buffer, buffer, linerest);
++ if (newptr != NULL)
++ mch_memmove(new_buffer + linerest, newptr,
++ decrypted_size);
++ }
++
++ if (new_buffer != NULL)
++ {
++ vim_free(buffer);
++ buffer = new_buffer;
++ new_buffer = NULL;
++ line_start = buffer;
++ ptr = buffer + linerest;
++ }
++ size = decrypted_size;
++ }
++ }
++#endif
++
+ if (size <= 0)
+ {
+ if (size < 0) /* read error */
+@@ -1403,21 +1462,6 @@ retry:
+ }
+ #endif
+ }
+-
+-#ifdef FEAT_CRYPT
+- /*
+- * At start of file: Check for magic number of encryption.
+- */
+- if (filesize == 0)
+- cryptkey = check_for_cryptkey(cryptkey, ptr, &size,
+- &filesize, newfile, sfname,
+- &did_ask_for_key);
+- /*
+- * Decrypt the read bytes.
+- */
+- if (cryptkey != NULL && size > 0)
+- crypt_decode(ptr, size);
+-#endif
+ }
+ skip_read = FALSE;
+
+@@ -1430,10 +1474,9 @@ retry:
+ */
+ if ((filesize == 0
+ # ifdef FEAT_CRYPT
+- || (filesize == (CRYPT_MAGIC_LEN
+- + crypt_salt_len[use_crypt_method]
+- + crypt_seed_len[use_crypt_method])
+- && cryptkey != NULL)
++ || (cryptkey != NULL
++ && filesize == crypt_get_header_len(
++ crypt_get_method_nr(curbuf)))
+ # endif
+ )
+ && (fio_flags == FIO_UCSBOM
+@@ -2262,15 +2305,15 @@ failed:
+ save_file_ff(curbuf); /* remember the current file format */
+
+ #ifdef FEAT_CRYPT
+- crypt_method_used = use_crypt_method;
+- if (cryptkey != NULL)
++ if (curbuf->b_cryptstate != NULL)
+ {
+- crypt_pop_state();
+- if (cryptkey != curbuf->b_p_key)
+- free_crypt_key(cryptkey);
+- /* don't set cryptkey to NULL, it's used below as a flag that
+- * encryption was used */
++ crypt_free_state(curbuf->b_cryptstate);
++ curbuf->b_cryptstate = NULL;
+ }
++ if (cryptkey != NULL && cryptkey != curbuf->b_p_key)
++ crypt_free_key(cryptkey);
++ /* Don't set cryptkey to NULL, it's used below as a flag that
++ * encryption was used. */
+ #endif
+
+ #ifdef FEAT_MBYTE
+@@ -2457,10 +2500,7 @@ failed:
+ #ifdef FEAT_CRYPT
+ if (cryptkey != NULL)
+ {
+- if (crypt_method_used == 1)
+- STRCAT(IObuff, _("[blowfish]"));
+- else
+- STRCAT(IObuff, _("[crypted]"));
++ crypt_append_msg(curbuf);
+ c = TRUE;
+ }
+ #endif
+@@ -2489,9 +2529,7 @@ failed:
+ #ifdef FEAT_CRYPT
+ if (cryptkey != NULL)
+ msg_add_lines(c, (long)linecnt, filesize
+- - CRYPT_MAGIC_LEN
+- - crypt_salt_len[use_crypt_method]
+- - crypt_seed_len[use_crypt_method]);
++ - crypt_get_header_len(crypt_get_method_nr(curbuf)));
+ else
+ #endif
+ msg_add_lines(c, (long)linecnt, filesize);
+@@ -2882,33 +2920,6 @@ check_marks_read()
+
+ #if defined(FEAT_CRYPT) || defined(PROTO)
+ /*
+- * Get the crypt method used for a file from "ptr[len]", the magic text at the
+- * start of the file.
+- * Returns -1 when no encryption used.
+- */
+- static int
+-crypt_method_from_magic(ptr, len)
+- char *ptr;
+- int len;
+-{
+- int i;
+-
+- for (i = 0; i < (int)(sizeof(crypt_magic) / sizeof(crypt_magic[0])); i++)
+- {
+- if (len < (CRYPT_MAGIC_LEN + crypt_salt_len[i] + crypt_seed_len[i]))
+- continue;
+- if (memcmp(ptr, crypt_magic[i], CRYPT_MAGIC_LEN) == 0)
+- return i;
+- }
+-
+- i = (int)STRLEN(crypt_magic_head);
+- if (len >= i && memcmp(ptr, crypt_magic_head, i) == 0)
+- EMSG(_("E821: File is encrypted with unknown method"));
+-
+- return -1;
+-}
+-
+-/*
+ * Check for magic number used for encryption. Applies to the current buffer.
+ * If found, the magic number is removed from ptr[*sizep] and *sizep and
+ * *filesizep are updated.
+@@ -2924,7 +2935,7 @@ check_for_cryptkey(cryptkey, ptr, sizep,
+ char_u *fname; /* file name to display */
+ int *did_ask; /* flag: whether already asked for key */
+ {
+- int method = crypt_method_from_magic((char *)ptr, *sizep);
++ int method = crypt_method_nr_from_magic((char *)ptr, *sizep);
+ int b_p_ro = curbuf->b_p_ro;
+
+ if (method >= 0)
+@@ -2933,9 +2944,8 @@ check_for_cryptkey(cryptkey, ptr, sizep,
+ * Avoids accidentally overwriting the file with garbage. */
+ curbuf->b_p_ro = TRUE;
+
+- set_crypt_method(curbuf, method);
+- if (method > 0)
+- (void)blowfish_self_test();
++ /* Set the cryptmethod local to the buffer. */
++ crypt_set_cm_option(curbuf, method);
+ if (cryptkey == NULL && !*did_ask)
+ {
+ if (*curbuf->b_p_key)
+@@ -2948,7 +2958,7 @@ check_for_cryptkey(cryptkey, ptr, sizep,
+ * Happens when retrying to detect encoding. */
+ smsg((char_u *)_(need_key_msg), fname);
+ msg_scroll = TRUE;
+- cryptkey = get_crypt_key(newfile, FALSE);
++ cryptkey = crypt_get_key(newfile, FALSE);
+ *did_ask = TRUE;
+
+ /* check if empty key entered */
+@@ -2963,24 +2973,18 @@ check_for_cryptkey(cryptkey, ptr, sizep,
+
+ if (cryptkey != NULL)
+ {
+- int seed_len = crypt_seed_len[method];
+- int salt_len = crypt_salt_len[method];
++ int header_len;
+
+- crypt_push_state();
+- use_crypt_method = method;
+- if (method == 0)
+- crypt_init_keys(cryptkey);
+- else
+- {
+- bf_key_init(cryptkey, ptr + CRYPT_MAGIC_LEN, salt_len);
+- bf_ofb_init(ptr + CRYPT_MAGIC_LEN + salt_len, seed_len);
+- }
++ curbuf->b_cryptstate = crypt_create_from_header(
++ method, cryptkey, ptr);
++ crypt_set_cm_option(curbuf, method);
++
++ /* Remove cryptmethod specific header from the text. */
++ header_len = crypt_get_header_len(method);
++ *filesizep += header_len;
++ *sizep -= header_len;
++ mch_memmove(ptr, ptr + header_len, (size_t)*sizep);
+
+- /* Remove magic number from the text */
+- *filesizep += CRYPT_MAGIC_LEN + salt_len + seed_len;
+- *sizep -= CRYPT_MAGIC_LEN + salt_len + seed_len;
+- mch_memmove(ptr, ptr + CRYPT_MAGIC_LEN + salt_len + seed_len,
+- (size_t)*sizep);
+ /* Restore the read-only flag. */
+ curbuf->b_p_ro = b_p_ro;
+ }
+@@ -2992,85 +2996,6 @@ check_for_cryptkey(cryptkey, ptr, sizep,
+
+ return cryptkey;
+ }
+-
+-/*
+- * Check for magic number used for encryption. Applies to the current buffer.
+- * If found and decryption is possible returns OK;
+- */
+- int
+-prepare_crypt_read(fp)
+- FILE *fp;
+-{
+- int method;
+- char_u buffer[CRYPT_MAGIC_LEN + CRYPT_SALT_LEN_MAX
+- + CRYPT_SEED_LEN_MAX + 2];
+-
+- if (fread(buffer, CRYPT_MAGIC_LEN, 1, fp) != 1)
+- return FAIL;
+- method = crypt_method_from_magic((char *)buffer,
+- CRYPT_MAGIC_LEN +
+- CRYPT_SEED_LEN_MAX +
+- CRYPT_SALT_LEN_MAX);
+- if (method < 0 || method != get_crypt_method(curbuf))
+- return FAIL;
+-
+- crypt_push_state();
+- if (method == 0)
+- crypt_init_keys(curbuf->b_p_key);
+- else
+- {
+- int salt_len = crypt_salt_len[method];
+- int seed_len = crypt_seed_len[method];
+-
+- if (fread(buffer, salt_len + seed_len, 1, fp) != 1)
+- return FAIL;
+- bf_key_init(curbuf->b_p_key, buffer, salt_len);
+- bf_ofb_init(buffer + salt_len, seed_len);
+- }
+- return OK;
+-}
+-
+-/*
+- * Prepare for writing encrypted bytes for buffer "buf".
+- * Returns a pointer to an allocated header of length "*lenp".
+- * When out of memory returns NULL.
+- * Otherwise calls crypt_push_state(), call crypt_pop_state() later.
+- */
+- char_u *
+-prepare_crypt_write(buf, lenp)
+- buf_T *buf;
+- int *lenp;
+-{
+- char_u *header;
+- int seed_len = crypt_seed_len[get_crypt_method(buf)];
+- int salt_len = crypt_salt_len[get_crypt_method(buf)];
+- char_u *salt;
+- char_u *seed;
+-
+- header = alloc_clear(CRYPT_MAGIC_LEN + CRYPT_SALT_LEN_MAX
+- + CRYPT_SEED_LEN_MAX + 2);
+- if (header != NULL)
+- {
+- crypt_push_state();
+- use_crypt_method = get_crypt_method(buf); /* select zip or blowfish */
+- vim_strncpy(header, (char_u *)crypt_magic[use_crypt_method],
+- CRYPT_MAGIC_LEN);
+- if (use_crypt_method == 0)
+- crypt_init_keys(buf->b_p_key);
+- else
+- {
+- /* Using blowfish, add salt and seed. */
+- salt = header + CRYPT_MAGIC_LEN;
+- seed = salt + salt_len;
+- sha2_seed(salt, salt_len, seed, seed_len);
+- bf_key_init(buf->b_p_key, salt, salt_len);
+- bf_ofb_init(seed, seed_len);
+- }
+- }
+- *lenp = CRYPT_MAGIC_LEN + salt_len + seed_len;
+- return header;
+-}
+-
+ #endif /* FEAT_CRYPT */
+
+ #ifdef UNIX
+@@ -3224,9 +3149,6 @@ buf_write(buf, fname, sfname, start, end
+ int write_undo_file = FALSE;
+ context_sha256_T sha_ctx;
+ #endif
+-#ifdef FEAT_CRYPT
+- int crypt_method_used;
+-#endif
+
+ if (fname == NULL || *fname == NUL) /* safety check */
+ return FAIL;
+@@ -3262,6 +3184,9 @@ buf_write(buf, fname, sfname, start, end
+ write_info.bw_iconv_fd = (iconv_t)-1;
+ # endif
+ #endif
++#ifdef FEAT_CRYPT
++ write_info.bw_buffer = buf;
++#endif
+
+ /* After writing a file changedtick changes but we don't want to display
+ * the line. */
+@@ -4505,17 +4430,17 @@ restore_backup:
+ #ifdef FEAT_CRYPT
+ if (*buf->b_p_key != NUL && !filtering)
+ {
+- char_u *header;
+- int header_len;
++ char_u *header;
++ int header_len;
+
+- header = prepare_crypt_write(buf, &header_len);
+- if (header == NULL)
++ buf->b_cryptstate = crypt_create_for_writing(crypt_get_method_nr(buf),
++ buf->b_p_key, &header, &header_len);
++ if (buf->b_cryptstate == NULL || header == NULL)
+ end = 0;
+ else
+ {
+- /* Write magic number, so that Vim knows that this file is
+- * encrypted when reading it again. This also undergoes utf-8 to
+- * ucs-2/4 conversion when needed. */
++ /* Write magic number, so that Vim knows how this file is
++ * encrypted when reading it back. */
+ write_info.bw_buf = header;
+ write_info.bw_len = header_len;
+ write_info.bw_flags = FIO_NOCONVERT;
+@@ -4769,9 +4694,11 @@ restore_backup:
+ mch_set_acl(wfname, acl);
+ #endif
+ #ifdef FEAT_CRYPT
+- crypt_method_used = use_crypt_method;
+- if (wb_flags & FIO_ENCRYPTED)
+- crypt_pop_state();
++ if (buf->b_cryptstate != NULL)
++ {
++ crypt_free_state(buf->b_cryptstate);
++ buf->b_cryptstate = NULL;
++ }
+ #endif
+
+
+@@ -4924,10 +4851,7 @@ restore_backup:
+ #ifdef FEAT_CRYPT
+ if (wb_flags & FIO_ENCRYPTED)
+ {
+- if (crypt_method_used == 1)
+- STRCAT(IObuff, _("[blowfish]"));
+- else
+- STRCAT(IObuff, _("[crypted]"));
++ crypt_append_msg(buf);
+ c = TRUE;
+ }
+ #endif
+@@ -5740,8 +5664,26 @@ buf_write_bytes(ip)
+ #endif /* FEAT_MBYTE */
+
+ #ifdef FEAT_CRYPT
+- if (flags & FIO_ENCRYPTED) /* encrypt the data */
+- crypt_encode(buf, len, buf);
++ if (flags & FIO_ENCRYPTED)
++ {
++ /* Encrypt the data. Do it in-place if possible, otherwise use an
++ * allocated buffer. */
++ if (crypt_works_inplace(ip->bw_buffer->b_cryptstate))
++ {
++ crypt_encode_inplace(ip->bw_buffer->b_cryptstate, buf, len);
++ }
++ else
++ {
++ char_u *outbuf;
++
++ len = crypt_encode_alloc(curbuf->b_cryptstate, buf, len, &outbuf);
++ if (len == 0)
