Make OpenSSL init get called automatically at process launch, and some more scatter gather work.

crypto/Cargo.toml

@@ -19,6 +19,7 @@ foreign-types = "0.5.0"
 libc = "0.2"
 lazy_static = "^1"
 rand_core = "0.6.4"
+ctor = "^0"
 #ed25519-dalek still uses rand_core 0.5.1, and that version is incompatible with 0.6.4, so we need to import and implement both.
 rand_core_051 = { package = "rand_core", version = "0.5.1" }
 

crypto/src/aes_tests.rs

@@ -1,14 +1,12 @@
 #[cfg(test)]
 mod test {
     use crate::aes::AesGcm;
-    use crate::init;
     use crate::secret::Secret;
     use hex_literal::hex;
     use std::time::SystemTime;
 
     #[test]
     fn aes_256_gcm() {
-        init();
         let key = Secret::move_bytes([1u8; 32]);
         let mut enc = AesGcm::<true>::new(&key);
         let mut dec = AesGcm::<false>::new(&key);

crypto/src/bn.rs

@@ -845,14 +845,10 @@ impl Neg for BigNum {
 
 #[cfg(test)]
 mod tests {
-    use crate::{
+    use crate::bn::{BigNum, BigNumContext};
-        bn::{BigNum, BigNumContext},
-        init,
-    };
 
     #[test]
     fn test_to_from_slice() {
-        init();
         let v0 = BigNum::from_u32(10_203_004).unwrap();
         let vec = v0.to_vec();
         let v1 = BigNum::from_slice(&vec).unwrap();
@@ -862,7 +858,6 @@ mod tests {
 
     #[test]
     fn test_negation() {
-        init();
         let a = BigNum::from_u32(909_829_283).unwrap();
 
         assert!(!a.is_negative());
@@ -871,7 +866,6 @@ mod tests {
 
     #[test]
     fn test_shift() {
-        init();
         let a = BigNum::from_u32(909_829_283).unwrap();
 
         assert!(a == &(&a << 1) >> 1);
@@ -880,7 +874,6 @@ mod tests {
     #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
     #[test]
     fn test_prime_numbers() {
-        init();
         let a = BigNum::from_u32(19_029_017).unwrap();
         let mut p = BigNum::new().unwrap();
         p.generate_prime(128, true, None, Some(&a)).unwrap();
@@ -893,7 +886,6 @@ mod tests {
     #[cfg(ossl110)]
     #[test]
     fn test_secure_bn() {
-        init();
         let a = BigNum::new().unwrap();
         assert!(!a.is_secure());
 
@@ -904,7 +896,6 @@ mod tests {
     #[cfg(ossl110)]
     #[test]
     fn test_const_time_bn() {
-        init();
         let a = BigNum::new().unwrap();
         assert!(!a.is_const_time());
 

crypto/src/cipher_ctx.rs

@@ -127,11 +127,9 @@ impl CipherCtxRef {
 #[cfg(test)]
 mod test {
     use super::*;
-    use crate::init;
 
     #[test]
     fn aes_128_ecb() {
-        init();
         let key = [1u8; 16];
         let ctx = CipherCtx::new().unwrap();
         unsafe {

crypto/src/lib.rs

@@ -33,8 +33,11 @@ pub use aes_gmac_siv_fruity as aes_gmac_siv;
 #[cfg(not(target_os = "macos"))]
 pub use aes_gmac_siv_openssl as aes_gmac_siv;
 
-/// This must be called before using any function from this library.
+use ctor::ctor;
-pub fn init() {
+
+#[ctor]
+fn openssl_init() {
+    println!("OpenSSL init()");
     ffi::init();
 }
 
@@ -52,4 +55,5 @@ pub fn secure_eq<A: AsRef<[u8]> + ?Sized, B: AsRef<[u8]> + ?Sized>(a: &A, b: &B)
         false
     }
 }
+
 pub const ZEROES: [u8; 64] = [0_u8; 64];

crypto/src/p384.rs

@@ -1322,11 +1322,10 @@ pub use openssl_based::*;
 
 #[cfg(test)]
 mod tests {
-    use crate::{init, p384::P384KeyPair, secure_eq};
+    use crate::{p384::P384KeyPair, secure_eq};
 
     #[test]
     fn generate_sign_verify_agree() {
-        init();
         let kp = P384KeyPair::generate();
         let kp2 = P384KeyPair::generate();
 

zssp/src/zssp.rs

@@ -155,7 +155,6 @@ impl<Application: ApplicationLayer> Context<Application> {
     ///
     /// * `max_incomplete_session_queue_size` - Maximum number of incomplete sessions in negotiation phase
     pub fn new(max_incomplete_session_queue_size: usize, default_physical_mtu: usize) -> Self {
-        zerotier_crypto::init();
         Self {
             max_incomplete_session_queue_size,
             default_physical_mtu: AtomicUsize::new(default_physical_mtu),