]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/init.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Limit the number of AES-GCM keys allowed in TLS. A new error is raised if this
[thirdparty/openssl.git] / crypto / init.c
CommitLineData
b184e3ef 1/*
48e5119a 2 * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
b184e3ef 3 *
2039c421
RS		 4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
b184e3ef
MC		 8 */
9
07016a8a 10#include "e_os.h"
176db6dc 11#include "internal/cryptlib_int.h"
b184e3ef 12#include <openssl/err.h>
176db6dc
RS		 13#include "internal/rand_int.h"
14#include "internal/bio.h"
b184e3ef 15#include <openssl/evp.h>
176db6dc
RS		 16#include "internal/evp_int.h"
17#include "internal/conf.h"
18#include "internal/async.h"
19#include "internal/engine.h"
20#include "internal/comp.h"
21#include "internal/err.h"
22#include "internal/err_int.h"
23#include "internal/objects.h"
b184e3ef 24#include <stdlib.h>
dd27f16e 25#include <assert.h>
176db6dc 26#include "internal/thread_once.h"
b71fa7b3 27#include "internal/dso_conf.h"
176db6dc
RS		 28#include "internal/dso.h"
29#include "internal/store.h"
dd27f16e
RS		 30
31static int stopped = 0;
b184e3ef 32
80ae7285
AP		 33/*
34 * Since per-thread-specific-data destructors are not universally
35 * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key
36 * is assumed to have destructor associated. And then an effort is made
37 * to call this single destructor on non-pthread platform[s].
38 *
39 * Initial value is "impossible". It is used as guard value to shortcut
40 * destructor for threads terminating before libcrypto is initialized or
41 * after it's de-initialized. Access to the key doesn't have to be
42 * serialized for the said threads, because they didn't use libcrypto
43 * and it doesn't matter if they pick "impossible" or derefernce real
44 * key value and pull NULL past initialization in the first thread that
45 * intends to use libcrypto.
46 */
0b1319ba
AP		 47static union {
48 long sane;
49 CRYPTO_THREAD_LOCAL value;
50} destructor_key = { -1 };
71567a6f 51
80ae7285 52static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
b184e3ef 53
80ae7285 54static void ossl_init_thread_destructor(void *local)
b184e3ef
MC		 55{
56 ossl_init_thread_stop((struct thread_local_inits_st *)local);
57}
58
b7326ea7 59static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
b184e3ef 60{
a072ed0c 61 struct thread_local_inits_st *local =
0b1319ba 62 CRYPTO_THREAD_get_local(&destructor_key.value);
b184e3ef 63
80ae7285
AP		 64 if (alloc) {
65 if (local == NULL
66 && (local = OPENSSL_zalloc(sizeof(*local))) != NULL
0b1319ba 67 && !CRYPTO_THREAD_set_local(&destructor_key.value, local)) {
3ac6d5ee
BE		 68 OPENSSL_free(local);
69 return NULL;
70 }
80ae7285 71 } else {
0b1319ba 72 CRYPTO_THREAD_set_local(&destructor_key.value, NULL);
b7326ea7 73 }
b184e3ef
MC		 74
75 return local;
76}
77
7253fd55 78typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
b184e3ef
MC		 79struct ossl_init_stop_st {
80 void (*handler)(void);
81 OPENSSL_INIT_STOP *next;
82};
83
84static OPENSSL_INIT_STOP *stop_handlers = NULL;
c292b105 85static CRYPTO_RWLOCK *init_lock = NULL;
b184e3ef 86
b1f1e7ae 87static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
b184e3ef 88static int base_inited = 0;
c2e4e5d2 89DEFINE_RUN_ONCE_STATIC(ossl_init_base)
b184e3ef 90{
80ae7285
AP		 91 CRYPTO_THREAD_LOCAL key;
92
b184e3ef
MC		 93#ifdef OPENSSL_INIT_DEBUG
94 fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
f7edeced
RS		 95#endif
96#ifndef OPENSSL_NO_CRYPTO_MDEBUG
97 ossl_malloc_setup_failures();
b184e3ef 98#endif
80ae7285 99 if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor))
eb2b9892
BE		 100 return 0;
101 if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
102 goto err;
c7b7938e 103#ifndef OPENSSL_SYS_UEFI
eb2b9892
BE		 104 if (atexit(OPENSSL_cleanup) != 0)
105 goto err;
c7b7938e 106#endif
b184e3ef 107 OPENSSL_cpuid_setup();
