Using libgcrypt and a library using it
Werner Koch
wk at gnupg.org
Sun Jan 15 17:41:09 CET 2006
On Sun, 15 Jan 2006 13:45:13 +0100, Jean-Philippe Garcia Ballester said:
> We're checking if libgcrypt has already been initialized, so that we don't
> initialize it again in the library. But what if it has already been
> initalized without secure memory?
You mean by explictly disabling secure memory? Thn there is no way to
change this later (due to the mlock restrictions when using Linux)
> Is there something in gcry_control to check that, and the amount of secure
> memory (the documentation to gcry_control is either hard to find or
> inexistant)? Is there a solution to this problem other than saying
No. There is only the GCRYCTL_DUMP_SECMEM_STATS but this does not
help you program. Adding such a feature isn't hard and if you really
need it, we can do so.
Due to the problems with the secure memory I am currently thinking
about an option to get rid of mlocked secure memory but keeping the
automatic overwriting of that memory with a free. In case you have an
encrypted swap.
Shalom-Salam,
Werner
More information about the Gcrypt-devel
mailing list