2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <internal/cryptlib_int.h>
11 #include <openssl/err.h>
12 #include <internal/rand_int.h>
13 #include <internal/bio.h>
14 #include <openssl/evp.h>
15 #include <internal/evp_int.h>
16 #include <internal/conf.h>
17 #include <internal/async.h>
18 #include <internal/engine.h>
19 #include <internal/comp.h>
20 #include <internal/err.h>
21 #include <internal/err_int.h>
22 #include <internal/objects.h>
25 #include <internal/thread_once.h>
26 #include <internal/dso.h>
27 #include <internal/store.h>
29 static int stopped = 0;
31 static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
33 static CRYPTO_THREAD_LOCAL threadstopkey;
35 static void ossl_init_thread_stop_wrap(void *local)
37 ossl_init_thread_stop((struct thread_local_inits_st *)local);
40 static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
42 struct thread_local_inits_st *local =
43 CRYPTO_THREAD_get_local(&threadstopkey);
45 if (local == NULL && alloc) {
46 local = OPENSSL_zalloc(sizeof *local);
47 if (local != NULL && !CRYPTO_THREAD_set_local(&threadstopkey, local)) {
53 CRYPTO_THREAD_set_local(&threadstopkey, NULL);
59 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
60 struct ossl_init_stop_st {
61 void (*handler)(void);
62 OPENSSL_INIT_STOP *next;
65 static OPENSSL_INIT_STOP *stop_handlers = NULL;
66 static CRYPTO_RWLOCK *init_lock = NULL;
68 static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
69 static int base_inited = 0;
70 DEFINE_RUN_ONCE_STATIC(ossl_init_base)
72 #ifdef OPENSSL_INIT_DEBUG
73 fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
75 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
76 ossl_malloc_setup_failures();
79 * We use a dummy thread local key here. We use the destructor to detect
80 * when the thread is going to stop (where that feature is available)
82 CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap);
83 #ifndef OPENSSL_SYS_UEFI
84 atexit(OPENSSL_cleanup);
86 if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
88 OPENSSL_cpuid_setup();
92 * Everything needed to be initialized in this function before threads
93 * come along MUST happen before base_inited is set to 1, or we will
94 * see race conditions.
98 #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
101 HMODULE handle = NULL;
104 /* We don't use the DSO route for WIN32 because there is a better way */
105 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
106 | GET_MODULE_HANDLE_EX_FLAG_PIN,
107 (void *)&base_inited, &handle);
109 return (ret == TRUE) ? 1 : 0;
113 * Deliberately leak a reference to ourselves. This will force the library
114 * to remain loaded until the atexit() handler is run at process exit.
120 dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
130 static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
131 static int load_crypto_strings_inited = 0;
132 DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings)
134 /* Do nothing in this case */
138 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
142 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
143 * pulling in all the error strings during static linking
145 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
146 # ifdef OPENSSL_INIT_DEBUG
147 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
148 "err_load_crypto_strings_int()\n");
150 ret = err_load_crypto_strings_int();
151 load_crypto_strings_inited = 1;
156 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
157 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
160 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
161 * pulling in all the ciphers during static linking
163 #ifndef OPENSSL_NO_AUTOALGINIT
164 # ifdef OPENSSL_INIT_DEBUG
165 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
166 "openssl_add_all_ciphers_int()\n");
168 openssl_add_all_ciphers_int();
173 static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
174 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
177 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
178 * pulling in all the ciphers during static linking
180 #ifndef OPENSSL_NO_AUTOALGINIT
181 # ifdef OPENSSL_INIT_DEBUG
182 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: "
183 "openssl_add_all_digests()\n");
185 openssl_add_all_digests_int();
190 DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs)
196 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
197 static int config_inited = 0;
198 static const char *appname;
199 DEFINE_RUN_ONCE_STATIC(ossl_init_config)
201 #ifdef OPENSSL_INIT_DEBUG
203 "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n",
204 appname == NULL ? "NULL" : appname);
206 openssl_config_int(appname);
210 DEFINE_RUN_ONCE_STATIC(ossl_init_no_config)
212 #ifdef OPENSSL_INIT_DEBUG
