From e64fab8b9d04e133a9eeea785700f338be569151 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@zerotier.com>
Date: Mon, 13 Mar 2023 15:20:21 -0400
Subject: [PATCH] Make OpenSSL init get called automatically at process launch,
 and some more scatter gather work.

---
 crypto/Cargo.toml        |  1 +
 crypto/src/aes_tests.rs  |  2 --
 crypto/src/bn.rs         | 11 +----------
 crypto/src/cipher_ctx.rs |  2 --
 crypto/src/lib.rs        |  8 ++++++--
 crypto/src/p384.rs       |  3 +--
 zssp/src/zssp.rs         |  1 -
 7 files changed, 9 insertions(+), 19 deletions(-)

diff --git a/crypto/Cargo.toml b/crypto/Cargo.toml
index dbe98e97b..9a7e18a40 100644
--- a/crypto/Cargo.toml
+++ b/crypto/Cargo.toml
@@ -19,6 +19,7 @@ foreign-types = "0.5.0"
 libc = "0.2"
 lazy_static = "^1"
 rand_core = "0.6.4"
+ctor = "^0"
 #ed25519-dalek still uses rand_core 0.5.1, and that version is incompatible with 0.6.4, so we need to import and implement both.
 rand_core_051 = { package = "rand_core", version = "0.5.1" }
 
diff --git a/crypto/src/aes_tests.rs b/crypto/src/aes_tests.rs
index c85b89420..b89138051 100644
--- a/crypto/src/aes_tests.rs
+++ b/crypto/src/aes_tests.rs
@@ -1,14 +1,12 @@
 #[cfg(test)]
 mod test {
     use crate::aes::AesGcm;
-    use crate::init;
     use crate::secret::Secret;
     use hex_literal::hex;
     use std::time::SystemTime;
 
     #[test]
     fn aes_256_gcm() {
-        init();
         let key = Secret::move_bytes([1u8; 32]);
         let mut enc = AesGcm::<true>::new(&key);
         let mut dec = AesGcm::<false>::new(&key);
diff --git a/crypto/src/bn.rs b/crypto/src/bn.rs
index 01ef5c5d7..7d79cc14f 100644
--- a/crypto/src/bn.rs
+++ b/crypto/src/bn.rs
@@ -845,14 +845,10 @@ impl Neg for BigNum {
 
 #[cfg(test)]
 mod tests {
-    use crate::{
-        bn::{BigNum, BigNumContext},
-        init,
-    };
+    use crate::bn::{BigNum, BigNumContext};
 
     #[test]
     fn test_to_from_slice() {
-        init();
         let v0 = BigNum::from_u32(10_203_004).unwrap();
         let vec = v0.to_vec();
         let v1 = BigNum::from_slice(&vec).unwrap();
@@ -862,7 +858,6 @@ mod tests {
 
     #[test]
     fn test_negation() {
-        init();
         let a = BigNum::from_u32(909_829_283).unwrap();
 
         assert!(!a.is_negative());
@@ -871,7 +866,6 @@ mod tests {
 
     #[test]
     fn test_shift() {
-        init();
         let a = BigNum::from_u32(909_829_283).unwrap();
 
         assert!(a == &(&a << 1) >> 1);
@@ -880,7 +874,6 @@ mod tests {
     #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
     #[test]
     fn test_prime_numbers() {
-        init();
         let a = BigNum::from_u32(19_029_017).unwrap();
         let mut p = BigNum::new().unwrap();
         p.generate_prime(128, true, None, Some(&a)).unwrap();
@@ -893,7 +886,6 @@ mod tests {
     #[cfg(ossl110)]
     #[test]
     fn test_secure_bn() {
-        init();
         let a = BigNum::new().unwrap();
         assert!(!a.is_secure());
 
@@ -904,7 +896,6 @@ mod tests {
     #[cfg(ossl110)]
     #[test]
     fn test_const_time_bn() {
-        init();
         let a = BigNum::new().unwrap();
         assert!(!a.is_const_time());
 
diff --git a/crypto/src/cipher_ctx.rs b/crypto/src/cipher_ctx.rs
index f5cba9441..91ab22bd3 100644
--- a/crypto/src/cipher_ctx.rs
+++ b/crypto/src/cipher_ctx.rs
@@ -127,11 +127,9 @@ impl CipherCtxRef {
 #[cfg(test)]
 mod test {
     use super::*;
-    use crate::init;
 
     #[test]
     fn aes_128_ecb() {
-        init();
         let key = [1u8; 16];
         let ctx = CipherCtx::new().unwrap();
         unsafe {
diff --git a/crypto/src/lib.rs b/crypto/src/lib.rs
index 56d47b4be..f6f34b58d 100644
--- a/crypto/src/lib.rs
+++ b/crypto/src/lib.rs
@@ -33,8 +33,11 @@ pub use aes_gmac_siv_fruity as aes_gmac_siv;
 #[cfg(not(target_os = "macos"))]
 pub use aes_gmac_siv_openssl as aes_gmac_siv;
 
-/// This must be called before using any function from this library.
-pub fn init() {
+use ctor::ctor;
+
+#[ctor]
+fn openssl_init() {
+    println!("OpenSSL init()");
     ffi::init();
 }
 
@@ -52,4 +55,5 @@ pub fn secure_eq<A: AsRef<[u8]> + ?Sized, B: AsRef<[u8]> + ?Sized>(a: &A, b: &B)
         false
     }
 }
+
 pub const ZEROES: [u8; 64] = [0_u8; 64];
diff --git a/crypto/src/p384.rs b/crypto/src/p384.rs
index c20a671b6..fa092f094 100644
--- a/crypto/src/p384.rs
+++ b/crypto/src/p384.rs
@@ -1322,11 +1322,10 @@ pub use openssl_based::*;
 
 #[cfg(test)]
 mod tests {
-    use crate::{init, p384::P384KeyPair, secure_eq};
+    use crate::{p384::P384KeyPair, secure_eq};
 
     #[test]
     fn generate_sign_verify_agree() {
-        init();
         let kp = P384KeyPair::generate();
         let kp2 = P384KeyPair::generate();
 
diff --git a/zssp/src/zssp.rs b/zssp/src/zssp.rs
index dd85ac1d1..4db210db4 100644
--- a/zssp/src/zssp.rs
+++ b/zssp/src/zssp.rs
@@ -155,7 +155,6 @@ impl<Application: ApplicationLayer> Context<Application> {
     ///
     /// * `max_incomplete_session_queue_size` - Maximum number of incomplete sessions in negotiation phase
     pub fn new(max_incomplete_session_queue_size: usize, default_physical_mtu: usize) -> Self {
-        zerotier_crypto::init();
         Self {
             max_incomplete_session_queue_size,
             default_physical_mtu: AtomicUsize::new(default_physical_mtu),