2 * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/cryptlib_int.h"
12 #include <openssl/err.h>
13 #include "internal/rand_int.h"
14 #include "internal/bio.h"
15 #include <openssl/evp.h>
16 #include "internal/evp_int.h"
17 #include "internal/conf.h"
18 #include "internal/async.h"
19 #include "internal/engine.h"
20 #include "internal/comp.h"
21 #include "internal/err.h"
22 #include "internal/err_int.h"
23 #include "internal/objects.h"
26 #include "internal/thread_once.h"
27 #include "internal/dso_conf.h"
28 #include "internal/dso.h"
29 #include "internal/store.h"
31 static int stopped = 0;
33 static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
35 static CRYPTO_THREAD_LOCAL threadstopkey;
37 static void ossl_init_thread_stop_wrap(void *local)
39 ossl_init_thread_stop((struct thread_local_inits_st *)local);
42 static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
44 struct thread_local_inits_st *local =
45 CRYPTO_THREAD_get_local(&threadstopkey);
47 if (local == NULL && alloc) {
48 local = OPENSSL_zalloc(sizeof(*local));
49 if (local != NULL && !CRYPTO_THREAD_set_local(&threadstopkey, local)) {
55 CRYPTO_THREAD_set_local(&threadstopkey, NULL);
61 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
62 struct ossl_init_stop_st {
63 void (*handler)(void);
64 OPENSSL_INIT_STOP *next;
67 static OPENSSL_INIT_STOP *stop_handlers = NULL;
68 static CRYPTO_RWLOCK *init_lock = NULL;
70 static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
71 static int base_inited = 0;
72 DEFINE_RUN_ONCE_STATIC(ossl_init_base)
74 #ifdef OPENSSL_INIT_DEBUG
75 fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
77 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
78 ossl_malloc_setup_failures();
81 * We use a dummy thread local key here. We use the destructor to detect
82 * when the thread is going to stop (where that feature is available)
84 CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap);
85 #ifndef OPENSSL_SYS_UEFI
86 atexit(OPENSSL_cleanup);
88 if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
90 OPENSSL_cpuid_setup();
94 * Everything needed to be initialized in this function before threads
95 * come along MUST happen before base_inited is set to 1, or we will
96 * see race conditions.
100 #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
103 HMODULE handle = NULL;
106 /* We don't use the DSO route for WIN32 because there is a better way */
107 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
108 | GET_MODULE_HANDLE_EX_FLAG_PIN,
109 (void *)&base_inited, &handle);
111 return (ret == TRUE) ? 1 : 0;
115 * Deliberately leak a reference to ourselves. This will force the library
116 * to remain loaded until the atexit() handler is run at process exit.
122 dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
123 # ifdef OPENSSL_INIT_DEBUG
124 fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
125 (dso == NULL ? "No!" : "Yes."));
127 * In case of No!, it is uncertain our exit()-handlers can still be
128 * called. After dlclose() the whole library might have been unloaded
141 static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
142 static int load_crypto_strings_inited = 0;
143 DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings)
145 /* Do nothing in this case */
149 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
153 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
154 * pulling in all the error strings during static linking
156 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
157 # ifdef OPENSSL_INIT_DEBUG
158 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
159 "err_load_crypto_strings_int()\n");
161 ret = err_load_crypto_strings_int();
162 load_crypto_strings_inited = 1;
167 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
168 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
171 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
172 * pulling in all the ciphers during static linking
174 #ifndef OPENSSL_NO_AUTOALGINIT
175 # ifdef OPENSSL_INIT_DEBUG
176 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
177 "openssl_add_all_ciphers_int()\n");
179 openssl_add_all_ciphers_int();
184 static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
185 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
188 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
189 * pulling in all the ciphers during static linking
191 #ifndef OPENSSL_NO_AUTOALGINIT
192 # ifdef OPENSSL_INIT_DEBUG
193 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: "
194 "openssl_add_all_digests()\n");
196 openssl_add_all_digests_int();
201 DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs)
207 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
208 static int config_inited = 0;
209 static const char *appname;
210 DEFINE_RUN_ONCE_STATIC(ossl_init_config)
212 #ifdef OPENSSL_INIT_DEBUG
214 "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n",
215 appname == NULL ? "NULL" : appname);
217 openssl_config_int(appname);
221 DEFINE_RUN_ONCE_STATIC(ossl_init_no_config)
223 #ifdef OPENSSL_INIT_DEBUG
