From 7d69c07ddf7a27bf4dca250c8a37b8f929d33100 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 2 Jun 2021 15:15:45 +0200
Subject: [PATCH] OPENSSL_init_crypto must return 0 when cleanup was done

Fixes #15581

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15589)
---
 crypto/init.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/crypto/init.c b/crypto/init.c
index 49d817c0891..552a4fa66c2 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -454,6 +454,13 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
     uint64_t tmp;
     int aloaddone = 0;
 
+   /* Applications depend on 0 being returned when cleanup was already done */
+    if (stopped) {
+        if (!(opts & OPENSSL_INIT_BASE_ONLY))
+            ERR_raise(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL);
+        return 0;
+    }
+
     /*
      * We ignore failures from this function. It is probably because we are
      * on a platform that doesn't support lockless atomic loads (we may not
@@ -476,15 +483,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
     /*
      * At some point we should look at this function with a view to moving
      * most/all of this into OSSL_LIB_CTX.
-     */
-
-    if (stopped) {
-        if (!(opts & OPENSSL_INIT_BASE_ONLY))
-            ERR_raise(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL);
-        return 0;
-    }
-
-    /*
+     *
      * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the
      * *only* option specified.  With that option we return immediately after
      * doing the requested limited initialization.  Note that
-- 
2.47.2