++ return OK; /* Crypt layer is buffering, will flush later. */
++ wlen = write_eintr(ip->bw_fd, outbuf, len);
++ vim_free(outbuf);
++ return (wlen < len) ? FAIL : OK;
++ }
++ }
+ #endif
+
+ wlen = write_eintr(ip->bw_fd, buf, len);
+diff -up vim74/src/globals.h.blowfish2 vim74/src/globals.h
+--- vim74/src/globals.h.blowfish2 2017-09-05 14:47:33.909920425 +0200
++++ vim74/src/globals.h 2017-09-05 14:47:34.950912022 +0200
+@@ -105,10 +105,6 @@ EXTERN int exec_from_reg INIT(= FALSE);
+
+ EXTERN int screen_cleared INIT(= FALSE); /* screen has been cleared */
+
+-#ifdef FEAT_CRYPT
+-EXTERN int use_crypt_method INIT(= 0);
+-#endif
+-
+ /*
+ * When '$' is included in 'cpoptions' option set:
+ * When a change command is given that deletes only part of a line, a dollar
+diff -up vim74/src/main.c.blowfish2 vim74/src/main.c
+--- vim74/src/main.c.blowfish2 2017-09-05 14:47:34.571915081 +0200
++++ vim74/src/main.c 2017-09-05 14:47:34.955911982 +0200
+@@ -845,8 +845,7 @@ vim_main2(int argc UNUSED, char **argv U
+ #ifdef FEAT_CRYPT
+ if (params.ask_for_key)
+ {
+- (void)blowfish_self_test();
+- (void)get_crypt_key(TRUE, TRUE);
++ (void)crypt_get_key(TRUE, TRUE);
+ TIME_MSG("getting crypt key");
+ }
+ #endif
+diff -up vim74/src/Makefile.blowfish2 vim74/src/Makefile
+--- vim74/src/Makefile.blowfish2 2017-09-05 14:47:34.847912854 +0200
++++ vim74/src/Makefile 2017-09-05 14:47:34.956911974 +0200
+@@ -1427,6 +1427,8 @@ BASIC_SRC = \
+ blowfish.c \
+ buffer.c \
+ charset.c \
++ crypt.c \
++ crypt_zip.c \
+ diff.c \
+ digraph.c \
+ edit.c \
+@@ -1516,6 +1518,8 @@ OBJ_COMMON = \
+ objects/buffer.o \
+ objects/blowfish.o \
+ objects/charset.o \
++ objects/crypt.o \
++ objects/crypt_zip.o \
+ objects/diff.o \
+ objects/digraph.o \
+ objects/edit.o \
+@@ -1585,6 +1589,8 @@ PRO_AUTO = \
+ blowfish.pro \
+ buffer.pro \
+ charset.pro \
++ crypt.pro \
++ crypt_zip.pro \
+ diff.pro \
+ digraph.pro \
+ edit.pro \
+@@ -1745,10 +1751,11 @@ xxd/xxd$(EXEEXT): xxd/xxd.c
+ languages:
+ @if test -n "$(MAKEMO)" -a -f $(PODIR)/Makefile; then \
+ cd $(PODIR); \
+- CC="$(CC)" $(MAKE) prefix=$(DESTDIR)$(prefix); \
++ CC="$(CC)" $(MAKE) prefix=$(DESTDIR)$(prefix); \
+ fi
+ -@if test -n "$(MAKEMO)" -a -f $(PODIR)/Makefile; then \
+- cd $(PODIR); CC="$(CC)" $(MAKE) prefix=$(DESTDIR)$(prefix) converted; \
++ cd $(PODIR); \
++ CC="$(CC)" $(MAKE) prefix=$(DESTDIR)$(prefix) converted; \
+ fi
+
+ # Update the *.po files for changes in the sources. Only run manually.
+@@ -1874,6 +1881,12 @@ unittest unittests: $(UNITTEST_TARGETS)
+
+ # Run individual test, assuming that Vim was already compiled.
+ test1 test2 test3 test4 test5 test6 test7 test8 test9 \
++ test_breakindent \
++ test_changelist \
++ test_insertcount \
++ test_listlbr \
++ test_listlbr_utf8 \
++ test_qf_title \
+ test10 test11 test12 test13 test14 test15 test16 test17 test18 test19 \
+ test20 test21 test22 test23 test24 test25 test26 test27 test28 test29 \
+ test30 test31 test32 test33 test34 test35 test36 test37 test38 test39 \
+@@ -2494,6 +2507,12 @@ objects/buffer.o: buffer.c
+ objects/charset.o: charset.c
+ $(CCC) -o $@ charset.c
+
++objects/crypt.o: crypt.c
++ $(CCC) -o $@ crypt.c
++
++objects/crypt_zip.o: crypt_zip.c
++ $(CCC) -o $@ crypt_zip.c
++
+ objects/diff.o: diff.c
+ $(CCC) -o $@ diff.c
+
+@@ -2843,6 +2862,14 @@ objects/charset.o: charset.c vim.h auto/
+ ascii.h keymap.h term.h macros.h option.h structs.h regexp.h gui.h \
+ gui_beval.h proto/gui_beval.pro ex_cmds.h proto.h globals.h farsi.h \
+ arabic.h
++objects/crypt.o: crypt.c vim.h auto/config.h feature.h os_unix.h auto/osdef.h \
++ ascii.h keymap.h term.h macros.h option.h structs.h regexp.h gui.h \
++ gui_beval.h proto/gui_beval.pro ex_cmds.h proto.h globals.h farsi.h \
++ arabic.h
++objects/crypt_zip.o: crypt_zip.c vim.h auto/config.h feature.h os_unix.h \
++ auto/osdef.h ascii.h keymap.h term.h macros.h option.h structs.h \
++ regexp.h gui.h gui_beval.h proto/gui_beval.pro ex_cmds.h proto.h \
++ globals.h farsi.h arabic.h
+ objects/diff.o: diff.c vim.h auto/config.h feature.h os_unix.h auto/osdef.h \
+ ascii.h keymap.h term.h macros.h option.h structs.h regexp.h gui.h \
+ gui_beval.h proto/gui_beval.pro ex_cmds.h proto.h globals.h farsi.h \
+diff -up vim74/src/memline.c.blowfish2 vim74/src/memline.c
+--- vim74/src/memline.c.blowfish2 2017-09-05 14:47:34.217917939 +0200
++++ vim74/src/memline.c 2017-09-05 14:47:34.957911966 +0200
+@@ -63,6 +63,15 @@ typedef struct pointer_entry PTR_EN;
+ #define BLOCK0_ID1 '0' /* block 0 id 1 */
+ #define BLOCK0_ID1_C0 'c' /* block 0 id 1 'cm' 0 */
+ #define BLOCK0_ID1_C1 'C' /* block 0 id 1 'cm' 1 */
++#define BLOCK0_ID1_C2 'd' /* block 0 id 1 'cm' 2 */
++
++#if defined(FEAT_CRYPT)
++static int id1_codes[] = {
++ BLOCK0_ID1_C0, /* CRYPT_M_ZIP */
++ BLOCK0_ID1_C1, /* CRYPT_M_BF */
++ BLOCK0_ID1_C2, /* CRYPT_M_BF2 */
++};
++#endif
+
+ /*
+ * pointer to a block, used in a pointer block
+@@ -151,7 +160,7 @@ struct data_block
+ struct block0
+ {
+ char_u b0_id[2]; /* id for block 0: BLOCK0_ID0 and BLOCK0_ID1,
+- * BLOCK0_ID1_C0, BLOCK0_ID1_C1 */
++ * BLOCK0_ID1_C0, BLOCK0_ID1_C1, etc. */
+ char_u b0_version[10]; /* Vim version string */
+ char_u b0_page_size[4];/* number of bytes per page */
+ char_u b0_mtime[4]; /* last modification time of file */
+@@ -226,6 +235,7 @@ typedef enum {
+ } upd_block0_T;
+
+ #ifdef FEAT_CRYPT
++static void ml_set_mfp_crypt __ARGS((buf_T *buf));
+ static void ml_set_b0_crypt __ARGS((buf_T *buf, ZERO_BL *b0p));
+ #endif
+ static int ml_check_b0_id __ARGS((ZERO_BL *b0p));
+@@ -256,7 +266,7 @@ static long char_to_long __ARGS((char_u
+ static char_u *make_percent_swname __ARGS((char_u *dir, char_u *name));
+ #endif
+ #ifdef FEAT_CRYPT
+-static void ml_crypt_prepare __ARGS((memfile_T *mfp, off_t offset, int reading));
++static cryptstate_T *ml_crypt_prepare __ARGS((memfile_T *mfp, off_t offset, int reading));
+ #endif
+ #ifdef FEAT_BYTEOFF
+ static void ml_updatechunk __ARGS((buf_T *buf, long line, long len, int updtype));
+@@ -356,8 +366,7 @@ ml_open(buf)
+ b0p->b0_hname[B0_HNAME_SIZE - 1] = NUL;
+ long_to_char(mch_get_pid(), b0p->b0_pid);
+ #ifdef FEAT_CRYPT
+- if (*buf->b_p_key != NUL)
+- ml_set_b0_crypt(buf, b0p);
++ ml_set_b0_crypt(buf, b0p);
+ #endif
+ }
+
+@@ -422,6 +431,25 @@ error:
+
+ #if defined(FEAT_CRYPT) || defined(PROTO)
+ /*
++ * Prepare encryption for "buf" for the current key and method.
++ */
++ static void
++ml_set_mfp_crypt(buf)
++ buf_T *buf;
++{
++ if (*buf->b_p_key != NUL)
++ {
++ int method_nr = crypt_get_method_nr(buf);
++
++ if (method_nr > CRYPT_M_ZIP)
++ {
++ /* Generate a seed and store it in the memfile. */
++ sha2_seed(buf->b_ml.ml_mfp->mf_seed, MF_SEED_LEN, NULL, 0);
++ }
++ }
++}
++
++/*
+ * Prepare encryption for "buf" with block 0 "b0p".
+ */
+ static void
+@@ -433,11 +461,11 @@ ml_set_b0_crypt(buf, b0p)
+ b0p->b0_id[1] = BLOCK0_ID1;
+ else
+ {
+- if (get_crypt_method(buf) == 0)
+- b0p->b0_id[1] = BLOCK0_ID1_C0;
+- else
++ int method_nr = crypt_get_method_nr(buf);
++
++ b0p->b0_id[1] = id1_codes[method_nr];
++ if (method_nr > CRYPT_M_ZIP)
+ {
+- b0p->b0_id[1] = BLOCK0_ID1_C1;
+ /* Generate a seed and store it in block 0 and in the memfile. */
+ sha2_seed(&b0p->b0_seed, MF_SEED_LEN, NULL, 0);
+ mch_memmove(buf->b_ml.ml_mfp->mf_seed, &b0p->b0_seed, MF_SEED_LEN);
+@@ -884,7 +912,8 @@ ml_check_b0_id(b0p)
+ if (b0p->b0_id[0] != BLOCK0_ID0
+ || (b0p->b0_id[1] != BLOCK0_ID1
+ && b0p->b0_id[1] != BLOCK0_ID1_C0
+- && b0p->b0_id[1] != BLOCK0_ID1_C1)
++ && b0p->b0_id[1] != BLOCK0_ID1_C1
++ && b0p->b0_id[1] != BLOCK0_ID1_C2)
+ )
+ return FAIL;
+ return OK;
+@@ -903,8 +932,19 @@ ml_upd_block0(buf, what)
+ ZERO_BL *b0p;
+
+ mfp = buf->b_ml.ml_mfp;
+- if (mfp == NULL || (hp = mf_get(mfp, (blocknr_T)0, 1)) == NULL)
++ if (mfp == NULL)
++ return;
++ hp = mf_get(mfp, (blocknr_T)0, 1);
++ if (hp == NULL)
++ {
++#ifdef FEAT_CRYPT
++ /* Possibly update the seed in the memfile before there is a block0. */
++ if (what == UB_CRYPT)
++ ml_set_mfp_crypt(buf);
++#endif
+ return;
++ }
++
+ b0p = (ZERO_BL *)(hp->bh_data);
+ if (ml_check_b0_id(b0p) == FAIL)
+ EMSG(_("E304: ml_upd_block0(): Didn't get block 0??"));
+@@ -1252,14 +1292,12 @@ ml_recover()
+ }
+
+ #ifdef FEAT_CRYPT
+- if (b0p->b0_id[1] == BLOCK0_ID1_C0)
+- b0_cm = 0;
+- else if (b0p->b0_id[1] == BLOCK0_ID1_C1)
+- {
+- b0_cm = 1;
++ for (i = 0; i < (int)(sizeof(id1_codes) / sizeof(int)); ++i)
++ if (id1_codes[i] == b0p->b0_id[1])
++ b0_cm = i;
++ if (b0_cm > 0)
+ mch_memmove(mfp->mf_seed, &b0p->b0_seed, MF_SEED_LEN);
+- }
+- set_crypt_method(buf, b0_cm);
++ crypt_set_cm_option(buf, b0_cm < 0 ? 0 : b0_cm);
+ #else
+ if (b0p->b0_id[1] != BLOCK0_ID1)
+ {
+@@ -1386,7 +1424,7 @@ ml_recover()
+ }
+ else
+ smsg((char_u *)_(need_key_msg), fname_used);
+- buf->b_p_key = get_crypt_key(FALSE, FALSE);
++ buf->b_p_key = crypt_get_key(FALSE, FALSE);
+ if (buf->b_p_key == NULL)
+ buf->b_p_key = curbuf->b_p_key;
+ else if (*buf->b_p_key == NUL)
+@@ -4813,6 +4851,7 @@ ml_encrypt_data(mfp, data, offset, size)
+ char_u *text_start;
+ char_u *new_data;
+ int text_len;
++ cryptstate_T *state;
+
+ if (dp->db_id != DATA_ID)
+ return data;
+@@ -4828,10 +4867,9 @@ ml_encrypt_data(mfp, data, offset, size)
+ mch_memmove(new_data, dp, head_end - (char_u *)dp);
+
+ /* Encrypt the text. */
+- crypt_push_state();
+- ml_crypt_prepare(mfp, offset, FALSE);
+- crypt_encode(text_start, text_len, new_data + dp->db_txt_start);
+- crypt_pop_state();
++ state = ml_crypt_prepare(mfp, offset, FALSE);
++ crypt_encode(state, text_start, text_len, new_data + dp->db_txt_start);
++ crypt_free_state(state);
+
+ /* Clear the gap. */
+ if (head_end < text_start)
+@@ -4854,6 +4892,7 @@ ml_decrypt_data(mfp, data, offset, size)
+ char_u *head_end;
+ char_u *text_start;
+ int text_len;
++ cryptstate_T *state;
+
+ if (dp->db_id == DATA_ID)
+ {
+@@ -4866,17 +4905,17 @@ ml_decrypt_data(mfp, data, offset, size)
+ return; /* data was messed up */
+
+ /* Decrypt the text in place. */
+- crypt_push_state();
+- ml_crypt_prepare(mfp, offset, TRUE);
+- crypt_decode(text_start, text_len);
+- crypt_pop_state();
++ state = ml_crypt_prepare(mfp, offset, TRUE);
++ crypt_decode_inplace(state, text_start, text_len);
++ crypt_free_state(state);
+ }
+ }
+
+ /*
+ * Prepare for encryption/decryption, using the key, seed and offset.
