projects / tinc / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f86a5f1) | patch
gcrypt: initialize secure memory on startup
authorKirill Isakov <bootctl@gmail.com>
Mon, 2 May 2022 09:41:03 +0000 (15:41 +0600)
committerKirill Isakov <bootctl@gmail.com>
Mon, 2 May 2022 18:49:02 +0000 (00:49 +0600)
commitc32235ac0ef4ce8af77d59c6186436c49c3d7386
treee78aedaf47c75d75e3976e26362b04c258584977tree | snapshot
parentf86a5f1d70206321b01ec60f6a69f8cbf1a2b732commit | diff
gcrypt: initialize secure memory on startup

Otherwise libgcrypt does it automatically, but only after we drop
privileges. This requires calling mlock(), which kills the sandboxed
process on OpenBSD.

If this is not enough, libgcrypt will resize the pool without calling
mlock().
src/gcrypt/crypto.c [new file with mode: 0644] blob
src/gcrypt/meson.build diff | blob | history
src/meson.build diff | blob | history
src/nolegacy/crypto.c [moved from src/crypto.c with 97% similarity] diff | blob | history
src/nolegacy/meson.build diff | blob | history
tinc, the VPN daemon