1=pod 2 3=head1 NAME 4 5OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, 6OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, 7OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, 8OPENSSL_thread_stop - OpenSSL initialisation 9and deinitialisation functions 10 11=head1 SYNOPSIS 12 13 #include <openssl/crypto.h> 14 15 void OPENSSL_cleanup(void); 16 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); 17 int OPENSSL_atexit(void (*handler)(void)); 18 void OPENSSL_thread_stop(void); 19 20 OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); 21 int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, 22 const char* filename); 23 int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, 24 unsigned long flags); 25 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, 26 const char* name); 27 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); 28 29=head1 DESCRIPTION 30 31During normal operation OpenSSL (libcrypto) will allocate various resources at 32start up that must, subsequently, be freed on close down of the library. 33Additionally some resources are allocated on a per thread basis (if the 34application is multi-threaded), and these resources must be freed prior to the 35thread closing. 36 37As of version 1.1.0 OpenSSL will automatically allocate all resources that it 38needs so no explicit initialisation is required. Similarly it will also 39automatically deinitialise as required. 40 41However, there may be situations when explicit initialisation is desirable or 42needed, for example when some nondefault initialisation is required. The 43function OPENSSL_init_crypto() can be used for this purpose for 44libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl 45equivalent). 46 47Numerous internal OpenSSL functions call OPENSSL_init_crypto(). 48Therefore, in order to perform nondefault initialisation, 49OPENSSL_init_crypto() MUST be called by application code prior to 50any other OpenSSL function calls. 51 52The B<opts> parameter specifies which aspects of libcrypto should be 53initialised. Valid options are: 54 55=over 4 56 57=item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 58 59Suppress automatic loading of the libcrypto error strings. This option is 60not a default option. Once selected subsequent calls to 61OPENSSL_init_crypto() with the option 62B<OPENSSL_INIT_LOAD_CRYPTO_STRINGS> will be ignored. 63 64=item OPENSSL_INIT_LOAD_CRYPTO_STRINGS 65 66Automatic loading of the libcrypto error strings. With this option the 67library will automatically load the libcrypto error strings. 68This option is a default option. Once selected subsequent calls to 69OPENSSL_init_crypto() with the option 70B<OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS> will be ignored. 71 72=item OPENSSL_INIT_ADD_ALL_CIPHERS 73 74With this option the library will automatically load and make available all 75libcrypto ciphers. This option is a default option. Once selected subsequent 76calls to OPENSSL_init_crypto() with the option 77B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored. 78 79=item OPENSSL_INIT_ADD_ALL_DIGESTS 80 81With this option the library will automatically load and make available all 82libcrypto digests. This option is a default option. Once selected subsequent 83calls to OPENSSL_init_crypto() with the option 84B<OPENSSL_INIT_NO_ADD_ALL_DIGESTS> will be ignored. 85 86=item OPENSSL_INIT_NO_ADD_ALL_CIPHERS 87 88With this option the library will suppress automatic loading of libcrypto 89ciphers. This option is not a default option. Once selected subsequent 90calls to OPENSSL_init_crypto() with the option 91B<OPENSSL_INIT_ADD_ALL_CIPHERS> will be ignored. 92 93=item OPENSSL_INIT_NO_ADD_ALL_DIGESTS 94 95With this option the library will suppress automatic loading of libcrypto 96digests. This option is not a default option. Once selected subsequent 97calls to OPENSSL_init_crypto() with the option 98B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored. 99 100=item OPENSSL_INIT_LOAD_CONFIG 101 102With this option an OpenSSL configuration file will be automatically loaded and 103used by calling OPENSSL_config(). This is not a default option for libcrypto. 104As of OpenSSL 1.1.1 this is a default option for libssl (see 105L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the 106description of OPENSSL_INIT_new(), below. 107 108=item OPENSSL_INIT_NO_LOAD_CONFIG 109 110With this option the loading of OpenSSL configuration files will be suppressed. 111It is the equivalent of calling OPENSSL_no_config(). This is not a default 112option. 113 114=item OPENSSL_INIT_ASYNC 115 116With this option the library with automatically initialise the libcrypto async 117sub-library (see L<ASYNC_start_job(3)>). This is a default option. 118 119=item OPENSSL_INIT_ENGINE_RDRAND 120 121With this option the library will automatically load and initialise the 122RDRAND engine (if available). This not a default option. 123 124=item OPENSSL_INIT_ENGINE_DYNAMIC 125 126With this option the library will automatically load and initialise the 127dynamic engine. This not a default option. 128 129=item OPENSSL_INIT_ENGINE_OPENSSL 130 131With this option the library will automatically load and initialise the 132openssl engine. This not a default option. 133 134=item OPENSSL_INIT_ENGINE_CRYPTODEV 135 136With this option the library will automatically load and initialise the 137cryptodev engine (if available). This not a default option. 138 139=item OPENSSL_INIT_ENGINE_CAPI 140 141With this option the library will automatically load and initialise the 142CAPI engine (if available). This not a default option. 143 144=item OPENSSL_INIT_ENGINE_PADLOCK 145 146With this option the library will automatically load and initialise the 147padlock engine (if available). This not a default option. 148 149=item OPENSSL_INIT_ENGINE_AFALG 150 151With this option the library will automatically load and initialise the 152AFALG engine. This not a default option. 