[Qemu-devel] [PATCH] crypto: fix initialization of gcrypt threading

[Qemu-devel] [PATCH] crypto: fix initialization of gcrypt threading

[Daniel P. Berrange]

The gcrypt threads implementation must be set before calling
gcry_check_version, since that triggers initialization of
the random pool. After that is initialized, changes to the
threads impl won't be honoured by the random pool code. This
means that gcrypt will thing thread locking is needed and
so try to acquire the random pool mutex, but this is NULL
as no threads impl was set originally. This results in a
crash in the random pool code.

For the same reasons, gnutls_init must be done after QEMU
initializes gcrypt, since gnutls will itself calling the
gcry_check_version function.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---

In combination with my previous test case fix, this should
make unit tests pass again on RHEL6 platforms with gcrypt
instead of nettle

 crypto/init.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/crypto/init.c b/crypto/init.c
index 16e099b..403f3a9 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -119,6 +119,17 @@ static struct gcry_thread_cbs qcrypto_gcrypt_thread_impl = {
 
 int qcrypto_init(Error **errp)
 {
+#ifdef CONFIG_GCRYPT
+#ifdef QCRYPTO_INIT_GCRYPT_THREADS
+    gcry_control(GCRYCTL_SET_THREAD_CBS, &qcrypto_gcrypt_thread_impl);
+#endif /* QCRYPTO_INIT_GCRYPT_THREADS */
+    if (!gcry_check_version(GCRYPT_VERSION)) {
+        error_setg(errp, "Unable to initialize gcrypt");
+        return -1;
+    }
+    gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+#endif
+
 #ifdef CONFIG_GNUTLS
     int ret;
     ret = gnutls_global_init();
@@ -134,16 +145,5 @@ int qcrypto_init(Error **errp)
 #endif
 #endif
 
-#ifdef CONFIG_GCRYPT
-    if (!gcry_check_version(GCRYPT_VERSION)) {
-        error_setg(errp, "Unable to initialize gcrypt");
-        return -1;
-    }
-#ifdef QCRYPTO_INIT_GCRYPT_THREADS
-    gcry_control(GCRYCTL_SET_THREAD_CBS, &qcrypto_gcrypt_thread_impl);
-#endif /* QCRYPTO_INIT_GCRYPT_THREADS */
-    gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
-#endif
-
     return 0;
 }
-- 
2.7.4

Re: [Qemu-devel] [PATCH] crypto: fix initialization of gcrypt threading

[Eric Blake]

[-- Attachment #1: Type: text/plain, Size: 1075 bytes --]

On 10/10/2016 06:41 AM, Daniel P. Berrange wrote:
> The gcrypt threads implementation must be set before calling
> gcry_check_version, since that triggers initialization of
> the random pool. After that is initialized, changes to the
> threads impl won't be honoured by the random pool code. This
> means that gcrypt will thing thread locking is needed and

s/thing/think/

> so try to acquire the random pool mutex, but this is NULL
> as no threads impl was set originally. This results in a
> crash in the random pool code.
> 
> For the same reasons, gnutls_init must be done after QEMU
> initializes gcrypt, since gnutls will itself calling the
> gcry_check_version function.
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
> 
> In combination with my previous test case fix, this should
> make unit tests pass again on RHEL6 platforms with gcrypt
> instead of nettle
> 

Reviewed-by: Eric Blake <eblake@redhat.com>

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]