8aa9cf7e 108
0b1319ba 109 destructor_key.value = key;
b184e3ef 110 base_inited = 1;
eb2b9892
BE		 111 return 1;
112
113err:
114#ifdef OPENSSL_INIT_DEBUG
115 fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n");
116#endif
117 CRYPTO_THREAD_lock_free(init_lock);
118 init_lock = NULL;
5836780f 119
80ae7285 120 CRYPTO_THREAD_cleanup_local(&key);
eb2b9892
BE		 121 return 0;
122}
123
124static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT;
125DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
126{
127#ifdef OPENSSL_INIT_DEBUG
128 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n");
129#endif
6e290a25 130#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
2b59d1be
MC		 131# ifdef DSO_WIN32
132 {
133 HMODULE handle = NULL;
134 BOOL ret;
135
136 /* We don't use the DSO route for WIN32 because there is a better way */
137 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
138 | GET_MODULE_HANDLE_EX_FLAG_PIN,
139 (void *)&base_inited, &handle);
140
eb2b9892
BE		 141# ifdef OPENSSL_INIT_DEBUG
142 fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
143 (ret == TRUE ? "No!" : "Yes."));
144# endif
2b59d1be
MC		 145 return (ret == TRUE) ? 1 : 0;
146 }
147# else
5836780f
MC		 148 /*
149 * Deliberately leak a reference to ourselves. This will force the library
689f112d 150 * to remain loaded until the atexit() handler is run at process exit.
5836780f
MC		 151 */
152 {
eb2b9892
BE		 153 DSO *dso;
154 void *err;
155
156 if (!err_shelve_state(&err))
157 return 0;
5836780f
MC		 158
159 dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
4af14b7b
MK		 160# ifdef OPENSSL_INIT_DEBUG
161 fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
162 (dso == NULL ? "No!" : "Yes."));
163 /*
164 * In case of No!, it is uncertain our exit()-handlers can still be
165 * called. After dlclose() the whole library might have been unloaded
166 * already.
167 */
168# endif
5836780f 169 DSO_free(dso);
eb2b9892 170 err_unshelve_state(err);
5836780f 171 }
2b59d1be 172# endif
b6d5ba1a 173#endif
5836780f 174
c2e4e5d2 175 return 1;
b184e3ef
MC		 176}
177
b1f1e7ae 178static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
b184e3ef 179static int load_crypto_strings_inited = 0;
c2e4e5d2 180DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings)
b184e3ef
MC		 181{
182 /* Do nothing in this case */
c2e4e5d2 183 return 1;
b184e3ef
MC		 184}
185
c2e4e5d2 186DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
b184e3ef 187{
69588edb 188 int ret = 1;
498abff0
MC		 189 /*
190 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
191 * pulling in all the error strings during static linking
192 */
193#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
b184e3ef
MC		 194# ifdef OPENSSL_INIT_DEBUG
195 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
b3599dbb 196 "err_load_crypto_strings_int()\n");
b184e3ef 197# endif
69588edb 198 ret = err_load_crypto_strings_int();
b184e3ef 199 load_crypto_strings_inited = 1;
bd91e3c8 200#endif
69588edb 201 return ret;
b184e3ef
MC		 202}
203
b1f1e7ae 204static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
c2e4e5d2 205DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
b184e3ef
MC		 206{
207 /*
208 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
209 * pulling in all the ciphers during static linking
210 */
211#ifndef OPENSSL_NO_AUTOALGINIT
212# ifdef OPENSSL_INIT_DEBUG
213 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
b3599dbb 214 "openssl_add_all_ciphers_int()\n");
b184e3ef 215# endif
b3599dbb 216 openssl_add_all_ciphers_int();
b184e3ef 217#endif
c2e4e5d2 218 return 1;
b184e3ef
MC		 219}
220
b1f1e7ae 221static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
c2e4e5d2 222DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
b184e3ef
MC		 223{
224 /*
225 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
226 * pulling in all the ciphers during static linking
227 */
