Merge branch 'main' into autoreload

Projects/Src/Compiler.SetupCompiler.pas

@@ -355,6 +355,7 @@ const
   DefaultTypeEntryNames: array[0..2] of PChar = ('full', 'compact', 'custom');
 
   MaxDiskSliceSize = 2100000000;
+  DefaultKDFIterations = 220000;
 
 function ExtractStr(var S: String; const Separator: Char): String;
 var
@@ -2846,7 +2847,7 @@ begin
       end;
     ssEncryptionKeyDerivation: begin
         if Value = 'pbkdf2' then
-          SetupEncryptionHeader.KDFIterations := 200000
+          SetupEncryptionHeader.KDFIterations := DefaultKDFIterations
         else if Copy(Value, 1, 7) = 'pbkdf2/' then begin
           I := StrToIntDef(Copy(Value, 8, Maxint), -1);
           if I < 1 then
@@ -7730,7 +7731,7 @@ begin
     ReserveBytes := 0;
     TimeStampRounding := 2;
     SetupEncryptionHeader.EncryptionUse := euNone;
-    SetupEncryptionHeader.KDFIterations := 220000;
+    SetupEncryptionHeader.KDFIterations := DefaultKDFIterations;
     SetupHeader.MinVersion.WinVersion := 0;
     SetupHeader.MinVersion.NTVersion := $06010000;
     SetupHeader.MinVersion.NTServicePack := $100;

Projects/Src/Setup.MainFunc.pas

@@ -2588,12 +2588,18 @@ var
     Delete(S, 1, P);
   end;
 
-  procedure AbortInit(const Msg: TSetupMessageID);
+  procedure AbortInit(const Msg: TSetupMessageID); overload;
   begin
     LoggedMsgBox(SetupMessages[Msg], '', mbCriticalError, MB_OK, True, IDOK);
     Abort;
   end;
 
+  procedure AbortInit(const Msg: String); overload;
+  begin
+    LoggedMsgBox(Msg, '', mbCriticalError, MB_OK, True, IDOK);
+    Abort;
+  end;
+
   procedure AbortInitFmt1(const Msg: TSetupMessageID; const Arg1: String);
   begin
     LoggedMsgBox(FmtSetupMessage(Msg, [Arg1]), '', mbCriticalError, MB_OK, True, IDOK);
@@ -2725,8 +2731,7 @@ var
     end;
   end;
 
-  function HandleInitPassword(const NeedPassword, AllowSetFileExtractorCryptKey: Boolean;
-    out CryptKey: TSetupEncryptionKey): Boolean; overload;
+  function HandleInitPassword(const NeedPassword: Boolean): Boolean;
   { Handles InitPassword and returns the updated value of NeedPassword }
   { Also see WizardForm.CheckPassword }
   begin
@@ -2735,6 +2740,7 @@ var
     if NeedPassword and (InitPassword <> '') then begin
       var PasswordOk := False;
       var S := InitPassword;
+      var CryptKey: TSetupEncryptionKey;
       GenerateEncryptionKey(S, SetupEncryptionHeader.KDFSalt, SetupEncryptionHeader.KDFIterations, CryptKey);
       if shPassword in SetupHeader.Options then
         PasswordOk := TestPassword(CryptKey, SetupEncryptionHeader.BaseNonce, SetupEncryptionHeader.PasswordTest);
@@ -2743,18 +2749,12 @@ var
 
       if PasswordOk then begin
         Result := False;
-        if AllowSetFileExtractorCryptKey and (SetupEncryptionHeader.EncryptionUse <> euNone) then
+        if SetupEncryptionHeader.EncryptionUse = euFiles then
           FileExtractor.CryptKey := CryptKey;
       end;
     end;
   end;
 
-  function HandleInitPassword(const NeedPassword: Boolean): Boolean; overload;
-  begin
-    var CryptKey: TSetupEncryptionKey;
-    Result := HandleInitPassword(NeedPassword, True, CryptKey);
-  end;
-
   procedure SetupInstallMode;
   begin
     if InitVerySilent then
@@ -3079,7 +3079,6 @@ begin
   SetupMessages[msgSetupFileMissing] := SSetupFileMissing;
   SetupMessages[msgSetupFileCorrupt] := SSetupFileCorrupt;
   SetupMessages[msgSetupFileCorruptOrWrongVer] := SSetupFileCorruptOrWrongVer;
-  SetupMessages[msgIncorrectPassword] := SIncorrectPassword;
 
   { Read setup-0.bin, or from EXE }
   if not SetupLdrMode then begin
@@ -3106,13 +3105,12 @@ begin
     var CryptKey: TSetupEncryptionKey;
     if SetupEncryptionHeader.EncryptionUse = euFull then begin
       if InitPassword = '' then
-        raise Exception.Create(SMissingPassword);
-      { HandleInitPassword requires this }
-      SetupHeader.Options := SetupHeader.Options + [shPassword];
-      { Specifying False for AllowSetFileExtractorCryptKey because FileExtractor (a function!)
-        requires SetupHeader.CompressMethod to be set, so delaying until SetupHeader is read below }
-      if HandleInitPassword(True, False, CryptKey) then { HandleInitPassword returns True on failure }
-        AbortInit(msgIncorrectPassword)
+        AbortInit(SMissingPassword);
+      GenerateEncryptionKey(InitPassword, SetupEncryptionHeader.KDFSalt, SetupEncryptionHeader.KDFIterations, CryptKey);
+      if not TestPassword(CryptKey, SetupEncryptionHeader.BaseNonce, SetupEncryptionHeader.PasswordTest) then
+        AbortInit(SIncorrectPassword);
+      { FileExtractor (a function!) requires SetupHeader.CompressMethod to be set, so delaying setting
+        FileExtractor.CryptKey until SetupHeader is read below }
     end;
 
     try

Projects/Src/Setup.WizardForm.pas

@@ -2444,7 +2444,7 @@ procedure TWizardForm.NextButtonClick(Sender: TObject);
 
     if Result then begin
       NeedPassword := False;
-      if SetupEncryptionHeader.EncryptionUse <> euNone then
+      if SetupEncryptionHeader.EncryptionUse = euFiles then
         FileExtractor.CryptKey := CryptKey;
       PasswordEdit.Text := '';
     end else begin

Projects/Src/SetupLdrAndSetup.Messages.pas

@@ -47,6 +47,7 @@ const
     'obtain a new copy of the program.';
   SMsgsFileMissing = 'Messages file "%s" is missing. Please correct ' +
     'the problem or obtain a new copy of the program.';
+  { These currently always occur before the messages file is loaded }
   SMissingPassword = 'Please specify the password using the /PASSWORD= command line parameter.';
   SIncorrectPassword = 'The password you specified is not correct. Please try again.';
 

compile.bat

@@ -90,6 +90,7 @@ if errorlevel 1 goto failed
 
 echo Success!
 
+if "%1"=="issigtool" goto exit
 rem  Sign using user's private key - will be overwritten if called by build.bat
 call .\issig.bat sign Files\ISCmplr.dll Files\ISPP.dll Files\Setup.e32 Files\SetupLdr.e32
 if errorlevel 1 goto failed