From 0ad0518b47e4637ad3a4ce12adecffb3b557bc40 Mon Sep 17 00:00:00 2001
From: Andre Noll <maan@tuebingen.mpg.de>
Date: Wed, 3 Jan 2018 04:33:02 +0100
Subject: [PATCH] gcrypt: Allocate a secmem pool at startup.

The client side loads private keys. This patch makes sure the memory
which contains such key material is never swapped out.
---
 gcrypt.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/gcrypt.c b/gcrypt.c
index 705d0d87..ff4dab37 100644
--- a/gcrypt.c
+++ b/gcrypt.c
@@ -66,6 +66,16 @@ void crypt_init(void)
 			req_ver, gcry_check_version(NULL));
 		exit(EXIT_FAILURE);
 	}
+
+	/*
+	 * Allocate a pool of secure memory. This also drops privileges where
+	 * needed.
+	 */
+	gcry_control(GCRYCTL_INIT_SECMEM, 65536, 0);
+
+	/* Tell Libgcrypt that initialization has completed. */
+	gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+
 	get_random_bytes_or_die((unsigned char *)&seed, sizeof(seed));
 	srandom(seed);
 }
-- 
2.39.5