225 "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
227 openssl_no_config_int();
232 static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
233 static int async_inited = 0;
234 DEFINE_RUN_ONCE_STATIC(ossl_init_async)
236 #ifdef OPENSSL_INIT_DEBUG
237 fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
245 #ifndef OPENSSL_NO_ENGINE
246 static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
247 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
249 # ifdef OPENSSL_INIT_DEBUG
250 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
251 "engine_load_openssl_int()\n");
253 engine_load_openssl_int();
256 # ifndef OPENSSL_NO_DEVCRYPTOENG
257 static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
258 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
260 # ifdef OPENSSL_INIT_DEBUG
261 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
262 "engine_load_devcrypto_int()\n");
264 engine_load_devcrypto_int();
269 # ifndef OPENSSL_NO_RDRAND
270 static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
271 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
273 # ifdef OPENSSL_INIT_DEBUG
274 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
275 "engine_load_rdrand_int()\n");
277 engine_load_rdrand_int();
281 static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
282 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
284 # ifdef OPENSSL_INIT_DEBUG
285 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
286 "engine_load_dynamic_int()\n");
288 engine_load_dynamic_int();
291 # ifndef OPENSSL_NO_STATIC_ENGINE
292 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
293 static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
294 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
296 # ifdef OPENSSL_INIT_DEBUG
297 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
298 "engine_load_padlock_int()\n");
300 engine_load_padlock_int();
304 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
305 static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
306 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
308 # ifdef OPENSSL_INIT_DEBUG
309 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
310 "engine_load_capi_int()\n");
312 engine_load_capi_int();
316 # if !defined(OPENSSL_NO_AFALGENG)
317 static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
318 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
320 # ifdef OPENSSL_INIT_DEBUG
321 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
322 "engine_load_afalg_int()\n");
324 engine_load_afalg_int();
331 #ifndef OPENSSL_NO_COMP
332 static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
334 static int zlib_inited = 0;
335 DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
337 /* Do nothing - we need to know about this for the later cleanup */
343 static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
345 /* Can't do much about this */
350 #ifdef OPENSSL_INIT_DEBUG
351 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
352 "ASYNC_cleanup_thread()\n");
354 ASYNC_cleanup_thread();
357 if (locals->err_state) {
358 #ifdef OPENSSL_INIT_DEBUG
359 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
360 "err_delete_thread_state()\n");
362 err_delete_thread_state();
366 #ifdef OPENSSL_INIT_DEBUG
367 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
368 "drbg_delete_thread_state()\n");
370 drbg_delete_thread_state();
373 OPENSSL_free(locals);
376 void OPENSSL_thread_stop(void)
378 ossl_init_thread_stop(
379 (struct thread_local_inits_st *)ossl_init_get_thread_local(0));
382 int ossl_init_thread_start(uint64_t opts)
384 struct thread_local_inits_st *locals;
386 if (!OPENSSL_init_crypto(0, NULL))
389 locals = ossl_init_get_thread_local(1);
394 if (opts & OPENSSL_INIT_THREAD_ASYNC) {
395 #ifdef OPENSSL_INIT_DEBUG
396 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
397 "marking thread for async\n");
402 if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
403 #ifdef OPENSSL_INIT_DEBUG
404 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
405 "marking thread for err_state\n");
407 locals->err_state = 1;
410 if (opts & OPENSSL_INIT_THREAD_RAND) {
411 #ifdef OPENSSL_INIT_DEBUG
412 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
413 "marking thread for rand\n");
421 void OPENSSL_cleanup(void)
423 OPENSSL_INIT_STOP *currhandler, *lasthandler;
425 /* If we've not been inited then no need to deinit */
429 /* Might be explicitly called and also by atexit */
435 * Thread stop may not get automatically called by the thread library for
436 * the very last thread in some situations, so call it directly.
438 ossl_init_thread_stop(ossl_init_get_thread_local(0));
440 currhandler = stop_handlers;
441 while (currhandler != NULL) {
442 currhandler->handler();
443 lasthandler = currhandler;
444 currhandler = currhandler->next;
445 OPENSSL_free(lasthandler);
447 stop_handlers = NULL;
449 CRYPTO_THREAD_lock_free(init_lock);
453 * We assume we are single-threaded for this function, i.e. no race
454 * conditions for the various "*_inited" vars below.
