Simplify the logic for no_secure_memory.
209d98dcf66b
Actions

Description

Simplify the logic for no_secure_memory.

* src/global.c (_gcry_vcontrol): Don't set NO_SECURE_MEMORY when
FIPS mode is enabled.
(get_no_secure_memory): Remove.  Don't touch NO_SECURE_MEMORY,
when examining the variable.
(do_malloc, _gcry_is_secure): Just use NO_SECURE_MEMORY.

By ignoring GCRYCTL_DISABLE_SECMEM when FIPS, the code is now
straightforward.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance

• gniibe

Authored on Dec 16 2021, 3:34 AM

Parents

rC0c1d55a84c89: Add SM3 x86-64 AVX/BMI2 assembly implementation

Branches

Unknown

Tags

Unknown

Event Timeline

• gniibe committed rC209d98dcf66b: Simplify the logic for no_secure_memory. (authored by • gniibe).Dec 16 2021, 3:34 AM

• gniibe mentioned this in T5636: Run integrity checks + selftests from library constructor in FIPS.Dec 16 2021, 5:13 AM

Changes (1)

Path

Size

src/

global.c

rC209d98dcf66b

View Options