[thirdparty/openssl.git] / doc / man3 / OPENSSL_init_crypto.pod

=pod

=head1 NAME

OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free,
OPENSSL_init_crypto, OPENSSL_cleanup,
OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL
initialisation and deinitialisation functions

=head1 SYNOPSIS

 #include <openssl/crypto.h>

 void OPENSSL_cleanup(void);
 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
 int OPENSSL_atexit(void (*handler)(void));
 void OPENSSL_thread_stop(void);

 OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
                                     const char* name);
 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);

=head1 DESCRIPTION

During normal operation OpenSSL (libcrypto) will allocate various resources at
start up that must, subsequently, be freed on close down of the library.
Additionally some resources are allocated on a per thread basis (if the
application is multi-threaded), and these resources must be freed prior to the
thread closing.

As of version 1.1.0 OpenSSL will automatically allocate all resources that it
needs so no explicit initialisation is required. Similarly it will also
automatically deinitialise as required.

However, there way be situations when explicit initialisation is desirable or
needed, for example when some non-default initialisation is required. The
function OPENSSL_init_crypto() can be used for this purpose for
libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
equivalent).

Numerous internal OpenSSL functions call OPENSSL_init_crypto().
Therefore, in order to perform non-default initialisation,
OPENSSL_init_crypto() MUST be called by application code prior to
any other OpenSSL function calls.

The B<opts> parameter specifies which aspects of libcrypto should be
initialised. Valid options are:

=over 4

=item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS

Suppress automatic loading of the libcrypto error strings. This option is
not a default option. Once selected subsequent calls to
OPENSSL_init_crypto() with the option
B<OPENSSL_INIT_LOAD_CRYPTO_STRINGS> will be ignored.

=item OPENSSL_INIT_LOAD_CRYPTO_STRINGS

Automatic loading of the libcrypto error strings. With this option the
library will automatically load the libcrypto error strings.
This option is a default option. Once selected subsequent calls to
OPENSSL_init_crypto() with the option
B<OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS> will be ignored.

=item OPENSSL_INIT_ADD_ALL_CIPHERS

With this option the library will automatically load and make available all
libcrypto ciphers. This option is a default option. Once selected subsequent
calls to OPENSSL_init_crypto() with the option
B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.

=item OPENSSL_INIT_ADD_ALL_DIGESTS

With this option the library will automatically load and make available all
libcrypto digests. This option is a default option. Once selected subsequent
calls to OPENSSL_init_crypto() with the option
B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.

=item OPENSSL_INIT_NO_ADD_ALL_CIPHERS

With this option the library will suppress automatic loading of libcrypto
ciphers. This option is not a default option. Once selected subsequent
calls to OPENSSL_init_crypto() with the option
B<OPENSSL_INIT_ADD_ALL_CIPHERS> will be ignored.

=item OPENSSL_INIT_NO_ADD_ALL_DIGESTS

With this option the library will suppress automatic loading of libcrypto
digests. This option is not a default option. Once selected subsequent
calls to OPENSSL_init_crypto() with the option
B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.

=item OPENSSL_INIT_LOAD_CONFIG

With this option an OpenSSL configuration file will be automatically loaded and
used by calling OPENSSL_config(). This is not a default option for libcrypto.
From OpenSSL 1.1.1 this is a default option for libssl (see
L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the
description of OPENSSL_INIT_new(), below.

=item OPENSSL_INIT_NO_LOAD_CONFIG

With this option the loading of OpenSSL configuration files will be suppressed.
It is the equivalent of calling OPENSSL_no_config(). This is not a default
option.

=item OPENSSL_INIT_ASYNC

With this option the library with automatically initialise the libcrypto async
sub-library (see L<ASYNC_start_job(3)>). This is a default option.

=item OPENSSL_INIT_ENGINE_RDRAND

With this option the library will automatically load and initialise the
RDRAND engine (if available). This not a default option.