228#ifndef OPENSSL_NO_AUTOALGINIT
229# ifdef OPENSSL_INIT_DEBUG
230 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: "
b3599dbb 231 "openssl_add_all_digests()\n");
b184e3ef 232# endif
b3599dbb 233 openssl_add_all_digests_int();
b184e3ef 234#endif
c2e4e5d2 235 return 1;
b184e3ef
MC		 236}
237
c2e4e5d2 238DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs)
b184e3ef
MC		 239{
240 /* Do nothing */
c2e4e5d2 241 return 1;
b184e3ef
MC		 242}
243
b1f1e7ae 244static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
b184e3ef 245static int config_inited = 0;
cda3ae5b 246static const char *appname;
c2e4e5d2 247DEFINE_RUN_ONCE_STATIC(ossl_init_config)
b184e3ef
MC		 248{
249#ifdef OPENSSL_INIT_DEBUG
250 fprintf(stderr,
b3599dbb 251 "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n",
cda3ae5b 252 appname == NULL ? "NULL" : appname);
b184e3ef 253#endif
cda3ae5b 254 openssl_config_int(appname);
b184e3ef 255 config_inited = 1;
c2e4e5d2 256 return 1;
b184e3ef 257}
c2e4e5d2 258DEFINE_RUN_ONCE_STATIC(ossl_init_no_config)
b184e3ef
MC		 259{
260#ifdef OPENSSL_INIT_DEBUG
261 fprintf(stderr,
b3599dbb 262 "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
b184e3ef 263#endif
b3599dbb 264 openssl_no_config_int();
b184e3ef 265 config_inited = 1;
c2e4e5d2 266 return 1;
b184e3ef
MC		 267}
268
b1f1e7ae 269static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
b184e3ef 270static int async_inited = 0;
c2e4e5d2 271DEFINE_RUN_ONCE_STATIC(ossl_init_async)
b184e3ef
MC		 272{
273#ifdef OPENSSL_INIT_DEBUG
274 fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
275#endif
c2e4e5d2
RL		 276 if (!async_init())
277 return 0;
b184e3ef 278 async_inited = 1;
c2e4e5d2 279 return 1;
b184e3ef
MC		 280}
281
282#ifndef OPENSSL_NO_ENGINE
b1f1e7ae 283static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
c2e4e5d2 284DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
b184e3ef
MC		 285{
286# ifdef OPENSSL_INIT_DEBUG
287 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
b3599dbb 288 "engine_load_openssl_int()\n");
b184e3ef 289# endif
b3599dbb 290 engine_load_openssl_int();
c2e4e5d2 291 return 1;
b184e3ef 292}
619eb33a
RL		 293# ifndef OPENSSL_NO_DEVCRYPTOENG
294static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
295DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
296{
297# ifdef OPENSSL_INIT_DEBUG
298 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
299 "engine_load_devcrypto_int()\n");
300# endif
301 engine_load_devcrypto_int();
302 return 1;
303}
304# endif
b184e3ef
MC		 305
306# ifndef OPENSSL_NO_RDRAND
b1f1e7ae 307static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
c2e4e5d2 308DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
b184e3ef
MC		 309{
310# ifdef OPENSSL_INIT_DEBUG
311 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
b3599dbb 312 "engine_load_rdrand_int()\n");
b184e3ef 313# endif
b3599dbb 314 engine_load_rdrand_int();
c2e4e5d2 315 return 1;
b184e3ef
MC		 316}
317# endif
b1f1e7ae 318static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
c2e4e5d2 319DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
b184e3ef
MC		 320{
321# ifdef OPENSSL_INIT_DEBUG
322 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
b3599dbb 323 "engine_load_dynamic_int()\n");
b184e3ef 324# endif
b3599dbb 325 engine_load_dynamic_int();
c2e4e5d2 326 return 1;
b184e3ef
MC		 327}
328# ifndef OPENSSL_NO_STATIC_ENGINE
329# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
b1f1e7ae 330static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
c2e4e5d2 331DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
b184e3ef
MC		 332{
333# ifdef OPENSSL_INIT_DEBUG
334 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
b3599dbb 335 "engine_load_padlock_int()\n");
b184e3ef 336# endif
b3599dbb 337 engine_load_padlock_int();
c2e4e5d2 338 return 1;
b184e3ef
MC		 339}
340# endif
341# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
