Move the initialization and cleanup parts of crypto.c

These are now part of crypto_init.c. The openssl-only parts now live in crypto_openssl_mgt.c. I recommend reviewing this patch with -b and --color-moved.
2024-11-11 13:43:47 +01:00 · 2018-07-11 13:44:35 -04:00 · 2018-07-11 13:44:35 -04:00 · 12a1ada158
commit 12a1ada158
parent 79267bad65
14 changed files with 353 additions and 261 deletions
--- a/src/core/mainloop/main.c
+++ b/src/core/mainloop/main.c
@ -121,6 +121,7 @@
 #include "lib/evloop/compat_libevent.h"
 #include "lib/encoding/confline.h"
 #include "lib/evloop/timers.h"
 #include "lib/crypt_ops/crypto_init.h"
 #include <event2/event.h>
--- a/src/feature/relay/router.c
+++ b/src/feature/relay/router.c
@ -55,6 +55,7 @@
 #include "lib/tls/tortls.h"
 #include "lib/encoding/confline.h"
 #include "lib/crypt_ops/crypto_format.h"
 #include "lib/crypt_ops/crypto_init.h"
 /**
 * \file router.c
--- a/src/lib/crypt_ops/crypto.c
+++ b/src/lib/crypt_ops/crypto.c
@ -38,7 +38,6 @@ DISABLE_GCC_WARNING(redundant-decls)
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/engine.h>
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 #include <openssl/conf.h>
@ -74,211 +73,6 @@ ENABLE_GCC_WARNING(redundant-decls)
 #include <string.h>
 /** Boolean: has OpenSSL's crypto been initialized? */
 static int crypto_early_initialized_ = 0;
 /** Boolean: has OpenSSL's crypto been initialized? */
 static int crypto_global_initialized_ = 0;
 #ifndef DISABLE_ENGINES
 /** Log any OpenSSL engines we're using at NOTICE. */
 static void
 log_engine(const char *fn, ENGINE *e)
 {
  if (e) {
    const char *name, *id;
    name = ENGINE_get_name(e);
    id = ENGINE_get_id(e);
    log_notice(LD_CRYPTO, "Default OpenSSL engine for %s is %s [%s]",
               fn, name?name:"?", id?id:"?");
  } else {
    log_info(LD_CRYPTO, "Using default implementation for %s", fn);
  }
 }
 #endif /* !defined(DISABLE_ENGINES) */
 #ifndef DISABLE_ENGINES
 /** Try to load an engine in a shared library via fully qualified path.
 */
 static ENGINE *
 try_load_engine(const char *path, const char *engine)
 {
  ENGINE *e = ENGINE_by_id("dynamic");
  if (e) {
    if (!ENGINE_ctrl_cmd_string(e, "ID", engine, 0) ||
        !ENGINE_ctrl_cmd_string(e, "DIR_LOAD", "2", 0) ||
        !ENGINE_ctrl_cmd_string(e, "DIR_ADD", path, 0) ||
        !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
      ENGINE_free(e);
      e = NULL;
    }
  }
  return e;
 }
 #endif /* !defined(DISABLE_ENGINES) */
 static int have_seeded_siphash = 0;
 /** Set up the siphash key if we haven't already done so. */
 int
 crypto_init_siphash_key(void)
 {
  struct sipkey key;
  if (have_seeded_siphash)
    return 0;
  crypto_rand((char*) &key, sizeof(key));
  siphash_set_global_key(&key);
  have_seeded_siphash = 1;
  return 0;
 }
 /** Initialize the crypto library.  Return 0 on success, -1 on failure.
 */
 int
 crypto_early_init(void)
 {
  if (!crypto_early_initialized_) {
    crypto_early_initialized_ = 1;
 #ifdef OPENSSL_1_1_API
    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
                     OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
                     OPENSSL_INIT_ADD_ALL_CIPHERS |
                     OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
 #else
    ERR_load_crypto_strings();
    OpenSSL_add_all_algorithms();
 #endif
    setup_openssl_threading();
    unsigned long version_num = OpenSSL_version_num();
    const char *version_str = OpenSSL_version(OPENSSL_VERSION);
    if (version_num == OPENSSL_VERSION_NUMBER &&
        !strcmp(version_str, OPENSSL_VERSION_TEXT)) {
      log_info(LD_CRYPTO, "OpenSSL version matches version from headers "
                 "(%lx: %s).", version_num, version_str);
    } else {
      log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the "
               "version we're running with. If you get weird crashes, that "
               "might be why. (Compiled with %lx: %s; running with %lx: %s).",
               (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
               version_num, version_str);
    }
    crypto_force_rand_ssleay();
    if (crypto_seed_rng() < 0)
      return -1;
    if (crypto_init_siphash_key() < 0)
      return -1;
    curve25519_init();
    ed25519_init();
  }
  return 0;
 }
 /** Initialize the crypto library.  Return 0 on success, -1 on failure.
