/* Initialize the secure memory system. If running with the necessary privileges, the secure memory pool will be locked into the core in order to prevent page-outs of the data. Furthermore allocated secure memory will be wiped out when released. */ void _gcry_secmem_init (size_t n) { SECMEM_LOCK; secmem_init (n); SECMEM_UNLOCK; }
/* Initialize the secure memory subsystem, drop privileges and return. Must be called early. */ void pinentry_init (const char *pgmname) { /* Store away our name. */ if (strlen (pgmname) > sizeof this_pgmname - 2) abort (); strcpy (this_pgmname, pgmname); /* Initialize secure memory. 1 is too small, so the default size will be used. */ secmem_init (1); secmem_set_flags (SECMEM_WARN); drop_privs (); if (atexit (secmem_term)) /* FIXME: Could not register at-exit function, bail out. */ ; assuan_set_malloc_hooks (secmem_malloc, secmem_realloc, secmem_free); }
static void * _gcry_secmem_malloc_internal (size_t size) { memblock_t *mb; if (!pool_okay) { /* Try to initialize the pool if the user forgot about it. */ secmem_init (STANDARD_POOL_SIZE); if (!pool_okay) { log_info (_("operation is not possible without " "initialized secure memory\n")); gpg_err_set_errno (ENOMEM); return NULL; } } if (not_locked && fips_mode ()) { log_info (_("secure memory pool is not locked while in FIPS mode\n")); gpg_err_set_errno (ENOMEM); return NULL; } if (show_warning && !suspend_warning) { show_warning = 0; print_warn (); } /* Blocks are always a multiple of 32. */ size = ((size + 31) / 32) * 32; mb = mb_get_new ((memblock_t *) pool, size); if (mb) stats_update (size, 0); return mb ? &mb->aligned.c : NULL; }