abort pluto or charon if initialization fails

5 files changed, 23 insertions, 12 deletions

diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c
index 1adccc74e..f47ad1eeb 100644
--- a/src/pluto/crypto.c
+++ b/src/pluto/crypto.c
@@ -235,7 +235,7 @@ static struct dh_desc dh_desc_ecp_224 = {
 	ke_size:    2*224 / BITS_PER_BYTE
 };
 
-void init_crypto(void)
+bool init_crypto(void)
 {
 	enumerator_t *enumerator;
 	encryption_algorithm_t encryption_alg;
@@ -275,13 +275,13 @@ void init_crypto(void)
 	}
 	enumerator->destroy(enumerator);
 
-	if (no_sha1)
+	if (no_sha1 || no_md5)
 	{
-		exit_log("pluto cannot run without a SHA-1 hasher");
-	}
-	if (no_md5)
-	{
-		exit_log("pluto cannot run without an MD5 hasher");
+		plog("pluto cannot run without a %s%s%s hasher",
+			 (no_sha1) ? "SHA-1" : "",
+			 (no_sha1 && no_md5) ? " and " : "",
+			 (no_md5) ? "MD5" : "");
+		return FALSE;
 	}
 		
 	enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
@@ -363,6 +363,7 @@ void init_crypto(void)
 		ike_alg_add((struct ike_alg *)desc);
 	}
 	enumerator->destroy(enumerator);
+	return TRUE;
 }
 
 void free_crypto(void)
diff --git a/src/pluto/crypto.h b/src/pluto/crypto.h
index 06c4e1d1a..019ba5764 100644
--- a/src/pluto/crypto.h
+++ b/src/pluto/crypto.h
@@ -20,7 +20,7 @@
 
 #include "ike_alg.h"
 
-extern void init_crypto(void);
+extern bool init_crypto(void);
 extern void free_crypto(void);
 
 extern const struct dh_desc unset_group;      /* magic signifier */
diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c
index af0c98821..5d0e008f3 100644
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@@ -655,13 +655,16 @@ int main(int argc, char **argv)
 		lib->settings->get_str(lib->settings, "pluto.load", PLUGINS));
 	print_plugins();
 
+	if (!init_secret() || !init_crypto())
+	{
+		plog("initialization failed - aborting pluto");
+		exit_pluto(SS_RC_INITIALIZATION_FAILED);
+	}
 	init_nat_traversal(nat_traversal, keep_alive, force_keepalive, nat_t_spf);
 	init_virtual_ip(virtual_private);
 	scx_init(pkcs11_module_path, pkcs11_init_args);
 	xauth_init();
-	init_secret();
 	init_states();
-	init_crypto();
 	init_demux();
 	init_kernel();
 	init_adns();
diff --git a/src/pluto/timer.c b/src/pluto/timer.c
index a61baa966..89082f88e 100644
--- a/src/pluto/timer.c
+++ b/src/pluto/timer.c
@@ -140,14 +140,21 @@ void event_schedule(enum event_type type, time_t tm, struct state *st)
  * Generate the secret value for responder cookies, and
  * schedule an event for refresh.
  */
-void init_secret(void)
+bool init_secret(void)
 {
 	rng_t *rng;
 	 
 	rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+
+	if (rng == NULL)
+	{
+		plog("secret initialization failed, no RNG supported");
+		return FALSE;
+	}
 	rng->get_bytes(rng, sizeof(secret_of_the_day), secret_of_the_day);
 	rng->destroy(rng);
     event_schedule(EVENT_REINIT_SECRET, EVENT_REINIT_SECRET_DELAY, NULL);
+	return true;
 }
 
 /**
diff --git a/src/pluto/timer.h b/src/pluto/timer.h
index 322aeba6a..c8e9b727c 100644
--- a/src/pluto/timer.h
+++ b/src/pluto/timer.h
@@ -31,4 +31,4 @@ extern void delete_event(struct state *st);
 extern void delete_dpd_event(struct state *st);
 extern void daily_log_event(void);
 extern void free_events(void);
-extern void init_secret(void);
+extern bool init_secret(void);