2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <internal/cryptlib_int.h>
11 #include <openssl/err.h>
12 #include <internal/rand.h>
13 #include <internal/bio.h>
14 #include <openssl/evp.h>
15 #include <internal/evp_int.h>
16 #include <internal/conf.h>
17 #include <internal/async.h>
18 #include <internal/engine.h>
19 #include <internal/comp.h>
20 #include <internal/err.h>
21 #include <internal/err_int.h>
22 #include <internal/objects.h>
25 #include <internal/thread_once.h>
26 #include <internal/dso.h>
28 static int stopped
= 0;
30 static void ossl_init_thread_stop(struct thread_local_inits_st
*locals
);
32 static CRYPTO_THREAD_LOCAL threadstopkey
;
34 static void ossl_init_thread_stop_wrap(void *local
)
36 ossl_init_thread_stop((struct thread_local_inits_st
*)local
);
39 static struct thread_local_inits_st
*ossl_init_get_thread_local(int alloc
)
41 struct thread_local_inits_st
*local
=
42 CRYPTO_THREAD_get_local(&threadstopkey
);
44 if (local
== NULL
&& alloc
) {
45 local
= OPENSSL_zalloc(sizeof *local
);
46 CRYPTO_THREAD_set_local(&threadstopkey
, local
);
49 CRYPTO_THREAD_set_local(&threadstopkey
, NULL
);
55 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP
;
56 struct ossl_init_stop_st
{
57 void (*handler
)(void);
58 OPENSSL_INIT_STOP
*next
;
61 static OPENSSL_INIT_STOP
*stop_handlers
= NULL
;
62 static CRYPTO_RWLOCK
*init_lock
= NULL
;
64 static CRYPTO_ONCE base
= CRYPTO_ONCE_STATIC_INIT
;
65 static int base_inited
= 0;
66 DEFINE_RUN_ONCE_STATIC(ossl_init_base
)
68 #ifdef OPENSSL_INIT_DEBUG
69 fprintf(stderr
, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
71 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
72 ossl_malloc_setup_failures();
75 * We use a dummy thread local key here. We use the destructor to detect
76 * when the thread is going to stop (where that feature is available)
78 CRYPTO_THREAD_init_local(&threadstopkey
, ossl_init_thread_stop_wrap
);
79 #ifndef OPENSSL_SYS_UEFI
80 atexit(OPENSSL_cleanup
);
82 if ((init_lock
= CRYPTO_THREAD_lock_new()) == NULL
)
84 OPENSSL_cpuid_setup();
88 * Everything needed to be initialized in this function before threads
89 * come along MUST happen before base_inited is set to 1, or we will
90 * see race conditions.
94 #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
97 HMODULE handle
= NULL
;
100 /* We don't use the DSO route for WIN32 because there is a better way */
101 ret
= GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
102 | GET_MODULE_HANDLE_EX_FLAG_PIN
,
103 (void *)&base_inited
, &handle
);
105 return (ret
== TRUE
) ? 1 : 0;
109 * Deliberately leak a reference to ourselves. This will force the library
110 * to remain loaded until the atexit() handler is run at process exit.
116 dso
= DSO_dsobyaddr(&base_inited
, DSO_FLAG_NO_UNLOAD_ON_FREE
);
126 static CRYPTO_ONCE load_crypto_strings
= CRYPTO_ONCE_STATIC_INIT
;
127 static int load_crypto_strings_inited
= 0;
128 DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings
)
130 /* Do nothing in this case */
134 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings
)
138 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
139 * pulling in all the error strings during static linking
141 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
142 # ifdef OPENSSL_INIT_DEBUG
143 fprintf(stderr
, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
144 "err_load_crypto_strings_int()\n");
146 ret
= err_load_crypto_strings_int();
147 load_crypto_strings_inited
= 1;
152 static CRYPTO_ONCE add_all_ciphers
= CRYPTO_ONCE_STATIC_INIT
;
153 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers
)
156 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
157 * pulling in all the ciphers during static linking
159 #ifndef OPENSSL_NO_AUTOALGINIT
160 # ifdef OPENSSL_INIT_DEBUG
161 fprintf(stderr
, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
162 "openssl_add_all_ciphers_int()\n");
164 openssl_add_all_ciphers_int();
169 static CRYPTO_ONCE add_all_digests