 */
 int
 crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
 {
  if (!crypto_global_initialized_) {
    if (crypto_early_init() < 0)
      return -1;
    crypto_global_initialized_ = 1;
    if (useAccel > 0) {
 #ifdef DISABLE_ENGINES
      (void)accelName;
      (void)accelDir;
      log_warn(LD_CRYPTO, "No OpenSSL hardware acceleration support enabled.");
 #else
      ENGINE *e = NULL;
      log_info(LD_CRYPTO, "Initializing OpenSSL engine support.");
      ENGINE_load_builtin_engines();
      ENGINE_register_all_complete();
      if (accelName) {
        if (accelDir) {
          log_info(LD_CRYPTO, "Trying to load dynamic OpenSSL engine \"%s\""
                   " via path \"%s\".", accelName, accelDir);
          e = try_load_engine(accelName, accelDir);
        } else {
          log_info(LD_CRYPTO, "Initializing dynamic OpenSSL engine \"%s\""
                   " acceleration support.", accelName);
          e = ENGINE_by_id(accelName);
        }
        if (!e) {
          log_warn(LD_CRYPTO, "Unable to load dynamic OpenSSL engine \"%s\".",
                   accelName);
        } else {
          log_info(LD_CRYPTO, "Loaded dynamic OpenSSL engine \"%s\".",
                   accelName);
        }
      }
      if (e) {
        log_info(LD_CRYPTO, "Loaded OpenSSL hardware acceleration engine,"
                 " setting default ciphers.");
        ENGINE_set_default(e, ENGINE_METHOD_ALL);
      }
      /* Log, if available, the intersection of the set of algorithms
         used by Tor and the set of algorithms available in the engine */
      log_engine("RSA", ENGINE_get_default_RSA());
      log_engine("DH", ENGINE_get_default_DH());
 #ifdef OPENSSL_1_1_API
      log_engine("EC", ENGINE_get_default_EC());
 #else
      log_engine("ECDH", ENGINE_get_default_ECDH());
      log_engine("ECDSA", ENGINE_get_default_ECDSA());
 #endif /* defined(OPENSSL_1_1_API) */
      log_engine("RAND", ENGINE_get_default_RAND());
      log_engine("RAND (which we will not use)", ENGINE_get_default_RAND());
      log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1));
      log_engine("3DES-CBC", ENGINE_get_cipher_engine(NID_des_ede3_cbc));
      log_engine("AES-128-ECB", ENGINE_get_cipher_engine(NID_aes_128_ecb));
      log_engine("AES-128-CBC", ENGINE_get_cipher_engine(NID_aes_128_cbc));
 #ifdef NID_aes_128_ctr
      log_engine("AES-128-CTR", ENGINE_get_cipher_engine(NID_aes_128_ctr));
 #endif
 #ifdef NID_aes_128_gcm
      log_engine("AES-128-GCM", ENGINE_get_cipher_engine(NID_aes_128_gcm));
 #endif
      log_engine("AES-256-CBC", ENGINE_get_cipher_engine(NID_aes_256_cbc));
 #ifdef NID_aes_256_gcm
      log_engine("AES-256-GCM", ENGINE_get_cipher_engine(NID_aes_256_gcm));
 #endif
 #endif /* defined(DISABLE_ENGINES) */
    } else {
      log_info(LD_CRYPTO, "NOT using OpenSSL engine support.");
    }
    if (crypto_force_rand_ssleay()) {
      if (crypto_seed_rng() < 0)
        return -1;
    }
    evaluate_evp_for_aes(-1);
    evaluate_ctr_for_aes();
  }
  return 0;
 }
 /** Free crypto resources held by this thread. */
 void
 crypto_thread_cleanup(void)
 {
 #ifndef NEW_THREAD_API
  ERR_remove_thread_state(NULL);
 #endif
 }
 /** Allocate and return a new symmetric cipher using the provided key and iv.
