mpi-genesis~ 1
mpi-genesis~ 2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
mpi-genesis~ 3 * 2007 Free Software Foundation, Inc.
mpi-genesis~ 4 *
mpi-genesis~ 5 * This file is part of GnuPG.
mpi-genesis~ 6 *
mpi-genesis~ 7 * GnuPG is free software; you can redistribute it and/or modify
mpi-genesis~ 8 * it under the terms of the GNU General Public License as published by
mpi-genesis~ 9 * the Free Software Foundation; either version 3 of the License, or
mpi-genesis~ 10 * (at your option) any later version.
mpi-genesis~ 11 *
mpi-genesis~ 12 * GnuPG is distributed in the hope that it will be useful,
mpi-genesis~ 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
mpi-genesis~ 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
mpi-genesis~ 15 * GNU General Public License for more details.
mpi-genesis~ 16 *
mpi-genesis~ 17 * You should have received a copy of the GNU General Public License
mpi-genesis~ 18 * along with this program; if not, see <http:
mpi-genesis~ 19 */
mpi-genesis~ 20
mpi-genesis~ 21 #include <config.h>
mpi-genesis~ 22 #include <stdio.h>
mpi-genesis~ 23 #include <stdlib.h>
mpi-genesis~ 24 #include <string.h>
mpi-genesis~ 25 #include <errno.h>
mpi-genesis~ 26 #include <stdarg.h>
mpi-genesis~ 27 #include <unistd.h>
mpi-genesis~ 28 #if defined(HAVE_MLOCK) || defined(HAVE_MMAP)
mpi-genesis~ 29 #include <sys/mman.h>
mpi-genesis~ 30 #include <sys/types.h>
mpi-genesis~ 31 #include <fcntl.h>
mpi-genesis~ 32 #ifdef USE_CAPABILITIES
mpi-genesis~ 33 #include <sys/capability.h>
mpi-genesis~ 34 #endif
mpi-genesis~ 35 #ifdef HAVE_PLOCK
mpi-genesis~ 36 #include <sys/lock.h>
mpi-genesis~ 37 #endif
mpi-genesis~ 38 #endif
mpi-genesis~ 39
mpi-genesis~ 40 #include "types.h"
mpi-genesis~ 41 #include "memory.h"
mpi-genesis~ 42 #include "util.h"
mpi-genesis~ 43
mpi-genesis~ 44
mpi-genesis~ 45 it. */
mpi-genesis~ 46 #if !HAVE_DECL_GETPAGESIZE
mpi-genesis~ 47 int getpagesize(void);
mpi-genesis~ 48 #endif
mpi-genesis~ 49
mpi-genesis~ 50 #if defined(MAP_ANON) && !defined(MAP_ANONYMOUS)
mpi-genesis~ 51 #define MAP_ANONYMOUS MAP_ANON
mpi-genesis~ 52 #endif
mpi-genesis~ 53
mpi-genesis~ 54 #if !defined(EPERM) && defined(ENOMEM)
mpi-genesis~ 55 #define EPERM ENOMEM
mpi-genesis~ 56 #endif
mpi-genesis~ 57
mpi-genesis~ 58
mpi-genesis~ 59 #define DEFAULT_POOLSIZE 16384
mpi-genesis~ 60
mpi-genesis~ 61 typedef struct memblock_struct MEMBLOCK;
mpi-genesis~ 62 struct memblock_struct {
mpi-genesis~ 63 unsigned size;
mpi-genesis~ 64 union {
mpi-genesis~ 65 MEMBLOCK *next;
mpi-genesis~ 66 PROPERLY_ALIGNED_TYPE aligned;
mpi-genesis~ 67 } u;
mpi-genesis~ 68 };
mpi-genesis~ 69
mpi-genesis~ 70
mpi-genesis~ 71
mpi-genesis~ 72 static void *pool;
mpi-genesis~ 73 static volatile int pool_okay;
mpi-genesis~ 74 #ifdef HAVE_MMAP
