From a3e710fbd44ca8a0f4840b4e3366c6fc946ecfc5 Mon Sep 17 00:00:00 2001
From: Erwin Nindl <nine@wirdorange.org>
Date: Thu, 27 Dec 2007 11:57:12 +0000
Subject: * cypher and auth-algo selectable via commandline * libgcrypt uses
 secure memory now * a few bugfixes

---
 authAlgo.cpp | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'authAlgo.cpp')

diff --git a/authAlgo.cpp b/authAlgo.cpp
index d6f9565..4b5515e 100644
--- a/authAlgo.cpp
+++ b/authAlgo.cpp
@@ -44,7 +44,6 @@ AuthTag NullAuthAlgo::calc(const Buffer& buf)
 
 const char* Sha1AuthAlgo::MIN_GCRYPT_VERSION = "1.2.3";
 
-
 // HMAC_SHA1
 Sha1AuthAlgo::Sha1AuthAlgo() : ctx_(NULL)
 {
@@ -57,6 +56,15 @@ Sha1AuthAlgo::Sha1AuthAlgo() : ctx_(NULL)
       cLog.msg(Log::PRIO_ERR) << "Sha1AuthAlgo::Sha1AuthAlgo: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION;
       return;
     }
+
+    /* Allocate a pool of secure memory.  
+     * This also drops priviliges on some systems. */
+    err = gcry_control(GCRYCTL_INIT_SECMEM, GCRYPT_SEC_MEM, 0);
+    if( err ) {
+      cLog.msg(Log::PRIO_ERR) << "Failed to allocate " << GCRYPT_SEC_MEM << "bytes of secure memory: " << gpg_strerror( err );
+      return;
+    }
+        
     /* Tell Libgcrypt that initialization has completed. */
     err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
     if( err ) {
-- 
cgit v1.2.3