2 * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib_int.h"
12 #include <openssl/err.h>
13 #include "internal/rand_int.h"
14 #include "internal/bio.h"
15 #include <openssl/evp.h>
16 #include "internal/evp_int.h"
17 #include "internal/conf.h"
18 #include "internal/async.h"
19 #include "internal/engine.h"
20 #include "internal/comp.h"
21 #include "internal/err.h"
22 #include "internal/err_int.h"
23 #include "internal/objects.h"
26 #include "internal/thread_once.h"
27 #include "internal/dso.h"
28 #include "internal/store.h"
31 typedef struct global_lock_st {
34 struct global_lock_st *next;
37 static GLOBAL_LOCK *global_locks;
39 static int stopped = 0;
41 static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
43 static CRYPTO_THREAD_LOCAL threadstopkey;
45 static void ossl_init_thread_stop_wrap(void *local)
47 ossl_init_thread_stop((struct thread_local_inits_st *)local);
50 static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
52 struct thread_local_inits_st *local =
53 CRYPTO_THREAD_get_local(&threadstopkey);
55 if (local == NULL && alloc) {
56 local = OPENSSL_zalloc(sizeof *local);
57 if (local != NULL && !CRYPTO_THREAD_set_local(&threadstopkey, local)) {
63 CRYPTO_THREAD_set_local(&threadstopkey, NULL);
69 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
70 struct ossl_init_stop_st {
71 void (*handler)(void);
72 OPENSSL_INIT_STOP *next;
75 static CRYPTO_RWLOCK *glock_lock = NULL;
76 static CRYPTO_ONCE glock_once = CRYPTO_ONCE_STATIC_INIT;
78 static OPENSSL_INIT_STOP *stop_handlers = NULL;
79 static CRYPTO_RWLOCK *init_lock = NULL;
81 static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
82 static int base_inited = 0;
83 DEFINE_RUN_ONCE_STATIC(ossl_init_base)
85 #ifdef OPENSSL_INIT_DEBUG
86 fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
88 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
89 ossl_malloc_setup_failures();
92 * We use a dummy thread local key here. We use the destructor to detect
93 * when the thread is going to stop (where that feature is available)
95 CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap);
96 #ifndef OPENSSL_SYS_UEFI
97 atexit(OPENSSL_cleanup);
99 /* Do not change this to glock's! */
100 if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
102 OPENSSL_cpuid_setup();
106 * Everything needed to be initialized in this function before threads
107 * come along MUST happen before base_inited is set to 1, or we will
108 * see race conditions.
112 #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
115 HMODULE handle = NULL;
118 /* We don't use the DSO route for WIN32 because there is a better way */
119 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
120 | GET_MODULE_HANDLE_EX_FLAG_PIN,
121 (void *)&base_inited, &handle);
123 return (ret == TRUE) ? 1 : 0;
127 * Deliberately leak a reference to ourselves. This will force the library
128 * to remain loaded until the atexit() handler is run at process exit.
