aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/ffi/ffi.cpp2
-rw-r--r--src/lib/utils/os_utils.cpp21
-rw-r--r--src/lib/utils/os_utils.h8
3 files changed, 22 insertions, 9 deletions
diff --git a/src/lib/ffi/ffi.cpp b/src/lib/ffi/ffi.cpp
index cfc2cb2d5..b0c1f6e71 100644
--- a/src/lib/ffi/ffi.cpp
+++ b/src/lib/ffi/ffi.cpp
@@ -18,7 +18,7 @@ namespace Botan_FFI {
int ffi_error_exception_thrown(const char* func_name, const char* exn, int rc)
{
- if(Botan::OS::running_in_privileged_state() == false && std::getenv("BOTAN_FFI_PRINT_EXCEPTIONS") != nullptr)
+ if(Botan::OS::read_env_variable("BOTAN_FFI_PRINT_EXCEPTIONS") != nullptr)
{
std::fprintf(stderr, "in %s exception '%s' returning %d\n", func_name, exn, rc);
}
diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp
index 265d4aac2..e5267cad6 100644
--- a/src/lib/utils/os_utils.cpp
+++ b/src/lib/utils/os_utils.cpp
@@ -267,17 +267,14 @@ size_t OS::get_memory_locking_limit()
/*
* Allow override via env variable
*/
- if(OS::running_in_privileged_state() == false)
+ if(const char* env = read_env_variable("BOTAN_MLOCK_POOL_SIZE"))
{
- if(const char* env = std::getenv("BOTAN_MLOCK_POOL_SIZE"))
+ try
{
- try
- {
- const size_t user_req = std::stoul(env, nullptr);
- mlock_requested = std::min(user_req, mlock_requested);
- }
- catch(std::exception&) { /* ignore it */ }
+ const size_t user_req = std::stoul(env, nullptr);
+ mlock_requested = std::min(user_req, mlock_requested);
}
+ catch(std::exception&) { /* ignore it */ }
}
if(mlock_requested > 0)
@@ -328,6 +325,14 @@ size_t OS::get_memory_locking_limit()
return 0;
}
+const char* OS::read_env_variable(const std::string& name)
+ {
+ if(running_in_privileged_state())
+ return nullptr;
+
+ return std::getenv(name.c_str());
+ }
+
void* OS::allocate_locked_pages(size_t length)
{
#if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK)
diff --git a/src/lib/utils/os_utils.h b/src/lib/utils/os_utils.h
index 24cbdd5a3..a6044dd18 100644
--- a/src/lib/utils/os_utils.h
+++ b/src/lib/utils/os_utils.h
@@ -80,6 +80,14 @@ size_t get_memory_locking_limit();
size_t system_page_size();
/**
+* Read the value of an environment variable. Return nullptr if
+* no such variable is set. If the process seems to be running in
+* a privileged state (such as setuid) then always returns nullptr,
+* similiar to glibc's secure_getenv.
+*/
+const char* read_env_variable(const std::string& var_name);
+
+/**
* Request so many bytes of page-aligned RAM locked into memory using
* mlock, VirtualLock, or similar. Returns null on failure. The memory
* returned is zeroed. Free it with free_locked_pages.