Do more complete initialization of libgcrypt

If libvirt makes any gcry_control() calls, then this prevents gnutls for doing any initialization. As such we must take care to do full initialization of libcrypt on a par with what gnutls would have done. In particular we must disable "sec mem" for cases where the user does not have mlock() permission. We also skip our init of libgcrypt if something else (ie the app using libvirt) has beaten us to it. https://bugzilla.redhat.com/show_bug.cgi?id=951630 Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2025-01-23 21:15:20 +00:00 · 2013-04-12 17:25:03 +01:00 · 2013-04-12 17:25:03 +01:00 · e16e2a8bbb
commit e16e2a8bbb
parent 63b68f3cb4
1 changed files with 13 additions and 2 deletions
--- a/src/libvirt.c
+++ b/src/libvirt.c
@ -409,8 +409,19 @@ virGlobalInit(void)
        goto error;

 #ifdef WITH_GNUTLS
-    gcry_control(GCRYCTL_SET_THREAD_CBS, &virTLSThreadImpl);
-    gcry_check_version(NULL);
+    /*
+     * This sequence of API calls it copied exactly from
+     * gnutls 2.12.23 source lib/gcrypt/init.c, with
+     * exception that GCRYCTL_ENABLE_QUICK_RANDOM, is
+     * dropped
+     */
+    if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P) == 0) {
+        gcry_control(GCRYCTL_SET_THREAD_CBS, &virTLSThreadImpl);
+        gcry_check_version(NULL);
+
+        gcry_control(GCRYCTL_DISABLE_SECMEM, NULL, 0);
+        gcry_control(GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
+    }
 #endif

    virLogSetFromEnv();