134 dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
144 static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
145 static int load_crypto_strings_inited = 0;
146 DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings)
148 /* Do nothing in this case */
152 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
156 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
157 * pulling in all the error strings during static linking
159 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
160 # ifdef OPENSSL_INIT_DEBUG
161 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
162 "err_load_crypto_strings_int()\n");
164 ret = err_load_crypto_strings_int();
165 load_crypto_strings_inited = 1;
170 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
171 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
174 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
175 * pulling in all the ciphers during static linking
177 #ifndef OPENSSL_NO_AUTOALGINIT
178 # ifdef OPENSSL_INIT_DEBUG
179 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
180 "openssl_add_all_ciphers_int()\n");
182 openssl_add_all_ciphers_int();
187 static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
188 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
191 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
192 * pulling in all the ciphers during static linking
194 #ifndef OPENSSL_NO_AUTOALGINIT
195 # ifdef OPENSSL_INIT_DEBUG
196 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: "
197 "openssl_add_all_digests()\n");
199 openssl_add_all_digests_int();
204 DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs)
210 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
211 static int config_inited = 0;
212 static const char *appname;
213 DEFINE_RUN_ONCE_STATIC(ossl_init_config)
215 #ifdef OPENSSL_INIT_DEBUG
217 "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n",
218 appname == NULL ? "NULL" : appname);
220 openssl_config_int(appname);
224 DEFINE_RUN_ONCE_STATIC(ossl_init_no_config)
226 #ifdef OPENSSL_INIT_DEBUG
228 "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
230 openssl_no_config_int();
235 static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
236 static int async_inited = 0;
237 DEFINE_RUN_ONCE_STATIC(ossl_init_async)
239 #ifdef OPENSSL_INIT_DEBUG
240 fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
248 #ifndef OPENSSL_NO_ENGINE
249 static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
250 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
252 # ifdef OPENSSL_INIT_DEBUG
253 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
254 "engine_load_openssl_int()\n");
256 engine_load_openssl_int();
259 # ifndef OPENSSL_NO_DEVCRYPTOENG
260 static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
261 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
263 # ifdef OPENSSL_INIT_DEBUG
264 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
265 "engine_load_devcrypto_int()\n");
267 engine_load_devcrypto_int();
272 # ifndef OPENSSL_NO_RDRAND
273 static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
274 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
276 # ifdef OPENSSL_INIT_DEBUG
277 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
278 "engine_load_rdrand_int()\n");
280 engine_load_rdrand_int();
284 static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
285 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
287 # ifdef OPENSSL_INIT_DEBUG
288 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
289 "engine_load_dynamic_int()\n");
291 engine_load_dynamic_int();
294 # ifndef OPENSSL_NO_STATIC_ENGINE
295 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
296 static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
297 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
299 # ifdef OPENSSL_INIT_DEBUG
300 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
301 "engine_load_padlock_int()\n");
303 engine_load_padlock_int();
307 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
308 static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
309 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
311 # ifdef OPENSSL_INIT_DEBUG
312 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
313 "engine_load_capi_int()\n");
315 engine_load_capi_int();
319 # if !defined(OPENSSL_NO_AFALGENG)
320 static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
321 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
323 # ifdef OPENSSL_INIT_DEBUG
324 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
325 "engine_load_afalg_int()\n");
327 engine_load_afalg_int();
334 #ifndef OPENSSL_NO_COMP
335 static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
337 static int zlib_inited = 0;
338 DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
340 /* Do nothing - we need to know about this for the later cleanup */
346 static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
348 /* Can't do much about this */
353 #ifdef OPENSSL_INIT_DEBUG
354 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
355 "ASYNC_cleanup_thread()\n");
357 ASYNC_cleanup_thread();
360 if (locals->err_state) {
361 #ifdef OPENSSL_INIT_DEBUG
362 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
363 "err_delete_thread_state()\n");
365 err_delete_thread_state();
368 OPENSSL_free(locals);
371 void OPENSSL_thread_stop(void)
373 ossl_init_thread_stop(
374 (struct thread_local_inits_st *)ossl_init_get_thread_local(0));
377 int ossl_init_thread_start(uint64_t opts)
379 struct thread_local_inits_st *locals;
381 if (!OPENSSL_init_crypto(0, NULL))
384 locals = ossl_init_get_thread_local(1);
389 if (opts & OPENSSL_INIT_THREAD_ASYNC) {
390 #ifdef OPENSSL_INIT_DEBUG
391 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
392 "marking thread for async\n");
397 if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
398 #ifdef OPENSSL_INIT_DEBUG
399 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
400 "marking thread for err_state\n");
402 locals->err_state = 1;
408 void OPENSSL_cleanup(void)
410 OPENSSL_INIT_STOP *currhandler, *lasthandler;
412 /* If we've not been inited then no need to deinit */
416 /* Might be explicitly called and also by atexit */
422 * Thread stop may not get automatically called by the thread library for
423 * the very last thread in some situations, so call it directly.
