Patch 8.2.3245
Problem: The crypt key may appear in a swap partition.
Solution: When using xchaha20 use sodium_mlock(). (Christian Brabandt,
closes #8657)
Files: src/buffer.c, src/crypt.c, src/errors.h, src/fileio.c,
src/memline.c, src/vim.h
*** ../vim-8.2.3244/src/buffer.c 2021-07-26 22:19:05.376122583 +0200
--- src/buffer.c 2021-07-29 20:33:25.888747495 +0200
***************
*** 2306,2311 ****
--- 2306,2315 ----
clear_string_option(&buf->b_p_fex);
#endif
#ifdef FEAT_CRYPT
+ # ifdef FEAT_SODIUM
+ if (buf->b_p_key != NULL && (crypt_get_method_nr(buf) == CRYPT_M_SOD))
+ sodium_munlock(buf->b_p_key, STRLEN(buf->b_p_key));
+ # endif
clear_string_option(&buf->b_p_key);
#endif
clear_string_option(&buf->b_p_kp);
*** ../vim-8.2.3244/src/crypt.c 2021-07-25 14:36:01.569551193 +0200
--- src/crypt.c 2021-07-29 20:36:58.576299915 +0200
***************
*** 12,21 ****
*/
#include "vim.h"
- #ifdef FEAT_SODIUM
- # include <sodium.h>
- #endif
-
#if defined(FEAT_CRYPT) || defined(PROTO)
/*
* Optional encryption support.
--- 12,17 ----
***************
*** 447,452 ****
--- 443,450 ----
#ifdef FEAT_SODIUM
if (state->method_nr == CRYPT_M_SOD)
{
+ sodium_munlock(((sodium_state_T *)state->method_state)->key,
+ crypto_box_SEEDBYTES);
sodium_memzero(state->method_state, sizeof(sodium_state_T));
sodium_free(state->method_state);
}
***************
*** 726,731 ****
--- 724,730 ----
// crypto_box_SEEDBYTES == crypto_secretstream_xchacha20poly1305_KEYBYTES
unsigned char dkey[crypto_box_SEEDBYTES]; // 32
sodium_state_T *sd_state;
+ int retval = 0;
if (sodium_init() < 0)
return FAIL;
***************
*** 743,748 ****
--- 742,757 ----
return FAIL;
}
memcpy(sd_state->key, dkey, crypto_box_SEEDBYTES);
+
+ retval += sodium_mlock(sd_state->key, crypto_box_SEEDBYTES);
+ retval += sodium_mlock(key, STRLEN(key));
+
+ if (retval < 0)
+ {
+ emsg(_(e_encryption_sodium_mlock_failed));
+ sodium_free(sd_state);
+ return FAIL;
+ }
sd_state->count = 0;
state->method_state = sd_state;
*** ../vim-8.2.3244/src/errors.h 2021-07-28 20:52:08.681166840 +0200
--- src/errors.h 2021-07-29 20:35:37.044473052 +0200
***************
*** 641,643 ****
--- 641,645 ----
INIT(= N_("E1228: List or Dictionary or Blob required for argument
%d"));
EXTERN char e_expected_dictionary_for_using_key_str_but_got_str[]
INIT(= N_("E1229: Expected dictionary for using key \"%s\", but got
%s"));
+ EXTERN char e_encryption_sodium_mlock_failed[]
+ INIT(= N_("E1230: encryption: sodium_mlock() failed"));
*** ../vim-8.2.3244/src/fileio.c 2021-06-30 20:54:30.696546341 +0200
--- src/fileio.c 2021-07-29 20:29:55.325174163 +0200
***************
*** 13,22 ****
#include "vim.h"
- #ifdef FEAT_SODIUM
- # include <sodium.h>
- #endif
-
#if defined(__TANDEM)
# include <limits.h> // for SSIZE_MAX
#endif
--- 13,18 ----
*** ../vim-8.2.3244/src/memline.c 2021-07-06 20:15:42.692646617 +0200
--- src/memline.c 2021-07-29 20:29:55.325174163 +0200
***************
*** 48,58 ****
# include <time.h>
#endif
- // for randombytes_buf
- #ifdef FEAT_SODIUM
- # include <sodium.h>
- #endif
-
#if defined(SASC) || defined(__amigaos4__)
# include <proto/dos.h> // for Open() and Close()
#endif
--- 48,53 ----
*** ../vim-8.2.3244/src/vim.h 2021-06-20 19:28:10.273021391 +0200
--- src/vim.h 2021-07-29 20:29:55.329174153 +0200
***************
*** 486,491 ****
--- 486,495 ----
# endif
#endif
+ #ifdef HAVE_SODIUM
+ # include <sodium.h>
+ #endif
+
// ================ end of the header file puzzle ===============
/*
*** ../vim-8.2.3244/src/version.c 2021-07-29 20:22:10.738009542 +0200
--- src/version.c 2021-07-29 20:33:03.648793454 +0200
***************
*** 757,758 ****
--- 757,760 ----
{ /* Add new patch number below this line */
+ /**/
+ 3245,
/**/
--
MAN: Fetchez la vache!
GUARD: Quoi?
MAN: Fetchez la vache!
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/202107291838.16TIcSDF2214908%40masaka.moolenaar.net.
