gcrypt: initialize secure memory on startup

Otherwise libgcrypt does it automatically, but only after we drop
privileges. This requires calling mlock(), which kills the sandboxed
process on OpenBSD.

If this is not enough, libgcrypt will resize the pool without calling
mlock().

diff --git a/src/gcrypt/crypto.c b/src/gcrypt/crypto.c
new file mode 100644 (file)
index 0000000..815bedf
--- /dev/null
+++ b/src/gcrypt/crypto.c
@@ -0,0 +1,10 @@
+#include "../system.h"
+
+#include <gcrypt.h>
+
+#include "../crypto.h"
+
+void crypto_init(void) {
+       gcry_control(GCRYCTL_INIT_SECMEM, 32 * 1024, 0);
+       gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+}

diff --git a/src/gcrypt/meson.build b/src/gcrypt/meson.build
index 9cfe466..ac93c80 100644 (file)
--- a/src/gcrypt/meson.build
+++ b/src/gcrypt/meson.build
@@ -1,5 +1,6 @@
 src_lib_crypto = files(
   'cipher.c',
+  'crypto.c',
   'digest.c',
   'pem.c',
   'prf.c',

diff --git a/src/meson.build b/src/meson.build
index 564ef6f..d9f7b14 100644 (file)
--- a/src/meson.build
+++ b/src/meson.build
@@ -358,10 +358,6 @@ endif
 
 subdir(opt_crypto)
 
-if opt_crypto != 'openssl'
-  src_lib_crypto += 'crypto.c'
-endif
-
 if opt_crypto != 'nolegacy'
   src_lib_crypto += ['cipher.c', 'digest.c']
 endif

diff --git a/src/crypto.c b/src/nolegacy/crypto.c
similarity index 97%
rename from src/crypto.c
rename to src/nolegacy/crypto.c
index 20d917d..4e6f427 100644 (file)
--- a/src/crypto.c
+++ b/src/nolegacy/crypto.c
@@ -17,7 +17,7 @@
     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 
-#include "crypto.h"
+#include "../crypto.h"
 
 // No-op for those cryptographic libraries that
 // do not require any additional initialization.

diff --git a/src/nolegacy/meson.build b/src/nolegacy/meson.build
index c9ea62f..323a831 100644 (file)
--- a/src/nolegacy/meson.build
+++ b/src/nolegacy/meson.build
@@ -1,4 +1,7 @@
-src_lib_crypto = files('prf.c')
+src_lib_crypto = files(
+  'crypto.c',
+  'prf.c',
+)
 
 dep_crypto = dependency('', required: false)