Commit 37316663 authored Oct 10, 2016 by Daniel P. Berrangé

crypto: fix initialization of gcrypt threading



The gcrypt threads implementation must be set before calling
any other gcrypt APIs, especially gcry_check_version(),
since that triggers initialization of the random pool. After
that is initialized, changes to the threads impl won't be
honoured by the random pool code. This means that gcrypt
will think thread locking is needed and so try to acquire
the random pool mutex, but this is NULL as no threads impl
was set originally. This results in a crash in the random
pool code.

For the same reasons, we must set the gcrypt threads impl
before calling gnutls_init, since that will also trigger
gcry_check_version

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

parent d26d6b5d

crypto/init.c

+4 −3

Original line number	Diff line number	Diff line
		@@ -119,6 +119,10 @@ static struct gcry_thread_cbs qcrypto_gcrypt_thread_impl = {

		int qcrypto_init(Error **errp)
		{
		#ifdef QCRYPTO_INIT_GCRYPT_THREADS
		gcry_control(GCRYCTL_SET_THREAD_CBS, &qcrypto_gcrypt_thread_impl);
		#endif /* QCRYPTO_INIT_GCRYPT_THREADS */

		#ifdef CONFIG_GNUTLS
		int ret;
		ret = gnutls_global_init();
		@@ -139,9 +143,6 @@ int qcrypto_init(Error **errp)
		error_setg(errp, "Unable to initialize gcrypt");
		return -1;
		}
		#ifdef QCRYPTO_INIT_GCRYPT_THREADS
		gcry_control(GCRYCTL_SET_THREAD_CBS, &qcrypto_gcrypt_thread_impl);
		#endif /* QCRYPTO_INIT_GCRYPT_THREADS */
		gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
		#endif