b1f1e7ae 342static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
c2e4e5d2 343DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
b184e3ef
MC		 344{
345# ifdef OPENSSL_INIT_DEBUG
346 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
b3599dbb 347 "engine_load_capi_int()\n");
b184e3ef 348# endif
b3599dbb 349 engine_load_capi_int();
c2e4e5d2 350 return 1;
b184e3ef
MC		 351}
352# endif
6cba4a66 353# if !defined(OPENSSL_NO_AFALGENG)
a4d8bcf1 354static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
c2e4e5d2 355DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
6cba4a66 356{
357# ifdef OPENSSL_INIT_DEBUG
358 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
b3599dbb 359 "engine_load_afalg_int()\n");
6cba4a66 360# endif
b3599dbb 361 engine_load_afalg_int();
c2e4e5d2 362 return 1;
6cba4a66 363}
364# endif
b184e3ef
MC		 365# endif
366#endif
367
e4ad0763 368#ifndef OPENSSL_NO_COMP
b1f1e7ae 369static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
e4ad0763 370
b184e3ef 371static int zlib_inited = 0;
c2e4e5d2 372DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
b184e3ef
MC		 373{
374 /* Do nothing - we need to know about this for the later cleanup */
375 zlib_inited = 1;
c2e4e5d2 376 return 1;
b184e3ef 377}
e4ad0763 378#endif
b184e3ef 379
71567a6f 380static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
b184e3ef
MC		 381{
382 /* Can't do much about this */
383 if (locals == NULL)
384 return;
385
386 if (locals->async) {
387#ifdef OPENSSL_INIT_DEBUG
388 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
74a8acbd 389 "async_delete_thread_state()\n");
b184e3ef 390#endif
74a8acbd 391 async_delete_thread_state();
b184e3ef
MC		 392 }
393
394 if (locals->err_state) {
395#ifdef OPENSSL_INIT_DEBUG
396 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
21e00174 397 "err_delete_thread_state()\n");
b184e3ef 398#endif
21e00174 399 err_delete_thread_state();
b184e3ef
MC		 400 }
401
7caf122e
KR		 402 if (locals->rand) {
403#ifdef OPENSSL_INIT_DEBUG
404 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
405 "drbg_delete_thread_state()\n");
406#endif
407 drbg_delete_thread_state();
408 }
409
b184e3ef 410 OPENSSL_free(locals);
b184e3ef
MC		 411}
412
f672aee4 413void OPENSSL_thread_stop(void)
71567a6f 414{
0b1319ba 415 if (destructor_key.sane != -1)
80ae7285 416 ossl_init_thread_stop(ossl_init_get_thread_local(0));
71567a6f
MC		 417}
418
b184e3ef
MC		 419int ossl_init_thread_start(uint64_t opts)
420{
3ac6d5ee
BE		 421 struct thread_local_inits_st *locals;
422
423 if (!OPENSSL_init_crypto(0, NULL))
424 return 0;
425
426 locals = ossl_init_get_thread_local(1);
b184e3ef
MC		 427
428 if (locals == NULL)
429 return 0;
430
431 if (opts & OPENSSL_INIT_THREAD_ASYNC) {
432#ifdef OPENSSL_INIT_DEBUG
433 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
434 "marking thread for async\n");
435#endif
436 locals->async = 1;
437 }
438
439 if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
440#ifdef OPENSSL_INIT_DEBUG
441 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
442 "marking thread for err_state\n");
443#endif
444 locals->err_state = 1;
445 }
446
7caf122e
KR		 447 if (opts & OPENSSL_INIT_THREAD_RAND) {
448#ifdef OPENSSL_INIT_DEBUG
449 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
450 "marking thread for rand\n");
451#endif
452 locals->rand = 1;
453 }
454
b184e3ef
MC		 455 return 1;
456}
457
f672aee4 458void OPENSSL_cleanup(void)
b184e3ef
MC		 459{
460 OPENSSL_INIT_STOP *currhandler, *lasthandler;
80ae7285 461 CRYPTO_THREAD_LOCAL key;
b184e3ef 462
deca5df2
MC		 463 /* If we've not been inited then no need to deinit */
464 if (!base_inited)
465 return;
466
dd27f16e
RS		 467 /* Might be explicitly called and also by atexit */
468 if (stopped)
469 return;
470 stopped = 1;
471
b184e3ef
MC		 472 /*
473 * Thread stop may not get automatically called by the thread library for
474 * the very last thread in some situations, so call it directly.