mpi-genesis~ 75 static volatile int pool_is_mmapped;
mpi-genesis~ 76 #endif
mpi-genesis~ 77 static size_t poolsize;
mpi-genesis~ 78 static size_t poollen;
mpi-genesis~ 79 static MEMBLOCK *unused_blocks;
mpi-genesis~ 80 static unsigned max_alloced;
mpi-genesis~ 81 static unsigned cur_alloced;
mpi-genesis~ 82 static unsigned max_blocks;
mpi-genesis~ 83 static unsigned cur_blocks;
mpi-genesis~ 84 static int disable_secmem;
mpi-genesis~ 85 static int show_warning;
mpi-genesis~ 86 static int no_warning;
mpi-genesis~ 87 static int suspend_warning;
mpi-genesis~ 88
mpi-genesis~ 89
mpi-genesis~ 90 static void
mpi-genesis~ 91 print_warn(void)
mpi-genesis~ 92 {
mpi-genesis~ 93 if (!no_warning)
mpi-genesis~ 94 {
mpi-genesis~ 95 log_info(_("WARNING: using insecure memory!\n"));
mpi-genesis~ 96 log_info(_("please see http://www.gnupg.org/faq.html"
mpi-genesis~ 97 " for more information\n"));
mpi-genesis~ 98 }
mpi-genesis~ 99 }
mpi-genesis~ 100
mpi-genesis~ 101
mpi-genesis~ 102 static void
mpi-genesis~ 103 lock_pool( void *p, size_t n )
mpi-genesis~ 104 {
mpi-genesis~ 105 #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK)
mpi-genesis~ 106 int err;
mpi-genesis~ 107
mpi-genesis~ 108 cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
mpi-genesis~ 109 err = mlock( p, n );
mpi-genesis~ 110 if( err && errno )
mpi-genesis~ 111 err = errno;
mpi-genesis~ 112 cap_set_proc( cap_from_text("cap_ipc_lock+p") );
mpi-genesis~ 113
mpi-genesis~ 114 if( err ) {
mpi-genesis~ 115 if( errno != EPERM
mpi-genesis~ 116 #ifdef EAGAIN /* OpenBSD returns this */
mpi-genesis~ 117 && errno != EAGAIN
mpi-genesis~ 118 #endif
mpi-genesis~ 119 #ifdef ENOSYS /* Some SCOs return this (function not implemented) */
mpi-genesis~ 120 && errno != ENOSYS
mpi-genesis~ 121 #endif
mpi-genesis~ 122 #ifdef ENOMEM /* Linux can return this */
mpi-genesis~ 123 && errno != ENOMEM
mpi-genesis~ 124 #endif
mpi-genesis~ 125 )
mpi-genesis~ 126 log_error("can't lock memory: %s\n", strerror(err));
mpi-genesis~ 127 show_warning = 1;
mpi-genesis~ 128 }
mpi-genesis~ 129
mpi-genesis~ 130 #elif defined(HAVE_MLOCK)
mpi-genesis~ 131 uid_t uid;
mpi-genesis~ 132 int err;
mpi-genesis~ 133
mpi-genesis~ 134 uid = getuid();
mpi-genesis~ 135
mpi-genesis~ 136 #ifdef HAVE_BROKEN_MLOCK
mpi-genesis~ 137
mpi-genesis~ 138 entire data segment. */
mpi-genesis~ 139 #ifdef HAVE_PLOCK
mpi-genesis~ 140 # ifdef _AIX
mpi-genesis~ 141
mpi-genesis~ 142 the strange requirement to somehow set the stack limit first.
mpi-genesis~ 143 The problem might turn out in indeterministic program behaviour
mpi-genesis~ 144 and hanging processes which can somehow be solved when enough
mpi-genesis~ 145 processes are clogging up the memory. To get this problem out
mpi-genesis~ 146 of the way we simply don't try to lock the memory at all.
