2 * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib_int.h"
12 #include <openssl/err.h>
13 #include "internal/rand_int.h"
14 #include "internal/bio.h"
15 #include <openssl/evp.h>
16 #include "internal/evp_int.h"
17 #include "internal/conf.h"
18 #include "internal/async.h"
19 #include "internal/engine.h"
20 #include "internal/comp.h"
21 #include "internal/err.h"
22 #include "internal/err_int.h"
23 #include "internal/objects.h"
26 #include "internal/thread_once.h"
27 #include "internal/dso.h"
28 #include "internal/store.h"
31 typedef struct global_lock_st {
34 struct global_lock_st *next;
37 static GLOBAL_LOCK *global_locks;
39 static int stopped = 0;
41 static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
43 static CRYPTO_THREAD_LOCAL threadstopkey;
45 static void ossl_init_thread_stop_wrap(void *local)
47 ossl_init_thread_stop((struct thread_local_inits_st *)local);
50 static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
52 struct thread_local_inits_st *local =
53 CRYPTO_THREAD_get_local(&threadstopkey);
55 if (local == NULL && alloc) {
56 local = OPENSSL_zalloc(sizeof(*local));
57 if (local != NULL && !CRYPTO_THREAD_set_local(&threadstopkey, local)) {
63 CRYPTO_THREAD_set_local(&threadstopkey, NULL);
69 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
70 struct ossl_init_stop_st {
71 void (*handler)(void);
72 OPENSSL_INIT_STOP *next;
75 static CRYPTO_RWLOCK *glock_lock = NULL;
77 static OPENSSL_INIT_STOP *stop_handlers = NULL;
78 static CRYPTO_RWLOCK *init_lock = NULL;
80 static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
81 static int base_inited = 0;
82 DEFINE_RUN_ONCE_STATIC(ossl_init_base)
84 #ifdef OPENSSL_INIT_DEBUG
85 fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
87 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
88 ossl_malloc_setup_failures();
91 * We use a dummy thread local key here. We use the destructor to detect
92 * when the thread is going to stop (where that feature is available)
94 CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap);
95 #ifndef OPENSSL_SYS_UEFI
96 atexit(OPENSSL_cleanup);
98 /* Do not change this to glock's! */
99 if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
101 OPENSSL_cpuid_setup();
105 * Everything needed to be initialized in this function before threads
106 * come along MUST happen before base_inited is set to 1, or we will
107 * see race conditions.
111 #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
114 HMODULE handle = NULL;
117 /* We don't use the DSO route for WIN32 because there is a better way */
118 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
119 | GET_MODULE_HANDLE_EX_FLAG_PIN,
120 (void *)&base_inited, &handle);
122 return (ret == TRUE) ? 1 : 0;
126 * Deliberately leak a reference to ourselves. This will force the library
127 * to remain loaded until the atexit() handler is run at process exit.
