Randomize the global siphash key at startup

This completes our conversion to using siphash for our hash functions.

2 files changed, 20 insertions, 3 deletions

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 13095ad79..49dc55a3e 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -260,8 +260,23 @@ crypto_force_rand_ssleay(void)
   return 0;
 }
 
-/** Initialize the parts of the crypto library that don't depend on
- * settings or options.  Return 0 on success, -1 on failure.
+/** Set up the siphash key if we haven't already done so. */
+int
+crypto_init_siphash_key(void)
+{
+  static int have_seeded_siphash = 0;
+  struct sipkey key;
+  if (have_seeded_siphash)
+    return 0;
+
+  if (crypto_rand((char*) &key, sizeof(key)) < 0)
+    return -1;
+  siphash_set_global_key(&key);
+  have_seeded_siphash = 1;
+  return 0;
+}
+
+/** Initialize the crypto library.  Return 0 on success, -1 on failure.
  */
 int
 crypto_early_init(void)
@@ -295,6 +310,8 @@ crypto_early_init(void)
 
     if (crypto_seed_rng(1) < 0)
       return -1;
+    if (crypto_init_siphash_key() < 0)
+      return -1;
   }
   return 0;
 }
@@ -379,7 +396,6 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
 
     evaluate_evp_for_aes(-1);
     evaluate_ctr_for_aes();
-
   }
   return 0;
 }
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 79a8a1bda..3666d5f9a 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -257,6 +257,7 @@ uint64_t crypto_rand_uint64(uint64_t max);
 double crypto_rand_double(void);
 struct tor_weak_rng_t;
 void crypto_seed_weak_rng(struct tor_weak_rng_t *rng);
+int crypto_init_siphash_key(void);
 
 char *crypto_random_hostname(int min_rand_len, int max_rand_len,
                              const char *prefix, const char *suffix);