* cypher and auth-algo selectable via commandline

* libgcrypt uses secure memory now * a few bugfixes
author: Erwin Nindl <nine@wirdorange.org> 2007-12-27 11:57:12 +0000
committer: Erwin Nindl <nine@wirdorange.org> 2007-12-27 11:57:12 +0000
commit: a3e710fbd44ca8a0f4840b4e3366c6fc946ecfc5 (patch)
tree: b5b189fa102e382da25b8c7385e628ed3889b335 /authAlgo.cpp
parent: added anytun to isakmpd (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/authAlgo.cpp b/authAlgo.cpp
index d6f9565..4b5515e 100644
--- a/authAlgo.cpp
+++ b/authAlgo.cpp
@@ -44,7 +44,6 @@ AuthTag NullAuthAlgo::calc(const Buffer& buf)
 
 const char* Sha1AuthAlgo::MIN_GCRYPT_VERSION = "1.2.3";
 
-
 // HMAC_SHA1
 Sha1AuthAlgo::Sha1AuthAlgo() : ctx_(NULL)
 {
@@ -57,6 +56,15 @@ Sha1AuthAlgo::Sha1AuthAlgo() : ctx_(NULL)
       cLog.msg(Log::PRIO_ERR) << "Sha1AuthAlgo::Sha1AuthAlgo: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION;
       return;
     }
+
+    /* Allocate a pool of secure memory.  
+     * This also drops priviliges on some systems. */
+    err = gcry_control(GCRYCTL_INIT_SECMEM, GCRYPT_SEC_MEM, 0);
+    if( err ) {
+      cLog.msg(Log::PRIO_ERR) << "Failed to allocate " << GCRYPT_SEC_MEM << "bytes of secure memory: " << gpg_strerror( err );
+      return;
+    }
+        
     /* Tell Libgcrypt that initialization has completed. */
     err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
     if( err ) {
author	Erwin Nindl <nine@wirdorange.org>	2007-12-27 11:57:12 +0000
committer	Erwin Nindl <nine@wirdorange.org>	2007-12-27 11:57:12 +0000
commit	a3e710fbd44ca8a0f4840b4e3366c6fc946ecfc5 (patch)
tree	b5b189fa102e382da25b8c7385e628ed3889b335 /authAlgo.cpp
parent	added anytun to isakmpd (diff)