214 "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
216 openssl_no_config_int();
221 static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
222 static int async_inited = 0;
223 DEFINE_RUN_ONCE_STATIC(ossl_init_async)
225 #ifdef OPENSSL_INIT_DEBUG
226 fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
234 #ifndef OPENSSL_NO_ENGINE
235 static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
236 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
238 # ifdef OPENSSL_INIT_DEBUG
239 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
240 "engine_load_openssl_int()\n");
242 engine_load_openssl_int();
245 # ifndef OPENSSL_NO_DEVCRYPTOENG
246 static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
247 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
249 # ifdef OPENSSL_INIT_DEBUG
250 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
251 "engine_load_devcrypto_int()\n");
253 engine_load_devcrypto_int();
258 # ifndef OPENSSL_NO_RDRAND
259 static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
260 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
262 # ifdef OPENSSL_INIT_DEBUG
263 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
264 "engine_load_rdrand_int()\n");
266 engine_load_rdrand_int();
270 static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
271 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
273 # ifdef OPENSSL_INIT_DEBUG
274 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
275 "engine_load_dynamic_int()\n");
277 engine_load_dynamic_int();
280 # ifndef OPENSSL_NO_STATIC_ENGINE
281 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
282 static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
283 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
285 # ifdef OPENSSL_INIT_DEBUG
286 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
287 "engine_load_padlock_int()\n");
289 engine_load_padlock_int();
293 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
294 static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
295 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
297 # ifdef OPENSSL_INIT_DEBUG
298 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
299 "engine_load_capi_int()\n");
301 engine_load_capi_int();
305 # if !defined(OPENSSL_NO_AFALGENG)
306 static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
307 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
309 # ifdef OPENSSL_INIT_DEBUG
310 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
311 "engine_load_afalg_int()\n");
313 engine_load_afalg_int();
320 #ifndef OPENSSL_NO_COMP
321 static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
323 static int zlib_inited = 0;
324 DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
326 /* Do nothing - we need to know about this for the later cleanup */
332 static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
334 /* Can't do much about this */
339 #ifdef OPENSSL_INIT_DEBUG
340 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
341 "ASYNC_cleanup_thread()\n");
343 ASYNC_cleanup_thread();
346 if (locals->err_state) {
347 #ifdef OPENSSL_INIT_DEBUG
348 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
349 "err_delete_thread_state()\n");
351 err_delete_thread_state();
354 OPENSSL_free(locals);
357 void OPENSSL_thread_stop(void)
359 ossl_init_thread_stop(
360 (struct thread_local_inits_st *)ossl_init_get_thread_local(0));
363 int ossl_init_thread_start(uint64_t opts)
365 struct thread_local_inits_st *locals;
367 if (!OPENSSL_init_crypto(0, NULL))
370 locals = ossl_init_get_thread_local(1);
375 if (opts & OPENSSL_INIT_THREAD_ASYNC) {
376 #ifdef OPENSSL_INIT_DEBUG
377 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
378 "marking thread for async\n");
383 if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
384 #ifdef OPENSSL_INIT_DEBUG
385 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
386 "marking thread for err_state\n");
388 locals->err_state = 1;
394 void OPENSSL_cleanup(void)
396 OPENSSL_INIT_STOP *currhandler, *lasthandler;
398 /* If we've not been inited then no need to deinit */
402 /* Might be explicitly called and also by atexit */
408 * Thread stop may not get automatically called by the thread library for
409 * the very last thread in some situations, so call it directly.
411 ossl_init_thread_stop(ossl_init_get_thread_local(0));
413 currhandler = stop_handlers;
414 while (currhandler != NULL) {
415 currhandler->handler();
416 lasthandler = currhandler;
417 currhandler = currhandler->next;
418 OPENSSL_free(lasthandler);
420 stop_handlers = NULL;
422 CRYPTO_THREAD_lock_free(init_lock);
425 * We assume we are single-threaded for this function, i.e. no race
426 * conditions for the various "*_inited" vars below.