 * The key is <b>bits</b> bits long; the IV is CIPHER_IV_LEN bytes.  Both
 * must be provided. Key length must be 128, 192, or 256 */
@ -465,45 +259,3 @@ crypto_cipher_decrypt_with_iv(const char *key,
  crypto_cipher_free(cipher);
  return (int)(fromlen - CIPHER_IV_LEN);
 }
 /** @{ */
 /** Uninitialize the crypto library. Return 0 on success. Does not detect
 * failure.
 */
 int
 crypto_global_cleanup(void)
 {
 #ifndef OPENSSL_1_1_API
  EVP_cleanup();
 #endif
 #ifndef NEW_THREAD_API
  ERR_remove_thread_state(NULL);
 #endif
 #ifndef OPENSSL_1_1_API
  ERR_free_strings();
 #endif
  crypto_dh_free_all();
 #ifndef DISABLE_ENGINES
 #ifndef OPENSSL_1_1_API
  ENGINE_cleanup();
 #endif
 #endif
  CONF_modules_unload(1);
 #ifndef OPENSSL_1_1_API
  CRYPTO_cleanup_all_ex_data();
 #endif
  crypto_openssl_free_all();
  crypto_early_initialized_ = 0;
  crypto_global_initialized_ = 0;
  have_seeded_siphash = 0;
  siphash_unset_global_key();
  return 0;
 }
 /** @} */
--- a/src/lib/crypt_ops/crypto.h
+++ b/src/lib/crypt_ops/crypto.h
@ -32,16 +32,6 @@
 typedef struct aes_cnt_cipher crypto_cipher_t;
 /* global state */
 int crypto_init_siphash_key(void);
 int crypto_early_init(void) ATTR_WUR;
 int crypto_global_init(int hardwareAccel,
                       const char *accelName,
                       const char *accelPath) ATTR_WUR;
 void crypto_thread_cleanup(void);
 int crypto_global_cleanup(void);
 /* environment setup */
 crypto_cipher_t *crypto_cipher_new(const char *key);
 crypto_cipher_t *crypto_cipher_new_with_bits(const char *key, int bits);
--- a/src/lib/crypt_ops/crypto_init.c
+++ b/src/lib/crypt_ops/crypto_init.c
@ -0,0 +1,117 @@
 /* Copyright (c) 2001, Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 /**
 * \file crypto_init.c
 *
 * \brief Initialize and shut down Tor's crypto library and subsystem.
 **/
 #include "orconfig.h"
 #include "lib/crypt_ops/crypto_init.h"
 #include "lib/crypt_ops/crypto_curve25519.h"
 #include "lib/crypt_ops/crypto_dh.h"
 #include "lib/crypt_ops/crypto_ed25519.h"
 #include "lib/crypt_ops/crypto_openssl_mgt.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "siphash.h"
 /** Boolean: has OpenSSL's crypto been initialized? */
 static int crypto_early_initialized_ = 0;
 /** Boolean: has OpenSSL's crypto been initialized? */
 static int crypto_global_initialized_ = 0;
 static int have_seeded_siphash = 0;
 /** Set up the siphash key if we haven't already done so. */
 int
 crypto_init_siphash_key(void)
 {
  struct sipkey key;
  if (have_seeded_siphash)
    return 0;
  crypto_rand((char*) &key, sizeof(key));
  siphash_set_global_key(&key);
  have_seeded_siphash = 1;
  return 0;
 }
 /** Initialize the crypto library.  Return 0 on success, -1 on failure.
 */
 int
 crypto_early_init(void)
 {
  if (!crypto_early_initialized_) {
    crypto_early_initialized_ = 1;
 #ifdef ENABLE_OPENSSL
    crypto_openssl_early_init();
 #endif
    if (crypto_seed_rng() < 0)
      return -1;
    if (crypto_init_siphash_key() < 0)
      return -1;
    curve25519_init();
    ed25519_init();
  }
  return 0;
 }
 /** Initialize the crypto library.  Return 0 on success, -1 on failure.
 */
 int
 crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
 {
  if (!crypto_global_initialized_) {
    if (crypto_early_init() < 0)
      return -1;
    crypto_global_initialized_ = 1;
 #ifdef ENABLE_OPENSSL
    return crypto_openssl_late_init(useAccel, accelName, accelDir);
 #endif
  }
  return 0;
 }
 /** Free crypto resources held by this thread. */
 void
 crypto_thread_cleanup(void)
 {
 #ifndef NEW_THREAD_API
  ERR_remove_thread_state(NULL);
 #endif
 }
 /**
 * Uninitialize the crypto library. Return 0 on success. Does not detect
 * failure.
