gcry_control

Werner Koch wk at gnupg.org
Tue Aug 17 13:50:03 CEST 2004


On Mon, 16 Aug 2004 09:19:50 -0700, Neil Spring said:

> So is it the case that I should have my code call either:
>   gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
> or
>   gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0);
> but not both?

Yes.  However you should call DISABLE_SECMEM as early as possible;
i.e. before gcry_check_version.

> Someone asked about the "Secure memory is not locked into core"
> warning and I wanted to get rid of it and explain it at the same

Yesterday, I figured out that there is a bug in the way the warning
message is generated.  This means the suggested way of doing a 
  gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
before gcry_check_version and later enabling the messages using
  gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
does not work reliable.  It will be fixed in the next version.

  Werner




More information about the Gcrypt-devel mailing list