= CRYPTO_ONCE_STATIC_INIT
;
170 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests
)
173 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
174 * pulling in all the ciphers during static linking
176 #ifndef OPENSSL_NO_AUTOALGINIT
177 # ifdef OPENSSL_INIT_DEBUG
178 fprintf(stderr
, "OPENSSL_INIT: ossl_init_add_all_digests: "
179 "openssl_add_all_digests()\n");
181 openssl_add_all_digests_int();
186 DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs
)
192 static CRYPTO_ONCE config
= CRYPTO_ONCE_STATIC_INIT
;
193 static int config_inited
= 0;
194 static const char *appname
;
195 DEFINE_RUN_ONCE_STATIC(ossl_init_config
)
197 #ifdef OPENSSL_INIT_DEBUG
199 "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n",
200 appname
== NULL
? "NULL" : appname
);
202 openssl_config_int(appname
);
206 DEFINE_RUN_ONCE_STATIC(ossl_init_no_config
)
208 #ifdef OPENSSL_INIT_DEBUG
210 "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
212 openssl_no_config_int();
217 static CRYPTO_ONCE async
= CRYPTO_ONCE_STATIC_INIT
;
218 static int async_inited
= 0;
219 DEFINE_RUN_ONCE_STATIC(ossl_init_async
)
221 #ifdef OPENSSL_INIT_DEBUG
222 fprintf(stderr
, "OPENSSL_INIT: ossl_init_async: async_init()\n");
230 #ifndef OPENSSL_NO_ENGINE
231 static CRYPTO_ONCE engine_openssl
= CRYPTO_ONCE_STATIC_INIT
;
232 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl
)
234 # ifdef OPENSSL_INIT_DEBUG
235 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_openssl: "
236 "engine_load_openssl_int()\n");
238 engine_load_openssl_int();
241 # if !defined(OPENSSL_NO_HW) && \
242 (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) || defined(HAVE_CRYPTODEV))
243 static CRYPTO_ONCE engine_cryptodev
= CRYPTO_ONCE_STATIC_INIT
;
244 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_cryptodev
)
246 # ifdef OPENSSL_INIT_DEBUG
247 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_cryptodev: "
248 "engine_load_cryptodev_int()\n");
250 engine_load_cryptodev_int();
255 # ifndef OPENSSL_NO_RDRAND
256 static CRYPTO_ONCE engine_rdrand
= CRYPTO_ONCE_STATIC_INIT
;
257 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand
)
259 # ifdef OPENSSL_INIT_DEBUG
260 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_rdrand: "
261 "engine_load_rdrand_int()\n");
263 engine_load_rdrand_int();
267 static CRYPTO_ONCE engine_dynamic
= CRYPTO_ONCE_STATIC_INIT
;
268 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic
)
270 # ifdef OPENSSL_INIT_DEBUG
271 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_dynamic: "
272 "engine_load_dynamic_int()\n");
274 engine_load_dynamic_int();
277 # ifndef OPENSSL_NO_STATIC_ENGINE
278 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
279 static CRYPTO_ONCE engine_padlock
= CRYPTO_ONCE_STATIC_INIT
;
280 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock
)
282 # ifdef OPENSSL_INIT_DEBUG
283 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_padlock: "
284 "engine_load_padlock_int()\n");
286 engine_load_padlock_int();
290 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
291 static CRYPTO_ONCE engine_capi
= CRYPTO_ONCE_STATIC_INIT
;
292 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi
)
294 # ifdef OPENSSL_INIT_DEBUG
295 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_capi: "
296 "engine_load_capi_int()\n");
298 engine_load_capi_int();
302 # if !defined(OPENSSL_NO_AFALGENG)
303 static CRYPTO_ONCE engine_afalg
= CRYPTO_ONCE_STATIC_INIT
;
304 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg
)
306 # ifdef OPENSSL_INIT_DEBUG
307 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_afalg: "
308 "engine_load_afalg_int()\n");
310 engine_load_afalg_int();
317 #ifndef OPENSSL_NO_COMP
318 static CRYPTO_ONCE zlib
= CRYPTO_ONCE_STATIC_INIT
;
320 static int zlib_inited
= 0;
321 DEFINE_RUN_ONCE_STATIC(ossl_init_zlib
)
323 /* Do nothing - we need to know about this for the later cleanup */
329 static void ossl_init_thread_stop(struct thread_local_inits_st
*locals
)
331 /* Can't do much about this */