 */
 int
 crypto_global_cleanup(void)
 {
  crypto_dh_free_all();
 #ifdef ENABLE_OPENSSL
  crypto_openssl_global_cleanup();
 #endif
  crypto_early_initialized_ = 0;
  crypto_global_initialized_ = 0;
  have_seeded_siphash = 0;
  siphash_unset_global_key();
  return 0;
 }
--- a/src/lib/crypt_ops/crypto_init.h
+++ b/src/lib/crypt_ops/crypto_init.h
@ -0,0 +1,28 @@
 /* Copyright (c) 2001, Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 /**
 * \file crypto_init.h
 *
 * \brief Headers for crypto_init.c
 **/
 #ifndef TOR_CRYPTO_INIT_H
 #define TOR_CRYPTO_INIT_H
 #include "orconfig.h"
 #include "lib/cc/compat_compiler.h"
 int crypto_init_siphash_key(void);
 int crypto_early_init(void) ATTR_WUR;
 int crypto_global_init(int hardwareAccel,
                       const char *accelName,
                       const char *accelPath) ATTR_WUR;
 void crypto_thread_cleanup(void);
 int crypto_global_cleanup(void);
 #endif /* !defined(TOR_CRYPTO_H) */
--- a/src/lib/crypt_ops/crypto_openssl_mgt.c
+++ b/src/lib/crypt_ops/crypto_openssl_mgt.c
@ -12,8 +12,11 @@
 #include "lib/crypt_ops/compat_openssl.h"
 #include "lib/crypt_ops/crypto_openssl_mgt.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "lib/crypt_ops/aes.h"
 #include "lib/string/util_string.h"
 #include "lib/lock/compat_mutex.h"
 #include "lib/log/log.h"
 #include "lib/testsupport/testsupport.h"
 #include "lib/thread/threads.h"
@ -30,6 +33,7 @@ DISABLE_GCC_WARNING(redundant-decls)
 #include <openssl/conf.h>
 #include <openssl/hmac.h>
 #include <openssl/crypto.h>
 #include <openssl/ssl.h>
 ENABLE_GCC_WARNING(redundant-decls)
@ -144,7 +148,7 @@ setup_openssl_threading(void)
 }
 /** free OpenSSL variables */
-void
+static void
 crypto_openssl_free_all(void)
 {
  tor_free(crypto_openssl_version_str);
@ -164,3 +168,192 @@ crypto_openssl_free_all(void)
  }
 #endif /* !defined(NEW_THREAD_API) */
 }
 /** Perform early (pre-configuration) initialization tasks for OpenSSL. */
 void
 crypto_openssl_early_init(void)
 {
 #ifdef OPENSSL_1_1_API
    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
                     OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
                     OPENSSL_INIT_ADD_ALL_CIPHERS |
                     OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
 #else
    ERR_load_crypto_strings();
    OpenSSL_add_all_algorithms();
 #endif
    setup_openssl_threading();
    unsigned long version_num = OpenSSL_version_num();
    const char *version_str = OpenSSL_version(OPENSSL_VERSION);
    if (version_num == OPENSSL_VERSION_NUMBER &&
        !strcmp(version_str, OPENSSL_VERSION_TEXT)) {
      log_info(LD_CRYPTO, "OpenSSL version matches version from headers "
                 "(%lx: %s).", version_num, version_str);
    } else {
      log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the "
               "version we're running with. If you get weird crashes, that "
               "might be why. (Compiled with %lx: %s; running with %lx: %s).",
               (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
               version_num, version_str);
    }
    crypto_force_rand_ssleay();
 }
 #ifndef DISABLE_ENGINES
 /** Try to load an engine in a shared library via fully qualified path.