457 #ifndef OPENSSL_NO_COMP
459 #ifdef OPENSSL_INIT_DEBUG
460 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
461 "comp_zlib_cleanup_int()\n");
463 comp_zlib_cleanup_int();
468 # ifdef OPENSSL_INIT_DEBUG
469 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
475 if (load_crypto_strings_inited) {
476 #ifdef OPENSSL_INIT_DEBUG
477 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
478 "err_free_strings_int()\n");
480 err_free_strings_int();
483 CRYPTO_THREAD_cleanup_local(&threadstopkey);
485 #ifdef OPENSSL_INIT_DEBUG
486 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
487 "rand_cleanup_int()\n");
488 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
489 "conf_modules_free_int()\n");
490 #ifndef OPENSSL_NO_ENGINE
491 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
492 "engine_cleanup_int()\n");
494 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
495 "crypto_cleanup_all_ex_data_int()\n");
496 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
497 "bio_sock_cleanup_int()\n");
498 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
500 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
501 "evp_cleanup_int()\n");
502 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
503 "obj_cleanup_int()\n");
504 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
508 * Note that cleanup order is important:
509 * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
510 * must be called before engine_cleanup_int()
511 * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
512 * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
513 * - conf_modules_free_int() can end up in ENGINE code so must be called
514 * before engine_cleanup_int()
515 * - ENGINEs and additional EVP algorithms might use added OIDs names so
516 * obj_cleanup_int() must be called last
519 rand_drbg_cleanup_int();
520 conf_modules_free_int();
521 #ifndef OPENSSL_NO_ENGINE
522 engine_cleanup_int();
524 ossl_store_cleanup_int();
525 crypto_cleanup_all_ex_data_int();
531 CRYPTO_secure_malloc_done();
537 * If this function is called with a non NULL settings value then it must be
538 * called prior to any threads making calls to any OpenSSL functions,
539 * i.e. passing a non-null settings value is assumed to be single-threaded.
541 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
544 CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
548 if (!base_inited && !RUN_ONCE(&base, ossl_init_base))
551 if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
552 && !RUN_ONCE(&load_crypto_strings,
553 ossl_init_no_load_crypto_strings))
556 if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
557 && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
560 if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
561 && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs))
564 if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
565 && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
568 if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
569 && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs))
572 if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
573 && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
576 if ((opts & OPENSSL_INIT_ATFORK)
577 && !openssl_init_fork_handlers())
580 if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
581 && !RUN_ONCE(&config, ossl_init_no_config))
584 if (opts & OPENSSL_INIT_LOAD_CONFIG) {
586 CRYPTO_THREAD_write_lock(init_lock);
587 appname = (settings == NULL) ? NULL : settings->appname;
588 ret = RUN_ONCE(&config, ossl_init_config);
589 CRYPTO_THREAD_unlock(init_lock);
594 if ((opts & OPENSSL_INIT_ASYNC)
595 && !RUN_ONCE(&async, ossl_init_async))
598 #ifndef OPENSSL_NO_ENGINE
599 if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
600 && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
602 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
603 if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
604 && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
607 # ifndef OPENSSL_NO_RDRAND
608 if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
609 && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
612 if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
613 && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
615 # ifndef OPENSSL_NO_STATIC_ENGINE
616 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
617 if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
618 && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
621 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
622 if ((opts & OPENSSL_INIT_ENGINE_CAPI)
623 && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
626 # if !defined(OPENSSL_NO_AFALGENG)
627 if ((opts & OPENSSL_INIT_ENGINE_AFALG)
628 && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
632 if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
633 | OPENSSL_INIT_ENGINE_OPENSSL
634 | OPENSSL_INIT_ENGINE_AFALG)) {
635 ENGINE_register_all_complete();
639 #ifndef OPENSSL_NO_COMP
640 if ((opts & OPENSSL_INIT_ZLIB)
641 && !RUN_ONCE(&zlib, ossl_init_zlib))
648 int OPENSSL_atexit(void (*handler)(void))
650 OPENSSL_INIT_STOP *newhand;
652 #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
659 handlersym.func = handler;
662 HMODULE handle = NULL;
666 * We don't use the DSO route for WIN32 because there is a better
669 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
670 | GET_MODULE_HANDLE_EX_FLAG_PIN,
671 handlersym.sym, &handle);
678 * Deliberately leak a reference to the handler. This will force the
679 * library/code containing the handler to remain loaded until we run the
680 * atexit handler. If -znodelete has been used then this is
687 dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
688 # ifdef OPENSSL_INIT_DEBUG
690 "OPENSSL_INIT: OPENSSL_atexit: obtained DSO reference? %s\n",
691 (dso == NULL ? "No!" : "Yes."));
692 /* See same code above in ossl_init_base() for an explanation. */
701 if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) {
702 CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE);
706 newhand->handler = handler;
707 newhand->next = stop_handlers;
708 stop_handlers = newhand;
713 #ifdef OPENSSL_SYS_UNIX
715 * The following three functions are for OpenSSL developers. This is
716 * where we set/reset state across fork (called via pthread_atfork when
717 * it exists, or manually by the application when it doesn't).
719 * WARNING! If you put code in either OPENSSL_fork_parent or
720 * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
721 * safe. See this link, for example:
722 * http://man7.org/linux/man-pages/man7/signal-safety.7.html
725 void OPENSSL_fork_prepare(void)
729 void OPENSSL_fork_parent(void)
733 void OPENSSL_fork_child(void)