336 #ifdef OPENSSL_INIT_DEBUG
337 fprintf(stderr
, "OPENSSL_INIT: ossl_init_thread_stop: "
338 "ASYNC_cleanup_thread()\n");
340 ASYNC_cleanup_thread();
343 if (locals
->err_state
) {
344 #ifdef OPENSSL_INIT_DEBUG
345 fprintf(stderr
, "OPENSSL_INIT: ossl_init_thread_stop: "
346 "err_delete_thread_state()\n");
348 err_delete_thread_state();
351 OPENSSL_free(locals
);
354 void OPENSSL_thread_stop(void)
356 ossl_init_thread_stop(
357 (struct thread_local_inits_st
*)ossl_init_get_thread_local(0));
360 int ossl_init_thread_start(uint64_t opts
)
362 struct thread_local_inits_st
*locals
= ossl_init_get_thread_local(1);
367 if (opts
& OPENSSL_INIT_THREAD_ASYNC
) {
368 #ifdef OPENSSL_INIT_DEBUG
369 fprintf(stderr
, "OPENSSL_INIT: ossl_init_thread_start: "
370 "marking thread for async\n");
375 if (opts
& OPENSSL_INIT_THREAD_ERR_STATE
) {
376 #ifdef OPENSSL_INIT_DEBUG
377 fprintf(stderr
, "OPENSSL_INIT: ossl_init_thread_start: "
378 "marking thread for err_state\n");
380 locals
->err_state
= 1;
386 void OPENSSL_cleanup(void)
388 OPENSSL_INIT_STOP
*currhandler
, *lasthandler
;
390 /* If we've not been inited then no need to deinit */
394 /* Might be explicitly called and also by atexit */
400 * Thread stop may not get automatically called by the thread library for
401 * the very last thread in some situations, so call it directly.
403 ossl_init_thread_stop(ossl_init_get_thread_local(0));
405 currhandler
= stop_handlers
;
406 while (currhandler
!= NULL
) {
407 currhandler
->handler();
408 lasthandler
= currhandler
;
409 currhandler
= currhandler
->next
;
410 OPENSSL_free(lasthandler
);
412 stop_handlers
= NULL
;
414 CRYPTO_THREAD_lock_free(init_lock
);
417 * We assume we are single-threaded for this function, i.e. no race
418 * conditions for the various "*_inited" vars below.
421 #ifndef OPENSSL_NO_COMP
423 #ifdef OPENSSL_INIT_DEBUG
424 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
425 "comp_zlib_cleanup_int()\n");
427 comp_zlib_cleanup_int();
432 # ifdef OPENSSL_INIT_DEBUG
433 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
439 if (load_crypto_strings_inited
) {
440 #ifdef OPENSSL_INIT_DEBUG
441 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
442 "err_free_strings_int()\n");
444 err_free_strings_int();
447 CRYPTO_THREAD_cleanup_local(&threadstopkey
);
449 #ifdef OPENSSL_INIT_DEBUG
450 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
451 "rand_cleanup_int()\n");
452 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
453 "conf_modules_free_int()\n");
454 #ifndef OPENSSL_NO_ENGINE
455 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
456 "engine_cleanup_int()\n");
458 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
459 "crypto_cleanup_all_ex_data_int()\n");
460 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
461 "bio_sock_cleanup_int()\n");
462 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
464 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
465 "evp_cleanup_int()\n");
466 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
467 "obj_cleanup_int()\n");
468 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
472 * Note that cleanup order is important:
473 * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
474 * must be called before engine_cleanup_int()
475 * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
476 * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
477 * - conf_modules_free_int() can end up in ENGINE code so must be called
478 * before engine_cleanup_int()
479 * - ENGINEs and additional EVP algorithms might use added OIDs names so
480 * obj_cleanup_int() must be called last
483 conf_modules_free_int();
484 #ifndef OPENSSL_NO_ENGINE
485 engine_cleanup_int();
487 crypto_cleanup_all_ex_data_int();
497 * If this function is called with a non NULL settings value then it must be
498 * called prior to any threads making calls to any OpenSSL functions,
499 * i.e. passing a non-null settings value is assumed to be single-threaded.