 */
 static ENGINE *
 try_load_engine(const char *path, const char *engine)
 {
  ENGINE *e = ENGINE_by_id("dynamic");
  if (e) {
    if (!ENGINE_ctrl_cmd_string(e, "ID", engine, 0) ||
        !ENGINE_ctrl_cmd_string(e, "DIR_LOAD", "2", 0) ||
        !ENGINE_ctrl_cmd_string(e, "DIR_ADD", path, 0) ||
        !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
      ENGINE_free(e);
      e = NULL;
    }
  }
  return e;
 }
 #endif /* !defined(DISABLE_ENGINES) */
 #ifndef DISABLE_ENGINES
 /** Log any OpenSSL engines we're using at NOTICE. */
 static void
 log_engine(const char *fn, ENGINE *e)
 {
  if (e) {
    const char *name, *id;
    name = ENGINE_get_name(e);
    id = ENGINE_get_id(e);
    log_notice(LD_CRYPTO, "Default OpenSSL engine for %s is %s [%s]",
               fn, name?name:"?", id?id:"?");
  } else {
    log_info(LD_CRYPTO, "Using default implementation for %s", fn);
  }
 }
 #endif /* !defined(DISABLE_ENGINES) */
 /** Initialize engines for openssl (if enabled). */
 static void
 crypto_openssl_init_engines(const char *accelName,
                            const char *accelDir)
 {
 #ifdef DISABLE_ENGINES
  (void)accelName;
  (void)accelDir;
  log_warn(LD_CRYPTO, "No OpenSSL hardware acceleration support enabled.");
 #else
  ENGINE *e = NULL;
  log_info(LD_CRYPTO, "Initializing OpenSSL engine support.");
  ENGINE_load_builtin_engines();
  ENGINE_register_all_complete();
  if (accelName) {
    if (accelDir) {
      log_info(LD_CRYPTO, "Trying to load dynamic OpenSSL engine \"%s\""
               " via path \"%s\".", accelName, accelDir);
      e = try_load_engine(accelName, accelDir);
    } else {
      log_info(LD_CRYPTO, "Initializing dynamic OpenSSL engine \"%s\""
               " acceleration support.", accelName);
      e = ENGINE_by_id(accelName);
    }
    if (!e) {
      log_warn(LD_CRYPTO, "Unable to load dynamic OpenSSL engine \"%s\".",
               accelName);
    } else {
      log_info(LD_CRYPTO, "Loaded dynamic OpenSSL engine \"%s\".",
               accelName);
    }
  }
  if (e) {
    log_info(LD_CRYPTO, "Loaded OpenSSL hardware acceleration engine,"
             " setting default ciphers.");
    ENGINE_set_default(e, ENGINE_METHOD_ALL);
  }
  /* Log, if available, the intersection of the set of algorithms
     used by Tor and the set of algorithms available in the engine */
  log_engine("RSA", ENGINE_get_default_RSA());
  log_engine("DH", ENGINE_get_default_DH());
 #ifdef OPENSSL_1_1_API
  log_engine("EC", ENGINE_get_default_EC());
 #else
  log_engine("ECDH", ENGINE_get_default_ECDH());
  log_engine("ECDSA", ENGINE_get_default_ECDSA());
 #endif /* defined(OPENSSL_1_1_API) */
  log_engine("RAND", ENGINE_get_default_RAND());
  log_engine("RAND (which we will not use)", ENGINE_get_default_RAND());
  log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1));
  log_engine("3DES-CBC", ENGINE_get_cipher_engine(NID_des_ede3_cbc));
  log_engine("AES-128-ECB", ENGINE_get_cipher_engine(NID_aes_128_ecb));
  log_engine("AES-128-CBC", ENGINE_get_cipher_engine(NID_aes_128_cbc));
 #ifdef NID_aes_128_ctr
  log_engine("AES-128-CTR", ENGINE_get_cipher_engine(NID_aes_128_ctr));
 #endif
 #ifdef NID_aes_128_gcm
  log_engine("AES-128-GCM", ENGINE_get_cipher_engine(NID_aes_128_gcm));
 #endif
  log_engine("AES-256-CBC", ENGINE_get_cipher_engine(NID_aes_256_cbc));
 #ifdef NID_aes_256_gcm
  log_engine("AES-256-GCM", ENGINE_get_cipher_engine(NID_aes_256_gcm));
 #endif
 #endif /* defined(DISABLE_ENGINES) */
 }
 /** Perform late (post-init) initialization tasks for OpenSSL */
 int