++ * Return an allocated cryptstate_T *.
+ */
+- static void
++ static cryptstate_T *
+ ml_crypt_prepare(mfp, offset, reading)
+ memfile_T *mfp;
+ off_t offset;
+@@ -4884,38 +4923,37 @@ ml_crypt_prepare(mfp, offset, reading)
+ {
+ buf_T *buf = mfp->mf_buffer;
+ char_u salt[50];
+- int method;
++ int method_nr;
+ char_u *key;
+ char_u *seed;
+
+ if (reading && mfp->mf_old_key != NULL)
+ {
+ /* Reading back blocks with the previous key/method/seed. */
+- method = mfp->mf_old_cm;
++ method_nr = mfp->mf_old_cm;
+ key = mfp->mf_old_key;
+ seed = mfp->mf_old_seed;
+ }
+ else
+ {
+- method = get_crypt_method(buf);
++ method_nr = crypt_get_method_nr(buf);
+ key = buf->b_p_key;
+ seed = mfp->mf_seed;
+ }
+
+- use_crypt_method = method; /* select pkzip or blowfish */
+- if (method == 0)
++ if (method_nr == CRYPT_M_ZIP)
+ {
++ /* For PKzip: Append the offset to the key, so that we use a different
++ * key for every block. */
+ vim_snprintf((char *)salt, sizeof(salt), "%s%ld", key, (long)offset);
+- crypt_init_keys(salt);
+- }
+- else
+- {
+- /* Using blowfish, add salt and seed. We use the byte offset of the
+- * block for the salt. */
+- vim_snprintf((char *)salt, sizeof(salt), "%ld", (long)offset);
+- bf_key_init(key, salt, (int)STRLEN(salt));
+- bf_ofb_init(seed, MF_SEED_LEN);
++ return crypt_create(method_nr, salt, NULL, 0, NULL, 0);
+ }
++
++ /* Using blowfish or better: add salt and seed. We use the byte offset
++ * of the block for the salt. */
++ vim_snprintf((char *)salt, sizeof(salt), "%ld", (long)offset);
++ return crypt_create(method_nr, key, salt, (int)STRLEN(salt),
++ seed, MF_SEED_LEN);
+ }
+
+ #endif
+diff -up vim74/src/misc2.c.blowfish2 vim74/src/misc2.c
+--- vim74/src/misc2.c.blowfish2 2017-09-05 14:47:34.461915969 +0200
++++ vim74/src/misc2.c 2017-09-05 14:47:34.959911949 +0200
+@@ -3803,322 +3803,6 @@ update_mouseshape(shape_idx)
+ #endif /* CURSOR_SHAPE */
+
+
+-#ifdef FEAT_CRYPT
+-/*
+- * Optional encryption support.
+- * Mohsin Ahmed, mosh@sasi.com, 98-09-24
+- * Based on zip/crypt sources.
+- *
+- * NOTE FOR USA: Since 2000 exporting this code from the USA is allowed to
+- * most countries. There are a few exceptions, but that still should not be a
+- * problem since this code was originally created in Europe and India.
+- *
+- * Blowfish addition originally made by Mohsin Ahmed,
+- * http://www.cs.albany.edu/~mosh 2010-03-14
+- * Based on blowfish by Bruce Schneier (http://www.schneier.com/blowfish.html)
+- * and sha256 by Christophe Devine.
+- */
+-
+-/* from zip.h */
+-
+-typedef unsigned short ush; /* unsigned 16-bit value */
+-typedef unsigned long ulg; /* unsigned 32-bit value */
+-
+-static void make_crc_tab __ARGS((void));
+-
+-static ulg crc_32_tab[256];
+-
+-/*
+- * Fill the CRC table.
+- */
+- static void
+-make_crc_tab()
+-{
+- ulg s,t,v;
+- static int done = FALSE;
+-
+- if (done)
+- return;
+- for (t = 0; t < 256; t++)
+- {
+- v = t;
+- for (s = 0; s < 8; s++)
+- v = (v >> 1) ^ ((v & 1) * (ulg)0xedb88320L);
+- crc_32_tab[t] = v;
+- }
+- done = TRUE;
+-}
+-
+-#define CRC32(c, b) (crc_32_tab[((int)(c) ^ (b)) & 0xff] ^ ((c) >> 8))
+-
+-static ulg keys[3]; /* keys defining the pseudo-random sequence */
+-
+-/*
+- * Return the next byte in the pseudo-random sequence.
+- */
+-#define DECRYPT_BYTE_ZIP(t) { \
+- ush temp; \
+- \
+- temp = (ush)keys[2] | 2; \
+- t = (int)(((unsigned)(temp * (temp ^ 1U)) >> 8) & 0xff); \
+-}
+-
+-/*
+- * Update the encryption keys with the next byte of plain text.
+- */
+-#define UPDATE_KEYS_ZIP(c) { \
+- keys[0] = CRC32(keys[0], (c)); \
+- keys[1] += keys[0] & 0xff; \
+- keys[1] = keys[1] * 134775813L + 1; \
+- keys[2] = CRC32(keys[2], (int)(keys[1] >> 24)); \
+-}
+-
+-static int crypt_busy = 0;
+-static ulg saved_keys[3];
+-static int saved_crypt_method;
+-
+-/*
+- * Return int value for crypt method string:
+- * 0 for "zip", the old method. Also for any non-valid value.
+- * 1 for "blowfish".
+- */
+- int
+-crypt_method_from_string(s)
+- char_u *s;
+-{
+- return *s == 'b' ? 1 : 0;
+-}
+-
+-/*
+- * Get the crypt method for buffer "buf" as a number.
+- */
+- int
+-get_crypt_method(buf)
+- buf_T *buf;
+-{
+- return crypt_method_from_string(*buf->b_p_cm == NUL ? p_cm : buf->b_p_cm);
+-}
+-
+-/*
+- * Set the crypt method for buffer "buf" to "method" using the int value as
+- * returned by crypt_method_from_string().
+- */
+- void
+-set_crypt_method(buf, method)
+- buf_T *buf;
+- int method;
+-{
+- free_string_option(buf->b_p_cm);
+- buf->b_p_cm = vim_strsave((char_u *)(method == 0 ? "zip" : "blowfish"));
+-}
+-
+-/*
+- * Prepare for initializing encryption. If already doing encryption then save
+- * the state.
+- * Must always be called symmetrically with crypt_pop_state().
+- */
+- void
+-crypt_push_state()
+-{
+- if (crypt_busy == 1)
+- {
+- /* save the state */
+- if (use_crypt_method == 0)
+- {
+- saved_keys[0] = keys[0];
+- saved_keys[1] = keys[1];
+- saved_keys[2] = keys[2];
+- }
+- else
+- bf_crypt_save();
+- saved_crypt_method = use_crypt_method;
+- }
+- else if (crypt_busy > 1)
+- EMSG2(_(e_intern2), "crypt_push_state()");
+- ++crypt_busy;
+-}
+-
+-/*
+- * End encryption. If doing encryption before crypt_push_state() then restore
+- * the saved state.
+- * Must always be called symmetrically with crypt_push_state().
+- */
+- void
+-crypt_pop_state()
+-{
+- --crypt_busy;
+- if (crypt_busy == 1)
+- {
+- use_crypt_method = saved_crypt_method;
+- if (use_crypt_method == 0)
+- {
+- keys[0] = saved_keys[0];
+- keys[1] = saved_keys[1];
+- keys[2] = saved_keys[2];
+- }
+- else
+- bf_crypt_restore();
+- }
+-}
+-
+-/*
+- * Encrypt "from[len]" into "to[len]".
+- * "from" and "to" can be equal to encrypt in place.
+- */
+- void
+-crypt_encode(from, len, to)
+- char_u *from;
+- size_t len;
+- char_u *to;
+-{
+- size_t i;
+- int ztemp, t;
+-
+- if (use_crypt_method == 0)
+- for (i = 0; i < len; ++i)
+- {
+- ztemp = from[i];
+- DECRYPT_BYTE_ZIP(t);
+- UPDATE_KEYS_ZIP(ztemp);
+- to[i] = t ^ ztemp;
+- }
+- else
+- bf_crypt_encode(from, len, to);
+-}
+-
+-/*
+- * Decrypt "ptr[len]" in place.
+- */
+- void
+-crypt_decode(ptr, len)
+- char_u *ptr;
+- long len;
+-{
+- char_u *p;
+-
+- if (use_crypt_method == 0)
+- for (p = ptr; p < ptr + len; ++p)
+- {
+- ush temp;
+-
+- temp = (ush)keys[2] | 2;
+- temp = (int)(((unsigned)(temp * (temp ^ 1U)) >> 8) & 0xff);
+- UPDATE_KEYS_ZIP(*p ^= temp);
+- }
+- else
+- bf_crypt_decode(ptr, len);
+-}
+-
+-/*
+- * Initialize the encryption keys and the random header according to
+- * the given password.
+- * If "passwd" is NULL or empty, don't do anything.
+- */
+- void
+-crypt_init_keys(passwd)
+- char_u *passwd; /* password string with which to modify keys */
+-{
+- if (passwd != NULL && *passwd != NUL)
+- {
+- if (use_crypt_method == 0)
+- {
+- char_u *p;
+-
+- make_crc_tab();
+- keys[0] = 305419896L;
+- keys[1] = 591751049L;
+- keys[2] = 878082192L;
+- for (p = passwd; *p!= NUL; ++p)
+- {
+- UPDATE_KEYS_ZIP((int)*p);
+- }
+- }
+- else
+- bf_crypt_init_keys(passwd);
+- }
+-}
+-
+-/*
+- * Free an allocated crypt key. Clear the text to make sure it doesn't stay
+- * in memory anywhere.
+- */
+- void
+-free_crypt_key(key)
+- char_u *key;
+-{
+- char_u *p;
+-
+- if (key != NULL)
+- {
+- for (p = key; *p != NUL; ++p)
+- *p = 0;
+- vim_free(key);
+- }
+-}
+-
+-/*
+- * Ask the user for a crypt key.
+- * When "store" is TRUE, the new key is stored in the 'key' option, and the
+- * 'key' option value is returned: Don't free it.
+- * When "store" is FALSE, the typed key is returned in allocated memory.
+- * Returns NULL on failure.
+- */
+- char_u *
+-get_crypt_key(store, twice)
+- int store;
+- int twice; /* Ask for the key twice. */
+-{
+- char_u *p1, *p2 = NULL;
+- int round;
+-
+- for (round = 0; ; ++round)
+- {
+- cmdline_star = TRUE;
+- cmdline_row = msg_row;
+- p1 = getcmdline_prompt(NUL, round == 0
+- ? (char_u *)_("Enter encryption key: ")
+- : (char_u *)_("Enter same key again: "), 0, EXPAND_NOTHING,
+- NULL);
+- cmdline_star = FALSE;
+-
+- if (p1 == NULL)
+- break;
+-
+- if (round == twice)
+- {
+- if (p2 != NULL && STRCMP(p1, p2) != 0)
+- {
+- MSG(_("Keys don't match!"));
+- free_crypt_key(p1);
+- free_crypt_key(p2);
+- p2 = NULL;
+- round = -1; /* do it again */
+- continue;
+- }
+-
+- if (store)
+- {
+- set_option_value((char_u *)"key", 0L, p1, OPT_LOCAL);
+- free_crypt_key(p1);
+- p1 = curbuf->b_p_key;
+- }
+- break;
+- }
+- p2 = p1;
+- }
+-
+- /* since the user typed this, no need to wait for return */
+- if (msg_didout)
+- msg_putchar('\n');
+- need_wait_return = FALSE;
+- msg_didout = FALSE;
+-
+- free_crypt_key(p2);
+- return p1;
+-}
+-
+-#endif /* FEAT_CRYPT */
+-
+ /* TODO: make some #ifdef for this */
+ /*--------[ file searching ]-------------------------------------------------*/
+ /*
+@@ -6588,8 +6272,23 @@ put_time(fd, the_time)
+ FILE *fd;
+ time_t the_time;
+ {
++ char_u buf[8];
++
++ time_to_bytes(the_time, buf);
++ fwrite(buf, (size_t)8, (size_t)1, fd);
++}
++
++/*
++ * Write time_t to "buf[8]".