425 ossl_init_thread_stop(ossl_init_get_thread_local(0));
427 currhandler = stop_handlers;
428 while (currhandler != NULL) {
429 currhandler->handler();
430 lasthandler = currhandler;
431 currhandler = currhandler->next;
432 OPENSSL_free(lasthandler);
434 stop_handlers = NULL;
436 CRYPTO_THREAD_lock_free(init_lock);
440 * We assume we are single-threaded for this function, i.e. no race
441 * conditions for the various "*_inited" vars below.
444 #ifndef OPENSSL_NO_COMP
446 #ifdef OPENSSL_INIT_DEBUG
447 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
448 "comp_zlib_cleanup_int()\n");
450 comp_zlib_cleanup_int();
455 # ifdef OPENSSL_INIT_DEBUG
456 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
462 if (load_crypto_strings_inited) {
463 #ifdef OPENSSL_INIT_DEBUG
464 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
465 "err_free_strings_int()\n");
467 err_free_strings_int();
470 CRYPTO_THREAD_cleanup_local(&threadstopkey);
472 #ifdef OPENSSL_INIT_DEBUG
473 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
474 "rand_cleanup_int()\n");
475 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
476 "conf_modules_free_int()\n");
477 #ifndef OPENSSL_NO_ENGINE
478 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
479 "engine_cleanup_int()\n");
481 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
482 "crypto_cleanup_all_ex_data_int()\n");
483 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
484 "bio_sock_cleanup_int()\n");
485 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
487 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
488 "evp_cleanup_int()\n");
489 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
490 "obj_cleanup_int()\n");
491 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
495 * Note that cleanup order is important:
496 * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
497 * must be called before engine_cleanup_int()
498 * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
499 * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
500 * - conf_modules_free_int() can end up in ENGINE code so must be called
501 * before engine_cleanup_int()
502 * - ENGINEs and additional EVP algorithms might use added OIDs names so
503 * obj_cleanup_int() must be called last
506 rand_cleanup_drbg_int();
507 conf_modules_free_int();
508 #ifndef OPENSSL_NO_ENGINE
509 engine_cleanup_int();
511 ossl_store_cleanup_int();
512 crypto_cleanup_all_ex_data_int();
518 /* Free list of global locks. */
519 while (global_locks != NULL) {
520 GLOBAL_LOCK *next = global_locks->next;
525 CRYPTO_THREAD_lock_free(glock_lock);
532 * If this function is called with a non NULL settings value then it must be
533 * called prior to any threads making calls to any OpenSSL functions,
534 * i.e. passing a non-null settings value is assumed to be single-threaded.
536 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
538 static int stoperrset = 0;
543 * We only ever set this once to avoid getting into an infinite
544 * loop where the error system keeps trying to init and fails so
548 CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
553 if (!base_inited && !RUN_ONCE(&base, ossl_init_base))
556 if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
557 && !RUN_ONCE(&load_crypto_strings,
558 ossl_init_no_load_crypto_strings))
561 if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
562 && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
565 if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
566 && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs))
569 if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
570 && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
573 if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
574 && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs))
577 if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
578 && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
581 if ((opts & OPENSSL_INIT_ATFORK)
582 && !openssl_init_fork_handlers())
585 if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
586 && !RUN_ONCE(&config, ossl_init_no_config))
589 if (opts & OPENSSL_INIT_LOAD_CONFIG) {
