From: Andre Noll <maan@tuebingen.mpg.de>
Date: Wed, 3 Jan 2018 03:33:02 +0000 (+0100)
Subject: gcrypt: Allocate a secmem pool at startup.
X-Git-Tag: v0.6.2~5^2
X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=commitdiff_plain;h=0ad0518b47e4637ad3a4ce12adecffb3b557bc40

gcrypt: Allocate a secmem pool at startup.

The client side loads private keys. This patch makes sure the memory
which contains such key material is never swapped out.
---

diff --git a/gcrypt.c b/gcrypt.c
index 705d0d87..ff4dab37 100644
--- a/gcrypt.c
+++ b/gcrypt.c
@@ -66,6 +66,16 @@ void crypt_init(void)
 			req_ver, gcry_check_version(NULL));
 		exit(EXIT_FAILURE);
 	}
+
+	/*
+	 * Allocate a pool of secure memory. This also drops privileges where
+	 * needed.
+	 */
+	gcry_control(GCRYCTL_INIT_SECMEM, 65536, 0);
+
+	/* Tell Libgcrypt that initialization has completed. */
+	gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+
 	get_random_bytes_or_die((unsigned char *)&seed, sizeof(seed));
 	srandom(seed);
 }