++ */
++ void
++time_to_bytes(the_time, buf)
++ time_t the_time;
++ char_u *buf;
++{
+ int c;
+ int i;
++ int bi = 0;
+ time_t wtime = the_time;
+
+ /* time_t can be up to 8 bytes in size, more than long_u, thus we
+@@ -6603,7 +6302,7 @@ put_time(fd, the_time)
+ {
+ if (i + 1 > (int)sizeof(time_t))
+ /* ">>" doesn't work well when shifting more bits than avail */
+- putc(0, fd);
++ buf[bi++] = 0;
+ else
+ {
+ #if defined(SIZEOF_TIME_T) && SIZEOF_TIME_T > 4
+@@ -6611,7 +6310,7 @@ put_time(fd, the_time)
+ #else
+ c = (int)((long_u)wtime >> (i * 8));
+ #endif
+- putc(c, fd);
++ buf[bi++] = c;
+ }
+ }
+ }
+diff -up vim74/src/option.c.blowfish2 vim74/src/option.c
+--- vim74/src/option.c.blowfish2 2017-09-05 14:47:34.899912434 +0200
++++ vim74/src/option.c 2017-09-05 14:47:34.961911933 +0200
+@@ -2969,7 +2969,7 @@ static char *(p_bg_values[]) = {"light",
+ static char *(p_nf_values[]) = {"octal", "hex", "alpha", NULL};
+ static char *(p_ff_values[]) = {FF_UNIX, FF_DOS, FF_MAC, NULL};
+ #ifdef FEAT_CRYPT
+-static char *(p_cm_values[]) = {"zip", "blowfish", NULL};
++static char *(p_cm_values[]) = {"zip", "blowfish", "blowfish2", NULL};
+ #endif
+ #ifdef FEAT_CMDL_COMPL
+ static char *(p_wop_values[]) = {"tagfile", NULL};
+@@ -6156,7 +6156,7 @@ did_set_string_option(opt_idx, varp, new
+ # endif
+ if (STRCMP(curbuf->b_p_key, oldval) != 0)
+ /* Need to update the swapfile. */
+- ml_set_crypt_key(curbuf, oldval, get_crypt_method(curbuf));
++ ml_set_crypt_key(curbuf, oldval, crypt_get_method_nr(curbuf));
+ }
+
+ else if (gvarp == &p_cm)
+@@ -6167,7 +6167,7 @@ did_set_string_option(opt_idx, varp, new
+ p = p_cm;
+ if (check_opt_strings(p, p_cm_values, TRUE) != OK)
+ errmsg = e_invarg;
+- else if (get_crypt_method(curbuf) > 0 && blowfish_self_test() == FAIL)
++ else if (crypt_self_test() == FAIL)
+ errmsg = e_invarg;
+ else
+ {
+@@ -6179,6 +6179,14 @@ did_set_string_option(opt_idx, varp, new
+ p_cm = vim_strsave((char_u *)"zip");
+ new_value_alloced = TRUE;
+ }
++ /* When using ":set cm=name" the local value is going to be empty.
++ * Do that here, otherwise the crypt functions will still use the
++ * local value. */
++ if ((opt_flags & (OPT_LOCAL | OPT_GLOBAL)) == 0)
++ {
++ free_string_option(curbuf->b_p_cm);
++ curbuf->b_p_cm = empty_option;
++ }
+
+ /* Need to update the swapfile when the effective method changed.
+ * Set "s" to the effective old value, "p" to the effective new
+@@ -6193,7 +6201,7 @@ did_set_string_option(opt_idx, varp, new
+ p = curbuf->b_p_cm;
+ if (STRCMP(s, p) != 0)
+ ml_set_crypt_key(curbuf, curbuf->b_p_key,
+- crypt_method_from_string(s));
++ crypt_method_nr_from_name(s));
+
+ /* If the global value changes need to update the swapfile for all
+ * buffers using that value. */
+@@ -6204,7 +6212,7 @@ did_set_string_option(opt_idx, varp, new
+ for (buf = firstbuf; buf != NULL; buf = buf->b_next)
+ if (buf != curbuf && *buf->b_p_cm == NUL)
+ ml_set_crypt_key(buf, buf->b_p_key,
+- crypt_method_from_string(oldval));
++ crypt_method_nr_from_name(oldval));
+ }
+ }
+ }
+diff -up vim74/src/proto/blowfish.pro.blowfish2 vim74/src/proto/blowfish.pro
+--- vim74/src/proto/blowfish.pro.blowfish2 2013-08-10 13:37:06.000000000 +0200
++++ vim74/src/proto/blowfish.pro 2017-09-05 14:47:34.964911909 +0200
+@@ -1,10 +1,6 @@
+ /* blowfish.c */
+-void bf_key_init __ARGS((char_u *password, char_u *salt, int salt_len));
+-void bf_ofb_init __ARGS((char_u *iv, int iv_len));
+-void bf_crypt_encode __ARGS((char_u *from, size_t len, char_u *to));
+-void bf_crypt_decode __ARGS((char_u *ptr, long len));
+-void bf_crypt_init_keys __ARGS((char_u *passwd));
+-void bf_crypt_save __ARGS((void));
+-void bf_crypt_restore __ARGS((void));
++void crypt_blowfish_encode __ARGS((cryptstate_T *state, char_u *from, size_t len, char_u *to));
++void crypt_blowfish_decode __ARGS((cryptstate_T *state, char_u *from, size_t len, char_u *to));
++void crypt_blowfish_init __ARGS((cryptstate_T *state, char_u *key, char_u *salt, int salt_len, char_u *seed, int seed_len));
+ int blowfish_self_test __ARGS((void));
+ /* vim: set ft=c : */
+diff -up vim74/src/proto/crypt.pro.blowfish2 vim74/src/proto/crypt.pro
+--- vim74/src/proto/crypt.pro.blowfish2 2017-09-05 14:47:34.965911901 +0200
++++ vim74/src/proto/crypt.pro 2017-09-05 14:47:34.965911901 +0200
+@@ -0,0 +1,24 @@
++/* crypt.c */
++int crypt_method_nr_from_name __ARGS((char_u *name));
++int crypt_method_nr_from_magic __ARGS((char *ptr, int len));
++int crypt_works_inplace __ARGS((cryptstate_T *state));
++int crypt_get_method_nr __ARGS((buf_T *buf));
++int crypt_whole_undofile __ARGS((int method_nr));
++int crypt_get_header_len __ARGS((int method_nr));
++void crypt_set_cm_option __ARGS((buf_T *buf, int method_nr));
++int crypt_self_test __ARGS((void));
++cryptstate_T *crypt_create __ARGS((int method_nr, char_u *key, char_u *salt, int salt_len, char_u *seed, int seed_len));
++cryptstate_T *crypt_create_from_header __ARGS((int method_nr, char_u *key, char_u *header));
++cryptstate_T *crypt_create_from_file __ARGS((FILE *fp, char_u *key));
++cryptstate_T *crypt_create_for_writing __ARGS((int method_nr, char_u *key, char_u **header, int *header_len));
++void crypt_free_state __ARGS((cryptstate_T *state));
++long crypt_encode_alloc __ARGS((cryptstate_T *state, char_u *from, size_t len, char_u **newptr));
++long crypt_decode_alloc __ARGS((cryptstate_T *state, char_u *ptr, long len, char_u **newptr));
++void crypt_encode __ARGS((cryptstate_T *state, char_u *from, size_t len, char_u *to));
++void crypt_decode __ARGS((cryptstate_T *state, char_u *from, size_t len, char_u *to));
++void crypt_encode_inplace __ARGS((cryptstate_T *state, char_u *buf, size_t len));
++void crypt_decode_inplace __ARGS((cryptstate_T *state, char_u *buf, size_t len));
++void crypt_free_key __ARGS((char_u *key));
++char_u *crypt_get_key __ARGS((int store, int twice));
++void crypt_append_msg __ARGS((buf_T *buf));
++/* vim: set ft=c : */
+diff -up vim74/src/proto/crypt_zip.pro.blowfish2 vim74/src/proto/crypt_zip.pro
+--- vim74/src/proto/crypt_zip.pro.blowfish2 2017-09-05 14:47:34.965911901 +0200
++++ vim74/src/proto/crypt_zip.pro 2017-09-05 14:47:34.965911901 +0200
+@@ -0,0 +1,5 @@
++/* crypt_zip.c */
++void crypt_zip_init __ARGS((cryptstate_T *state, char_u *key, char_u *salt, int salt_len, char_u *seed, int seed_len));
++void crypt_zip_encode __ARGS((cryptstate_T *state, char_u *from, size_t len, char_u *to));
++void crypt_zip_decode __ARGS((cryptstate_T *state, char_u *from, size_t len, char_u *to));
++/* vim: set ft=c : */
+diff -up vim74/src/proto/fileio.pro.blowfish2 vim74/src/proto/fileio.pro
+--- vim74/src/proto/fileio.pro.blowfish2 2013-08-10 13:37:11.000000000 +0200
++++ vim74/src/proto/fileio.pro 2017-09-05 14:47:34.965911901 +0200
+@@ -4,8 +4,6 @@ int readfile __ARGS((char_u *fname, char
+ int prep_exarg __ARGS((exarg_T *eap, buf_T *buf));
+ void set_file_options __ARGS((int set_options, exarg_T *eap));
+ void set_forced_fenc __ARGS((exarg_T *eap));
+-int prepare_crypt_read __ARGS((FILE *fp));
+-char_u *prepare_crypt_write __ARGS((buf_T *buf, int *lenp));
+ int check_file_readonly __ARGS((char_u *fname, int perm));
+ int buf_write __ARGS((buf_T *buf, char_u *fname, char_u *sfname, linenr_T start, linenr_T end, exarg_T *eap, int append, int forceit, int reset_changed, int filtering));
+ void msg_add_fname __ARGS((buf_T *buf, char_u *fname));
+diff -up vim74/src/proto.h.blowfish2 vim74/src/proto.h
+--- vim74/src/proto.h.blowfish2 2013-02-26 14:18:19.000000000 +0100
++++ vim74/src/proto.h 2017-09-05 14:47:34.966911893 +0200
+@@ -70,6 +70,8 @@ extern int _stricoll __ARGS((char *a, ch
+
+ # ifdef FEAT_CRYPT
+ # include "blowfish.pro"
++# include "crypt.pro"
++# include "crypt_zip.pro"
+ # endif
+ # include "buffer.pro"
+ # include "charset.pro"
+diff -up vim74/src/proto/misc2.pro.blowfish2 vim74/src/proto/misc2.pro
+--- vim74/src/proto/misc2.pro.blowfish2 2013-08-10 13:37:20.000000000 +0200
++++ vim74/src/proto/misc2.pro 2017-09-05 14:47:34.966911893 +0200
+@@ -84,16 +84,6 @@ int illegal_slash __ARGS((char *name));
+ char_u *parse_shape_opt __ARGS((int what));
+ int get_shape_idx __ARGS((int mouse));
+ void update_mouseshape __ARGS((int shape_idx));
+-int crypt_method_from_string __ARGS((char_u *s));
+-int get_crypt_method __ARGS((buf_T *buf));
+-void set_crypt_method __ARGS((buf_T *buf, int method));
+-void crypt_push_state __ARGS((void));
+-void crypt_pop_state __ARGS((void));
+-void crypt_encode __ARGS((char_u *from, size_t len, char_u *to));
+-void crypt_decode __ARGS((char_u *ptr, long len));
+-void crypt_init_keys __ARGS((char_u *passwd));
+-void free_crypt_key __ARGS((char_u *key));
+-char_u *get_crypt_key __ARGS((int store, int twice));
+ void *vim_findfile_init __ARGS((char_u *path, char_u *filename, char_u *stopdirs, int level, int free_visited, int find_what, void *search_ctx_arg, int tagfile, char_u *rel_fname));
+ char_u *vim_findfile_stopdir __ARGS((char_u *buf));
+ void vim_findfile_cleanup __ARGS((void *ctx));
+@@ -116,5 +106,6 @@ time_t get8ctime __ARGS((FILE *fd));
+ char_u *read_string __ARGS((FILE *fd, int cnt));
+ int put_bytes __ARGS((FILE *fd, long_u nr, int len));
+ void put_time __ARGS((FILE *fd, time_t the_time));
++void time_to_bytes __ARGS((time_t the_time, char_u *buf));
+ int has_non_ascii __ARGS((char_u *s));
+ /* vim: set ft=c : */
+diff -up vim74/src/structs.h.blowfish2 vim74/src/structs.h
+--- vim74/src/structs.h.blowfish2 2017-09-05 14:47:34.839912918 +0200
++++ vim74/src/structs.h 2017-09-05 14:47:34.967911885 +0200
+@@ -1240,6 +1240,24 @@ typedef struct {
+ } syn_time_T;
+ #endif
+
++#ifdef FEAT_CRYPT
++/*
++ * Structure to hold the type of encryption and the state of encryption or
++ * decryption.
