Using libgcrypt and a library using it

Werner Koch wk at
Sun Jan 15 17:41:09 CET 2006

On Sun, 15 Jan 2006 13:45:13 +0100, Jean-Philippe Garcia Ballester said:

>   We're checking if libgcrypt has already been initialized, so that we don't 
> initialize it again in the library. But what if it has already been 
> initalized without secure memory?

You mean by explictly disabling secure memory?  Thn there is no way to
change this later (due to the mlock restrictions when using Linux)

>   Is there something in gcry_control to check that, and the amount of secure 
> memory (the documentation to gcry_control is either hard to find or 
> inexistant)? Is there a solution to this problem other than saying

No.  There is only the GCRYCTL_DUMP_SECMEM_STATS but this does not
help you program.  Adding such a feature isn't hard and if you really
need it, we can do so.

Due to the problems with the secure memory I am currently thinking
about an option to get rid of mlocked secure memory but keeping the
automatic overwriting of that memory with a free.  In case you have an
encrypted swap.



More information about the Gcrypt-devel mailing list