Remove now unnecessary calls to CRYPTO_library_init This was already almost always a no-op, except when built with BORINGSSL_NO_STATIC_INITIALIZER, as Chromium did. After https://boringssl-review.googlesource.com/c/boringssl/+/69508, it became a no-op even in that case too. This means, 7 years later, I can finally atone for my sins and revert the QUIC changes made in https://chromium-review.googlesource.com/c/chromium/src/+/1070648 to accommodate this mess. PiperOrigin-RevId: 745722782
diff --git a/quiche/quic/core/crypto/aead_base_decrypter.cc b/quiche/quic/core/crypto/aead_base_decrypter.cc index b6a3c4f..5f8079d 100644 --- a/quiche/quic/core/crypto/aead_base_decrypter.cc +++ b/quiche/quic/core/crypto/aead_base_decrypter.cc
@@ -20,22 +20,11 @@ namespace quic { using ::quiche::ClearOpenSslErrors; using ::quiche::DLogOpenSslErrors; -namespace { -const EVP_AEAD* InitAndCall(const EVP_AEAD* (*aead_getter)()) { - // Ensure BoringSSL is initialized before calling |aead_getter|. In Chromium, - // the static initializer is disabled. - CRYPTO_library_init(); - return aead_getter(); -} - -} // namespace - -AeadBaseDecrypter::AeadBaseDecrypter(const EVP_AEAD* (*aead_getter)(), - size_t key_size, size_t auth_tag_size, - size_t nonce_size, +AeadBaseDecrypter::AeadBaseDecrypter(const EVP_AEAD* aead_alg, size_t key_size, + size_t auth_tag_size, size_t nonce_size, bool use_ietf_nonce_construction) - : aead_alg_(InitAndCall(aead_getter)), + : aead_alg_(aead_alg), key_size_(key_size), auth_tag_size_(auth_tag_size), nonce_size_(nonce_size),
diff --git a/quiche/quic/core/crypto/aead_base_decrypter.h b/quiche/quic/core/crypto/aead_base_decrypter.h index 0454919..bd64320 100644 --- a/quiche/quic/core/crypto/aead_base_decrypter.h +++ b/quiche/quic/core/crypto/aead_base_decrypter.h
@@ -17,9 +17,7 @@ // AeadBaseDecrypter is the base class of AEAD QuicDecrypter subclasses. class QUICHE_EXPORT AeadBaseDecrypter : public QuicDecrypter { public: - // This takes the function pointer rather than the EVP_AEAD itself so - // subclasses do not need to call CRYPTO_library_init. - AeadBaseDecrypter(const EVP_AEAD* (*aead_getter)(), size_t key_size, + AeadBaseDecrypter(const EVP_AEAD* aead_alg, size_t key_size, size_t auth_tag_size, size_t nonce_size, bool use_ietf_nonce_construction); AeadBaseDecrypter(const AeadBaseDecrypter&) = delete;
diff --git a/quiche/quic/core/crypto/aead_base_encrypter.cc b/quiche/quic/core/crypto/aead_base_encrypter.cc index 928343f..8c178bb 100644 --- a/quiche/quic/core/crypto/aead_base_encrypter.cc +++ b/quiche/quic/core/crypto/aead_base_encrypter.cc
@@ -18,22 +18,11 @@ namespace quic { using ::quiche::DLogOpenSslErrors; -namespace { -const EVP_AEAD* InitAndCall(const EVP_AEAD* (*aead_getter)()) { - // Ensure BoringSSL is initialized before calling |aead_getter|. In Chromium, - // the static initializer is disabled. - CRYPTO_library_init(); - return aead_getter(); -} - -} // namespace - -AeadBaseEncrypter::AeadBaseEncrypter(const EVP_AEAD* (*aead_getter)(), - size_t key_size, size_t auth_tag_size, - size_t nonce_size, +AeadBaseEncrypter::AeadBaseEncrypter(const EVP_AEAD* aead_alg, size_t key_size, + size_t auth_tag_size, size_t nonce_size, bool use_ietf_nonce_construction) - : aead_alg_(InitAndCall(aead_getter)), + : aead_alg_(aead_alg), key_size_(key_size), auth_tag_size_(auth_tag_size), nonce_size_(nonce_size),