mpi-genesis~ 147 */
mpi-genesis~ 148 errno = EPERM;
mpi-genesis~ 149 err = errno;
mpi-genesis~ 150 # else /* !_AIX */
mpi-genesis~ 151 err = plock( DATLOCK );
mpi-genesis~ 152 if( err && errno )
mpi-genesis~ 153 err = errno;
mpi-genesis~ 154 # endif /*_AIX*/
mpi-genesis~ 155 #else /*!HAVE_PLOCK*/
mpi-genesis~ 156 if( uid ) {
mpi-genesis~ 157 errno = EPERM;
mpi-genesis~ 158 err = errno;
mpi-genesis~ 159 }
mpi-genesis~ 160 else {
mpi-genesis~ 161 err = mlock( p, n );
mpi-genesis~ 162 if( err && errno )
mpi-genesis~ 163 err = errno;
mpi-genesis~ 164 }
mpi-genesis~ 165 #endif /*!HAVE_PLOCK*/
mpi-genesis~ 166 #else
mpi-genesis~ 167 err = mlock( p, n );
mpi-genesis~ 168 if( err && errno )
mpi-genesis~ 169 err = errno;
mpi-genesis~ 170 #endif
mpi-genesis~ 171
mpi-genesis~ 172 if( uid && !geteuid() ) {
mpi-genesis~ 173
mpi-genesis~ 174 * Note: setuid(0) should always fail */
mpi-genesis~ 175 if( setuid( uid ) || getuid() != geteuid() || !setuid(0) )
mpi-genesis~ 176 log_fatal("failed to reset uid: %s\n", strerror(errno));
mpi-genesis~ 177 }
mpi-genesis~ 178
mpi-genesis~ 179 if( err ) {
mpi-genesis~ 180 if( errno != EPERM
mpi-genesis~ 181 #ifdef EAGAIN /* OpenBSD returns this */
mpi-genesis~ 182 && errno != EAGAIN
mpi-genesis~ 183 #endif
mpi-genesis~ 184 #ifdef ENOSYS /* Some SCOs return this (function not implemented) */
mpi-genesis~ 185 && errno != ENOSYS
mpi-genesis~ 186 #endif
mpi-genesis~ 187 #ifdef ENOMEM /* Linux can return this */
mpi-genesis~ 188 && errno != ENOMEM
mpi-genesis~ 189 #endif
mpi-genesis~ 190 )
mpi-genesis~ 191 log_error("can't lock memory: %s\n", strerror(err));
mpi-genesis~ 192 show_warning = 1;
mpi-genesis~ 193 }
mpi-genesis~ 194
mpi-genesis~ 195 #elif defined ( __QNX__ )
mpi-genesis~ 196
mpi-genesis~ 197 * not make much sense. However it is still of use because it
mpi-genesis~ 198 * wipes out the memory on a free().
mpi-genesis~ 199 * Therefore it is sufficient to suppress the warning
mpi-genesis~ 200 */
mpi-genesis~ 201 #elif defined (HAVE_DOSISH_SYSTEM) || defined (__CYGWIN__)
mpi-genesis~ 202
mpi-genesis~ 203 * this whole Windows !@#$% and their user base are inherently insecure
mpi-genesis~ 204 */
mpi-genesis~ 205 #elif defined (__riscos__)
mpi-genesis~ 206
mpi-genesis~ 207 * besides we don't have mmap, so we don't use it! ;-)
mpi-genesis~ 208 * But don't complain, as explained above.
