clear_string_option(&buf->b_p_fex);
#endif
#ifdef FEAT_CRYPT
+# ifdef FEAT_SODIUM
+ if (buf->b_p_key != NULL && (crypt_get_method_nr(buf) == CRYPT_M_SOD))
+ sodium_munlock(buf->b_p_key, STRLEN(buf->b_p_key));
+# endif
clear_string_option(&buf->b_p_key);
#endif
clear_string_option(&buf->b_p_kp);
*/
#include "vim.h"
-#ifdef FEAT_SODIUM
-# include <sodium.h>
-#endif
-
#if defined(FEAT_CRYPT) || defined(PROTO)
/*
* Optional encryption support.
#ifdef FEAT_SODIUM
if (state->method_nr == CRYPT_M_SOD)
{
+ sodium_munlock(((sodium_state_T *)state->method_state)->key,
+ crypto_box_SEEDBYTES);
sodium_memzero(state->method_state, sizeof(sodium_state_T));
sodium_free(state->method_state);
}
// crypto_box_SEEDBYTES == crypto_secretstream_xchacha20poly1305_KEYBYTES
unsigned char dkey[crypto_box_SEEDBYTES]; // 32
sodium_state_T *sd_state;
+ int retval = 0;
if (sodium_init() < 0)
return FAIL;
return FAIL;
}
memcpy(sd_state->key, dkey, crypto_box_SEEDBYTES);
+
+ retval += sodium_mlock(sd_state->key, crypto_box_SEEDBYTES);
+ retval += sodium_mlock(key, STRLEN(key));
+
+ if (retval < 0)
+ {
+ emsg(_(e_encryption_sodium_mlock_failed));
+ sodium_free(sd_state);
+ return FAIL;
+ }
sd_state->count = 0;
state->method_state = sd_state;
INIT(= N_("E1228: List or Dictionary or Blob required for argument %d"));
EXTERN char e_expected_dictionary_for_using_key_str_but_got_str[]
INIT(= N_("E1229: Expected dictionary for using key \"%s\", but got %s"));
+EXTERN char e_encryption_sodium_mlock_failed[]
+ INIT(= N_("E1230: encryption: sodium_mlock() failed"));
projects / thirdparty / vim.git / commitdiff
