On shutdown, mark openssl as uninitialized.

This causes openssl to get completely reinitialized on startup,
which is probably a good idea.

3 files changed, 15 insertions, 1 deletions

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 85bed538e5..b519caed07 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -283,11 +283,12 @@ crypto_force_rand_ssleay(void)
   return 0;
 }
 
+static int have_seeded_siphash = 0;
+
 /** Set up the siphash key if we haven't already done so. */
 int
 crypto_init_siphash_key(void)
 {
-  static int have_seeded_siphash = 0;
   struct sipkey key;
   if (have_seeded_siphash)
     return 0;
@@ -3495,6 +3496,12 @@ crypto_global_cleanup(void)
 
   tor_free(crypto_openssl_version_str);
   tor_free(crypto_openssl_header_version_str);
+
+  crypto_early_initialized_ = 0;
+  crypto_global_initialized_ = 0;
+  have_seeded_siphash = 0;
+  siphash_unset_global_key();
+
   return 0;
 }
 
diff --git a/src/ext/csiphash.c b/src/ext/csiphash.c
index 508e4f6ceb..0427c87950 100644
--- a/src/ext/csiphash.c
+++ b/src/ext/csiphash.c
@@ -123,3 +123,9 @@ void siphash_set_global_key(const struct sipkey *key)
 	the_siphash_key.k1 = key->k1;
 	the_siphash_key_is_set = 1;
 }
+
+void siphash_unset_global_key(void)
+{
+	the_siphash_key_is_set = 0;
+	memset(&the_siphash_key, 0, sizeof(the_siphash_key));
+}
diff --git a/src/ext/siphash.h b/src/ext/siphash.h
index d9b34b8980..730e49937d 100644
--- a/src/ext/siphash.h
+++ b/src/ext/siphash.h
@@ -9,5 +9,6 @@ uint64_t siphash24(const void *src, unsigned long src_sz, const struct sipkey *k
 
 void siphash_set_global_key(const struct sipkey *key);
 uint64_t siphash24g(const void *src, unsigned long src_sz);
+void siphash_unset_global_key(void);
 
 #endif