The gcrypt threads implementation must be set before calling gcry_check_version, since that triggers initialization of the random pool. After that is initialized, changes to the threads impl won't be honoured by the random pool code. This means that gcrypt will think thread locking is needed and so try to acquire the random pool mutex, but this is NULL as no threads impl was set originally. This results in a crash in the random pool code.
For the same reasons, gnutls_init must be done after QEMU initializes gcrypt, since gnutls will itself calling the gcry_check_version function. Reviewed-by: Eric Blake <ebl...@redhat.com> Signed-off-by: Daniel P. Berrange <berra...@redhat.com> --- crypto/init.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/crypto/init.c b/crypto/init.c index 16e099b..403f3a9 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -119,6 +119,17 @@ static struct gcry_thread_cbs qcrypto_gcrypt_thread_impl = { int qcrypto_init(Error **errp) { +#ifdef CONFIG_GCRYPT +#ifdef QCRYPTO_INIT_GCRYPT_THREADS + gcry_control(GCRYCTL_SET_THREAD_CBS, &qcrypto_gcrypt_thread_impl); +#endif /* QCRYPTO_INIT_GCRYPT_THREADS */ + if (!gcry_check_version(GCRYPT_VERSION)) { + error_setg(errp, "Unable to initialize gcrypt"); + return -1; + } + gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); +#endif + #ifdef CONFIG_GNUTLS int ret; ret = gnutls_global_init(); @@ -134,16 +145,5 @@ int qcrypto_init(Error **errp) #endif #endif -#ifdef CONFIG_GCRYPT - if (!gcry_check_version(GCRYPT_VERSION)) { - error_setg(errp, "Unable to initialize gcrypt"); - return -1; - } -#ifdef QCRYPTO_INIT_GCRYPT_THREADS - gcry_control(GCRYCTL_SET_THREAD_CBS, &qcrypto_gcrypt_thread_impl); -#endif /* QCRYPTO_INIT_GCRYPT_THREADS */ - gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); -#endif - return 0; } -- 2.7.4