133 dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
143 static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
144 static int load_crypto_strings_inited = 0;
145 DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings)
147 /* Do nothing in this case */
151 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
155 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
156 * pulling in all the error strings during static linking
158 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
159 # ifdef OPENSSL_INIT_DEBUG
160 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
161 "err_load_crypto_strings_int()\n");
163 ret = err_load_crypto_strings_int();
164 load_crypto_strings_inited = 1;
169 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
170 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
173 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
174 * pulling in all the ciphers during static linking
176 #ifndef OPENSSL_NO_AUTOALGINIT
177 # ifdef OPENSSL_INIT_DEBUG
178 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
179 "openssl_add_all_ciphers_int()\n");
181 openssl_add_all_ciphers_int();
186 static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
187 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
190 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
191 * pulling in all the ciphers during static linking
193 #ifndef OPENSSL_NO_AUTOALGINIT
194 # ifdef OPENSSL_INIT_DEBUG
195 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: "
196 "openssl_add_all_digests()\n");
198 openssl_add_all_digests_int();
203 DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs)
209 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
210 static int config_inited = 0;
211 static const char *appname;
212 DEFINE_RUN_ONCE_STATIC(ossl_init_config)
214 #ifdef OPENSSL_INIT_DEBUG
216 "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n",
217 appname == NULL ? "NULL" : appname);
219 openssl_config_int(appname);
223 DEFINE_RUN_ONCE_STATIC(ossl_init_no_config)
225 #ifdef OPENSSL_INIT_DEBUG
227 "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
229 openssl_no_config_int();
234 static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
235 static int async_inited = 0;
236 DEFINE_RUN_ONCE_STATIC(ossl_init_async)
238 #ifdef OPENSSL_INIT_DEBUG
239 fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
247 #ifndef OPENSSL_NO_ENGINE
248 static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
249 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
251 # ifdef OPENSSL_INIT_DEBUG
252 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
253 "engine_load_openssl_int()\n");
255 engine_load_openssl_int();
258 # ifndef OPENSSL_NO_DEVCRYPTOENG
259 static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
260 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
262 # ifdef OPENSSL_INIT_DEBUG
263 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
264 "engine_load_devcrypto_int()\n");
266 engine_load_devcrypto_int();
271 # ifndef OPENSSL_NO_RDRAND
272 static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
273 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
275 # ifdef OPENSSL_INIT_DEBUG
276 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
277 "engine_load_rdrand_int()\n");
279 engine_load_rdrand_int();
283 static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
284 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
286 # ifdef OPENSSL_INIT_DEBUG
287 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
288 "engine_load_dynamic_int()\n");
290 engine_load_dynamic_int();
293 # ifndef OPENSSL_NO_STATIC_ENGINE
294 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
295 static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
296 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
298 # ifdef OPENSSL_INIT_DEBUG
299 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
300 "engine_load_padlock_int()\n");
302 engine_load_padlock_int();
306 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
307 static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
308 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
310 # ifdef OPENSSL_INIT_DEBUG
311 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
312 "engine_load_capi_int()\n");
314 engine_load_capi_int();
318 # if !defined(OPENSSL_NO_AFALGENG)
319 static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
320 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
322 # ifdef OPENSSL_INIT_DEBUG
323 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
324 "engine_load_afalg_int()\n");
326 engine_load_afalg_int();
333 #ifndef OPENSSL_NO_COMP
334 static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
336 static int zlib_inited = 0;
337 DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
339 /* Do nothing - we need to know about this for the later cleanup */
345 static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
347 /* Can't do much about this */
352 #ifdef OPENSSL_INIT_DEBUG
353 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
354 "ASYNC_cleanup_thread()\n");
356 ASYNC_cleanup_thread();
359 if (locals->err_state) {
360 #ifdef OPENSSL_INIT_DEBUG
361 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
362 "err_delete_thread_state()\n");
364 err_delete_thread_state();
367 OPENSSL_free(locals);
370 void OPENSSL_thread_stop(void)
372 ossl_init_thread_stop(
373 (struct thread_local_inits_st *)ossl_init_get_thread_local(0));
376 int ossl_init_thread_start(uint64_t opts)
378 struct thread_local_inits_st *locals;
380 if (!OPENSSL_init_crypto(0, NULL))
383 locals = ossl_init_get_thread_local(1);
388 if (opts & OPENSSL_INIT_THREAD_ASYNC) {
389 #ifdef OPENSSL_INIT_DEBUG
390 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
391 "marking thread for async\n");
396 if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
397 #ifdef OPENSSL_INIT_DEBUG
398 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
399 "marking thread for err_state\n");
401 locals->err_state = 1;
407 void OPENSSL_cleanup(void)
409 OPENSSL_INIT_STOP *currhandler, *lasthandler;
411 /* If we've not been inited then no need to deinit */
415 /* Might be explicitly called and also by atexit */
421 * Thread stop may not get automatically called by the thread library for
422 * the very last thread in some situations, so call it directly.