diff --git a/quiche/quic/core/crypto/aead_base_encrypter.h b/quiche/quic/core/crypto/aead_base_encrypter.h index cf2c8cd..ab1f5db 100644 --- a/quiche/quic/core/crypto/aead_base_encrypter.h +++ b/quiche/quic/core/crypto/aead_base_encrypter.h
@@ -17,9 +17,7 @@ // AeadBaseEncrypter is the base class of AEAD QuicEncrypter subclasses. class QUICHE_EXPORT AeadBaseEncrypter : public QuicEncrypter { public: - // This takes the function pointer rather than the EVP_AEAD itself so - // subclasses do not need to call CRYPTO_library_init. - AeadBaseEncrypter(const EVP_AEAD* (*aead_getter)(), size_t key_size, + AeadBaseEncrypter(const EVP_AEAD* aead_alg, size_t key_size, size_t auth_tag_size, size_t nonce_size, bool use_ietf_nonce_construction); AeadBaseEncrypter(const AeadBaseEncrypter&) = delete;
diff --git a/quiche/quic/core/crypto/aes_128_gcm_12_decrypter.cc b/quiche/quic/core/crypto/aes_128_gcm_12_decrypter.cc index 66f2ad2..7842508 100644 --- a/quiche/quic/core/crypto/aes_128_gcm_12_decrypter.cc +++ b/quiche/quic/core/crypto/aes_128_gcm_12_decrypter.cc
@@ -17,7 +17,8 @@ } // namespace Aes128Gcm12Decrypter::Aes128Gcm12Decrypter() - : AesBaseDecrypter(EVP_aead_aes_128_gcm, kKeySize, kAuthTagSize, kNonceSize, + : AesBaseDecrypter(EVP_aead_aes_128_gcm(), kKeySize, kAuthTagSize, + kNonceSize, /* use_ietf_nonce_construction */ false) { static_assert(kKeySize <= kMaxKeySize, "key size too big"); static_assert(kNonceSize <= kMaxNonceSize, "nonce size too big");
diff --git a/quiche/quic/core/crypto/aes_128_gcm_12_encrypter.cc b/quiche/quic/core/crypto/aes_128_gcm_12_encrypter.cc index 5bbaeba..36275a2 100644 --- a/quiche/quic/core/crypto/aes_128_gcm_12_encrypter.cc +++ b/quiche/quic/core/crypto/aes_128_gcm_12_encrypter.cc
@@ -16,7 +16,8 @@ } // namespace Aes128Gcm12Encrypter::Aes128Gcm12Encrypter() - : AesBaseEncrypter(EVP_aead_aes_128_gcm, kKeySize, kAuthTagSize, kNonceSize, + : AesBaseEncrypter(EVP_aead_aes_128_gcm(), kKeySize, kAuthTagSize, + kNonceSize, /* use_ietf_nonce_construction */ false) { static_assert(kKeySize <= kMaxKeySize, "key size too big"); static_assert(kNonceSize <= kMaxNonceSize, "nonce size too big");
diff --git a/quiche/quic/core/crypto/aes_128_gcm_decrypter.cc b/quiche/quic/core/crypto/aes_128_gcm_decrypter.cc index c43123b..de3e6de 100644 --- a/quiche/quic/core/crypto/aes_128_gcm_decrypter.cc +++ b/quiche/quic/core/crypto/aes_128_gcm_decrypter.cc
@@ -19,7 +19,8 @@ } // namespace Aes128GcmDecrypter::Aes128GcmDecrypter() - : AesBaseDecrypter(EVP_aead_aes_128_gcm, kKeySize, kAuthTagSize, kNonceSize, + : AesBaseDecrypter(EVP_aead_aes_128_gcm(), kKeySize, kAuthTagSize, + kNonceSize, /* use_ietf_nonce_construction */ true) { static_assert(kKeySize <= kMaxKeySize, "key size too big"); static_assert(kNonceSize <= kMaxNonceSize, "nonce size too big");