mpi-genesis~ 209 */
mpi-genesis~ 210 #else
mpi-genesis~ 211 log_info("Please note that you don't have secure memory on this system\n");
mpi-genesis~ 212 #endif
mpi-genesis~ 213 }
mpi-genesis~ 214
mpi-genesis~ 215
mpi-genesis~ 216 static void
mpi-genesis~ 217 init_pool( size_t n)
mpi-genesis~ 218 {
mpi-genesis~ 219 long int pgsize_val;
mpi-genesis~ 220 size_t pgsize;
mpi-genesis~ 221
mpi-genesis~ 222 poolsize = n;
mpi-genesis~ 223
mpi-genesis~ 224 if( disable_secmem )
mpi-genesis~ 225 log_bug("secure memory is disabled");
mpi-genesis~ 226
mpi-genesis~ 227 #if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
mpi-genesis~ 228 pgsize_val = sysconf (_SC_PAGESIZE);
mpi-genesis~ 229 #elif defined(HAVE_GETPAGESIZE)
mpi-genesis~ 230 pgsize_val = getpagesize ();
mpi-genesis~ 231 #else
mpi-genesis~ 232 pgsize_val = -1;
mpi-genesis~ 233 #endif
mpi-genesis~ 234 pgsize = (pgsize_val != -1 && pgsize_val > 0)? pgsize_val : 4096;
mpi-genesis~ 235
mpi-genesis~ 236
mpi-genesis~ 237 #ifdef HAVE_MMAP
mpi-genesis~ 238 poolsize = (poolsize + pgsize -1 ) & ~(pgsize-1);
mpi-genesis~ 239 #ifdef MAP_ANONYMOUS
mpi-genesis~ 240 pool = mmap( 0, poolsize, PROT_READ|PROT_WRITE,
mpi-genesis~ 241 MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
mpi-genesis~ 242 #else /* map /dev/zero instead */
mpi-genesis~ 243 { int fd;
mpi-genesis~ 244
mpi-genesis~ 245 fd = open("/dev/zero", O_RDWR);
mpi-genesis~ 246 if( fd == -1 ) {
mpi-genesis~ 247 log_error("can't open /dev/zero: %s\n", strerror(errno) );
mpi-genesis~ 248 pool = (void*)-1;
mpi-genesis~ 249 }
mpi-genesis~ 250 else {
mpi-genesis~ 251 pool = mmap( 0, poolsize, PROT_READ|PROT_WRITE,
mpi-genesis~ 252 MAP_PRIVATE, fd, 0);
mpi-genesis~ 253 close (fd);
mpi-genesis~ 254 }
mpi-genesis~ 255 }
mpi-genesis~ 256 #endif
mpi-genesis~ 257 if( pool == (void*)-1 )
mpi-genesis~ 258 log_info("can't mmap pool of %u bytes: %s - using malloc\n",
mpi-genesis~ 259 (unsigned)poolsize, strerror(errno));
mpi-genesis~ 260 else {
mpi-genesis~ 261 pool_is_mmapped = 1;
mpi-genesis~ 262 pool_okay = 1;
mpi-genesis~ 263 }
mpi-genesis~ 264
mpi-genesis~ 265 #endif
mpi-genesis~ 266 if( !pool_okay ) {
mpi-genesis~ 267 pool = malloc( poolsize );
mpi-genesis~ 268 if( !pool )
mpi-genesis~ 269 log_fatal("can't allocate memory pool of %u bytes\n",
mpi-genesis~ 270 (unsigned)poolsize);
mpi-genesis~ 271 else
mpi-genesis~ 272 pool_okay = 1;
mpi-genesis~ 273 }
mpi-genesis~ 274 lock_pool( pool, poolsize );
mpi-genesis~ 275 poollen = 0;
mpi-genesis~ 276 }
mpi-genesis~ 277
mpi-genesis~ 278
mpi-genesis~ 279
mpi-genesis~ 280 static void
mpi-genesis~ 281 compress_pool(void)
mpi-genesis~ 282 {
mpi-genesis~ 283
mpi-genesis~ 284 }
mpi-genesis~ 285
mpi-genesis~ 286 void
