Use of libgcrypt in libc?
Werner Koch
wk at gnupg.org
Tue Jun 30 12:41:48 CEST 2009
On Tue, 16 Jun 2009 10:47, simon at josefsson.org said:
> and it suggests to recommend solution is that applications initialize
> libgcrypt, which I don't see how it would work in glibc.
We would need to address a couple of problems. Of course glibc could do
the initialization but only in a standard way without too much secure
memory or with disabled secure memory.
That would lead to problems with applications requiring a different
memory allocator and definitely with FIPS mode.
The best solution I can think about are a modified memory allocator in
glibc to allow setting flags on allocated memory blocks. With such a
feature custom handlers could be invoked from the standard free or
malloc and do whatever they want (i.e clear out that memory or mlock
it). Not an easy change though.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gcrypt-devel
mailing list