2 * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <internal/cryptlib_int.h>
11 #include <openssl/err.h>
12 #include <internal/rand_int.h>
13 #include <internal/bio.h>
14 #include <openssl/evp.h>
15 #include <internal/evp_int.h>
16 #include <internal/conf.h>
17 #include <internal/async.h>
18 #include <internal/engine.h>
19 #include <internal/comp.h>
20 #include <internal/err.h>
21 #include <internal/err_int.h>
22 #include <internal/objects.h>
25 #include <internal/thread_once.h>
26 #include <internal/dso.h>
27 #include <internal/store.h>
29 static int stopped
= 0;
31 static void ossl_init_thread_stop(struct thread_local_inits_st
*locals
);
33 static CRYPTO_THREAD_LOCAL threadstopkey
;
35 static void ossl_init_thread_stop_wrap(void *local
)
37 ossl_init_thread_stop((struct thread_local_inits_st
*)local
);
40 static struct thread_local_inits_st
*ossl_init_get_thread_local(int alloc
)
42 struct thread_local_inits_st
*local
=
43 CRYPTO_THREAD_get_local(&threadstopkey
);
45 if (local
== NULL
&& alloc
) {
46 local
= OPENSSL_zalloc(sizeof *local
);
47 if (local
!= NULL
&& !CRYPTO_THREAD_set_local(&threadstopkey
, local
)) {
53 CRYPTO_THREAD_set_local(&threadstopkey
, NULL
);
59 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP
;
60 struct ossl_init_stop_st
{
61 void (*handler
)(void);
62 OPENSSL_INIT_STOP
*next
;
65 static OPENSSL_INIT_STOP
*stop_handlers
= NULL
;
66 static CRYPTO_RWLOCK
*init_lock
= NULL
;
68 static CRYPTO_ONCE base
= CRYPTO_ONCE_STATIC_INIT
;
69 static int base_inited
= 0;
70 DEFINE_RUN_ONCE_STATIC(ossl_init_base
)
72 #ifdef OPENSSL_INIT_DEBUG
73 fprintf(stderr
, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
75 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
76 ossl_malloc_setup_failures();
79 * We use a dummy thread local key here. We use the destructor to detect
80 * when the thread is going to stop (where that feature is available)
82 CRYPTO_THREAD_init_local(&threadstopkey
, ossl_init_thread_stop_wrap
);
83 #ifndef OPENSSL_SYS_UEFI
84 atexit(OPENSSL_cleanup
);
86 if ((init_lock
= CRYPTO_THREAD_lock_new()) == NULL
)
88 OPENSSL_cpuid_setup();
92 * Everything needed to be initialized in this function before threads
93 * come along MUST happen before base_inited is set to 1, or we will
94 * see race conditions.
98 #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
101 HMODULE handle
= NULL
;
104 /* We don't use the DSO route for WIN32 because there is a better way */
105 ret
= GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
106 | GET_MODULE_HANDLE_EX_FLAG_PIN
,
107 (void *)&base_inited
, &handle
);
109 return (ret
== TRUE
) ? 1 : 0;
113 * Deliberately leak a reference to ourselves. This will force the library
114 * to remain loaded until the atexit() handler is run at process exit.
120 dso
= DSO_dsobyaddr(&base_inited
, DSO_FLAG_NO_UNLOAD_ON_FREE
);
130 static CRYPTO_ONCE load_crypto_strings
= CRYPTO_ONCE_STATIC_INIT
;
131 static int load_crypto_strings_inited
= 0;
132 DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings
)
134 /* Do nothing in this case */
138 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings
)
142 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
143 * pulling in all the error strings during static linking
145 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
146 # ifdef OPENSSL_INIT_DEBUG
147 fprintf(stderr
, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
148 "err_load_crypto_strings_int()\n");
150 ret
= err_load_crypto_strings_int();
151 load_crypto_strings_inited
= 1;
156 static CRYPTO_ONCE add_all_ciphers
= CRYPTO_ONCE_STATIC_INIT
;
157 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers
)
160 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
161 * pulling in all the ciphers during static linking
163 #ifndef OPENSSL_NO_AUTOALGINIT
164 # ifdef OPENSSL_INIT_DEBUG
165 fprintf(stderr
, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
166 "openssl_add_all_ciphers_int()\n");
168 openssl_add_all_ciphers_int();
173 static CRYPTO_ONCE add_all_digests
= CRYPTO_ONCE_STATIC_INIT
;
174 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests
)
177 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
178 * pulling in all the ciphers during static linking
180 #ifndef OPENSSL_NO_AUTOALGINIT
181 # ifdef OPENSSL_INIT_DEBUG
182 fprintf(stderr
, "OPENSSL_INIT: ossl_init_add_all_digests: "
183 "openssl_add_all_digests()\n");
185 openssl_add_all_digests_int();
190 DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs
)
196 static CRYPTO_ONCE config
= CRYPTO_ONCE_STATIC_INIT
;
197 static int config_inited
= 0;
198 static const char *appname
;
199 DEFINE_RUN_ONCE_STATIC(ossl_init_config
