From 0ad0518b47e4637ad3a4ce12adecffb3b557bc40 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Wed, 3 Jan 2018 04:33:02 +0100 Subject: [PATCH] gcrypt: Allocate a secmem pool at startup. The client side loads private keys. This patch makes sure the memory which contains such key material is never swapped out. --- gcrypt.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/gcrypt.c b/gcrypt.c index 705d0d87..ff4dab37 100644 --- a/gcrypt.c +++ b/gcrypt.c @@ -66,6 +66,16 @@ void crypt_init(void) req_ver, gcry_check_version(NULL)); exit(EXIT_FAILURE); } + + /* + * Allocate a pool of secure memory. This also drops privileges where + * needed. + */ + gcry_control(GCRYCTL_INIT_SECMEM, 65536, 0); + + /* Tell Libgcrypt that initialization has completed. */ + gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + get_random_bytes_or_die((unsigned char *)&seed, sizeof(seed)); srandom(seed); } -- 2.39.5