Bring in compatibility for OpenSSL 1.1 style init functions.

This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well
thread safety modifications for the existing LibreSSL init
functions.  The initialization routines are called automatically
by the normal entry points into the library, as in newer OpenSSL

ok jsing@, nits by tb@ and deraadt@

6 files changed, 81 insertions, 5 deletions

diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index 66dae58874..6a397a7df7 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.38 2017/08/13 19:42:33 doug Exp $
+# $OpenBSD: Makefile,v 1.39 2018/03/17 16:20:01 beck Exp $
 
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -33,7 +33,7 @@ SRCS= \
         ssl_ciph.c ssl_stat.c ssl_rsa.c \
         ssl_asn1.c ssl_txt.c ssl_algs.c \
         bio_ssl.c ssl_err.c \
-        ssl_packet.c ssl_tlsext.c ssl_versions.c pqueue.c
+        ssl_packet.c ssl_tlsext.c ssl_versions.c pqueue.c ssl_init.c
 SRCS+=  s3_cbc.c
 SRCS+=  bs_ber.c bs_cbb.c bs_cbs.c
 
diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
index 581b292a74..3b513d5c28 100644
--- a/src/lib/libssl/Symbols.list
+++ b/src/lib/libssl/Symbols.list
@@ -298,3 +298,6 @@ SSL_version
 SSL_version_str
 SSL_want
 SSL_write
+
+/* OpenSSL compatible init */
+OPENSSL_init_ssl
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 05939f214d..97d1c40a66 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.152 2018/03/17 15:55:52 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.153 2018/03/17 16:20:01 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2112,6 +2112,19 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
 #define SSL_R_PEER_BEHAVING_BADLY                        666
 
+/*
+ * OpenSSL compatible OPENSSL_INIT options
+ */
+
+/*
+ * These are provided for compatibiliy, but have no effect
+ * on how LibreSSL is initialized.
+ */
+#define OPENSSL_INIT_LOAD_SSL_STRINGS   _OPENSSL_INIT_FLAG_NOOP
+#define OPENSSL_INIT_SSL_DEFAULT        _OPENSSL_INIT_FLAG_NOOP
+
+int OPENSSL_init_ssl(uint64_t opts, const void *settings);
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/src/lib/libssl/ssl_init.c b/src/lib/libssl/ssl_init.c
new file mode 100644
index 0000000000..0ef80956ed
--- /dev/null
+++ b/src/lib/libssl/ssl_init.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* OpenSSL style init */
+
+#include <pthread.h>
+#include <stdio.h>
+
+#include <openssl/objects.h>
+
+#include "ssl_locl.h"
+
+static pthread_t ssl_init_thread;
+
+static void
+OPENSSL_init_ssl_internal(void)
+{
+        ssl_init_thread = pthread_self();
+        SSL_load_error_strings();
+        SSL_library_init();
+}
+
+int
+OPENSSL_init_ssl(uint64_t opts, const void *settings)
+{
+        static pthread_once_t once = PTHREAD_ONCE_INIT;
+
+        if (pthread_equal(pthread_self(), ssl_init_thread))
+                return 1; /* don't recurse */
+
+        OPENSSL_init_crypto(opts, settings);
+
+        if (pthread_once(&once, OPENSSL_init_ssl_internal) != 0)
+                return 0;
+
+        return 1;
+}
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index eca3c97fac..573e63c934 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.181 2018/03/17 15:48:31 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.182 2018/03/17 16:20:01 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1791,6 +1791,11 @@ SSL_CTX_new(const SSL_METHOD *meth)
 {
         SSL_CTX *ret;
 
+        if (!OPENSSL_init_ssl(0, NULL)) {
+                SSLerrorx(SSL_R_LIBRARY_BUG);
+                return (NULL);
+        }
+
         if (meth == NULL) {
                 SSLerrorx(SSL_R_NULL_SSL_METHOD_PASSED);
                 return (NULL);
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 4903719fb3..51aa2eac04 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.77 2018/03/17 15:55:53 tb Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.78 2018/03/17 16:20:01 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -199,6 +199,11 @@ SSL_SESSION_new(void)
 {
         SSL_SESSION *ss;
 
+        if (!OPENSSL_init_ssl(0, NULL)) {
+                SSLerrorx(SSL_R_LIBRARY_BUG);
+                return(NULL);
+        }
+
         if ((ss = calloc(1, sizeof(*ss))) == NULL) {
                 SSLerrorx(ERR_R_MALLOC_FAILURE);
                 return (NULL);