diff --git a/quiche/quic/core/crypto/aes_128_gcm_encrypter.cc b/quiche/quic/core/crypto/aes_128_gcm_encrypter.cc index 22f9b2a..101888f 100644 --- a/quiche/quic/core/crypto/aes_128_gcm_encrypter.cc +++ b/quiche/quic/core/crypto/aes_128_gcm_encrypter.cc
@@ -16,7 +16,8 @@ } // namespace Aes128GcmEncrypter::Aes128GcmEncrypter() - : AesBaseEncrypter(EVP_aead_aes_128_gcm, kKeySize, kAuthTagSize, kNonceSize, + : AesBaseEncrypter(EVP_aead_aes_128_gcm(), kKeySize, kAuthTagSize, + kNonceSize, /* use_ietf_nonce_construction */ true) { static_assert(kKeySize <= kMaxKeySize, "key size too big"); static_assert(kNonceSize <= kMaxNonceSize, "nonce size too big");
diff --git a/quiche/quic/core/crypto/aes_256_gcm_decrypter.cc b/quiche/quic/core/crypto/aes_256_gcm_decrypter.cc index 58d4e3c..8aa15f1 100644 --- a/quiche/quic/core/crypto/aes_256_gcm_decrypter.cc +++ b/quiche/quic/core/crypto/aes_256_gcm_decrypter.cc
@@ -19,7 +19,8 @@ } // namespace Aes256GcmDecrypter::Aes256GcmDecrypter() - : AesBaseDecrypter(EVP_aead_aes_256_gcm, kKeySize, kAuthTagSize, kNonceSize, + : AesBaseDecrypter(EVP_aead_aes_256_gcm(), kKeySize, kAuthTagSize, + kNonceSize, /* use_ietf_nonce_construction */ true) { static_assert(kKeySize <= kMaxKeySize, "key size too big"); static_assert(kNonceSize <= kMaxNonceSize, "nonce size too big");
diff --git a/quiche/quic/core/crypto/aes_256_gcm_encrypter.cc b/quiche/quic/core/crypto/aes_256_gcm_encrypter.cc index 802ff99..27cb383 100644 --- a/quiche/quic/core/crypto/aes_256_gcm_encrypter.cc +++ b/quiche/quic/core/crypto/aes_256_gcm_encrypter.cc
@@ -16,7 +16,8 @@ } // namespace Aes256GcmEncrypter::Aes256GcmEncrypter() - : AesBaseEncrypter(EVP_aead_aes_256_gcm, kKeySize, kAuthTagSize, kNonceSize, + : AesBaseEncrypter(EVP_aead_aes_256_gcm(), kKeySize, kAuthTagSize, + kNonceSize, /* use_ietf_nonce_construction */ true) { static_assert(kKeySize <= kMaxKeySize, "key size too big"); static_assert(kNonceSize <= kMaxNonceSize, "nonce size too big");
diff --git a/quiche/quic/core/crypto/chacha20_poly1305_decrypter.cc b/quiche/quic/core/crypto/chacha20_poly1305_decrypter.cc index 31758b4..9ec7f86 100644 --- a/quiche/quic/core/crypto/chacha20_poly1305_decrypter.cc +++ b/quiche/quic/core/crypto/chacha20_poly1305_decrypter.cc
@@ -17,7 +17,7 @@ } // namespace ChaCha20Poly1305Decrypter::ChaCha20Poly1305Decrypter() - : ChaChaBaseDecrypter(EVP_aead_chacha20_poly1305, kKeySize, kAuthTagSize, + : ChaChaBaseDecrypter(EVP_aead_chacha20_poly1305(), kKeySize, kAuthTagSize, kNonceSize, /* use_ietf_nonce_construction */ false) { static_assert(kKeySize <= kMaxKeySize, "key size too big");
diff --git a/quiche/quic/core/crypto/chacha20_poly1305_encrypter.cc b/quiche/quic/core/crypto/chacha20_poly1305_encrypter.cc index f259dea..fca4b85 100644 --- a/quiche/quic/core/crypto/chacha20_poly1305_encrypter.cc +++ b/quiche/quic/core/crypto/chacha20_poly1305_encrypter.cc