475 */
476 ossl_init_thread_stop(ossl_init_get_thread_local(0));
477
478 currhandler = stop_handlers;
479 while (currhandler != NULL) {
480 currhandler->handler();
481 lasthandler = currhandler;
482 currhandler = currhandler->next;
483 OPENSSL_free(lasthandler);
484 }
485 stop_handlers = NULL;
c292b105
MC		 486
487 CRYPTO_THREAD_lock_free(init_lock);
adeb4bc7 488 init_lock = NULL;
c292b105 489
b184e3ef
MC		 490 /*
491 * We assume we are single-threaded for this function, i.e. no race
492 * conditions for the various "*_inited" vars below.
493 */
494
e4ad0763 495#ifndef OPENSSL_NO_COMP
b184e3ef
MC		 496 if (zlib_inited) {
497#ifdef OPENSSL_INIT_DEBUG
f672aee4 498 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
b3599dbb 499 "comp_zlib_cleanup_int()\n");
b184e3ef 500#endif
b3599dbb 501 comp_zlib_cleanup_int();
b184e3ef 502 }
e4ad0763 503#endif
b184e3ef 504
ed49f43a
MC		 505 if (async_inited) {
506# ifdef OPENSSL_INIT_DEBUG
507 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
508 "async_deinit()\n");
509# endif
510 async_deinit();
511 }
ed49f43a 512
b184e3ef
MC		 513 if (load_crypto_strings_inited) {
514#ifdef OPENSSL_INIT_DEBUG
f672aee4 515 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
b3599dbb 516 "err_free_strings_int()\n");
b184e3ef 517#endif
b3599dbb 518 err_free_strings_int();
b184e3ef
MC		 519 }
520
0b1319ba
AP		 521 key = destructor_key.value;
522 destructor_key.sane = -1;
80ae7285 523 CRYPTO_THREAD_cleanup_local(&key);
6bc7bad0 524
b184e3ef 525#ifdef OPENSSL_INIT_DEBUG
58a8fc25 526 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
b3599dbb 527 "rand_cleanup_int()\n");
58a8fc25 528 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
b3599dbb 529 "conf_modules_free_int()\n");
9749a07a 530#ifndef OPENSSL_NO_ENGINE
ae6412f3 531 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
b3599dbb 532 "engine_cleanup_int()\n");
9749a07a 533#endif
58a8fc25 534 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
b3599dbb 535 "crypto_cleanup_all_ex_data_int()\n");
58a8fc25 536 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
b3599dbb 537 "bio_sock_cleanup_int()\n");
ff234405
MC		 538 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
539 "bio_cleanup()\n");
58a8fc25 540 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
b3599dbb 541 "evp_cleanup_int()\n");
58a8fc25 542 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
b3599dbb 543 "obj_cleanup_int()\n");
ff234405
MC		 544 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
545 "err_cleanup()\n");
9749a07a 546#endif
58a8fc25
MC		 547 /*
548 * Note that cleanup order is important:
a535fe12 549 * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
b3599dbb 550 * must be called before engine_cleanup_int()
58a8fc25
MC		 551 * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
552 * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
b3599dbb
MC		 553 * - conf_modules_free_int() can end up in ENGINE code so must be called
554 * before engine_cleanup_int()
a535fe12
DSH		 555 * - ENGINEs and additional EVP algorithms might use added OIDs names so
556 * obj_cleanup_int() must be called last
58a8fc25 557 */
b3599dbb 558 rand_cleanup_int();
c16de9d8 559 rand_drbg_cleanup_int();
b3599dbb 560 conf_modules_free_int();
773fd0ba 561#ifndef OPENSSL_NO_ENGINE
b3599dbb 562 engine_cleanup_int();
773fd0ba 563#endif
71a5516d 564 ossl_store_cleanup_int();
b3599dbb 565 crypto_cleanup_all_ex_data_int();
ff234405 566 bio_cleanup();
b3599dbb
MC		 567 evp_cleanup_int();
568 obj_cleanup_int();
ff234405
MC		 569 err_cleanup();
570
d7c402c4
DMSP		 571 CRYPTO_secure_malloc_done();
572
deca5df2 573 base_inited = 0;
b184e3ef
MC		 574}
575
b184e3ef
MC		 576/*
577 * If this function is called with a non NULL settings value then it must be
578 * called prior to any threads making calls to any OpenSSL functions,
579 * i.e. passing a non-null settings value is assumed to be single-threaded.