153 154=item OPENSSL_INIT_ENGINE_ALL_BUILTIN 155 156With this option the library will automatically load and initialise all the 157built in engines listed above with the exception of the openssl and afalg 158engines. This not a default option. 159 160=item OPENSSL_INIT_ATFORK 161 162With this option the library will register its fork handlers. 163See OPENSSL_fork_prepare(3) for details. 164 165=item OPENSSL_INIT_NO_ATEXIT 166 167By default OpenSSL will attempt to clean itself up when the process exits via an 168"atexit" handler. Using this option suppresses that behaviour. This means that 169the application will have to clean up OpenSSL explicitly using 170OPENSSL_cleanup(). 171 172=back 173 174Multiple options may be combined together in a single call to 175OPENSSL_init_crypto(). For example: 176 177 OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS 178 | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL); 179 180The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto 181and libssl). All resources allocated by OpenSSL are freed. Typically there 182should be no need to call this function directly as it is initiated 183automatically on application exit. This is done via the standard C library 184atexit() function. In the event that the application will close in a manner 185that will not call the registered atexit() handlers then the application should 186call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL 187are discouraged from calling this function and should instead, typically, rely 188on auto-deinitialisation. This is to avoid error conditions where both an 189application and a library it depends on both use OpenSSL, and the library 190deinitialises it before the application has finished using it. 191 192Once OPENSSL_cleanup() has been called the library cannot be reinitialised. 193Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error 194will be added to the error stack. Note that because initialisation has failed 195OpenSSL error strings will not be available, only an error code. This code can 196be put through the openssl errstr command line application to produce a human 197readable error (see L<errstr(1)>). 198 199The OPENSSL_atexit() function enables the registration of a 200function to be called during OPENSSL_cleanup(). Stop handlers are 201called after deinitialisation of resources local to a thread, but before other 202process wide resources are freed. In the event that multiple stop handlers are 203registered, no guarantees are made about the order of execution. 204 205The OPENSSL_thread_stop() function deallocates resources associated 206with the current thread. Typically this function will be called automatically by 207the library when the thread exits. This should only be called directly if 208resources should be freed at an earlier time, or under the circumstances 209described in the NOTES section below. 210 211The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a configuration file, as with 212L<CONF_modules_load_file(3)> with NULL filename and application name and the 213B<CONF_MFLAGS_IGNORE_MISSING_FILE>, B<CONF_MFLAGS_IGNORE_RETURN_CODES> and 214B<CONF_MFLAGS_DEFAULT_SECTION> flags. 215The filename, application name, and flags can be customized by providing a 216non-null B<OPENSSL_INIT_SETTINGS> object. 217The object can be allocated via B<OPENSSL_init_new()>. 218The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a 219nondefault filename, which is copied and need not refer to persistent storage. 220Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a 221nondefault application name. 222Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags. 223If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in 224the configuration file will cause an error return from B<OPENSSL_init_crypto> 225or indirectly L<OPENSSL_init_ssl(3)>. 226The object can be released with OPENSSL_INIT_free() when done. 227 228=head1 NOTES 229 230Resources local to a thread are deallocated automatically when the thread exits 231(e.g. in a pthreads environment, when pthread_exit() is called). On Windows 232platforms this is done in response to a DLL_THREAD_DETACH message being sent to 233the libcrypto32.dll entry point. Some windows functions may cause threads to exit 234without sending this message (for example ExitProcess()). If the application 235uses such functions, then the application must free up OpenSSL resources 236directly via a call to OPENSSL_thread_stop() on each thread. Similarly this 237message will also not be sent if OpenSSL is linked statically, and therefore 238applications using static linking should also call OPENSSL_thread_stop() on each 239thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the 240threads are not destroyed until after FreeLibrary() is called then each thread 241should call OPENSSL_thread_stop() prior to the FreeLibrary() call. 242 243On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is 244multi-threaded and if dlclose() is subsequently called prior to the threads 245being destroyed then OpenSSL will not be able to deallocate resources associated 246with those threads. The application should either call OPENSSL_thread_stop() on 247each thread prior to the dlclose() call, or alternatively the original dlopen() 248call should use the RTLD_NODELETE flag (where available on the platform). 249 250=head1 RETURN VALUES 251 252The functions OPENSSL_init_crypto, OPENSSL_atexit() and 253OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error. 254 255=head1 SEE ALSO 256 257L<OPENSSL_init_ssl(3)> 258 259=head1 HISTORY 260 261The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(), 262OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname() 263and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0. 264 265=head1 COPYRIGHT 266 267Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. 268 269Licensed under the OpenSSL license (the "License"). You may not use 270this file except in compliance with the License. You can obtain a copy 271in the file LICENSE in the source distribution or at 272L<https://www.openssl.org/source/license.html>. 273 274=cut 275