424 ossl_init_thread_stop(ossl_init_get_thread_local(0));
426 currhandler = stop_handlers;
427 while (currhandler != NULL) {
428 currhandler->handler();
429 lasthandler = currhandler;
430 currhandler = currhandler->next;
431 OPENSSL_free(lasthandler);
433 stop_handlers = NULL;
435 CRYPTO_THREAD_lock_free(init_lock);
439 * We assume we are single-threaded for this function, i.e. no race
440 * conditions for the various "*_inited" vars below.
443 #ifndef OPENSSL_NO_COMP
445 #ifdef OPENSSL_INIT_DEBUG
446 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
447 "comp_zlib_cleanup_int()\n");
449 comp_zlib_cleanup_int();
454 # ifdef OPENSSL_INIT_DEBUG
455 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
461 if (load_crypto_strings_inited) {
462 #ifdef OPENSSL_INIT_DEBUG
463 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
464 "err_free_strings_int()\n");
466 err_free_strings_int();
469 CRYPTO_THREAD_cleanup_local(&threadstopkey);
471 #ifdef OPENSSL_INIT_DEBUG
472 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
473 "rand_cleanup_int()\n");
474 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
475 "conf_modules_free_int()\n");
476 #ifndef OPENSSL_NO_ENGINE
477 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
478 "engine_cleanup_int()\n");
480 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
481 "crypto_cleanup_all_ex_data_int()\n");
482 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
483 "bio_sock_cleanup_int()\n");
484 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
486 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
487 "evp_cleanup_int()\n");
488 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
489 "obj_cleanup_int()\n");
490 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
494 * Note that cleanup order is important:
495 * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
496 * must be called before engine_cleanup_int()
497 * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
498 * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
499 * - conf_modules_free_int() can end up in ENGINE code so must be called
500 * before engine_cleanup_int()
501 * - ENGINEs and additional EVP algorithms might use added OIDs names so
502 * obj_cleanup_int() must be called last
505 rand_drbg_cleanup_int();
506 conf_modules_free_int();
507 #ifndef OPENSSL_NO_ENGINE
508 engine_cleanup_int();
510 ossl_store_cleanup_int();
511 crypto_cleanup_all_ex_data_int();
517 /* Free list of global locks. */
518 while (global_locks != NULL) {
519 GLOBAL_LOCK *next = global_locks->next;
524 CRYPTO_THREAD_lock_free(glock_lock);
531 * If this function is called with a non NULL settings value then it must be
532 * called prior to any threads making calls to any OpenSSL functions,
533 * i.e. passing a non-null settings value is assumed to be single-threaded.
535 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
537 static int stoperrset = 0;
542 * We only ever set this once to avoid getting into an infinite
543 * loop where the error system keeps trying to init and fails so
547 CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
552 if (!base_inited && !RUN_ONCE(&base, ossl_init_base))
555 if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
556 && !RUN_ONCE(&load_crypto_strings,
557 ossl_init_no_load_crypto_strings))
560 if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
561 && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
564 if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
565 && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs))
568 if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
569 && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
572 if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
573 && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs))
576 if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
577 && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
580 if ((opts & OPENSSL_INIT_ATFORK)
581 && !openssl_init_fork_handlers())
584 if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
585 && !RUN_ONCE(&config, ossl_init_no_config))
588 if (opts & OPENSSL_INIT_LOAD_CONFIG) {
590 CRYPTO_THREAD_write_lock(init_lock);
