bn/bn_exp.c: constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.

[openssl.git] / ssl / ssl_init.c

diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index 67e431941a5bcbf1a994876519a686f94a418434..7d89ed0a60e55349ed1da71f385f1a081784696c 100644 (file)
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -294,18 +294,32 @@ static void ssl_library_stop(void)
     }
 }
 
+
 /*
  * If this function is called with a non NULL settings value then it must be
  * called prior to any threads making calls to any OpenSSL functions,
  * i.e. passing a non-null settings value is assumed to be single-threaded.
  */
-void OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
 {
-    /* XXX TODO WARNING To be updated to return a value not assert. */
-    assert(!stopped);
+    static int stoperrset = 0;
+
+    if (stopped) {
+        if (!stoperrset) {
+            /*
+             * We only ever set this once to avoid getting into an infinite
+             * loop where the error system keeps trying to init and fails so
+             * sets an error etc
+             */
+            stoperrset = 1;
+            SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL);
+        }
+        return 0;
+    }
 
-    OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
-                             | OPENSSL_INIT_ADD_ALL_DIGESTS, settings);
+    if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
+                             | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
+        return 0;
 
     ossl_init_once_run(&ssl_base, ossl_init_ssl_base);
 
@@ -314,5 +328,7 @@ void OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
 
     if (opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
         ossl_init_once_run(&ssl_strings, ossl_init_load_ssl_strings);
+
+    return 1;
 }