501 int OPENSSL_init_crypto(uint64_t opts
, const OPENSSL_INIT_SETTINGS
*settings
)
503 static int stoperrset
= 0;
508 * We only ever set this once to avoid getting into an infinite
509 * loop where the error system keeps trying to init and fails so
513 CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO
, ERR_R_INIT_FAIL
);
518 if (!base_inited
&& !RUN_ONCE(&base
, ossl_init_base
))
521 if ((opts
& OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
)
522 && !RUN_ONCE(&load_crypto_strings
,
523 ossl_init_no_load_crypto_strings
))
526 if ((opts
& OPENSSL_INIT_LOAD_CRYPTO_STRINGS
)
527 && !RUN_ONCE(&load_crypto_strings
, ossl_init_load_crypto_strings
))
530 if ((opts
& OPENSSL_INIT_NO_ADD_ALL_CIPHERS
)
531 && !RUN_ONCE(&add_all_ciphers
, ossl_init_no_add_algs
))
534 if ((opts
& OPENSSL_INIT_ADD_ALL_CIPHERS
)
535 && !RUN_ONCE(&add_all_ciphers
, ossl_init_add_all_ciphers
))
538 if ((opts
& OPENSSL_INIT_NO_ADD_ALL_DIGESTS
)
539 && !RUN_ONCE(&add_all_digests
, ossl_init_no_add_algs
))
542 if ((opts
& OPENSSL_INIT_ADD_ALL_DIGESTS
)
543 && !RUN_ONCE(&add_all_digests
, ossl_init_add_all_digests
))
546 if ((opts
& OPENSSL_INIT_NO_LOAD_CONFIG
)
547 && !RUN_ONCE(&config
, ossl_init_no_config
))
550 if (opts
& OPENSSL_INIT_LOAD_CONFIG
) {
552 CRYPTO_THREAD_write_lock(init_lock
);
553 appname
= (settings
== NULL
) ? NULL
: settings
->appname
;
554 ret
= RUN_ONCE(&config
, ossl_init_config
);
555 CRYPTO_THREAD_unlock(init_lock
);
560 if ((opts
& OPENSSL_INIT_ASYNC
)
561 && !RUN_ONCE(&async
, ossl_init_async
))
564 #ifndef OPENSSL_NO_ENGINE
565 if ((opts
& OPENSSL_INIT_ENGINE_OPENSSL
)
566 && !RUN_ONCE(&engine_openssl
, ossl_init_engine_openssl
))
568 # if !defined(OPENSSL_NO_HW) && \
569 (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) || defined(HAVE_CRYPTODEV))
570 if ((opts
& OPENSSL_INIT_ENGINE_CRYPTODEV
)
571 && !RUN_ONCE(&engine_cryptodev
, ossl_init_engine_cryptodev
))
574 # ifndef OPENSSL_NO_RDRAND
575 if ((opts
& OPENSSL_INIT_ENGINE_RDRAND
)
576 && !RUN_ONCE(&engine_rdrand
, ossl_init_engine_rdrand
))
579 if ((opts
& OPENSSL_INIT_ENGINE_DYNAMIC
)
580 && !RUN_ONCE(&engine_dynamic
, ossl_init_engine_dynamic
))
582 # ifndef OPENSSL_NO_STATIC_ENGINE
583 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
584 if ((opts
& OPENSSL_INIT_ENGINE_PADLOCK
)
585 && !RUN_ONCE(&engine_padlock
, ossl_init_engine_padlock
))
588 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
589 if ((opts
& OPENSSL_INIT_ENGINE_CAPI
)
590 && !RUN_ONCE(&engine_capi
, ossl_init_engine_capi
))
593 # if !defined(OPENSSL_NO_AFALGENG)
594 if ((opts
& OPENSSL_INIT_ENGINE_AFALG
)
595 && !RUN_ONCE(&engine_afalg
, ossl_init_engine_afalg
))
599 if (opts
& (OPENSSL_INIT_ENGINE_ALL_BUILTIN
600 | OPENSSL_INIT_ENGINE_OPENSSL
601 | OPENSSL_INIT_ENGINE_AFALG
)) {
602 ENGINE_register_all_complete();
606 #ifndef OPENSSL_NO_COMP
607 if ((opts
& OPENSSL_INIT_ZLIB
)
608 && !RUN_ONCE(&zlib
, ossl_init_zlib
))
615 int OPENSSL_atexit(void (*handler
)(void))
617 OPENSSL_INIT_STOP
*newhand
;
619 #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
626 handlersym
.func
= handler
;
629 HMODULE handle
= NULL
;
633 * We don't use the DSO route for WIN32 because there is a better
636 ret
= GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
637 | GET_MODULE_HANDLE_EX_FLAG_PIN
,
638 handlersym
.sym
, &handle
);
645 * Deliberately leak a reference to the handler. This will force the
646 * library/code containing the handler to remain loaded until we run the
647 * atexit handler. If -znodelete has been used then this is
654 dso
= DSO_dsobyaddr(handlersym
.sym
, DSO_FLAG_NO_UNLOAD_ON_FREE
);
662 newhand
= OPENSSL_malloc(sizeof(*newhand
));
666 newhand
->handler
= handler
;
667 newhand
->next
= stop_handlers
;
668 stop_handlers
= newhand
;