=item OPENSSL_INIT_ENGINE_DYNAMIC

With this option the library will automatically load and initialise the
dynamic engine. This not a default option.

=item OPENSSL_INIT_ENGINE_OPENSSL

With this option the library will automatically load and initialise the
openssl engine. This not a default option.

=item OPENSSL_INIT_ENGINE_CRYPTODEV

With this option the library will automatically load and initialise the
cryptodev engine (if available). This not a default option.

=item OPENSSL_INIT_ENGINE_CAPI

With this option the library will automatically load and initialise the
CAPI engine (if available). This not a default option.

=item OPENSSL_INIT_ENGINE_PADLOCK

With this option the library will automatically load and initialise the
padlock engine (if available). This not a default option.

=item OPENSSL_INIT_ENGINE_DASYNC

With this option the library will automatically load and initialise the
DASYNC engine. This not a default option.

=item OPENSSL_INIT_ENGINE_ALL_BUILTIN

With this option the library will automatically load and initialise all the
built in engines listed above with the exception of the openssl and dasync
engines. This not a default option.

=item OPENSSL_INIT_ATFORK

With this option the library will register its fork handlers.
See OPENSSL_fork_prepare(3) for details.

=back

Multiple options may be combined together in a single call to
OPENSSL_init_crypto(). For example:

 OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
                     | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);

The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
and libssl). All resources allocated by OpenSSL are freed. Typically there
should be no need to call this function directly as it is initiated
automatically on application exit. This is done via the standard C library
atexit() function. In the event that the application will close in a manner
that will not call the registered atexit() handlers then the application should
call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL
are discouraged from calling this function and should instead, typically, rely
on auto-deinitialisation. This is to avoid error conditions where both an
application and a library it depends on both use OpenSSL, and the library
deinitialises it before the application has finished using it.

Once OPENSSL_cleanup() has been called the library cannot be reinitialised.
Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error
will be added to the error stack. Note that because initialisation has failed
OpenSSL error strings will not be available, only an error code. This code can
be put through the openssl errstr command line application to produce a human
readable error (see L<errstr(1)>).

The OPENSSL_atexit() function enables the registration of a
function to be called during OPENSSL_cleanup(). Stop handlers are
called after deinitialisation of resources local to a thread, but before other
process wide resources are freed. In the event that multiple stop handlers are
registered, no guarantees are made about the order of execution.

The OPENSSL_thread_stop() function deallocates resources associated
with the current thread. Typically this function will be called automatically by
the library when the thread exits. This should only be called directly if
resources should be freed at an earlier time, or under the circumstances
described in the NOTES section below.

The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration
file. For optional configuration file settings, an B<OPENSSL_INIT_SETTINGS>
must be created and used.
The routines OPENSSL_init_new() and OPENSSL_INIT_set_config_appname() can
be used to allocate the object and set the application name, and then the
object can be released with OPENSSL_INIT_free() when done.

=head1 NOTES

Resources local to a thread are deallocated automatically when the thread exits
(e.g. in a pthreads environment, when pthread_exit() is called). On Windows
platforms this is done in response to a DLL_THREAD_DETACH message being sent to
the libcrypto32.dll entry point. Some windows functions may cause threads to exit
without sending this message (for example ExitProcess()). If the application
uses such functions, then the application must free up OpenSSL resources
directly via a call to OPENSSL_thread_stop() on each thread. Similarly this
message will also not be sent if OpenSSL is linked statically, and therefore
applications using static linking should also call OPENSSL_thread_stop() on each
thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the
threads are not destroyed until after FreeLibrary() is called then each thread
should call OPENSSL_thread_stop() prior to the FreeLibrary() call.

On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is
multi-threaded and if dlclose() is subsequently called prior to the threads
being destroyed then OpenSSL will not be able to deallocate resources associated
with those threads. The application should either call OPENSSL_thread_stop() on
each thread prior to the dlclose() call, or alternatively the original dlopen()
call should use the RTLD_NODELETE flag (where available on the platform).

