The branch master has been updated via 7d69c07ddf7a27bf4dca250c8a37b8f929d33100 (commit) from effb0dcf864110a4595f1a243adb9c1dd09eb516 (commit)
- Log ----------------------------------------------------------------- commit 7d69c07ddf7a27bf4dca250c8a37b8f929d33100 Author: Tomas Mraz <to...@openssl.org> Date: Wed Jun 2 15:15:45 2021 +0200 OPENSSL_init_crypto must return 0 when cleanup was done Fixes #15581 Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15589) ----------------------------------------------------------------------- Summary of changes: crypto/init.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/crypto/init.c b/crypto/init.c index 49d817c089..552a4fa66c 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -454,6 +454,13 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) uint64_t tmp; int aloaddone = 0; + /* Applications depend on 0 being returned when cleanup was already done */ + if (stopped) { + if (!(opts & OPENSSL_INIT_BASE_ONLY)) + ERR_raise(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL); + return 0; + } + /* * We ignore failures from this function. It is probably because we are * on a platform that doesn't support lockless atomic loads (we may not @@ -476,15 +483,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) /* * At some point we should look at this function with a view to moving * most/all of this into OSSL_LIB_CTX. - */ - - if (stopped) { - if (!(opts & OPENSSL_INIT_BASE_ONLY)) - ERR_raise(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL); - return 0; - } - - /* + * * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the * *only* option specified. With that option we return immediately after * doing the requested limited initialization. Note that