++ */
++typedef struct {
++ int method_nr;
++ void *method_state; /* method-specific state information */
++} cryptstate_T;
++
++/* values for method_nr */
++# define CRYPT_M_ZIP 0
++# define CRYPT_M_BF 1
++# define CRYPT_M_BF2 2
++# define CRYPT_M_COUNT 3 /* number of crypt methods */
++#endif
++
++
+ /*
+ * These are items normally related to a buffer. But when using ":ownsyntax"
+ * a window may have its own instance.
+@@ -1765,7 +1783,12 @@ struct file_buffer
+ int b_was_netbeans_file;/* TRUE if b_netbeans_file was once set */
+ #endif
+
+-};
++#ifdef FEAT_CRYPT
++ cryptstate_T *b_cryptstate; /* Encryption state while reading or writing
++ * the file. NULL when not using encryption. */
++#endif
++
++}; /* file_buffer */
+
+
+ #ifdef FEAT_DIFF
+diff -up vim74/src/testdir/test72.in.blowfish2 vim74/src/testdir/test72.in
+--- vim74/src/testdir/test72.in.blowfish2 2012-01-04 19:04:17.000000000 +0100
++++ vim74/src/testdir/test72.in 2017-09-05 15:23:47.590060199 +0200
+@@ -4,6 +4,7 @@ undo-able pieces. Do that by setting 'u
+
+ STARTTEST
+ :so small.vim
++:set belloff=all
+ :"
+ :" Test 'undofile': first a simple one-line change.
+ :set nocompatible viminfo+=nviminfo visualbell
+@@ -25,7 +26,6 @@ u:.w! test.out
+ :set undofile
+ :bwipe!
+ :e Xtestfile
+-:" TODO: this beeps
+ u:.w >>test.out
+ :"
+ :" Test 'undofile', add 10 lines, delete 6 lines, undo 3
+@@ -81,7 +81,8 @@ uu:w >>test.out
+ :"
+ :" With encryption, cryptmethod=blowfish
+ :e! Xtestfile
+-:set undofile cm=blowfish
++rubbish
++:set undofile cm=blowfish ff&
+ ggdGijan
+ feb
+ mar
+@@ -104,8 +105,38 @@ u:.w >>test.out
+ u:.w >>test.out
+ u:.w >>test.out
+ :"
++:" With encryption, cryptmethod=blowfish2
++:e! Xtestfile
++rubbish
++:set undofile cm=blowfish2 ff&
++ggdGijan
++feb
++mar
++apr
++jun�:set ul=100
++kk0ifoo �:set ul=100
++dd:set ul=100
++ibar �:set ul=100
++:X
++foo2bar
++foo2bar
++:w!
++:bwipe!
++:e Xtestfile
++foo2bar
++:set key=
++/bar
++:.w >>test.out
++u:.w >>test.out
++u:.w >>test.out
++u:.w >>test.out
++:"
+ :" Rename the undo file so that it gets cleaned up.
+-:call rename(".Xtestfile.un~", "Xtestundo")
++:if has("vms")
++: call rename("_un_Xtestfile", "Xtestundo")
++:else
++: call rename(".Xtestfile.un~", "Xtestundo")
++:endif
+ :qa!
+ ENDTEST
+
+diff -up vim74/src/testdir/test72.ok.blowfish2 vim74/src/testdir/test72.ok
+--- vim74/src/testdir/test72.ok.blowfish2 2012-01-04 19:04:17.000000000 +0100
++++ vim74/src/testdir/test72.ok 2017-09-05 15:23:47.596060147 +0200
+@@ -25,3 +25,7 @@ bar apr
+ apr
+ foo mar
+ mar
++bar apr
++apr
++foo mar
++mar
+diff -up vim74/src/undo.c.blowfish2 vim74/src/undo.c
+--- vim74/src/undo.c.blowfish2 2017-09-05 14:47:34.740913717 +0200
++++ vim74/src/undo.c 2017-09-05 14:47:34.973911836 +0200
+@@ -81,8 +81,25 @@
+ #define UH_MAGIC 0x18dade /* value for uh_magic when in use */
+ #define UE_MAGIC 0xabc123 /* value for ue_magic when in use */
+
++/* Size of buffer used for encryption. */
++#define CRYPT_BUF_SIZE 8192
++
+ #include "vim.h"
+
++/* Structure passed around between functions.
++ * Avoids passing cryptstate_T when encryption not available. */
++typedef struct {
++ buf_T *bi_buf;
++ FILE *bi_fp;
++#ifdef FEAT_CRYPT
++ cryptstate_T *bi_state;
++ char_u *bi_buffer; /* CRYPT_BUF_SIZE, NULL when not buffering */
++ size_t bi_used; /* bytes written to/read from bi_buffer */
++ size_t bi_avail; /* bytes available in bi_buffer */
++#endif
++} bufinfo_T;
++
++
+ static long get_undolevel __ARGS((void));
+ static void u_unch_branch __ARGS((u_header_T *uhp));
+ static u_entry_T *u_get_headentry __ARGS((void));
+@@ -98,18 +115,26 @@ static void u_freeentry __ARGS((u_entry_
+ #ifdef FEAT_PERSISTENT_UNDO
+ static void corruption_error __ARGS((char *mesg, char_u *file_name));
+ static void u_free_uhp __ARGS((u_header_T *uhp));
+-static size_t fwrite_crypt __ARGS((buf_T *buf UNUSED, char_u *ptr, size_t len, FILE *fp));
+-static char_u *read_string_decrypt __ARGS((buf_T *buf UNUSED, FILE *fd, int len));
+-static int serialize_header __ARGS((FILE *fp, buf_T *buf, char_u *hash));
+-static int serialize_uhp __ARGS((FILE *fp, buf_T *buf, u_header_T *uhp));
+-static u_header_T *unserialize_uhp __ARGS((FILE *fp, char_u *file_name));
+-static int serialize_uep __ARGS((FILE *fp, buf_T *buf, u_entry_T *uep));
+-static u_entry_T *unserialize_uep __ARGS((FILE *fp, int *error, char_u *file_name));
+-static void serialize_pos __ARGS((pos_T pos, FILE *fp));
+-static void unserialize_pos __ARGS((pos_T *pos, FILE *fp));
+-static void serialize_visualinfo __ARGS((visualinfo_T *info, FILE *fp));
+-static void unserialize_visualinfo __ARGS((visualinfo_T *info, FILE *fp));
+-static void put_header_ptr __ARGS((FILE *fp, u_header_T *uhp));
++static int undo_write __ARGS((bufinfo_T *bi, char_u *ptr, size_t len));
++static int undo_flush __ARGS((bufinfo_T *bi));
++static int fwrite_crypt __ARGS((bufinfo_T *bi, char_u *ptr, size_t len));
++static int undo_write_bytes __ARGS((bufinfo_T *bi, long_u nr, int len));
++static void put_header_ptr __ARGS((bufinfo_T *bi, u_header_T *uhp));
++static int undo_read_4c __ARGS((bufinfo_T *bi));
++static int undo_read_2c __ARGS((bufinfo_T *bi));
++static int undo_read_byte __ARGS((bufinfo_T *bi));
++static time_t undo_read_time __ARGS((bufinfo_T *bi));
++static int undo_read __ARGS((bufinfo_T *bi, char_u *buffer, size_t size));
++static char_u *read_string_decrypt __ARGS((bufinfo_T *bi, int len));
++static int serialize_header __ARGS((bufinfo_T *bi, char_u *hash));
++static int serialize_uhp __ARGS((bufinfo_T *bi, u_header_T *uhp));
++static u_header_T *unserialize_uhp __ARGS((bufinfo_T *bi, char_u *file_name));
++static int serialize_uep __ARGS((bufinfo_T *bi, u_entry_T *uep));
++static u_entry_T *unserialize_uep __ARGS((bufinfo_T *bi, int *error, char_u *file_name));
++static void serialize_pos __ARGS((bufinfo_T *bi, pos_T pos));
++static void unserialize_pos __ARGS((bufinfo_T *bi, pos_T *pos));
++static void serialize_visualinfo __ARGS((bufinfo_T *bi, visualinfo_T *info));
++static void unserialize_visualinfo __ARGS((bufinfo_T *bi, visualinfo_T *info));
+ #endif
+
+ #define U_ALLOC_LINE(size) lalloc((long_u)(size), FALSE)
+@@ -850,68 +875,294 @@ u_free_uhp(uhp)
+ }
+
+ /*
+- * Like fwrite() but crypt the bytes when 'key' is set.
+- * Returns 1 if successful.
++ * Write a sequence of bytes to the undo file.
++ * Buffers and encrypts as needed.
++ * Returns OK or FAIL.
+ */
+- static size_t
+-fwrite_crypt(buf, ptr, len, fp)
+- buf_T *buf UNUSED;
++ static int
++undo_write(bi, ptr, len)
++ bufinfo_T *bi;
++ char_u *ptr;
++ size_t len;
++{
++#ifdef FEAT_CRYPT
++ if (bi->bi_buffer != NULL)
++ {
++ size_t len_todo = len;
++ char_u *p = ptr;
++
++ while (bi->bi_used + len_todo >= CRYPT_BUF_SIZE)
++ {
++ size_t n = CRYPT_BUF_SIZE - bi->bi_used;
++
++ mch_memmove(bi->bi_buffer + bi->bi_used, p, n);
++ len_todo -= n;
++ p += n;
++ bi->bi_used = CRYPT_BUF_SIZE;
++ if (undo_flush(bi) == FAIL)
++ return FAIL;
++ }
++ if (len_todo > 0)
++ {
++ mch_memmove(bi->bi_buffer + bi->bi_used, p, len_todo);
++ bi->bi_used += len_todo;
++ }
++ return OK;
++ }
++#endif
++ if (fwrite(ptr, len, (size_t)1, bi->bi_fp) != 1)
++ return FAIL;
++ return OK;
++}
++
++#ifdef FEAT_CRYPT
++ static int
++undo_flush(bi)
++ bufinfo_T *bi;
++{
++ if (bi->bi_buffer != NULL && bi->bi_state != NULL && bi->bi_used > 0)
++ {
++ crypt_encode_inplace(bi->bi_state, bi->bi_buffer, bi->bi_used);
++ if (fwrite(bi->bi_buffer, bi->bi_used, (size_t)1, bi->bi_fp) != 1)
++ return FAIL;
++ bi->bi_used = 0;
++ }
++ return OK;
++}
++#endif
++
++/*
++ * Write "ptr[len]" and crypt the bytes when needed.
++ * Returns OK or FAIL.
++ */
++ static int
++fwrite_crypt(bi, ptr, len)
++ bufinfo_T *bi;
+ char_u *ptr;
+ size_t len;
+- FILE *fp;
+ {
+ #ifdef FEAT_CRYPT
+ char_u *copy;
+ char_u small_buf[100];
+ size_t i;
+
+- if (*buf->b_p_key == NUL)
+- return fwrite(ptr, len, (size_t)1, fp);
+- if (len < 100)
+- copy = small_buf; /* no malloc()/free() for short strings */
+- else
++ if (bi->bi_state != NULL && bi->bi_buffer == NULL)
+ {
+- copy = lalloc(len, FALSE);
+- if (copy == NULL)
+- return 0;
+- }
+- crypt_encode(ptr, len, copy);
+- i = fwrite(copy, len, (size_t)1, fp);
+- if (copy != small_buf)
+- vim_free(copy);
+- return i;
+-#else
+- return fwrite(ptr, len, (size_t)1, fp);
++ /* crypting every piece of text separately */
++ if (len < 100)
++ copy = small_buf; /* no malloc()/free() for short strings */
++ else
++ {
++ copy = lalloc(len, FALSE);
++ if (copy == NULL)
++ return 0;
++ }
++ crypt_encode(bi->bi_state, ptr, len, copy);
++ i = fwrite(copy, len, (size_t)1, bi->bi_fp);
++ if (copy != small_buf)
++ vim_free(copy);
++ return i == 1 ? OK : FAIL;
++ }
+ #endif
++ return undo_write(bi, ptr, len);
+ }
+
+ /*
+- * Read a string of length "len" from "fd".
+- * When 'key' is set decrypt the bytes.
++ * Write a number, MSB first, in "len" bytes.
++ * Must match with undo_read_?c() functions.
++ * Returns OK or FAIL.
+ */
+- static char_u *
+-read_string_decrypt(buf, fd, len)
+- buf_T *buf UNUSED;
+- FILE *fd;
++ static int
++undo_write_bytes(bi, nr, len)
++ bufinfo_T *bi;
++ long_u nr;
+ int len;
+ {
+- char_u *ptr;
++ char_u buf[8];
++ int i;
++ int bufi = 0;
++
++ for (i = len - 1; i >= 0; --i)
++ buf[bufi++] = nr >> (i * 8);
++ return undo_write(bi, buf, (size_t)len);
++}
+
+- ptr = read_string(fd, len);
++/*
++ * Write the pointer to an undo header. Instead of writing the pointer itself
++ * we use the sequence number of the header. This is converted back to
++ * pointers when reading. */
++ static void
++put_header_ptr(bi, uhp)
++ bufinfo_T *bi;
++ u_header_T *uhp;
++{
++ undo_write_bytes(bi, (long_u)(uhp != NULL ? uhp->uh_seq : 0), 4);
++}
++
++ static int
++undo_read_4c(bi)
++ bufinfo_T *bi;
++{
+ #ifdef FEAT_CRYPT
+- if (ptr != NULL && *buf->b_p_key != NUL)
+- crypt_decode(ptr, len);
++ if (bi->bi_buffer != NULL)
++ {
++ char_u buf[4];
++ int n;
++
++ undo_read(bi, buf, (size_t)4);
++ n = (buf[0] << 24) + (buf[1] << 16) + (buf[2] << 8) + buf[3];
++ return n;
++ }
+ #endif
++ return get4c(bi->bi_fp);
++}
++
++ static int
++undo_read_2c(bi)
++ bufinfo_T *bi;
++{
++#ifdef FEAT_CRYPT
++ if (bi->bi_buffer != NULL)
++ {
++ char_u buf[2];
++ int n;
++
++ undo_read(bi, buf, (size_t)2);
++ n = (buf[0] << 8) + buf[1];
++ return n;
++ }
++#endif
++ return get2c(bi->bi_fp);
++}
++
++ static int
++undo_read_byte(bi)
++ bufinfo_T *bi;
++{
++#ifdef FEAT_CRYPT
++ if (bi->bi_buffer != NULL)
++ {
++ char_u buf[1];
++
++ undo_read(bi, buf, (size_t)1);
++ return buf[0];
++ }
++#endif
++ return getc(bi->bi_fp);
++}
++
++ static time_t
++undo_read_time(bi)
++ bufinfo_T *bi;
++{
++#ifdef FEAT_CRYPT
++ if (bi->bi_buffer != NULL)
++ {
++ char_u buf[8];
++ time_t n = 0;
++ int i;
++
++ undo_read(bi, buf, (size_t)8);
++ for (i = 0; i < 8; ++i)
++ n = (n << 8) + buf[i];
++ return n;
++ }
++#endif
++ return get8ctime(bi->bi_fp);
++}
++
++/*
++ * Read "buffer[size]" from the undo file.