=head1 RETURN VALUES

The functions OPENSSL_init_crypto, OPENSSL_atexit() and
OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.

=head1 SEE ALSO

L<OPENSSL_init_ssl(3)>

=head1 HISTORY

The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname()
and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.

=head1 COPYRIGHT

Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
8b75603c MC	1	=pod
	2
	3	=head1 NAME
	4
1722496f	5	OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free,
f672aee4 RS	6	OPENSSL_init_crypto, OPENSSL_cleanup,
f672aee4 RS	7	OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL
8b75603c MC	8	initialisation and deinitialisation functions
	9
	10	=head1 SYNOPSIS
	11
	12	#include <openssl/crypto.h>
	13
f672aee4	14	void OPENSSL_cleanup(void);
0fc32b07	15	int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
f672aee4 RS	16	int OPENSSL_atexit(void (*handler)(void));
f672aee4 RS	17	void OPENSSL_thread_stop(void);
8b75603c	18
1722496f	19	OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
cda3ae5b RS	20	int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
cda3ae5b RS	21	const char* name);
dae00d63	22	void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
7253fd55	23
8b75603c MC	24	=head1 DESCRIPTION
	25
	26	During normal operation OpenSSL (libcrypto) will allocate various resources at
	27	start up that must, subsequently, be freed on close down of the library.
	28	Additionally some resources are allocated on a per thread basis (if the
	29	application is multi-threaded), and these resources must be freed prior to the
	30	thread closing.
	31
	32	As of version 1.1.0 OpenSSL will automatically allocate all resources that it
	33	needs so no explicit initialisation is required. Similarly it will also
	34	automatically deinitialise as required.
	35
	36	However, there way be situations when explicit initialisation is desirable or
	37	needed, for example when some non-default initialisation is required. The
f672aee4 RS	38	function OPENSSL_init_crypto() can be used for this purpose for
f672aee4 RS	39	libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
35d8fa56 MC	40	equivalent).
35d8fa56 MC	41
f672aee4	42	Numerous internal OpenSSL functions call OPENSSL_init_crypto().
35d8fa56	43	Therefore, in order to perform non-default initialisation,
f672aee4	44	OPENSSL_init_crypto() MUST be called by application code prior to
35d8fa56	45	any other OpenSSL function calls.
8b75603c MC	46
	47	The B<opts> parameter specifies which aspects of libcrypto should be
	48	initialised. Valid options are:
	49
	50	=over 4
	51
	52	=item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
	53
f672aee4	54	Suppress automatic loading of the libcrypto error strings. This option is
8b75603c	55	not a default option. Once selected subsequent calls to
f672aee4 RS	56	OPENSSL_init_crypto() with the option
f672aee4 RS	57	B<OPENSSL_INIT_LOAD_CRYPTO_STRINGS> will be ignored.
8b75603c MC	58
	59	=item OPENSSL_INIT_LOAD_CRYPTO_STRINGS
	60
	61	Automatic loading of the libcrypto error strings. With this option the
f672aee4 RS	62	library will automatically load the libcrypto error strings.
	63	This option is a default option. Once selected subsequent calls to
	64	OPENSSL_init_crypto() with the option
8b75603c MC	65	B<OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS> will be ignored.
	66
	67	=item OPENSSL_INIT_ADD_ALL_CIPHERS
	68
	69	With this option the library will automatically load and make available all
	70	libcrypto ciphers. This option is a default option. Once selected subsequent
f672aee4	71	calls to OPENSSL_init_crypto() with the option
8b75603c MC	72	B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
	73
	74	=item OPENSSL_INIT_ADD_ALL_DIGESTS
	75
	76	With this option the library will automatically load and make available all
	77	libcrypto digests. This option is a default option. Once selected subsequent
f672aee4	78	calls to OPENSSL_init_crypto() with the option
8b75603c MC	79	B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
	80
	81	=item OPENSSL_INIT_NO_ADD_ALL_CIPHERS
	82
	83	With this option the library will suppress automatic loading of libcrypto
	84	ciphers. This option is not a default option. Once selected subsequent