)
201 #ifdef OPENSSL_INIT_DEBUG
203 "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n",
204 appname
== NULL
? "NULL" : appname
);
206 openssl_config_int(appname
);
210 DEFINE_RUN_ONCE_STATIC(ossl_init_no_config
)
212 #ifdef OPENSSL_INIT_DEBUG
214 "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
216 openssl_no_config_int();
221 static CRYPTO_ONCE async
= CRYPTO_ONCE_STATIC_INIT
;
222 static int async_inited
= 0;
223 DEFINE_RUN_ONCE_STATIC(ossl_init_async
)
225 #ifdef OPENSSL_INIT_DEBUG
226 fprintf(stderr
, "OPENSSL_INIT: ossl_init_async: async_init()\n");
234 #ifndef OPENSSL_NO_ENGINE
235 static CRYPTO_ONCE engine_openssl
= CRYPTO_ONCE_STATIC_INIT
;
236 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl
)
238 # ifdef OPENSSL_INIT_DEBUG
239 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_openssl: "
240 "engine_load_openssl_int()\n");
242 engine_load_openssl_int();
245 # ifndef OPENSSL_NO_DEVCRYPTOENG
246 static CRYPTO_ONCE engine_devcrypto
= CRYPTO_ONCE_STATIC_INIT
;
247 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto
)
249 # ifdef OPENSSL_INIT_DEBUG
250 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
251 "engine_load_devcrypto_int()\n");
253 engine_load_devcrypto_int();
258 # ifndef OPENSSL_NO_RDRAND
259 static CRYPTO_ONCE engine_rdrand
= CRYPTO_ONCE_STATIC_INIT
;
260 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand
)
262 # ifdef OPENSSL_INIT_DEBUG
263 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_rdrand: "
264 "engine_load_rdrand_int()\n");
266 engine_load_rdrand_int();
270 static CRYPTO_ONCE engine_dynamic
= CRYPTO_ONCE_STATIC_INIT
;
271 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic
)
273 # ifdef OPENSSL_INIT_DEBUG
274 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_dynamic: "
275 "engine_load_dynamic_int()\n");
277 engine_load_dynamic_int();
280 # ifndef OPENSSL_NO_STATIC_ENGINE
281 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
282 static CRYPTO_ONCE engine_padlock
= CRYPTO_ONCE_STATIC_INIT
;
283 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock
)
285 # ifdef OPENSSL_INIT_DEBUG
286 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_padlock: "
287 "engine_load_padlock_int()\n");
289 engine_load_padlock_int();
293 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
294 static CRYPTO_ONCE engine_capi
= CRYPTO_ONCE_STATIC_INIT
;
295 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi
)
297 # ifdef OPENSSL_INIT_DEBUG
298 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_capi: "
299 "engine_load_capi_int()\n");
301 engine_load_capi_int();
305 # if !defined(OPENSSL_NO_AFALGENG)
306 static CRYPTO_ONCE engine_afalg
= CRYPTO_ONCE_STATIC_INIT
;
307 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg
)
309 # ifdef OPENSSL_INIT_DEBUG
310 fprintf(stderr
, "OPENSSL_INIT: ossl_init_engine_afalg: "
311 "engine_load_afalg_int()\n");
313 engine_load_afalg_int();
320 #ifndef OPENSSL_NO_COMP
321 static CRYPTO_ONCE zlib
= CRYPTO_ONCE_STATIC_INIT
;
323 static int zlib_inited
= 0;
324 DEFINE_RUN_ONCE_STATIC(ossl_init_zlib
)
326 /* Do nothing - we need to know about this for the later cleanup */
332 static void ossl_init_thread_stop(struct thread_local_inits_st
*locals
)
334 /* Can't do much about this */
339 #ifdef OPENSSL_INIT_DEBUG
340 fprintf(stderr
, "OPENSSL_INIT: ossl_init_thread_stop: "
341 "ASYNC_cleanup_thread()\n");
343 ASYNC_cleanup_thread();
346 if (locals
->err_state
) {
347 #ifdef OPENSSL_INIT_DEBUG
348 fprintf(stderr
, "OPENSSL_INIT: ossl_init_thread_stop: "
349 "err_delete_thread_state()\n");
351 err_delete_thread_state();
354 OPENSSL_free(locals
);
357 void OPENSSL_thread_stop(void)
359 ossl_init_thread_stop(
360 (struct thread_local_inits_st
*)ossl_init_get_thread_local(0));
363 int ossl_init_thread_start(uint64_t opts
)
365 struct thread_local_inits_st
*locals
;
367 if (!OPENSSL_init_crypto(0, NULL
))
370 locals
= ossl_init_get_thread_local(1);
375 if (opts
& OPENSSL_INIT_THREAD_ASYNC
) {
376 #ifdef OPENSSL_INIT_DEBUG
377 fprintf(stderr
, "OPENSSL_INIT: ossl_init_thread_start: "
378 "marking thread for async\n");
383 if (opts
& OPENSSL_INIT_THREAD_ERR_STATE
) {
384 #ifdef OPENSSL_INIT_DEBUG
385 fprintf(stderr
, "OPENSSL_INIT: ossl_init_thread_start: "
386 "marking thread for err_state\n");
388 locals
->err_state
= 1;
394 void OPENSSL_cleanup(void)
396 OPENSSL_INIT_STOP
*currhandler
, *lasthandler
;
398 /* If we've not been inited then no need to deinit */
402 /* Might be explicitly called and also by atexit */
408 * Thread stop may not get automatically called by the thread library for
409 * the very last thread in some situations, so call it directly.