mpi-genesis~ 287 secmem_set_flags( unsigned flags )
mpi-genesis~ 288 {
mpi-genesis~ 289 int was_susp = suspend_warning;
mpi-genesis~ 290
mpi-genesis~ 291 no_warning = flags & 1;
mpi-genesis~ 292 suspend_warning = flags & 2;
mpi-genesis~ 293
mpi-genesis~ 294
mpi-genesis~ 295 if( was_susp && !suspend_warning && show_warning ) {
mpi-genesis~ 296 show_warning = 0;
mpi-genesis~ 297 print_warn();
mpi-genesis~ 298 }
mpi-genesis~ 299 }
mpi-genesis~ 300
mpi-genesis~ 301 unsigned
mpi-genesis~ 302 secmem_get_flags(void)
mpi-genesis~ 303 {
mpi-genesis~ 304 unsigned flags;
mpi-genesis~ 305
mpi-genesis~ 306 flags = no_warning ? 1:0;
mpi-genesis~ 307 flags |= suspend_warning ? 2:0;
mpi-genesis~ 308 return flags;
mpi-genesis~ 309 }
mpi-genesis~ 310
mpi-genesis~ 311
mpi-genesis~ 312 int
mpi-genesis~ 313 secmem_init( size_t n )
mpi-genesis~ 314 {
mpi-genesis~ 315 if( !n ) {
mpi-genesis~ 316 #ifndef __riscos__
mpi-genesis~ 317 #ifdef USE_CAPABILITIES
mpi-genesis~ 318
mpi-genesis~ 319 cap_set_proc( cap_from_text("all-eip") );
mpi-genesis~ 320
mpi-genesis~ 321 #elif !defined(HAVE_DOSISH_SYSTEM)
mpi-genesis~ 322 uid_t uid;
mpi-genesis~ 323
mpi-genesis~ 324 disable_secmem=1;
mpi-genesis~ 325 uid = getuid();
mpi-genesis~ 326 if( uid != geteuid() ) {
mpi-genesis~ 327 if( setuid( uid ) || getuid() != geteuid() || !setuid(0) )
mpi-genesis~ 328 log_fatal("failed to drop setuid\n" );
mpi-genesis~ 329 }
mpi-genesis~ 330 #endif
mpi-genesis~ 331 #endif /* !__riscos__ */
mpi-genesis~ 332 }
mpi-genesis~ 333 else {
mpi-genesis~ 334 if( n < DEFAULT_POOLSIZE )
mpi-genesis~ 335 n = DEFAULT_POOLSIZE;
mpi-genesis~ 336 if( !pool_okay )
mpi-genesis~ 337 init_pool(n);
mpi-genesis~ 338 else
mpi-genesis~ 339 log_error("Oops, secure memory pool already initialized\n");
mpi-genesis~ 340 }
mpi-genesis~ 341
mpi-genesis~ 342 return !show_warning;
mpi-genesis~ 343 }
mpi-genesis~ 344
mpi-genesis~ 345
mpi-genesis~ 346 void *
mpi-genesis~ 347 secmem_malloc( size_t size )
mpi-genesis~ 348 {
mpi-genesis~ 349 MEMBLOCK *mb, *mb2;
mpi-genesis~ 350 int compressed=0;
mpi-genesis~ 351
mpi-genesis~ 352 if( !pool_okay ) {
mpi-genesis~ 353 log_info(
mpi-genesis~ 354 _("operation is not possible without initialized secure memory\n"));
mpi-genesis~ 355 log_info(_("(you may have used the wrong program for this task)\n"));
mpi-genesis~ 356 exit(2);
mpi-genesis~ 357 }
mpi-genesis~ 358 if( show_warning && !suspend_warning ) {
mpi-genesis~ 359 show_warning = 0;
mpi-genesis~ 360 print_warn();
mpi-genesis~ 361 }
mpi-genesis~ 362
mpi-genesis~ 363
mpi-genesis~ 364 extra of the size of an entire MEMBLOCK. This is required
mpi-genesis~ 365 becuase we do not only need the SIZE info but also extra space