580 */
0fc32b07 581int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
b184e3ef 582{
302f7588 583 if (stopped) {
eb2b9892
BE		 584 if (!(opts & OPENSSL_INIT_BASE_ONLY))
585 CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
0fc32b07 586 return 0;
302f7588 587 }
dd27f16e 588
eb2b9892
BE		 589 if (!RUN_ONCE(&base, ossl_init_base))
590 return 0;
591
592 if (!(opts & OPENSSL_INIT_BASE_ONLY)
593 && !RUN_ONCE(&load_crypto_nodelete,
594 ossl_init_load_crypto_nodelete))
b1f1e7ae 595 return 0;
b184e3ef 596
b1f1e7ae 597 if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
c2e4e5d2
RL		 598 && !RUN_ONCE(&load_crypto_strings,
599 ossl_init_no_load_crypto_strings))
b1f1e7ae 600 return 0;
b184e3ef 601
b1f1e7ae 602 if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
c2e4e5d2 603 && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
b1f1e7ae 604 return 0;
b184e3ef 605
b1f1e7ae 606 if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
c2e4e5d2 607 && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs))
b1f1e7ae 608 return 0;
b184e3ef 609
b1f1e7ae 610 if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
c2e4e5d2 611 && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
b1f1e7ae 612 return 0;
b184e3ef 613
b1f1e7ae 614 if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
c2e4e5d2 615 && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs))
b1f1e7ae 616 return 0;
b184e3ef 617
b1f1e7ae 618 if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
c2e4e5d2 619 && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
b1f1e7ae 620 return 0;
b184e3ef 621
b5319bdb 622 if ((opts & OPENSSL_INIT_ATFORK)
2915fe19
RS		 623 && !openssl_init_fork_handlers())
624 return 0;
625
b1f1e7ae 626 if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
c2e4e5d2 627 && !RUN_ONCE(&config, ossl_init_no_config))
b1f1e7ae 628 return 0;
b184e3ef
MC		 629
630 if (opts & OPENSSL_INIT_LOAD_CONFIG) {
b1f1e7ae 631 int ret;
c292b105 632 CRYPTO_THREAD_write_lock(init_lock);
cda3ae5b 633 appname = (settings == NULL) ? NULL : settings->appname;
c2e4e5d2 634 ret = RUN_ONCE(&config, ossl_init_config);
c292b105 635 CRYPTO_THREAD_unlock(init_lock);
b1f1e7ae
MC		 636 if (!ret)
637 return 0;
b184e3ef
MC		 638 }
639
b1f1e7ae 640 if ((opts & OPENSSL_INIT_ASYNC)
c2e4e5d2 641 && !RUN_ONCE(&async, ossl_init_async))
b1f1e7ae 642 return 0;
7626fbf2 643
b184e3ef 644#ifndef OPENSSL_NO_ENGINE
b1f1e7ae 645 if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
c2e4e5d2 646 && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
b1f1e7ae 647 return 0;
619eb33a
RL		 648# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
649 if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
650 && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
651 return 0;
652# endif
b184e3ef 653# ifndef OPENSSL_NO_RDRAND
b1f1e7ae 654 if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
c2e4e5d2 655 && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
b1f1e7ae 656 return 0;
b184e3ef 657# endif
b1f1e7ae 658 if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
c2e4e5d2 659 && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
b1f1e7ae 660 return 0;
b184e3ef
MC		 661# ifndef OPENSSL_NO_STATIC_ENGINE
662# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
b1f1e7ae 663 if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
c2e4e5d2 664 && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
b1f1e7ae 665 return 0;
b184e3ef
MC		 666# endif
667# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
b1f1e7ae 668 if ((opts & OPENSSL_INIT_ENGINE_CAPI)
c2e4e5d2 669 && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
b1f1e7ae 670 return 0;
b184e3ef 671# endif
6cba4a66 672# if !defined(OPENSSL_NO_AFALGENG)
b1f1e7ae 673 if ((opts & OPENSSL_INIT_ENGINE_AFALG)
c2e4e5d2 674 && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
b1f1e7ae 675 return 0;
6cba4a66 676# endif
b184e3ef
MC		 677# endif
678 if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
8d00e30f 679 | OPENSSL_INIT_ENGINE_OPENSSL
6cba4a66 680 | OPENSSL_INIT_ENGINE_AFALG)) {
b184e3ef
MC		 681 ENGINE_register_all_complete();
682 }
683#endif
684
e4ad0763 685#ifndef OPENSSL_NO_COMP
b1f1e7ae 686 if ((opts & OPENSSL_INIT_ZLIB)
c2e4e5d2 687 && !RUN_ONCE(&zlib, ossl_init_zlib))
b1f1e7ae 688 return 0;
e4ad0763 689#endif
0fc32b07
MC		 690
691 return 1;
b184e3ef
MC		 692}
693
f672aee4 694int OPENSSL_atexit(void (*handler)(void))
b184e3ef
MC		 695{
696 OPENSSL_INIT_STOP *newhand;
697
6e290a25 698#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
5836780f 699 {
5836780f
MC		 700 union {
701 void *sym;
702 void (*func)(void);
703 } handlersym;
704
705 handlersym.func = handler;
2b59d1be
MC		 706# ifdef DSO_WIN32
707 {
708 HMODULE handle = NULL;
709 BOOL ret;
5836780f 710
2b59d1be
MC		 711 /*
712 * We don't use the DSO route for WIN32 because there is a better
713 * way
714 */
715 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
716 | GET_MODULE_HANDLE_EX_FLAG_PIN,
717 handlersym.sym, &handle);
718
719 if (!ret)
720 return 0;
721 }
722# else
723 /*
724 * Deliberately leak a reference to the handler. This will force the
725 * library/code containing the handler to remain loaded until we run the
726 * atexit handler. If -znodelete has been used then this is
c9a41d7d 727 * unnecessary.
2b59d1be
MC		 728 */
729 {
730 DSO *dso = NULL;
731
689f112d 732 ERR_set_mark();
2b59d1be 733 dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
4af14b7b
MK		 734# ifdef OPENSSL_INIT_DEBUG
735 fprintf(stderr,
736 "OPENSSL_INIT: OPENSSL_atexit: obtained DSO reference? %s\n",
737 (dso == NULL ? "No!" : "Yes."));
738 /* See same code above in ossl_init_base() for an explanation. */
739# endif
2b59d1be 740 DSO_free(dso);
689f112d 741 ERR_pop_to_mark();
2b59d1be
MC		 742 }
743# endif
5836780f 744 }
b6d5ba1a 745#endif
5836780f 746
cdb10bae
RS		 747 if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) {
748 CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE);
b184e3ef 749 return 0;
cdb10bae 750 }
b184e3ef
MC		 751
752 newhand->handler = handler;
753 newhand->next = stop_handlers;
754 stop_handlers = newhand;
755
756 return 1;
757}
2915fe19 758
63ab5ea1 759#ifdef OPENSSL_SYS_UNIX
2915fe19
RS		 760/*
761 * The following three functions are for OpenSSL developers. This is
762 * where we set/reset state across fork (called via pthread_atfork when
763 * it exists, or manually by the application when it doesn't).
764 *
765 * WARNING! If you put code in either OPENSSL_fork_parent or
766 * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
767 * safe. See this link, for example:
768 * http://man7.org/linux/man-pages/man7/signal-safety.7.html
769 */
770
771void OPENSSL_fork_prepare(void)
772{
773}
774
775void OPENSSL_fork_parent(void)
776{
777}
778
779void OPENSSL_fork_child(void)
780{
a35f607c 781 rand_fork();
2915fe19
RS		 782}
783#endif
A mirror of the official openssl repository