 crypto_openssl_late_init(int useAccel, const char *accelName,
                         const char *accelDir)
 {
  if (useAccel > 0) {
    crypto_openssl_init_engines(accelName, accelDir);
  } else {
    log_info(LD_CRYPTO, "NOT using OpenSSL engine support.");
  }
  if (crypto_force_rand_ssleay()) {
    if (crypto_seed_rng() < 0)
      return -1;
  }
  evaluate_evp_for_aes(-1);
  evaluate_ctr_for_aes();
  return 0;
 }
 /** Clean up global resources held by openssl. */
 void
 crypto_openssl_global_cleanup(void)
 {
  #ifndef OPENSSL_1_1_API
  EVP_cleanup();
 #endif
 #ifndef NEW_THREAD_API
  ERR_remove_thread_state(NULL);
 #endif
 #ifndef OPENSSL_1_1_API
  ERR_free_strings();
 #endif
 #ifndef DISABLE_ENGINES
 #ifndef OPENSSL_1_1_API
  ENGINE_cleanup();
 #endif
 #endif
  CONF_modules_unload(1);
 #ifndef OPENSSL_1_1_API
  CRYPTO_cleanup_all_ex_data();
 #endif
  crypto_openssl_free_all();
 }
--- a/src/lib/crypt_ops/crypto_openssl_mgt.h
+++ b/src/lib/crypt_ops/crypto_openssl_mgt.h
@ -76,7 +76,10 @@ const char * crypto_openssl_get_header_version_str(void);
 /* OpenSSL threading setup function */
 int setup_openssl_threading(void);
-/* Tor OpenSSL utility functions */
+void crypto_openssl_early_init(void);
-void crypto_openssl_free_all(void);
+int crypto_openssl_late_init(int useAccel, const char *accelName,
                             const char *accelDir);
 void crypto_openssl_global_cleanup(void);
 #endif /* !defined(TOR_CRYPTO_OPENSSL_H) */
--- a/src/lib/crypt_ops/include.am
+++ b/src/lib/crypt_ops/include.am
@ -14,6 +14,7 @@ src_lib_libtor_crypt_ops_a_SOURCES =			\
 	src/lib/crypt_ops/crypto_ed25519.c		\
 	src/lib/crypt_ops/crypto_format.c		\
 	src/lib/crypt_ops/crypto_hkdf.c			\
 	src/lib/crypt_ops/crypto_init.c			\
 	src/lib/crypt_ops/crypto_openssl_mgt.c		\
 	src/lib/crypt_ops/crypto_pwbox.c		\
 	src/lib/crypt_ops/crypto_rand.c			\
@ -40,6 +41,7 @@ noinst_HEADERS +=					\
 	src/lib/crypt_ops/crypto_format.h		\
 	src/lib/crypt_ops/crypto.h			\
 	src/lib/crypt_ops/crypto_hkdf.h			\
 	src/lib/crypt_ops/crypto_init.h			\
 	src/lib/crypt_ops/crypto_openssl_mgt.h		\
 	src/lib/crypt_ops/crypto_pwbox.h		\
 	src/lib/crypt_ops/crypto_rand.h			\
--- a/src/test/bench.c
+++ b/src/test/bench.c
@ -33,6 +33,7 @@
 #include "core/or/or_circuit_st.h"
 #include "lib/crypt_ops/digestset.h"
 #include "lib/crypt_ops/crypto_init.h"
 #if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
 static uint64_t nanostart;
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@ -16,6 +16,7 @@
 #include "lib/crypt_ops/crypto_format.h"
 #include "lib/crypt_ops/crypto_hkdf.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "lib/crypt_ops/crypto_init.h"
 #include "ed25519_vectors.inc"
 #ifdef HAVE_SYS_STAT_H
--- a/src/test/test_workqueue.c
+++ b/src/test/test_workqueue.c
@ -12,6 +12,7 @@
 #include "lib/net/alertsock.h"
 #include "lib/evloop/compat_libevent.h"
 #include "lib/intmath/weakrng.h"
 #include "lib/crypt_ops/crypto_init.h"
 #include <stdio.h>
--- a/src/test/testing_common.c
+++ b/src/test/testing_common.c
@ -23,6 +23,7 @@
 #include "core/mainloop/main.h"
 #include "lib/compress/compress.h"
 #include "lib/evloop/compat_libevent.h"
 #include "lib/crypt_ops/crypto_init.h"
 #include <stdio.h>
 #ifdef HAVE_FCNTL_H
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@ -14,6 +14,7 @@
 #endif
 #include "lib/cc/compat_compiler.h"
 #include "lib/crypt_ops/crypto_init.h"
 /* Some versions of OpenSSL declare X509_STORE_CTX_set_verify_cb twice in
 * x509.h and x509_vfy.h. Suppress the GCC warning so we can build with