411 ossl_init_thread_stop(ossl_init_get_thread_local(0));
413 currhandler
= stop_handlers
;
414 while (currhandler
!= NULL
) {
415 currhandler
->handler();
416 lasthandler
= currhandler
;
417 currhandler
= currhandler
->next
;
418 OPENSSL_free(lasthandler
);
420 stop_handlers
= NULL
;
422 CRYPTO_THREAD_lock_free(init_lock
);
425 * We assume we are single-threaded for this function, i.e. no race
426 * conditions for the various "*_inited" vars below.
429 #ifndef OPENSSL_NO_COMP
431 #ifdef OPENSSL_INIT_DEBUG
432 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
433 "comp_zlib_cleanup_int()\n");
435 comp_zlib_cleanup_int();
440 # ifdef OPENSSL_INIT_DEBUG
441 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
447 if (load_crypto_strings_inited
) {
448 #ifdef OPENSSL_INIT_DEBUG
449 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
450 "err_free_strings_int()\n");
452 err_free_strings_int();
455 CRYPTO_THREAD_cleanup_local(&threadstopkey
);
457 #ifdef OPENSSL_INIT_DEBUG
458 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
459 "rand_cleanup_int()\n");
460 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
461 "conf_modules_free_int()\n");
462 #ifndef OPENSSL_NO_ENGINE
463 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
464 "engine_cleanup_int()\n");
466 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
467 "crypto_cleanup_all_ex_data_int()\n");
468 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
469 "bio_sock_cleanup_int()\n");
470 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
472 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
473 "evp_cleanup_int()\n");
474 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
475 "obj_cleanup_int()\n");
476 fprintf(stderr
, "OPENSSL_INIT: OPENSSL_cleanup: "
480 * Note that cleanup order is important:
481 * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
482 * must be called before engine_cleanup_int()
483 * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
484 * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
485 * - conf_modules_free_int() can end up in ENGINE code so must be called
486 * before engine_cleanup_int()
487 * - ENGINEs and additional EVP algorithms might use added OIDs names so
488 * obj_cleanup_int() must be called last
491 conf_modules_free_int();
492 #ifndef OPENSSL_NO_ENGINE
493 engine_cleanup_int();
495 ossl_store_cleanup_int();
496 crypto_cleanup_all_ex_data_int();
506 * If this function is called with a non NULL settings value then it must be
507 * called prior to any threads making calls to any OpenSSL functions,
508 * i.e. passing a non-null settings value is assumed to be single-threaded.