++ * Return OK or FAIL.
++ */
++ static int
++undo_read(bi, buffer, size)
++ bufinfo_T *bi;
++ char_u *buffer;
++ size_t size;
++{
++#ifdef FEAT_CRYPT
++ if (bi->bi_buffer != NULL)
++ {
++ int size_todo = size;
++ char_u *p = buffer;
++
++ while (size_todo > 0)
++ {
++ size_t n;
++
++ if (bi->bi_used >= bi->bi_avail)
++ {
++ n = fread(bi->bi_buffer, 1, (size_t)CRYPT_BUF_SIZE, bi->bi_fp);
++ if (n <= 0)
++ {
++ /* Error may be checked for only later. Fill with zeros,
++ * so that the reader won't use garbage. */
++ vim_memset(p, 0, size_todo);
++ return FAIL;
++ }
++ bi->bi_avail = n;
++ bi->bi_used = 0;
++ crypt_decode_inplace(bi->bi_state, bi->bi_buffer, bi->bi_avail);
++ }
++ n = size_todo;
++ if (n > bi->bi_avail - bi->bi_used)
++ n = bi->bi_avail - bi->bi_used;
++ mch_memmove(p, bi->bi_buffer + bi->bi_used, n);
++ bi->bi_used += n;
++ size_todo -= n;
++ p += n;
++ }
++ return OK;
++ }
++#endif
++ if (fread(buffer, (size_t)size, 1, bi->bi_fp) != 1)
++ return FAIL;
++ return OK;
++}
++
++/*
++ * Read a string of length "len" from "bi->bi_fd".
++ * "len" can be zero to allocate an empty line.
++ * Decrypt the bytes if needed.
++ * Append a NUL.
++ * Returns a pointer to allocated memory or NULL for failure.
++ */
++ static char_u *
++read_string_decrypt(bi, len)
++ bufinfo_T *bi;
++ int len;
++{
++ char_u *ptr = alloc((unsigned)len + 1);
++
++ if (ptr != NULL)
++ {
++ if (len > 0 && undo_read(bi, ptr, len) == FAIL)
++ {
++ vim_free(ptr);
++ return NULL;
++ }
++ ptr[len] = NUL;
++#ifdef FEAT_CRYPT
++ if (bi->bi_state != NULL && bi->bi_buffer == NULL)
++ crypt_decode_inplace(bi->bi_state, ptr, len);
++#endif
++ }
+ return ptr;
+ }
+
++/*
++ * Writes the (not encrypted) header and initializes encryption if needed.
++ */
+ static int
+-serialize_header(fp, buf, hash)
+- FILE *fp;
+- buf_T *buf;
++serialize_header(bi, hash)
++ bufinfo_T *bi;
+ char_u *hash;
+ {
+- int len;
++ int len;
++ buf_T *buf = bi->bi_buf;
++ FILE *fp = bi->bi_fp;
++ char_u time_buf[8];
+
+ /* Start writing, first the magic marker and undo info version. */
+ if (fwrite(UF_START_MAGIC, (size_t)UF_START_MAGIC_LEN, (size_t)1, fp) != 1)
+@@ -925,117 +1176,124 @@ serialize_header(fp, buf, hash)
+ char_u *header;
+ int header_len;
+
+- put_bytes(fp, (long_u)UF_VERSION_CRYPT, 2);
+- header = prepare_crypt_write(buf, &header_len);
+- if (header == NULL)
++ undo_write_bytes(bi, (long_u)UF_VERSION_CRYPT, 2);
++ bi->bi_state = crypt_create_for_writing(crypt_get_method_nr(buf),
++ buf->b_p_key, &header, &header_len);
++ if (bi->bi_state == NULL)
+ return FAIL;
+ len = (int)fwrite(header, (size_t)header_len, (size_t)1, fp);
+ vim_free(header);
+ if (len != 1)
+ {
+- crypt_pop_state();
++ crypt_free_state(bi->bi_state);
++ bi->bi_state = NULL;
+ return FAIL;
+ }
++
++ if (crypt_whole_undofile(crypt_get_method_nr(buf)))
++ {
++ bi->bi_buffer = alloc(CRYPT_BUF_SIZE);
++ if (bi->bi_buffer == NULL)
++ {
++ crypt_free_state(bi->bi_state);
++ bi->bi_state = NULL;
++ return FAIL;
++ }
++ bi->bi_used = 0;
++ }
+ }
+ else
+ #endif
+- put_bytes(fp, (long_u)UF_VERSION, 2);
++ undo_write_bytes(bi, (long_u)UF_VERSION, 2);
+
+
+ /* Write a hash of the buffer text, so that we can verify it is still the
+ * same when reading the buffer text. */
+- if (fwrite(hash, (size_t)UNDO_HASH_SIZE, (size_t)1, fp) != 1)
++ if (undo_write(bi, hash, (size_t)UNDO_HASH_SIZE) == FAIL)
+ return FAIL;
+
+ /* buffer-specific data */
+- put_bytes(fp, (long_u)buf->b_ml.ml_line_count, 4);
++ undo_write_bytes(bi, (long_u)buf->b_ml.ml_line_count, 4);
+ len = buf->b_u_line_ptr != NULL ? (int)STRLEN(buf->b_u_line_ptr) : 0;
+- put_bytes(fp, (long_u)len, 4);
+- if (len > 0 && fwrite_crypt(buf, buf->b_u_line_ptr, (size_t)len, fp) != 1)
++ undo_write_bytes(bi, (long_u)len, 4);
++ if (len > 0 && fwrite_crypt(bi, buf->b_u_line_ptr, (size_t)len) == FAIL)
+ return FAIL;
+- put_bytes(fp, (long_u)buf->b_u_line_lnum, 4);
+- put_bytes(fp, (long_u)buf->b_u_line_colnr, 4);
++ undo_write_bytes(bi, (long_u)buf->b_u_line_lnum, 4);
++ undo_write_bytes(bi, (long_u)buf->b_u_line_colnr, 4);
+
+ /* Undo structures header data */
+- put_header_ptr(fp, buf->b_u_oldhead);
+- put_header_ptr(fp, buf->b_u_newhead);
+- put_header_ptr(fp, buf->b_u_curhead);
+-
+- put_bytes(fp, (long_u)buf->b_u_numhead, 4);
+- put_bytes(fp, (long_u)buf->b_u_seq_last, 4);
+- put_bytes(fp, (long_u)buf->b_u_seq_cur, 4);
+- put_time(fp, buf->b_u_time_cur);
++ put_header_ptr(bi, buf->b_u_oldhead);
++ put_header_ptr(bi, buf->b_u_newhead);
++ put_header_ptr(bi, buf->b_u_curhead);
++
++ undo_write_bytes(bi, (long_u)buf->b_u_numhead, 4);
++ undo_write_bytes(bi, (long_u)buf->b_u_seq_last, 4);
++ undo_write_bytes(bi, (long_u)buf->b_u_seq_cur, 4);
++ time_to_bytes(buf->b_u_time_cur, time_buf);
++ undo_write(bi, time_buf, 8);
+
+ /* Optional fields. */
+- putc(4, fp);
+- putc(UF_LAST_SAVE_NR, fp);
+- put_bytes(fp, (long_u)buf->b_u_save_nr_last, 4);
++ undo_write_bytes(bi, 4, 1);
++ undo_write_bytes(bi, UF_LAST_SAVE_NR, 1);
++ undo_write_bytes(bi, (long_u)buf->b_u_save_nr_last, 4);
+
+- putc(0, fp); /* end marker */
++ undo_write_bytes(bi, 0, 1); /* end marker */
+
+ return OK;
+ }
+
+ static int
+-serialize_uhp(fp, buf, uhp)
+- FILE *fp;
+- buf_T *buf;
++serialize_uhp(bi, uhp)
++ bufinfo_T *bi;
+ u_header_T *uhp;
+ {
+ int i;
+ u_entry_T *uep;
++ char_u time_buf[8];
+
+- if (put_bytes(fp, (long_u)UF_HEADER_MAGIC, 2) == FAIL)
++ if (undo_write_bytes(bi, (long_u)UF_HEADER_MAGIC, 2) == FAIL)
+ return FAIL;
+
+- put_header_ptr(fp, uhp->uh_next.ptr);
+- put_header_ptr(fp, uhp->uh_prev.ptr);
+- put_header_ptr(fp, uhp->uh_alt_next.ptr);
+- put_header_ptr(fp, uhp->uh_alt_prev.ptr);
+- put_bytes(fp, uhp->uh_seq, 4);
+- serialize_pos(uhp->uh_cursor, fp);
++ put_header_ptr(bi, uhp->uh_next.ptr);
++ put_header_ptr(bi, uhp->uh_prev.ptr);
++ put_header_ptr(bi, uhp->uh_alt_next.ptr);
++ put_header_ptr(bi, uhp->uh_alt_prev.ptr);
++ undo_write_bytes(bi, uhp->uh_seq, 4);
++ serialize_pos(bi, uhp->uh_cursor);
+ #ifdef FEAT_VIRTUALEDIT
+- put_bytes(fp, (long_u)uhp->uh_cursor_vcol, 4);
++ undo_write_bytes(bi, (long_u)uhp->uh_cursor_vcol, 4);
+ #else
+- put_bytes(fp, (long_u)0, 4);
++ undo_write_bytes(bi, (long_u)0, 4);
+ #endif
+- put_bytes(fp, (long_u)uhp->uh_flags, 2);
++ undo_write_bytes(bi, (long_u)uhp->uh_flags, 2);
+ /* Assume NMARKS will stay the same. */
+ for (i = 0; i < NMARKS; ++i)
+- serialize_pos(uhp->uh_namedm[i], fp);
+-#ifdef FEAT_VISUAL
+- serialize_visualinfo(&uhp->uh_visual, fp);
+-#else
+- {
+- visualinfo_T info;
+-
+- memset(&info, 0, sizeof(visualinfo_T));
+- serialize_visualinfo(&info, fp);
+- }
+-#endif
+- put_time(fp, uhp->uh_time);
++ serialize_pos(bi, uhp->uh_namedm[i]);
++ serialize_visualinfo(bi, &uhp->uh_visual);
++ time_to_bytes(uhp->uh_time, time_buf);
++ undo_write(bi, time_buf, 8);
+
+ /* Optional fields. */
+- putc(4, fp);
+- putc(UHP_SAVE_NR, fp);
+- put_bytes(fp, (long_u)uhp->uh_save_nr, 4);
++ undo_write_bytes(bi, 4, 1);
++ undo_write_bytes(bi, UHP_SAVE_NR, 1);
++ undo_write_bytes(bi, (long_u)uhp->uh_save_nr, 4);
+
+- putc(0, fp); /* end marker */
++ undo_write_bytes(bi, 0, 1); /* end marker */
+
+ /* Write all the entries. */
+ for (uep = uhp->uh_entry; uep != NULL; uep = uep->ue_next)
+ {
+- put_bytes(fp, (long_u)UF_ENTRY_MAGIC, 2);
+- if (serialize_uep(fp, buf, uep) == FAIL)
++ undo_write_bytes(bi, (long_u)UF_ENTRY_MAGIC, 2);
++ if (serialize_uep(bi, uep) == FAIL)
+ return FAIL;
+ }
+- put_bytes(fp, (long_u)UF_ENTRY_END_MAGIC, 2);
++ undo_write_bytes(bi, (long_u)UF_ENTRY_END_MAGIC, 2);
+ return OK;
+ }
+
+ static u_header_T *
+-unserialize_uhp(fp, file_name)
+- FILE *fp;
++unserialize_uhp(bi, file_name)
++ bufinfo_T *bi;
+ char_u *file_name;
+ {
+ u_header_T *uhp;
+@@ -1051,63 +1309,56 @@ unserialize_uhp(fp, file_name)
+ #ifdef U_DEBUG
+ uhp->uh_magic = UH_MAGIC;
+ #endif
+- uhp->uh_next.seq = get4c(fp);
+- uhp->uh_prev.seq = get4c(fp);
+- uhp->uh_alt_next.seq = get4c(fp);
+- uhp->uh_alt_prev.seq = get4c(fp);
+- uhp->uh_seq = get4c(fp);
++ uhp->uh_next.seq = undo_read_4c(bi);
++ uhp->uh_prev.seq = undo_read_4c(bi);
++ uhp->uh_alt_next.seq = undo_read_4c(bi);
++ uhp->uh_alt_prev.seq = undo_read_4c(bi);
++ uhp->uh_seq = undo_read_4c(bi);
+ if (uhp->uh_seq <= 0)
+ {
+ corruption_error("uh_seq", file_name);
+ vim_free(uhp);
+ return NULL;
+ }
+- unserialize_pos(&uhp->uh_cursor, fp);
++ unserialize_pos(bi, &uhp->uh_cursor);
+ #ifdef FEAT_VIRTUALEDIT
+- uhp->uh_cursor_vcol = get4c(fp);
++ uhp->uh_cursor_vcol = undo_read_4c(bi);
+ #else
+- (void)get4c(fp);
++ (void)undo_read_4c(bi);
+ #endif
+- uhp->uh_flags = get2c(fp);
++ uhp->uh_flags = undo_read_2c(bi);
+ for (i = 0; i < NMARKS; ++i)
+- unserialize_pos(&uhp->uh_namedm[i], fp);
+-#ifdef FEAT_VISUAL
+- unserialize_visualinfo(&uhp->uh_visual, fp);
+-#else
+- {
+- visualinfo_T info;
+- unserialize_visualinfo(&info, fp);
+- }
+-#endif
+- uhp->uh_time = get8ctime(fp);
++ unserialize_pos(bi, &uhp->uh_namedm[i]);
++ unserialize_visualinfo(bi, &uhp->uh_visual);
++ uhp->uh_time = undo_read_time(bi);
+
+ /* Optional fields. */
+ for (;;)
+ {
+- int len = getc(fp);
++ int len = undo_read_byte(bi);
+ int what;
+
+ if (len == 0)
+ break;
+- what = getc(fp);
++ what = undo_read_byte(bi);
+ switch (what)
+ {
+ case UHP_SAVE_NR:
+- uhp->uh_save_nr = get4c(fp);
++ uhp->uh_save_nr = undo_read_4c(bi);
+ break;
+ default:
+ /* field not supported, skip */
+ while (--len >= 0)
+- (void)getc(fp);
++ (void)undo_read_byte(bi);
+ }
+ }
+
+ /* Unserialize the uep list. */
+ last_uep = NULL;
+- while ((c = get2c(fp)) == UF_ENTRY_MAGIC)
++ while ((c = undo_read_2c(bi)) == UF_ENTRY_MAGIC)
+ {
+ error = FALSE;
+- uep = unserialize_uep(fp, &error, file_name);
++ uep = unserialize_uep(bi, &error, file_name);
+ if (last_uep == NULL)
+ uhp->uh_entry = uep;
+ else
+@@ -1130,35 +1381,34 @@ unserialize_uhp(fp, file_name)
+ }
+
+ /*
+- * Serialize "uep" to "fp".
