$OpenBSD: patch-egg_egg-secure-memory_c,v 1.6 2020/01/22 05:47:36 ajacoutot Exp $

using mlock(2) to try avoiding pushing pages to swap is not what the syscall
was intended for and relying on this for security purproses is nonsense especially
that OpenBSD has an encrypted swap
 
Index: egg/egg-secure-memory.c
--- egg/egg-secure-memory.c.orig
+++ egg/egg-secure-memory.c
@@ -863,7 +863,6 @@ sec_acquire_pages (size_t *sz,
 	pgsize = getpagesize ();
 	*sz = (*sz + pgsize -1) & ~(pgsize - 1);
 
-#if defined(HAVE_MLOCK)
 	pages = mmap (0, *sz, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
 	if (pages == MAP_FAILED) {
 		if (show_warning && egg_secure_warnings)
@@ -873,8 +872,9 @@ sec_acquire_pages (size_t *sz,
 		return NULL;
 	}
 
+#if defined(HAVE_MLOCK) && !defined(__OpenBSD__)
 	if (mlock (pages, *sz) < 0) {
-		if (show_warning && egg_secure_warnings && errno != EPERM) {
+		if (show_warning && egg_secure_warnings && errno != EPERM && errno != EAGAIN) {
 			fprintf (stderr, "couldn't lock %lu bytes of memory (%s): %s\n",
 			         (unsigned long)*sz, during_tag, strerror (errno));
 			show_warning = 0;
@@ -882,6 +882,7 @@ sec_acquire_pages (size_t *sz,
 		munmap (pages, *sz);
 		return NULL;
 	}
+#endif
 
 	DEBUG_ALLOC ("gkr-secure-memory: new block ", *sz);
 
@@ -900,14 +901,6 @@ sec_acquire_pages (size_t *sz,
 
 	show_warning = 1;
 	return pages;
-
-#else
-	if (show_warning && egg_secure_warnings)
-		fprintf (stderr, "your system does not support private memory");
-	show_warning = 0;
-	return NULL;
-#endif
-
 }
 
 static void
@@ -916,18 +909,15 @@ sec_release_pages (void *pages, size_t sz)
 	ASSERT (pages);
 	ASSERT (sz % getpagesize () == 0);
 
-#if defined(HAVE_MLOCK)
+#if defined(HAVE_MLOCK) && !defined(__OpenBSD__)
 	if (munlock (pages, sz) < 0 && egg_secure_warnings)
 		fprintf (stderr, "couldn't unlock private memory: %s\n", strerror (errno));
+#endif
 
 	if (munmap (pages, sz) < 0 && egg_secure_warnings)
 		fprintf (stderr, "couldn't unmap private anonymous memory: %s\n", strerror (errno));
 
 	DEBUG_ALLOC ("gkr-secure-memory: freed block ", sz);
-
-#else
-	ASSERT (FALSE);
-#endif
 }
 
 /* -----------------------------------------------------------------------------