mpi-genesis~ 366 to chain up unused memory blocks. */
mpi-genesis~ 367 size += sizeof(MEMBLOCK);
mpi-genesis~ 368 size = ((size + 31) / 32) * 32;
mpi-genesis~ 369
mpi-genesis~ 370 retry:
mpi-genesis~ 371
mpi-genesis~ 372 for(mb = unused_blocks,mb2=NULL; mb; mb2=mb, mb = mb->u.next )
mpi-genesis~ 373 if( mb->size >= size ) {
mpi-genesis~ 374 if( mb2 )
mpi-genesis~ 375 mb2->u.next = mb->u.next;
mpi-genesis~ 376 else
mpi-genesis~ 377 unused_blocks = mb->u.next;
mpi-genesis~ 378 goto leave;
mpi-genesis~ 379 }
mpi-genesis~ 380
mpi-genesis~ 381 if( (poollen + size <= poolsize) ) {
mpi-genesis~ 382 mb = (void*)((char*)pool + poollen);
mpi-genesis~ 383 poollen += size;
mpi-genesis~ 384 mb->size = size;
mpi-genesis~ 385 }
mpi-genesis~ 386 else if( !compressed ) {
mpi-genesis~ 387 compressed=1;
mpi-genesis~ 388 compress_pool();
mpi-genesis~ 389 goto retry;
mpi-genesis~ 390 }
mpi-genesis~ 391 else
mpi-genesis~ 392 return NULL;
mpi-genesis~ 393
mpi-genesis~ 394 leave:
mpi-genesis~ 395 cur_alloced += mb->size;
mpi-genesis~ 396 cur_blocks++;
mpi-genesis~ 397 if( cur_alloced > max_alloced )
mpi-genesis~ 398 max_alloced = cur_alloced;
mpi-genesis~ 399 if( cur_blocks > max_blocks )
mpi-genesis~ 400 max_blocks = cur_blocks;
mpi-genesis~ 401
mpi-genesis~ 402 return &mb->u.aligned.c;
mpi-genesis~ 403 }
mpi-genesis~ 404
mpi-genesis~ 405
mpi-genesis~ 406 void *
mpi-genesis~ 407 secmexrealloc( void *p, size_t newsize )
mpi-genesis~ 408 {
mpi-genesis~ 409 MEMBLOCK *mb;
mpi-genesis~ 410 size_t size;
mpi-genesis~ 411 void *a;
mpi-genesis~ 412
mpi-genesis~ 413 mb = (MEMBLOCK*)((char*)p - ((size_t) &((MEMBLOCK*)0)->u.aligned.c));
mpi-genesis~ 414 size = mb->size;
mpi-genesis~ 415 if (size < sizeof(MEMBLOCK))
mpi-genesis~ 416 log_bug ("secure memory corrupted at block %p\n", (void *)mb);
mpi-genesis~ 417 size -= ((size_t) &((MEMBLOCK*)0)->u.aligned.c);
mpi-genesis~ 418
mpi-genesis~ 419 if( newsize <= size )
mpi-genesis~ 420 return p;
mpi-genesis~ 421 a = secmem_malloc( newsize );
mpi-genesis~ 422 if ( a ) {
mpi-genesis~ 423 memcpy(a, p, size);
mpi-genesis~ 424 memset((char*)a+size, 0, newsize-size);
mpi-genesis~ 425 secmem_free(p);
mpi-genesis~ 426 }
mpi-genesis~ 427 return a;
mpi-genesis~ 428 }
mpi-genesis~ 429
mpi-genesis~ 430
mpi-genesis~ 431 void
mpi-genesis~ 432 secmem_free( void *a )
mpi-genesis~ 433 {
mpi-genesis~ 434 MEMBLOCK *mb;
mpi-genesis~ 435 size_t size;
mpi-genesis~ 436
mpi-genesis~ 437 if( !a )
mpi-genesis~ 438 return;
mpi-genesis~ 439
mpi-genesis~ 440 mb = (MEMBLOCK*)((char*)a - ((size_t) &((MEMBLOCK*)0)->u.aligned.c));
mpi-genesis~ 441 size = mb->size;
mpi-genesis~ 442
mpi-genesis~ 443 * cache. We do it anyway: */
mpi-genesis~ 444 wipememory2(mb, 0xff, size );