++ * Serialize "uep".
+ */
+ static int
+-serialize_uep(fp, buf, uep)
+- FILE *fp;
+- buf_T *buf;
++serialize_uep(bi, uep)
++ bufinfo_T *bi;
+ u_entry_T *uep;
+ {
+ int i;
+ size_t len;
+
+- put_bytes(fp, (long_u)uep->ue_top, 4);
+- put_bytes(fp, (long_u)uep->ue_bot, 4);
+- put_bytes(fp, (long_u)uep->ue_lcount, 4);
+- put_bytes(fp, (long_u)uep->ue_size, 4);
++ undo_write_bytes(bi, (long_u)uep->ue_top, 4);
++ undo_write_bytes(bi, (long_u)uep->ue_bot, 4);
++ undo_write_bytes(bi, (long_u)uep->ue_lcount, 4);
++ undo_write_bytes(bi, (long_u)uep->ue_size, 4);
+ for (i = 0; i < uep->ue_size; ++i)
+ {
+ len = STRLEN(uep->ue_array[i]);
+- if (put_bytes(fp, (long_u)len, 4) == FAIL)
++ if (undo_write_bytes(bi, (long_u)len, 4) == FAIL)
+ return FAIL;
+- if (len > 0 && fwrite_crypt(buf, uep->ue_array[i], len, fp) != 1)
++ if (len > 0 && fwrite_crypt(bi, uep->ue_array[i], len) == FAIL)
+ return FAIL;
+ }
+ return OK;
+ }
+
+ static u_entry_T *
+-unserialize_uep(fp, error, file_name)
+- FILE *fp;
++unserialize_uep(bi, error, file_name)
++ bufinfo_T *bi;
+ int *error;
+ char_u *file_name;
+ {
+@@ -1175,10 +1425,10 @@ unserialize_uep(fp, error, file_name)
+ #ifdef U_DEBUG
+ uep->ue_magic = UE_MAGIC;
+ #endif
+- uep->ue_top = get4c(fp);
+- uep->ue_bot = get4c(fp);
+- uep->ue_lcount = get4c(fp);
+- uep->ue_size = get4c(fp);
++ uep->ue_top = undo_read_4c(bi);
++ uep->ue_bot = undo_read_4c(bi);
++ uep->ue_lcount = undo_read_4c(bi);
++ uep->ue_size = undo_read_4c(bi);
+ if (uep->ue_size > 0)
+ {
+ array = (char_u **)U_ALLOC_LINE(sizeof(char_u *) * uep->ue_size);
+@@ -1195,9 +1445,9 @@ unserialize_uep(fp, error, file_name)
+
+ for (i = 0; i < uep->ue_size; ++i)
+ {
+- line_len = get4c(fp);
++ line_len = undo_read_4c(bi);
+ if (line_len >= 0)
+- line = read_string_decrypt(curbuf, fp, line_len);
++ line = read_string_decrypt(bi, line_len);
+ else
+ {
+ line = NULL;
+@@ -1214,83 +1464,71 @@ unserialize_uep(fp, error, file_name)
+ }
+
+ /*
+- * Serialize "pos" to "fp".
++ * Serialize "pos".
+ */
+ static void
+-serialize_pos(pos, fp)
++serialize_pos(bi, pos)
++ bufinfo_T *bi;
+ pos_T pos;
+- FILE *fp;
+ {
+- put_bytes(fp, (long_u)pos.lnum, 4);
+- put_bytes(fp, (long_u)pos.col, 4);
++ undo_write_bytes(bi, (long_u)pos.lnum, 4);
++ undo_write_bytes(bi, (long_u)pos.col, 4);
+ #ifdef FEAT_VIRTUALEDIT
+- put_bytes(fp, (long_u)pos.coladd, 4);
++ undo_write_bytes(bi, (long_u)pos.coladd, 4);
+ #else
+- put_bytes(fp, (long_u)0, 4);
++ undo_write_bytes(bi, (long_u)0, 4);
+ #endif
+ }
+
+ /*
+- * Unserialize the pos_T at the current position in fp.
++ * Unserialize the pos_T at the current position.
+ */
+ static void
+-unserialize_pos(pos, fp)
++unserialize_pos(bi, pos)
++ bufinfo_T *bi;
+ pos_T *pos;
+- FILE *fp;
+ {
+- pos->lnum = get4c(fp);
++ pos->lnum = undo_read_4c(bi);
+ if (pos->lnum < 0)
+ pos->lnum = 0;
+- pos->col = get4c(fp);
++ pos->col = undo_read_4c(bi);
+ if (pos->col < 0)
+ pos->col = 0;
+ #ifdef FEAT_VIRTUALEDIT
+- pos->coladd = get4c(fp);
++ pos->coladd = undo_read_4c(bi);
+ if (pos->coladd < 0)
+ pos->coladd = 0;
+ #else
+- (void)get4c(fp);
++ (void)undo_read_4c(bi);
+ #endif
+ }
+
+ /*
+- * Serialize "info" to "fp".
++ * Serialize "info".
+ */
+ static void
+-serialize_visualinfo(info, fp)
++serialize_visualinfo(bi, info)
++ bufinfo_T *bi;
+ visualinfo_T *info;
+- FILE *fp;
+ {
+- serialize_pos(info->vi_start, fp);
+- serialize_pos(info->vi_end, fp);
+- put_bytes(fp, (long_u)info->vi_mode, 4);
+- put_bytes(fp, (long_u)info->vi_curswant, 4);
++ serialize_pos(bi, info->vi_start);
++ serialize_pos(bi, info->vi_end);
++ undo_write_bytes(bi, (long_u)info->vi_mode, 4);
++ undo_write_bytes(bi, (long_u)info->vi_curswant, 4);
+ }
+
+ /*
+- * Unserialize the visualinfo_T at the current position in fp.
++ * Unserialize the visualinfo_T at the current position.
+ */
+ static void
+-unserialize_visualinfo(info, fp)
++unserialize_visualinfo(bi, info)
++ bufinfo_T *bi;
+ visualinfo_T *info;
+- FILE *fp;
+-{
+- unserialize_pos(&info->vi_start, fp);
+- unserialize_pos(&info->vi_end, fp);
+- info->vi_mode = get4c(fp);
+- info->vi_curswant = get4c(fp);
+-}
+-
+-/*
+- * Write the pointer to an undo header. Instead of writing the pointer itself
+- * we use the sequence number of the header. This is converted back to
+- * pointers when reading. */
+- static void
+-put_header_ptr(fp, uhp)
+- FILE *fp;
+- u_header_T *uhp;
+ {
+- put_bytes(fp, (long_u)(uhp != NULL ? uhp->uh_seq : 0), 4);
++ unserialize_pos(bi, &info->vi_start);
++ unserialize_pos(bi, &info->vi_end);
++ info->vi_mode = undo_read_4c(bi);
++ info->vi_curswant = undo_read_4c(bi);
+ }
+
+ /*
+@@ -1324,9 +1562,9 @@ u_write_undo(name, forceit, buf, hash)
+ struct stat st_old;
+ struct stat st_new;
+ #endif
+-#ifdef FEAT_CRYPT
+- int do_crypt = FALSE;
+-#endif
++ bufinfo_T bi;
++
++ vim_memset(&bi, 0, sizeof(bi));
+
+ if (name == NULL)
+ {
+@@ -1481,14 +1719,12 @@ u_write_undo(name, forceit, buf, hash)
+ u_sync(TRUE);
+
+ /*
+- * Write the header.
++ * Write the header. Initializes encryption, if enabled.
+ */
+- if (serialize_header(fp, buf, hash) == FAIL)
++ bi.bi_buf = buf;
++ bi.bi_fp = fp;
++ if (serialize_header(&bi, hash) == FAIL)
+ goto write_error;
+-#ifdef FEAT_CRYPT
+- if (*buf->b_p_key != NUL)
+- do_crypt = TRUE;
+-#endif
+
+ /*
+ * Iteratively serialize UHPs and their UEPs from the top down.
+@@ -1504,7 +1740,7 @@ u_write_undo(name, forceit, buf, hash)
+ #ifdef U_DEBUG
+ ++headers_written;
+ #endif
+- if (serialize_uhp(fp, buf, uhp) == FAIL)
++ if (serialize_uhp(&bi, uhp) == FAIL)
+ goto write_error;
+ }
+
+@@ -1523,7 +1759,7 @@ u_write_undo(name, forceit, buf, hash)
+ uhp = uhp->uh_next.ptr;
+ }
+
+- if (put_bytes(fp, (long_u)UF_HEADER_END_MAGIC, 2) == OK)
++ if (undo_write_bytes(&bi, (long_u)UF_HEADER_END_MAGIC, 2) == OK)
+ write_ok = TRUE;
+ #ifdef U_DEBUG
+ if (headers_written != buf->b_u_numhead)
+@@ -1533,6 +1769,11 @@ u_write_undo(name, forceit, buf, hash)
+ }
+ #endif
+
++#ifdef FEAT_CRYPT
++ if (bi.bi_state != NULL && undo_flush(&bi) == FAIL)
++ write_ok = FALSE;
++#endif
++
+ write_error:
+ fclose(fp);
+ if (!write_ok)
+@@ -1558,8 +1799,9 @@ write_error:
+
+ theend:
+ #ifdef FEAT_CRYPT
+- if (do_crypt)
+- crypt_pop_state();
++ if (bi.bi_state != NULL)
++ crypt_free_state(bi.bi_state);
++ vim_free(bi.bi_buffer);
+ #endif
+ if (file_name != name)
+ vim_free(file_name);
+@@ -1605,10 +1847,9 @@ u_read_undo(name, hash, orig_name)
+ struct stat st_orig;
+ struct stat st_undo;
+ #endif
+-#ifdef FEAT_CRYPT
+- int do_decrypt = FALSE;
+-#endif
++ bufinfo_T bi;
+
++ vim_memset(&bi, 0, sizeof(bi));
+ if (name == NULL)
+ {
+ file_name = u_get_undo_file_name(curbuf->b_ffname, TRUE);
+@@ -1651,6 +1892,8 @@ u_read_undo(name, hash, orig_name)
+ EMSG2(_("E822: Cannot open undo file for reading: %s"), file_name);
+ goto error;
+ }
++ bi.bi_buf = curbuf;
++ bi.bi_fp = fp;
+
+ /*
+ * Read the undo file header.