@@ -18,7 +18,7 @@ } // namespace ChaCha20Poly1305Encrypter::ChaCha20Poly1305Encrypter() - : ChaChaBaseEncrypter(EVP_aead_chacha20_poly1305, kKeySize, kAuthTagSize, + : ChaChaBaseEncrypter(EVP_aead_chacha20_poly1305(), kKeySize, kAuthTagSize, kNonceSize, /* use_ietf_nonce_construction */ false) { static_assert(kKeySize <= kMaxKeySize, "key size too big");
diff --git a/quiche/quic/core/crypto/chacha20_poly1305_tls_decrypter.cc b/quiche/quic/core/crypto/chacha20_poly1305_tls_decrypter.cc index 93b0993..623304d 100644 --- a/quiche/quic/core/crypto/chacha20_poly1305_tls_decrypter.cc +++ b/quiche/quic/core/crypto/chacha20_poly1305_tls_decrypter.cc
@@ -19,7 +19,7 @@ } // namespace ChaCha20Poly1305TlsDecrypter::ChaCha20Poly1305TlsDecrypter() - : ChaChaBaseDecrypter(EVP_aead_chacha20_poly1305, kKeySize, kAuthTagSize, + : ChaChaBaseDecrypter(EVP_aead_chacha20_poly1305(), kKeySize, kAuthTagSize, kNonceSize, /* use_ietf_nonce_construction */ true) { static_assert(kKeySize <= kMaxKeySize, "key size too big");
diff --git a/quiche/quic/core/crypto/chacha20_poly1305_tls_encrypter.cc b/quiche/quic/core/crypto/chacha20_poly1305_tls_encrypter.cc index 0d7c69b..e47242b 100644 --- a/quiche/quic/core/crypto/chacha20_poly1305_tls_encrypter.cc +++ b/quiche/quic/core/crypto/chacha20_poly1305_tls_encrypter.cc
@@ -18,7 +18,7 @@ } // namespace ChaCha20Poly1305TlsEncrypter::ChaCha20Poly1305TlsEncrypter() - : ChaChaBaseEncrypter(EVP_aead_chacha20_poly1305, kKeySize, kAuthTagSize, + : ChaChaBaseEncrypter(EVP_aead_chacha20_poly1305(), kKeySize, kAuthTagSize, kNonceSize, /* use_ietf_nonce_construction */ true) { static_assert(kKeySize <= kMaxKeySize, "key size too big");
diff --git a/quiche/quic/core/crypto/tls_connection.cc b/quiche/quic/core/crypto/tls_connection.cc index 66e26b7..dee6638 100644 --- a/quiche/quic/core/crypto/tls_connection.cc +++ b/quiche/quic/core/crypto/tls_connection.cc
@@ -36,7 +36,6 @@ private: SslIndexSingleton() { - CRYPTO_library_init(); ssl_ex_data_index_connection_ = SSL_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr); QUICHE_CHECK_LE(0, ssl_ex_data_index_connection_); @@ -129,7 +128,6 @@ // static bssl::UniquePtr<SSL_CTX> TlsConnection::CreateSslCtx() { - CRYPTO_library_init(); bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(TLS_with_buffers_method())); SSL_CTX_set_min_proto_version(ssl_ctx.get(), TLS1_3_VERSION); SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION);
diff --git a/quiche/quic/core/tls_chlo_extractor.cc b/quiche/quic/core/tls_chlo_extractor.cc index 9060049..bf946c7 100644 --- a/quiche/quic/core/tls_chlo_extractor.cc +++ b/quiche/quic/core/tls_chlo_extractor.cc
@@ -456,7 +456,6 @@ // initialized lazily in a thread-safe manner. |shared_handles| is therefore // guaranteed to be initialized exactly once and never destructed. static std::pair<SSL_CTX*, int>* shared_handles = []() { - CRYPTO_library_init(); SSL_CTX* ssl_ctx = SSL_CTX_new(TLS_with_buffers_method()); SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION); SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_3_VERSION);