Implement overflow secmem pools for xmalloc style allocators.

* src/secmem.c (pooldesc_s): Add fields next, cur_alloced, and
cur_blocks.
(cur_alloced, cur_blocks): Remove vars.
(ptr_into_pool_p): Make it inline.
(stats_update): Add arg pool and update the new pool specific
counters.
(_gcry_secmem_malloc_internal): Add arg xhint and allocate overflow
pools as needed.
(_gcry_secmem_malloc): Pass XHINTS along.
(_gcry_secmem_realloc_internal): Ditto.
(_gcry_secmem_realloc): Ditto.
(_gcry_secmem_free_internal): Take multiple pools in account.  Add
return value to indicate whether the arg was freed.
(_gcry_secmem_free): Add return value to indicate whether the arg was
freed.
(_gcry_private_is_secure): Take multiple pools in account.
(_gcry_secmem_term): Release all pools.
(_gcry_secmem_dump_stats): Print stats for all pools.
* src/stdmem.c (_gcry_private_free): Replace _gcry_private_is_secure
test with a direct call of _gcry_secmem_free to avoid double checking.
--

This patch avoids process termination due to an out-of-secure-memory
condition in the MPI subsystem.  We consider it more important to have
reliable MPI computations than process termination due the need for
memory which is protected against being swapped out.  Using encrypted
swap is anyway a more reliable protection than those mlock'ed pages.
Note also that mlock'ed pages won't help against hibernation.

GnuPG-bug-id: 2857
Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 1 insertions, 1 deletions

diff --git a/src/secmem.h b/src/secmem.h
index c69fe88d..29dd64fc 100644
--- a/src/secmem.h
+++ b/src/secmem.h
@@ -25,7 +25,7 @@ void _gcry_secmem_init (size_t npool);
 void _gcry_secmem_term (void);
 void *_gcry_secmem_malloc (size_t size, int xhint) _GCRY_GCC_ATTR_MALLOC;
 void *_gcry_secmem_realloc (void *a, size_t newsize, int xhint);
-void _gcry_secmem_free (void *a);
+int  _gcry_secmem_free (void *a);
 void _gcry_secmem_dump_stats (int extended);
 void _gcry_secmem_set_flags (unsigned flags);
 unsigned _gcry_secmem_get_flags(void);