f672aee4	85	calls to OPENSSL_init_crypto() with the option
8b75603c MC	86	B<OPENSSL_INIT_ADD_ALL_CIPHERS> will be ignored.
	87
	88	=item OPENSSL_INIT_NO_ADD_ALL_DIGESTS
	89
	90	With this option the library will suppress automatic loading of libcrypto
	91	digests. This option is not a default option. Once selected subsequent
f672aee4	92	calls to OPENSSL_init_crypto() with the option
8b75603c MC	93	B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
	94
	95	=item OPENSSL_INIT_LOAD_CONFIG
	96
	97	With this option an OpenSSL configuration file will be automatically loaded and
fdb8113d MC	98	used by calling OPENSSL_config(). This is not a default option for libcrypto.
	99	From OpenSSL 1.1.1 this is a default option for libssl (see
	100	L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the
	101	description of OPENSSL_INIT_new(), below.
8b75603c MC	102
	103	=item OPENSSL_INIT_NO_LOAD_CONFIG
	104
	105	With this option the loading of OpenSSL configuration files will be suppressed.
	106	It is the equivalent of calling OPENSSL_no_config(). This is not a default
	107	option.
	108
	109	=item OPENSSL_INIT_ASYNC
	110
	111	With this option the library with automatically initialise the libcrypto async
	112	sub-library (see L<ASYNC_start_job(3)>). This is a default option.
	113
	114	=item OPENSSL_INIT_ENGINE_RDRAND
	115
	116	With this option the library will automatically load and initialise the
	117	RDRAND engine (if available). This not a default option.
	118
	119	=item OPENSSL_INIT_ENGINE_DYNAMIC
	120
	121	With this option the library will automatically load and initialise the
	122	dynamic engine. This not a default option.
	123
	124	=item OPENSSL_INIT_ENGINE_OPENSSL
	125
	126	With this option the library will automatically load and initialise the
	127	openssl engine. This not a default option.
	128
	129	=item OPENSSL_INIT_ENGINE_CRYPTODEV
	130
	131	With this option the library will automatically load and initialise the
	132	cryptodev engine (if available). This not a default option.
	133
	134	=item OPENSSL_INIT_ENGINE_CAPI
	135
	136	With this option the library will automatically load and initialise the
	137	CAPI engine (if available). This not a default option.
	138
	139	=item OPENSSL_INIT_ENGINE_PADLOCK
	140
	141	With this option the library will automatically load and initialise the
	142	padlock engine (if available). This not a default option.
	143
	144	=item OPENSSL_INIT_ENGINE_DASYNC
	145
	146	With this option the library will automatically load and initialise the
	147	DASYNC engine. This not a default option.
	148
	149	=item OPENSSL_INIT_ENGINE_ALL_BUILTIN
	150
	151	With this option the library will automatically load and initialise all the
	152	built in engines listed above with the exception of the openssl and dasync
	153	engines. This not a default option.
	154
b5319bdb	155	=item OPENSSL_INIT_ATFORK
2915fe19	156
b5319bdb	157	With this option the library will register its fork handlers.
2915fe19 RS	158	See OPENSSL_fork_prepare(3) for details.
2915fe19 RS	159
8b75603c MC	160	=back
	161
	162	Multiple options may be combined together in a single call to
9cc55ddd	163	OPENSSL_init_crypto(). For example:
8b75603c	164
9cc55ddd MC	165	OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
9cc55ddd MC	166	\| OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
8b75603c	167
f672aee4	168	The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
8b75603c MC	169	and libssl). All resources allocated by OpenSSL are freed. Typically there
	170	should be no need to call this function directly as it is initiated
	171	automatically on application exit. This is done via the standard C library
9e183d22	172	atexit() function. In the event that the application will close in a manner
8b75603c	173	that will not call the registered atexit() handlers then the application should
f672aee4	174	call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL
8b75603c MC	175	are discouraged from calling this function and should instead, typically, rely
	176	on auto-deinitialisation. This is to avoid error conditions where both an
	177	application and a library it depends on both use OpenSSL, and the library