591 appname = (settings == NULL) ? NULL : settings->appname;
592 ret = RUN_ONCE(&config, ossl_init_config);
593 CRYPTO_THREAD_unlock(init_lock);
598 if ((opts & OPENSSL_INIT_ASYNC)
599 && !RUN_ONCE(&async, ossl_init_async))
602 #ifndef OPENSSL_NO_ENGINE
603 if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
604 && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
606 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
607 if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
608 && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
611 # ifndef OPENSSL_NO_RDRAND
612 if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
613 && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
616 if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
617 && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
619 # ifndef OPENSSL_NO_STATIC_ENGINE
620 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
621 if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
622 && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
625 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
626 if ((opts & OPENSSL_INIT_ENGINE_CAPI)
627 && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
630 # if !defined(OPENSSL_NO_AFALGENG)
631 if ((opts & OPENSSL_INIT_ENGINE_AFALG)
632 && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
636 if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
637 | OPENSSL_INIT_ENGINE_OPENSSL
638 | OPENSSL_INIT_ENGINE_AFALG)) {
639 ENGINE_register_all_complete();
643 #ifndef OPENSSL_NO_COMP
644 if ((opts & OPENSSL_INIT_ZLIB)
645 && !RUN_ONCE(&zlib, ossl_init_zlib))
652 int OPENSSL_atexit(void (*handler)(void))
654 OPENSSL_INIT_STOP *newhand;
656 #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
663 handlersym.func = handler;
666 HMODULE handle = NULL;
670 * We don't use the DSO route for WIN32 because there is a better
673 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
674 | GET_MODULE_HANDLE_EX_FLAG_PIN,
675 handlersym.sym, &handle);
682 * Deliberately leak a reference to the handler. This will force the
683 * library/code containing the handler to remain loaded until we run the
684 * atexit handler. If -znodelete has been used then this is
691 dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
699 newhand = OPENSSL_malloc(sizeof(*newhand));
703 newhand->handler = handler;
704 newhand->next = stop_handlers;
705 stop_handlers = newhand;
710 #ifndef OPENSSL_SYS_UNIX
711 CRYPTO_RWLOCK *CRYPTO_THREAD_glock_new(const char *name)
713 return CRYPTO_THREAD_lock_new();
717 DEFINE_RUN_ONCE_STATIC(glock_init)
719 glock_lock = CRYPTO_THREAD_lock_new();
720 return glock_lock != NULL;
724 * Create a new global lock, return NULL on error.
726 CRYPTO_RWLOCK *CRYPTO_THREAD_glock_new(const char *name)
728 static CRYPTO_ONCE glock_once = CRYPTO_ONCE_STATIC_INIT;
729 GLOBAL_LOCK *newlock;
731 if (glock_lock == NULL && !RUN_ONCE(&glock_once, glock_init))
733 if ((newlock = malloc(sizeof(*newlock))) == NULL)
735 if ((newlock->lock = CRYPTO_THREAD_lock_new()) == NULL) {
739 newlock->name = name;
740 CRYPTO_THREAD_write_lock(glock_lock);
741 newlock->next = global_locks;
742 global_locks = newlock;
743 CRYPTO_THREAD_unlock(glock_lock);
744 return newlock->lock;
748 * Unlock all global locks.
750 static void unlock_all(void)
754 CRYPTO_THREAD_write_lock(glock_lock);
755 for (lp = global_locks; lp != NULL; lp = lp->next)
756 CRYPTO_THREAD_unlock(lp->lock);
757 CRYPTO_THREAD_unlock(glock_lock);
761 * The following three functions are for OpenSSL developers. This is
762 * where we set/reset state across fork (called via pthread_atfork when
763 * it exists, or manually by the application when it doesn't).
765 * WARNING! If you put code in either OPENSSL_fork_parent or
766 * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
767 * safe. See this link, for example:
768 * http://man7.org/linux/man-pages/man7/signal-safety.7.html
771 void OPENSSL_fork_prepare(void)
775 CRYPTO_THREAD_write_lock(glock_lock);
776 for (lp = global_locks; lp != NULL; lp = lp->next)
777 CRYPTO_THREAD_write_lock(lp->lock);
778 CRYPTO_THREAD_unlock(glock_lock);
781 void OPENSSL_fork_parent(void)
786 void OPENSSL_fork_child(void)