gcrypt: Explicitly initialize RNG backend to allocate static data
authorMartin Willi <martin@revosec.ch>
Mon, 13 Apr 2015 15:12:49 +0000 (17:12 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 15 Apr 2015 12:38:42 +0000 (14:38 +0200)
The libgcrypt RNG implementation uses static buffer allocation which it does
not free. There is no symbol we can catch in leak-detective, hence we explicitly
initialize the RNG during the whitelisted gcrypt_plugin_create() function.

src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c

index 480c083..04f1f43 100644 (file)
@@ -158,6 +158,9 @@ plugin_t *gcrypt_plugin_create()
        }
        gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
 
+       /* initialize static allocations we want to exclude from leak-detective */
+       gcry_create_nonce(NULL, 0);
+
        INIT(this,
                .public = {
                        .plugin = {