510 int OPENSSL_init_crypto(uint64_t opts
, const OPENSSL_INIT_SETTINGS
*settings
)
512 static int stoperrset
= 0;
517 * We only ever set this once to avoid getting into an infinite
518 * loop where the error system keeps trying to init and fails so
522 CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO
, ERR_R_INIT_FAIL
);
527 if (!base_inited
&& !RUN_ONCE(&base
, ossl_init_base
))
530 if ((opts
& OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
)
531 && !RUN_ONCE(&load_crypto_strings
,
532 ossl_init_no_load_crypto_strings
))
535 if ((opts
& OPENSSL_INIT_LOAD_CRYPTO_STRINGS
)
536 && !RUN_ONCE(&load_crypto_strings
, ossl_init_load_crypto_strings
))
539 if ((opts
& OPENSSL_INIT_NO_ADD_ALL_CIPHERS
)
540 && !RUN_ONCE(&add_all_ciphers
, ossl_init_no_add_algs
))
543 if ((opts
& OPENSSL_INIT_ADD_ALL_CIPHERS
)
544 && !RUN_ONCE(&add_all_ciphers
, ossl_init_add_all_ciphers
))
547 if ((opts
& OPENSSL_INIT_NO_ADD_ALL_DIGESTS
)
548 && !RUN_ONCE(&add_all_digests
, ossl_init_no_add_algs
))
551 if ((opts
& OPENSSL_INIT_ADD_ALL_DIGESTS
)
552 && !RUN_ONCE(&add_all_digests
, ossl_init_add_all_digests
))
555 if ((opts
& OPENSSL_INIT_ATFORK
)
556 && !openssl_init_fork_handlers())
559 if ((opts
& OPENSSL_INIT_NO_LOAD_CONFIG
)
560 && !RUN_ONCE(&config
, ossl_init_no_config
))
563 if (opts
& OPENSSL_INIT_LOAD_CONFIG
) {
565 CRYPTO_THREAD_write_lock(init_lock
);
566 appname
= (settings
== NULL
) ? NULL
: settings
->appname
;
567 ret
= RUN_ONCE(&config
, ossl_init_config
);
568 CRYPTO_THREAD_unlock(init_lock
);
573 if ((opts
& OPENSSL_INIT_ASYNC
)
574 && !RUN_ONCE(&async
, ossl_init_async
))
577 #ifndef OPENSSL_NO_ENGINE
578 if ((opts
& OPENSSL_INIT_ENGINE_OPENSSL
)
579 && !RUN_ONCE(&engine_openssl
, ossl_init_engine_openssl
))
581 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
582 if ((opts
& OPENSSL_INIT_ENGINE_CRYPTODEV
)
583 && !RUN_ONCE(&engine_devcrypto
, ossl_init_engine_devcrypto
))
586 # ifndef OPENSSL_NO_RDRAND
587 if ((opts
& OPENSSL_INIT_ENGINE_RDRAND
)
588 && !RUN_ONCE(&engine_rdrand
, ossl_init_engine_rdrand
))
591 if ((opts
& OPENSSL_INIT_ENGINE_DYNAMIC
)
592 && !RUN_ONCE(&engine_dynamic
, ossl_init_engine_dynamic
))
594 # ifndef OPENSSL_NO_STATIC_ENGINE
595 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
596 if ((opts
& OPENSSL_INIT_ENGINE_PADLOCK
)
597 && !RUN_ONCE(&engine_padlock
, ossl_init_engine_padlock
))
600 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
601 if ((opts
& OPENSSL_INIT_ENGINE_CAPI
)
602 && !RUN_ONCE(&engine_capi
, ossl_init_engine_capi
))
605 # if !defined(OPENSSL_NO_AFALGENG)
606 if ((opts
& OPENSSL_INIT_ENGINE_AFALG
)
607 && !RUN_ONCE(&engine_afalg
, ossl_init_engine_afalg
))
611 if (opts
& (OPENSSL_INIT_ENGINE_ALL_BUILTIN
612 | OPENSSL_INIT_ENGINE_OPENSSL
613 | OPENSSL_INIT_ENGINE_AFALG
)) {
614 ENGINE_register_all_complete();
618 #ifndef OPENSSL_NO_COMP
619 if ((opts
& OPENSSL_INIT_ZLIB
)
620 && !RUN_ONCE(&zlib
, ossl_init_zlib
))
627 int OPENSSL_atexit(void (*handler
)(void))
629 OPENSSL_INIT_STOP
*newhand
;
631 #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
638 handlersym
.func
= handler
;
641 HMODULE handle
= NULL
;
645 * We don't use the DSO route for WIN32 because there is a better
648 ret
= GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
649 | GET_MODULE_HANDLE_EX_FLAG_PIN
,
650 handlersym
.sym
, &handle
);
657 * Deliberately leak a reference to the handler. This will force the
658 * library/code containing the handler to remain loaded until we run the
659 * atexit handler. If -znodelete has been used then this is
666 dso
= DSO_dsobyaddr(handlersym
.sym
, DSO_FLAG_NO_UNLOAD_ON_FREE
);
674 newhand
= OPENSSL_malloc(sizeof(*newhand
));
678 newhand
->handler
= handler
;
679 newhand
->next
= stop_handlers
;
680 stop_handlers
= newhand
;
685 #ifdef OPENSSL_SYS_UNIX
687 * The following three functions are for OpenSSL developers. This is
688 * where we set/reset state across fork (called via pthread_atfork when
689 * it exists, or manually by the application when it doesn't).
691 * WARNING! If you put code in either OPENSSL_fork_parent or
692 * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
693 * safe. See this link, for example:
694 * http://man7.org/linux/man-pages/man7/signal-safety.7.html
697 void OPENSSL_fork_prepare(void)
701 void OPENSSL_fork_parent(void)
705 void OPENSSL_fork_child(void)