	178	deinitialises it before the application has finished using it.
	179
9cc55ddd MC	180	Once OPENSSL_cleanup() has been called the library cannot be reinitialised.
	181	Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error
	182	will be added to the error stack. Note that because initialisation has failed
	183	OpenSSL error strings will not be available, only an error code. This code can
	184	be put through the openssl errstr command line application to produce a human
	185	readable error (see L<errstr(1)>).
	186
f672aee4 RS	187	The OPENSSL_atexit() function enables the registration of a
f672aee4 RS	188	function to be called during OPENSSL_cleanup(). Stop handlers are
8b75603c MC	189	called after deinitialisation of resources local to a thread, but before other
	190	process wide resources are freed. In the event that multiple stop handlers are
	191	registered, no guarantees are made about the order of execution.
	192
f672aee4	193	The OPENSSL_thread_stop() function deallocates resources associated
8b75603c MC	194	with the current thread. Typically this function will be called automatically by
	195	the library when the thread exits. This should only be called directly if
	196	resources should be freed at an earlier time, or under the circumstances
	197	described in the NOTES section below.
	198
7253fd55	199	The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration
0320e8e2 RL	200	file. For optional configuration file settings, an B<OPENSSL_INIT_SETTINGS>
	201	must be created and used.
	202	The routines OPENSSL_init_new() and OPENSSL_INIT_set_config_appname() can
	203	be used to allocate the object and set the application name, and then the
7253fd55 RS	204	object can be released with OPENSSL_INIT_free() when done.
7253fd55 RS	205
8b75603c MC	206	=head1 NOTES
	207
	208	Resources local to a thread are deallocated automatically when the thread exits
	209	(e.g. in a pthreads environment, when pthread_exit() is called). On Windows
	210	platforms this is done in response to a DLL_THREAD_DETACH message being sent to
6928b617	211	the libcrypto32.dll entry point. Some windows functions may cause threads to exit
8b75603c MC	212	without sending this message (for example ExitProcess()). If the application
8b75603c MC	213	uses such functions, then the application must free up OpenSSL resources
c796e021 MC	214	directly via a call to OPENSSL_thread_stop() on each thread. Similarly this
	215	message will also not be sent if OpenSSL is linked statically, and therefore
	216	applications using static linking should also call OPENSSL_thread_stop() on each
	217	thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the
	218	threads are not destroyed until after FreeLibrary() is called then each thread
	219	should call OPENSSL_thread_stop() prior to the FreeLibrary() call.
	220
	221	On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is
	222	multi-threaded and if dlclose() is subsequently called prior to the threads
	223	being destroyed then OpenSSL will not be able to deallocate resources associated
	224	with those threads. The application should either call OPENSSL_thread_stop() on
	225	each thread prior to the dlclose() call, or alternatively the original dlopen()
	226	call should use the RTLD_NODELETE flag (where available on the platform).
8b75603c MC	227
	228	=head1 RETURN VALUES
	229
dae00d63	230	The functions OPENSSL_init_crypto, OPENSSL_atexit() and
cda3ae5b	231	OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.
8b75603c MC	232
	233	=head1 SEE ALSO
	234
f672aee4	235	L<OPENSSL_init_ssl(3)>
8b75603c MC	236
	237	=head1 HISTORY
	238
f672aee4	239	The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
1722496f	240	OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname()
dae00d63	241	and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.
8b75603c	242
e2f92610 RS	243	=head1 COPYRIGHT
e2f92610 RS	244
9e183d22	245	Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
e2f92610 RS	246
	247	Licensed under the OpenSSL license (the "License"). You may not use
	248	this file except in compliance with the License. You can obtain a copy
	249	in the file LICENSE in the source distribution or at
	250	L<https://www.openssl.org/source/license.html>.
	251
	252	=cut