mpi-genesis~ 445 wipememory2(mb, 0xaa, size );
mpi-genesis~ 446 wipememory2(mb, 0x55, size );
mpi-genesis~ 447 wipememory2(mb, 0x00, size );
mpi-genesis~ 448 mb->size = size;
mpi-genesis~ 449 mb->u.next = unused_blocks;
mpi-genesis~ 450 unused_blocks = mb;
mpi-genesis~ 451 cur_blocks--;
mpi-genesis~ 452 cur_alloced -= size;
mpi-genesis~ 453 }
mpi-genesis~ 454
mpi-genesis~ 455
mpi-genesis~ 456
mpi-genesis~ 457 static int
mpi-genesis~ 458 ptr_into_pool_p (const void *p)
mpi-genesis~ 459 {
mpi-genesis~ 460
mpi-genesis~ 461 C-99 6.5.8 to avoid undefined behaviour. Using size_t is at
mpi-genesis~ 462 least only implementation defined. See also
mpi-genesis~ 463 http:
mpi-genesis~ 464 */
mpi-genesis~ 465 size_t p_addr = (size_t)p;
mpi-genesis~ 466 size_t pool_addr = (size_t)pool;
mpi-genesis~ 467
mpi-genesis~ 468 return p_addr >= pool_addr && p_addr < pool_addr+poolsize;
mpi-genesis~ 469 }
mpi-genesis~ 470
mpi-genesis~ 471
mpi-genesis~ 472 int
mpi-genesis~ 473 m_is_secure( const void *p )
mpi-genesis~ 474 {
mpi-genesis~ 475 return pool_okay && ptr_into_pool_p (p);
mpi-genesis~ 476 }
mpi-genesis~ 477
mpi-genesis~ 478
mpi-genesis~ 479
mpi-genesis~ 480
mpi-genesis~ 481 * Warning: This code might be called by an interrupt handler
mpi-genesis~ 482 * and frankly, there should really be such a handler,
mpi-genesis~ 483 * to make sure that the memory is wiped out.
mpi-genesis~ 484 * We hope that the OS wipes out mlocked memory after
mpi-genesis~ 485 * receiving a SIGKILL - it really should do so, otherwise
mpi-genesis~ 486 * there is no chance to get the secure memory cleaned.
mpi-genesis~ 487 */
mpi-genesis~ 488 void
mpi-genesis~ 489 secmem_term()
mpi-genesis~ 490 {
mpi-genesis~ 491 if( !pool_okay )
mpi-genesis~ 492 return;
mpi-genesis~ 493
mpi-genesis~ 494 wipememory2( pool, 0xff, poolsize);
mpi-genesis~ 495 wipememory2( pool, 0xaa, poolsize);
mpi-genesis~ 496 wipememory2( pool, 0x55, poolsize);
mpi-genesis~ 497 wipememory2( pool, 0x00, poolsize);
mpi-genesis~ 498 #ifdef HAVE_MMAP
mpi-genesis~ 499 if( pool_is_mmapped )
mpi-genesis~ 500 munmap( pool, poolsize );
mpi-genesis~ 501 #endif
mpi-genesis~ 502 pool = NULL;
mpi-genesis~ 503 pool_okay = 0;
mpi-genesis~ 504 poolsize=0;
mpi-genesis~ 505 poollen=0;
mpi-genesis~ 506 unused_blocks=NULL;
mpi-genesis~ 507 }
mpi-genesis~ 508
mpi-genesis~ 509
mpi-genesis~ 510 void
mpi-genesis~ 511 secmem_dump_stats()
mpi-genesis~ 512 {
mpi-genesis~ 513 if( disable_secmem )
mpi-genesis~ 514 return;
mpi-genesis~ 515 fprintf(stderr,
mpi-genesis~ 516 "secmem usage: %u/%u bytes in %u/%u blocks of pool %lu/%lu\n",
mpi-genesis~ 517 cur_alloced, max_alloced, cur_blocks, max_blocks,
mpi-genesis~ 518 (ulong)poollen, (ulong)poolsize );
mpi-genesis~ 519 }