Commit 8ebceeb3 authored by Nick Mathewson's avatar Nick Mathewson 🥔
Browse files

Make sure that even in the weird fiddly paths that lead to init_keys,

crypto_global_init gets called.  Also have it be crypto_global_init
that calls crypto_seed_rng, so we are not dependent on OpenSSL's
RAND_poll in these fiddly cases.

Should fix bug 907.  Bugfix on 0.0.9pre6.  Backport candidate.

svn:r18210
parent bf2b71be
Loading
Loading
Loading
Loading
+3 −0
Original line number Diff line number Diff line
@@ -6,6 +6,9 @@ Changes in version 0.2.1.12-alpha - 2009-01-??
      0.2.1.11-alpha.
    - Fix a bug in address parsing that was preventing bridges or hidden
      service targets from being at IPv6 addresses.
    - Solve a bug that kept hardware crypto acceleration from getting
      enabled when accounting was turned on.  Fixes bug 907.  Bugfix on
      0.0.9pre6.


Changes in version 0.2.1.11-alpha - 2009-01-20
+1 −0
Original line number Diff line number Diff line
@@ -197,6 +197,7 @@ crypto_global_init(int useAccel)
      log_engine("3DES", ENGINE_get_cipher_engine(NID_des_ede3_ecb));
      log_engine("AES", ENGINE_get_cipher_engine(NID_aes_128_ecb));
    }
    return crypto_seed_rng(1);
  }
  return 0;
}
+2 −3
Original line number Diff line number Diff line
@@ -1817,9 +1817,8 @@ tor_init(int argc, char *argv[])
             "and you probably shouldn't.");
#endif

  crypto_global_init(get_options()->HardwareAccel);
  if (crypto_seed_rng(1)) {
    log_err(LD_BUG, "Unable to seed random number generator. Exiting.");
  if (crypto_global_init(get_options()->HardwareAccel)) {
    log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
    return -1;
  }

+6 −0
Original line number Diff line number Diff line
@@ -444,6 +444,12 @@ init_keys(void)
  if (!key_lock)
    key_lock = tor_mutex_new();

  /* There are a couple of paths that put us here before */
  if (crypto_global_init(get_options()->HardwareAccel)) {
    log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
    return -1;
  }

  /* OP's don't need persistent keys; just make up an identity and
   * initialize the TLS context. */
  if (!server_mode(options)) {