gcrypt: Allocate a secmem pool at startup.

The client side loads private keys. This patch makes sure the memory
which contains such key material is never swapped out.

diff --git a/gcrypt.c b/gcrypt.c
index 705d0d87a86e0608e9856d9fa197cedb01b439dc..ff4dab37ea4f5323e7545f5a755c38c105fdc6c0 100644 (file)
--- a/gcrypt.c
+++ b/gcrypt.c
@@ -66,6 +66,16 @@ void crypt_init(void)
                        req_ver, gcry_check_version(NULL));
                exit(EXIT_FAILURE);
        }
+
+       /*
+        * Allocate a pool of secure memory. This also drops privileges where
+        * needed.
+        */
+       gcry_control(GCRYCTL_INIT_SECMEM, 65536, 0);
+
+       /* Tell Libgcrypt that initialization has completed. */
+       gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+
        get_random_bytes_or_die((unsigned char *)&seed, sizeof(seed));
        srandom(seed);
 }