+@@ -1671,12 +1914,24 @@ u_read_undo(name, hash, orig_name)
+ file_name);
+ goto error;
+ }
+- if (prepare_crypt_read(fp) == FAIL)
++ bi.bi_state = crypt_create_from_file(fp, curbuf->b_p_key);
++ if (bi.bi_state == NULL)
+ {
+ EMSG2(_("E826: Undo file decryption failed: %s"), file_name);
+ goto error;
+ }
+- do_decrypt = TRUE;
++ if (crypt_whole_undofile(bi.bi_state->method_nr))
++ {
++ bi.bi_buffer = alloc(CRYPT_BUF_SIZE);
++ if (bi.bi_buffer == NULL)
++ {
++ crypt_free_state(bi.bi_state);
++ bi.bi_state = NULL;
++ goto error;
++ }
++ bi.bi_avail = 0;
++ bi.bi_used = 0;
++ }
+ #else
+ EMSG2(_("E827: Undo file is encrypted: %s"), file_name);
+ goto error;
+@@ -1688,12 +1943,12 @@ u_read_undo(name, hash, orig_name)
+ goto error;
+ }
+
+- if (fread(read_hash, UNDO_HASH_SIZE, 1, fp) != 1)
++ if (undo_read(&bi, read_hash, (size_t)UNDO_HASH_SIZE) == FAIL)
+ {
+ corruption_error("hash", file_name);
+ goto error;
+ }
+- line_count = (linenr_T)get4c(fp);
++ line_count = (linenr_T)undo_read_4c(&bi);
+ if (memcmp(hash, read_hash, UNDO_HASH_SIZE) != 0
+ || line_count != curbuf->b_ml.ml_line_count)
+ {
+@@ -1710,13 +1965,13 @@ u_read_undo(name, hash, orig_name)
+ }
+
+ /* Read undo data for "U" command. */
+- str_len = get4c(fp);
++ str_len = undo_read_4c(&bi);
+ if (str_len < 0)
+ goto error;
+ if (str_len > 0)
+- line_ptr = read_string_decrypt(curbuf, fp, str_len);
+- line_lnum = (linenr_T)get4c(fp);
+- line_colnr = (colnr_T)get4c(fp);
++ line_ptr = read_string_decrypt(&bi, str_len);
++ line_lnum = (linenr_T)undo_read_4c(&bi);
++ line_colnr = (colnr_T)undo_read_4c(&bi);
+ if (line_lnum < 0 || line_colnr < 0)
+ {
+ corruption_error("line lnum/col", file_name);
+@@ -1724,32 +1979,32 @@ u_read_undo(name, hash, orig_name)
+ }
+
+ /* Begin general undo data */
+- old_header_seq = get4c(fp);
+- new_header_seq = get4c(fp);
+- cur_header_seq = get4c(fp);
+- num_head = get4c(fp);
+- seq_last = get4c(fp);
+- seq_cur = get4c(fp);
+- seq_time = get8ctime(fp);
++ old_header_seq = undo_read_4c(&bi);
++ new_header_seq = undo_read_4c(&bi);
++ cur_header_seq = undo_read_4c(&bi);
++ num_head = undo_read_4c(&bi);
++ seq_last = undo_read_4c(&bi);
++ seq_cur = undo_read_4c(&bi);
++ seq_time = undo_read_time(&bi);
+
+ /* Optional header fields. */
+ for (;;)
+ {
+- int len = getc(fp);
++ int len = undo_read_byte(&bi);
+ int what;
+
+ if (len == 0 || len == EOF)
+ break;
+- what = getc(fp);
++ what = undo_read_byte(&bi);
+ switch (what)
+ {
+ case UF_LAST_SAVE_NR:
+- last_save_nr = get4c(fp);
++ last_save_nr = undo_read_4c(&bi);
+ break;
+ default:
+ /* field not supported, skip */
+ while (--len >= 0)
+- (void)getc(fp);
++ (void)undo_read_byte(&bi);
+ }
+ }
+
+@@ -1765,7 +2020,7 @@ u_read_undo(name, hash, orig_name)
+ goto error;
+ }
+
+- while ((c = get2c(fp)) == UF_HEADER_MAGIC)
++ while ((c = undo_read_2c(&bi)) == UF_HEADER_MAGIC)
+ {
+ if (num_read_uhps >= num_head)
+ {
+@@ -1773,7 +2028,7 @@ u_read_undo(name, hash, orig_name)
+ goto error;
+ }
+
+- uhp = unserialize_uhp(fp, file_name);
++ uhp = unserialize_uhp(&bi, file_name);
+ if (uhp == NULL)
+ goto error;
+ uhp_table[num_read_uhps++] = uhp;
+@@ -1905,8 +2160,9 @@ error:
+
+ theend:
+ #ifdef FEAT_CRYPT
+- if (do_decrypt)
+- crypt_pop_state();
++ if (bi.bi_state != NULL)
++ crypt_free_state(bi.bi_state);
++ vim_free(bi.bi_buffer);
+ #endif
+ if (fp != NULL)
+ fclose(fp);
+diff -up vim74/src/version.c.blowfish2 vim74/src/version.c
+--- vim74/src/version.c.blowfish2 2017-09-05 14:47:34.768913491 +0200
++++ vim74/src/version.c 2017-09-05 14:47:34.973911836 +0200
+@@ -739,6 +739,14 @@ static char *(features[]) =
+ static int included_patches[] =
+ { /* Add new patch number below this line */
+ /**/
++ 1099,
++/**/
++ 403,
++/**/
++ 402,
++/**/
++ 399,
++/**/
+ 160,
+ /**/
+ 159,
diff --git a/SOURCES/vim-7.4-c++11.patch b/SOURCES/vim-7.4-c++11.patch
new file mode 100644
index 0000000..91268b0
--- /dev/null
+++ b/SOURCES/vim-7.4-c++11.patch
@@ -0,0 +1,114 @@
+diff -up vim74/runtime/syntax/cpp.vim.c++11 vim74/runtime/syntax/cpp.vim
+--- vim74/runtime/syntax/cpp.vim.c++11 2017-08-23 17:49:00.722250142 +0200
++++ vim74/runtime/syntax/cpp.vim 2017-08-23 17:49:29.132979711 +0200
+@@ -1,29 +1,23 @@
+ " Vim syntax file
+ " Language: C++
+-" Current Maintainer: vim-jp (https://github.com/vim-jp/cpp-vim)
++" Current Maintainer: vim-jp (https://github.com/vim-jp/vim-cpp)
+ " Previous Maintainer: Ken Shan <ccshan@post.harvard.edu>
+-" Last Change: 2012 Jun 14
++" Last Change: 2017 Jun 05
+
+-" For version 5.x: Clear all syntax items
+-" For version 6.x: Quit when a syntax file was already loaded
+-if version < 600
+- syntax clear
+-elseif exists("b:current_syntax")
++" quit when a syntax file was already loaded
++if exists("b:current_syntax")
+ finish
+ endif
+
+ " Read the C syntax to start with
+-if version < 600
+- so <sfile>:p:h/c.vim
+-else
+- runtime! syntax/c.vim
+- unlet b:current_syntax
+-endif
++runtime! syntax/c.vim
++unlet b:current_syntax
+
+ " C++ extensions
+ syn keyword cppStatement new delete this friend using
+ syn keyword cppAccess public protected private
+-syn keyword cppType inline virtual explicit export bool wchar_t
++syn keyword cppModifier inline virtual explicit export
++syn keyword cppType bool wchar_t
+ syn keyword cppExceptions throw try catch
+ syn keyword cppOperator operator typeid
+ syn keyword cppOperator and bitor or xor compl bitand and_eq or_eq xor_eq not not_eq
+@@ -32,38 +26,51 @@ syn match cppCast "\<\(const\|static\|d
+ syn keyword cppStorageClass mutable
+ syn keyword cppStructure class typename template namespace
+ syn keyword cppBoolean true false
++syn keyword cppConstant __cplusplus
+
+ " C++ 11 extensions
+ if !exists("cpp_no_cpp11")
+- syn keyword cppType override final
++ syn keyword cppModifier override final
++ syn keyword cppType nullptr_t auto
+ syn keyword cppExceptions noexcept
+- syn keyword cppStorageClass constexpr decltype
++ syn keyword cppStorageClass constexpr decltype thread_local
+ syn keyword cppConstant nullptr
++ syn keyword cppConstant ATOMIC_FLAG_INIT ATOMIC_VAR_INIT
++ syn keyword cppConstant ATOMIC_BOOL_LOCK_FREE ATOMIC_CHAR_LOCK_FREE
++ syn keyword cppConstant ATOMIC_CHAR16_T_LOCK_FREE ATOMIC_CHAR32_T_LOCK_FREE
++ syn keyword cppConstant ATOMIC_WCHAR_T_LOCK_FREE ATOMIC_SHORT_LOCK_FREE
++ syn keyword cppConstant ATOMIC_INT_LOCK_FREE ATOMIC_LONG_LOCK_FREE
++ syn keyword cppConstant ATOMIC_LLONG_LOCK_FREE ATOMIC_POINTER_LOCK_FREE
++ syn region cppRawString matchgroup=cppRawStringDelimiter start=+\%(u8\|[uLU]\)\=R"\z([[:alnum:]_{}[\]#<>%:;.?*\+\-/\^&|~!=,"']\{,16}\)(+ end=+)\z1"+ contains=@Spell
++endif
++
++" C++ 14 extensions
++if !exists("cpp_no_cpp14")
++ syn case ignore
++ syn match cppNumber display "\<0b[01]\('\=[01]\+\)*\(u\=l\{0,2}\|ll\=u\)\>"
++ syn match cppNumber display "\<[1-9]\('\=\d\+\)*\(u\=l\{0,2}\|ll\=u\)\>" contains=cFloat
++ syn match cppNumber display "\<0x\x\('\=\x\+\)*\(u\=l\{0,2}\|ll\=u\)\>"
++ syn case match
+ endif
+
+ " The minimum and maximum operators in GNU C++
+ syn match cppMinMax "[<>]?"
+
+ " Default highlighting
+-if version >= 508 || !exists("did_cpp_syntax_inits")
+- if version < 508
+- let did_cpp_syntax_inits = 1
+- command -nargs=+ HiLink hi link <args>
+- else
+- command -nargs=+ HiLink hi def link <args>
+- endif
+- HiLink cppAccess cppStatement
+- HiLink cppCast cppStatement
+- HiLink cppExceptions Exception
+- HiLink cppOperator Operator
+- HiLink cppStatement Statement
+- HiLink cppType Type
+- HiLink cppStorageClass StorageClass
+- HiLink cppStructure Structure
+- HiLink cppBoolean Boolean
+- HiLink cppConstant Constant
+- delcommand HiLink
+-endif
++hi def link cppAccess cppStatement
++hi def link cppCast cppStatement
++hi def link cppExceptions Exception
++hi def link cppOperator Operator
++hi def link cppStatement Statement
++hi def link cppModifier Type
++hi def link cppType Type
++hi def link cppStorageClass StorageClass
++hi def link cppStructure Structure
++hi def link cppBoolean Boolean
++hi def link cppConstant Constant
++hi def link cppRawStringDelimiter Delimiter
++hi def link cppRawString String
++hi def link cppNumber Number
+
+ let b:current_syntax = "cpp"
+
diff --git a/SPECS/vim.spec b/SPECS/vim.spec
index 3cc96c2..cb03cb2 100644
--- a/SPECS/vim.spec
+++ b/SPECS/vim.spec
@@ -20,7 +20,7 @@ Summary: The VIM editor
URL: http://www.vim.org/
Name: vim
Version: %{baseversion}.%{patchlevel}
-Release: 2%{?dist}
+Release: 4%{?dist}
License: Vim
Group: Applications/Editors
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}.tar.bz2
@@ -222,6 +222,10 @@ Patch3013: vim-7.3-xsubpp-path.patch
Patch3014: vim-manpagefixes-948566.patch
Patch3015: vim-7.4-CVE-2016-1248.patch
Patch3016: vim-7.4-yamlsyntax.patch
+# 1267826 - Include c++11 syntax highlighting in vim
+Patch3017: vim-7.4-c++11.patch
+# 1319760 - [RFE] Vim should support blowfish2, plus ensure that RHEL6 encrypted files can be opened in RHEL7
+Patch3018: vim-7.4-blowfish2.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: python-devel ncurses-devel gettext perl-devel
@@ -537,6 +541,8 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
%patch3014 -p1
%patch3015 -p1
%patch3016 -p1
+%patch3017 -p1
+%patch3018 -p1
%build
cp -f %{SOURCE5} .
@@ -746,8 +752,8 @@ sed -i -e "s/augroup fedora/augroup redhat/" %{buildroot}/%{_sysconfdir}/vimrc
sed -i -e "s/augroup fedora/augroup redhat/" %{buildroot}/%{_sysconfdir}/virc
%endif
(cd %{buildroot}/%{_datadir}/%{name}/%{vimdir}/doc;
- gzip -9 *.txt
- gzip -d help.txt.gz version7.txt.gz sponsor.txt.gz
+ gzip -n -9 *.txt
+ gzip -n -d help.txt.gz version7.txt.gz sponsor.txt.gz
cp %{SOURCE12} .
cat tags | sed -e 's/\t\(.*.txt\)\t/\t\1.gz\t/;s/\thelp.txt.gz\t/\thelp.txt\t/;s/\tversion7.txt.gz\t/\tversion7.txt\t/;s/\tsponsor.txt.gz\t/\tsponsor.txt\t/' > tags.new; mv -f tags.new tags
cat >> tags << EOF
@@ -1020,6 +1026,13 @@ rm -rf %{buildroot}
%{_datadir}/icons/hicolor/*/apps/*
%changelog
+* Tue Sep 05 2017 Zdenek Dohnal <zdohnal@redhat.com> - 2:7.4.160-4
+- fixed upstream tests, which failed after last build
+
+* Wed Aug 23 2017 Zdenek Dohnal <zdohnal@redhat.com> - 2:7.4.160-3
+- 1267826 - Include c++11 syntax highlighting in vim
+- 1319760 - [RFE] Vim should support blowfish2, plus ensure that RHEL6 encrypted files can be opened in RHEL7
+
* Fri Jan 20 2017 Zdenek Dohnal <zdohnal@redhat.com> - 2:7.4.160-2
- 1383902 - CPU spikes to 100% and timeouts observed in strace when opening yaml extensions using vim