From: Richard Levitte <levitte@openssl.org>
Date: Sat, 25 Nov 2017 11:02:58 +0000 (+0100)
Subject: In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto()
X-Git-Tag: OpenSSL_1_1_1-pre1~342
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=0a90a6831e02e00d9043ada635421cfd3da5ffe2

In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto()

IF OPENSSL_init_ssl() is called with the option flag
OPENSSL_INIT_LOAD_CONFIG, any SSL config will be handled wrongly
(i.e. there will be an attempt to load libssl_conf.so or whatever
corresponds to that on non-Unix platforms).  Therefore, at least
SSL_add_ssl_module() MUST be called before OPENSSL_init_crypto() is
called.  The base ssl init does that, plus adds all kinds of ciphers
and digests, which is harmless.

Fixes #4788

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4792)
---

diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index 8eb6ef1c84..34e67736d1 100644
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -195,11 +195,11 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)
         return 0;
     }
 
-    if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
-                             | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
+    if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
         return 0;
 
-    if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
+    if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
+                             | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
         return 0;
 
     if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)