429 #ifndef OPENSSL_NO_COMP
431 #ifdef OPENSSL_INIT_DEBUG
432 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
433 "comp_zlib_cleanup_int()\n");
435 comp_zlib_cleanup_int();
440 # ifdef OPENSSL_INIT_DEBUG
441 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
447 if (load_crypto_strings_inited) {
448 #ifdef OPENSSL_INIT_DEBUG
449 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
450 "err_free_strings_int()\n");
452 err_free_strings_int();
455 CRYPTO_THREAD_cleanup_local(&threadstopkey);
457 #ifdef OPENSSL_INIT_DEBUG
458 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
459 "rand_cleanup_int()\n");
460 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
461 "conf_modules_free_int()\n");
462 #ifndef OPENSSL_NO_ENGINE
463 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
464 "engine_cleanup_int()\n");
466 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
467 "crypto_cleanup_all_ex_data_int()\n");
468 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
469 "bio_sock_cleanup_int()\n");
470 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
472 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
473 "evp_cleanup_int()\n");
474 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
475 "obj_cleanup_int()\n");
476 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
480 * Note that cleanup order is important:
481 * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
482 * must be called before engine_cleanup_int()
483 * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
484 * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
485 * - conf_modules_free_int() can end up in ENGINE code so must be called
486 * before engine_cleanup_int()
487 * - ENGINEs and additional EVP algorithms might use added OIDs names so
488 * obj_cleanup_int() must be called last
491 conf_modules_free_int();
492 #ifndef OPENSSL_NO_ENGINE
493 engine_cleanup_int();
495 ossl_store_cleanup_int();
496 crypto_cleanup_all_ex_data_int();
506 * If this function is called with a non NULL settings value then it must be
507 * called prior to any threads making calls to any OpenSSL functions,
508 * i.e. passing a non-null settings value is assumed to be single-threaded.
510 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
512 static int stoperrset = 0;
517 * We only ever set this once to avoid getting into an infinite
518 * loop where the error system keeps trying to init and fails so
522 CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
527 if (!base_inited && !RUN_ONCE(&base, ossl_init_base))
530 if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
531 && !RUN_ONCE(&load_crypto_strings,
532 ossl_init_no_load_crypto_strings))
535 if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
536 && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
539 if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
540 && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs))
543 if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
544 && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
547 if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
548 && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs))
551 if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
552 && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
555 if ((opts & OPENSSL_INIT_ATFORK)
556 && !openssl_init_fork_handlers())
559 if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
560 && !RUN_ONCE(&config, ossl_init_no_config))
563 if (opts & OPENSSL_INIT_LOAD_CONFIG) {
565 CRYPTO_THREAD_write_lock(init_lock);
566 appname = (settings == NULL) ? NULL : settings->appname;
567 ret = RUN_ONCE(&config, ossl_init_config);
568 CRYPTO_THREAD_unlock(init_lock);
573 if ((opts & OPENSSL_INIT_ASYNC)
574 && !RUN_ONCE(&async, ossl_init_async))
577 #ifndef OPENSSL_NO_ENGINE
578 if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
579 && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
581 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
582 if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
583 && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
586 # ifndef OPENSSL_NO_RDRAND
587 if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
588 && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
591 if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
592 && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
594 # ifndef OPENSSL_NO_STATIC_ENGINE
595 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
596 if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
597 && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
600 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
601 if ((opts & OPENSSL_INIT_ENGINE_CAPI)
602 && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
605 # if !defined(OPENSSL_NO_AFALGENG)
606 if ((opts & OPENSSL_INIT_ENGINE_AFALG)
607 && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
611 if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
612 | OPENSSL_INIT_ENGINE_OPENSSL
613 | OPENSSL_INIT_ENGINE_AFALG)) {
614 ENGINE_register_all_complete();
618 #ifndef OPENSSL_NO_COMP
619 if ((opts & OPENSSL_INIT_ZLIB)
620 && !RUN_ONCE(&zlib, ossl_init_zlib))
627 int OPENSSL_atexit(void (*handler)(void))
629 OPENSSL_INIT_STOP *newhand;
631 #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
638 handlersym.func = handler;
641 HMODULE handle = NULL;
645 * We don't use the DSO route for WIN32 because there is a better
648 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
649 | GET_MODULE_HANDLE_EX_FLAG_PIN,
650 handlersym.sym, &handle);
657 * Deliberately leak a reference to the handler. This will force the
658 * library/code containing the handler to remain loaded until we run the
659 * atexit handler. If -znodelete has been used then this is
666 dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
674 newhand = OPENSSL_malloc(sizeof(*newhand));
678 newhand->handler = handler;
679 newhand->next = stop_handlers;
680 stop_handlers = newhand;
685 #ifdef OPENSSL_SYS_UNIX
687 * The following three functions are for OpenSSL developers. This is
688 * where we set/reset state across fork (called via pthread_atfork when
689 * it exists, or manually by the application when it doesn't).
691 * WARNING! If you put code in either OPENSSL_fork_parent or
692 * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
693 * safe. See this link, for example:
694 * http://man7.org/linux/man-pages/man7/signal-safety.7.html
697 void OPENSSL_fork_prepare(void)
701 void OPENSSL_fork_parent(void)
705 void OPENSSL_fork_child(void)