From 15021c7b05a0119eed626bbf8a6797be86574443 Mon Sep 17 00:00:00 2001
From: Richard Webb <webby@beardmouse.co.uk>
Date: Mon, 4 Mar 2019 16:55:31 +0000
Subject: [PATCH] Change ZipEntry.ProcessAESExtraData to not set the
 StrongEncryption flag for WinZipAes encrypted entries.

---
 src/ICSharpCode.SharpZipLib/Zip/ZipEntry.cs |  5 ++-
 src/ICSharpCode.SharpZipLib/Zip/ZipFile.cs  | 40 ++++++++++++---------
 2 files changed, 26 insertions(+), 19 deletions(-)

diff --git a/src/ICSharpCode.SharpZipLib/Zip/ZipEntry.cs b/src/ICSharpCode.SharpZipLib/Zip/ZipEntry.cs
index 572108f0f..03dad130b 100644
--- a/src/ICSharpCode.SharpZipLib/Zip/ZipEntry.cs
+++ b/src/ICSharpCode.SharpZipLib/Zip/ZipEntry.cs
@@ -1131,10 +1131,9 @@ private void ProcessAESExtraData(ZipExtraData extraData)
 		{
 			if (extraData.Find(0x9901))
 			{
-				// Set version and flag for Zipfile.CreateAndInitDecryptionStream
+				// Set version for Zipfile.CreateAndInitDecryptionStream
 				versionToExtract = ZipConstants.VERSION_AES;            // Ver 5.1 = AES see "Version" getter
-																		// Set StrongEncryption flag for ZipFile.CreateAndInitDecryptionStream
-				Flags = Flags | (int)GeneralBitFlags.StrongEncryption;
+
 				//
 				// Unpack AES extra data field see http://www.winzip.com/aes_info.htm
 				int length = extraData.ValueLength;         // Data size currently 7
diff --git a/src/ICSharpCode.SharpZipLib/Zip/ZipFile.cs b/src/ICSharpCode.SharpZipLib/Zip/ZipFile.cs
index 0db9cc7f0..2a630c67c 100644
--- a/src/ICSharpCode.SharpZipLib/Zip/ZipFile.cs
+++ b/src/ICSharpCode.SharpZipLib/Zip/ZipFile.cs
@@ -3542,23 +3542,9 @@ private Stream CreateAndInitDecryptionStream(Stream baseStream, ZipEntry entry)
 		{
 			CryptoStream result = null;
 
-			if ((entry.Version < ZipConstants.VersionStrongEncryption)
-				|| (entry.Flags & (int)GeneralBitFlags.StrongEncryption) == 0)
-			{
-				var classicManaged = new PkzipClassicManaged();
-
-				OnKeysRequired(entry.Name);
-				if (HaveKeys == false)
-				{
-					throw new ZipException("No password available for encrypted stream");
-				}
-
-				result = new CryptoStream(baseStream, classicManaged.CreateDecryptor(key, null), CryptoStreamMode.Read);
-				CheckClassicPassword(result, entry);
-			}
-			else
+			if (entry.CompressionMethodForHeader == CompressionMethod.WinZipAES)
 			{
-				if (entry.Version == ZipConstants.VERSION_AES)
+				if (entry.Version >= ZipConstants.VERSION_AES)
 				{
 					//
 					OnKeysRequired(entry.Name);
@@ -3587,6 +3573,28 @@ private Stream CreateAndInitDecryptionStream(Stream baseStream, ZipEntry entry)
 					throw new ZipException("Decryption method not supported");
 				}
 			}
+			else
+			{
+				if ((entry.Version < ZipConstants.VersionStrongEncryption)
+					|| (entry.Flags & (int)GeneralBitFlags.StrongEncryption) == 0)
+				{
+					var classicManaged = new PkzipClassicManaged();
+
+					OnKeysRequired(entry.Name);
+					if (HaveKeys == false)
+					{
+						throw new ZipException("No password available for encrypted stream");
+					}
+
+					result = new CryptoStream(baseStream, classicManaged.CreateDecryptor(key, null), CryptoStreamMode.Read);
+					CheckClassicPassword(result, entry);
+				}
+				else
+				{
+					// We don't support PKWare strong encryption
+					throw new ZipException("Decryption method not supported");
+				}
+			}
 
 			return result;
 		}