591 CRYPTO_THREAD_write_lock(init_lock);
592 appname = (settings == NULL) ? NULL : settings->appname;
593 ret = RUN_ONCE(&config, ossl_init_config);
594 CRYPTO_THREAD_unlock(init_lock);
599 if ((opts & OPENSSL_INIT_ASYNC)
600 && !RUN_ONCE(&async, ossl_init_async))
603 #ifndef OPENSSL_NO_ENGINE
604 if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
605 && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
607 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
608 if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
609 && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
612 # ifndef OPENSSL_NO_RDRAND
613 if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
614 && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
617 if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
618 && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
620 # ifndef OPENSSL_NO_STATIC_ENGINE
621 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
622 if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
623 && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
626 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
627 if ((opts & OPENSSL_INIT_ENGINE_CAPI)
628 && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
631 # if !defined(OPENSSL_NO_AFALGENG)
632 if ((opts & OPENSSL_INIT_ENGINE_AFALG)
633 && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
637 if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
638 | OPENSSL_INIT_ENGINE_OPENSSL
639 | OPENSSL_INIT_ENGINE_AFALG)) {
640 ENGINE_register_all_complete();
644 #ifndef OPENSSL_NO_COMP
645 if ((opts & OPENSSL_INIT_ZLIB)
646 && !RUN_ONCE(&zlib, ossl_init_zlib))
653 int OPENSSL_atexit(void (*handler)(void))
655 OPENSSL_INIT_STOP *newhand;
657 #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
664 handlersym.func = handler;
667 HMODULE handle = NULL;
671 * We don't use the DSO route for WIN32 because there is a better
674 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
675 | GET_MODULE_HANDLE_EX_FLAG_PIN,
676 handlersym.sym, &handle);
683 * Deliberately leak a reference to the handler. This will force the
684 * library/code containing the handler to remain loaded until we run the
685 * atexit handler. If -znodelete has been used then this is
692 dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
700 newhand = OPENSSL_malloc(sizeof(*newhand));
704 newhand->handler = handler;
705 newhand->next = stop_handlers;
706 stop_handlers = newhand;
711 #ifndef OPENSSL_SYS_UNIX
712 CRYPTO_RWLOCK *CRYPTO_THREAD_glock_new(const char *name)
714 return CRYPTO_THREAD_lock_new();
718 DEFINE_RUN_ONCE_STATIC(glock_init)
720 glock_lock = CRYPTO_THREAD_lock_new();
721 return glock_lock != NULL;
725 * Create a new global lock, return NULL on error.
727 CRYPTO_RWLOCK *CRYPTO_THREAD_glock_new(const char *name)
729 GLOBAL_LOCK *newlock;
731 if (glock_lock == NULL && !RUN_ONCE(&glock_once, glock_init))
733 if ((newlock = malloc(sizeof(*newlock))) == NULL)
735 if ((newlock->lock = CRYPTO_THREAD_lock_new()) == NULL) {
739 newlock->name = name;
740 CRYPTO_THREAD_write_lock(glock_lock);
741 newlock->next = global_locks;
742 global_locks = newlock;
743 CRYPTO_THREAD_unlock(glock_lock);
744 return newlock->lock;
748 * Unlock all global locks.
750 static void unlock_all(void)
754 CRYPTO_THREAD_write_lock(glock_lock);
755 for (lp = global_locks; lp != NULL; lp = lp->next)
756 CRYPTO_THREAD_unlock(lp->lock);
757 CRYPTO_THREAD_unlock(glock_lock);
761 * The following three functions are for OpenSSL developers. This is
762 * where we set/reset state across fork (called via pthread_atfork when
763 * it exists, or manually by the application when it doesn't).
765 * WARNING! If you put code in either OPENSSL_fork_parent or
766 * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
767 * safe. See this link, for example:
768 * http://man7.org/linux/man-pages/man7/signal-safety.7.html
771 void OPENSSL_fork_prepare(void)
775 CRYPTO_THREAD_write_lock(glock_lock);
776 for (lp = global_locks; lp != NULL; lp = lp->next)
777 CRYPTO_THREAD_write_lock(lp->lock);
778 CRYPTO_THREAD_unlock(glock_lock);
781 void OPENSSL_fork_parent(void)
786 void OPENSSL_fork_child(void)