Do not de-initialize openssl to avoid races

Initialize openssl in pre-main (by the means of `SRCS GLOBAL`) to reduce chance of concurrent initialization with different flags.

Do not de-initialize openssl to avoid races during `atexit` cleanup.
It looks like `OPENSSL_cleanup()` does nothing in case of static linkage (according to ASan report).
commit_hash:7d4bf183233970cc1772b1b8f2745044cc645c29

2 files changed, 7 insertions, 60 deletions

diff --git a/library/cpp/openssl/init/init.cpp b/library/cpp/openssl/init/init.cpp
index ae68ef08eaa..9a4e285ea35 100644
--- a/library/cpp/openssl/init/init.cpp
+++ b/library/cpp/openssl/init/init.cpp
@@ -1,66 +1,13 @@
-#include "init.h"
-
-#include <util/generic/singleton.h>
-#include <util/generic/vector.h>
-#include <util/generic/ptr.h>
-#include <util/generic/buffer.h>
-
-#include <util/system/yassert.h>
-#include <util/system/mutex.h>
-#include <util/system/thread.h>
-
-#include <util/random/entropy.h>
-#include <util/stream/input.h>
-
-#include <openssl/bio.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/conf.h>
 #include <openssl/crypto.h>
 
 namespace {
-    struct TInitSsl {
-        struct TOpensslLocks {
-            inline TOpensslLocks()
-                : Mutexes(CRYPTO_num_locks())
-            {
-                for (auto& mpref : Mutexes) {
-                    mpref.Reset(new TMutex());
-                }
-            }
-
-            inline void LockOP(int mode, int n) {
-                auto& mutex = *Mutexes.at(n);
-
-                if (mode & CRYPTO_LOCK) {
-                    mutex.Acquire();
-                } else {
-                    mutex.Release();
-                }
-            }
-
-            TVector<TAutoPtr<TMutex>> Mutexes;
-        };
-
-        inline TInitSsl() {
-            OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, nullptr);
-        }
-
-        inline ~TInitSsl() {
-            OPENSSL_cleanup();
-        }
-
-        static void LockingFunction(int mode, int n, const char* /*file*/, int /*line*/) {
-            Singleton<TOpensslLocks>()->LockOP(mode, n);
-        }
-
-        static unsigned long ThreadIdFunction() {
-            return TThread::CurrentThreadId();
-        }
-    };
+    // Initialize OpenSSL as early as possible
+    // in order to prevent any further initializations with different flags.
+    //
+    // Initialize it with OPENSSL_INIT_NO_ATEXIT thus omitting the cleanup routine at process exit
+    // (it looks like it does nothing when openssl is linked statically).
+    [[maybe_unused]] auto _ = OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_NO_ATEXIT, nullptr);
 }
 
 void InitOpenSSL() {
-    (void)SingletonWithPriority<TInitSsl, 0>();
 }
diff --git a/library/cpp/openssl/init/ya.make b/library/cpp/openssl/init/ya.make
index 1c39d273801..2d49965ca88 100644
--- a/library/cpp/openssl/init/ya.make
+++ b/library/cpp/openssl/init/ya.make
@@ -5,7 +5,7 @@ PEERDIR(
 )
 
 SRCS(
-    init.cpp
+    GLOBAL init.cpp
 )
 
 END()