xref: /freebsd/crypto/openssl/doc/man3/OPENSSL_init_crypto.pod (revision aa1a8ff2d6dbc51ef058f46f3db5a8bb77967145)
1=pod
2
3=head1 NAME
4
5OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename,
6OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags,
7OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit,
8OPENSSL_thread_stop_ex, OPENSSL_thread_stop - OpenSSL initialisation
9and deinitialisation functions
10
11=head1 SYNOPSIS
12
13 #include <openssl/crypto.h>
14
15 void OPENSSL_cleanup(void);
16 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
17 int OPENSSL_atexit(void (*handler)(void));
18 void OPENSSL_thread_stop_ex(OSSL_LIB_CTX *ctx);
19 void OPENSSL_thread_stop(void);
20
21 OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
22 int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
23                                      const char* filename);
24 int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init,
25                                        unsigned long flags);
26 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
27                                     const char* name);
28 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
29
30=head1 DESCRIPTION
31
32During normal operation OpenSSL (libcrypto) will allocate various resources at
33start up that must, subsequently, be freed on close down of the library.
34Additionally some resources are allocated on a per thread basis (if the
35application is multi-threaded), and these resources must be freed prior to the
36thread closing.
37
38As of version 1.1.0 OpenSSL will automatically allocate all resources that it
39needs so no explicit initialisation is required. Similarly it will also
40automatically deinitialise as required.
41
42However, there may be situations when explicit initialisation is desirable or
43needed, for example when some nondefault initialisation is required. The
44function OPENSSL_init_crypto() can be used for this purpose for
45libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
46equivalent).
47
48Numerous internal OpenSSL functions call OPENSSL_init_crypto().
49Therefore, in order to perform nondefault initialisation,
50OPENSSL_init_crypto() MUST be called by application code prior to
51any other OpenSSL function calls.
52
53The B<opts> parameter specifies which aspects of libcrypto should be
54initialised. Valid options are:
55
56=over 4
57
58=item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
59
60Suppress automatic loading of the libcrypto error strings. This option is
61not a default option. Once selected subsequent calls to
62OPENSSL_init_crypto() with the option
63B<OPENSSL_INIT_LOAD_CRYPTO_STRINGS> will be ignored.
64
65=item OPENSSL_INIT_LOAD_CRYPTO_STRINGS
66
67Automatic loading of the libcrypto error strings. With this option the
68library will automatically load the libcrypto error strings.
69This option is a default option. Once selected subsequent calls to
70OPENSSL_init_crypto() with the option
71B<OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS> will be ignored.
72
73=item OPENSSL_INIT_ADD_ALL_CIPHERS
74
75With this option the library will automatically load and make available all
76libcrypto ciphers. This option is a default option. Once selected subsequent
77calls to OPENSSL_init_crypto() with the option
78B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
79
80=item OPENSSL_INIT_ADD_ALL_DIGESTS
81
82With this option the library will automatically load and make available all
83libcrypto digests. This option is a default option. Once selected subsequent
84calls to OPENSSL_init_crypto() with the option
85B<OPENSSL_INIT_NO_ADD_ALL_DIGESTS> will be ignored.
86
87=item OPENSSL_INIT_NO_ADD_ALL_CIPHERS
88
89With this option the library will suppress automatic loading of libcrypto
90ciphers. This option is not a default option. Once selected subsequent
91calls to OPENSSL_init_crypto() with the option
92B<OPENSSL_INIT_ADD_ALL_CIPHERS> will be ignored.
93
94=item OPENSSL_INIT_NO_ADD_ALL_DIGESTS
95
96With this option the library will suppress automatic loading of libcrypto
97digests. This option is not a default option. Once selected subsequent
98calls to OPENSSL_init_crypto() with the option
99B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
100
101=item OPENSSL_INIT_LOAD_CONFIG
102
103With this option an OpenSSL configuration file will be automatically loaded and
104used by calling OPENSSL_config(). This is a default option.
105Note that in OpenSSL 1.1.1 this was the default for libssl but not for
106libcrypto (see L<OPENSSL_init_ssl(3)> for further details about libssl
107initialisation).
108In OpenSSL 1.1.0 this was a nondefault option for both libssl and libcrypto.
109See the description of OPENSSL_INIT_new(), below.
110
111=item OPENSSL_INIT_NO_LOAD_CONFIG
112
113With this option the loading of OpenSSL configuration files will be suppressed.
114It is the equivalent of calling OPENSSL_no_config(). This is not a default
115option.
116
117=item OPENSSL_INIT_ASYNC
118
119With this option the library with automatically initialise the libcrypto async
120sub-library (see L<ASYNC_start_job(3)>). This is a default option.
121
122=item OPENSSL_INIT_ENGINE_RDRAND
123
124With this option the library will automatically load and initialise the
125RDRAND engine (if available). This not a default option and is deprecated
126in OpenSSL 3.0.
127
128=item OPENSSL_INIT_ENGINE_DYNAMIC
129
130With this option the library will automatically load and initialise the
131dynamic engine. This not a default option and is deprecated
132in OpenSSL 3.0.
133
134=item OPENSSL_INIT_ENGINE_OPENSSL
135
136With this option the library will automatically load and initialise the
137openssl engine. This not a default option and is deprecated
138in OpenSSL 3.0.
139
140=item OPENSSL_INIT_ENGINE_CRYPTODEV
141
142With this option the library will automatically load and initialise the
143cryptodev engine (if available). This not a default option and is deprecated
144in OpenSSL 3.0.
145
146=item OPENSSL_INIT_ENGINE_CAPI
147
148With this option the library will automatically load and initialise the
149CAPI engine (if available). This not a default option and is deprecated
150in OpenSSL 3.0.
151
152=item OPENSSL_INIT_ENGINE_PADLOCK
153
154With this option the library will automatically load and initialise the
155padlock engine (if available). This not a default option and is deprecated
156in OpenSSL 3.0.
157
158=item OPENSSL_INIT_ENGINE_AFALG
159
160With this option the library will automatically load and initialise the
161AFALG engine. This not a default option and is deprecated
162in OpenSSL 3.0.
163
164=item OPENSSL_INIT_ENGINE_ALL_BUILTIN
165
166With this option the library will automatically load and initialise all the
167built in engines listed above with the exception of the openssl and afalg
168engines. This not a default option and is deprecated
169in OpenSSL 3.0.
170
171=item OPENSSL_INIT_ATFORK
172
173With this option the library will register its fork handlers.
174See OPENSSL_fork_prepare(3) for details.
175
176=item OPENSSL_INIT_NO_ATEXIT
177
178By default OpenSSL will attempt to clean itself up when the process exits via an
179"atexit" handler. Using this option suppresses that behaviour. This means that
180the application will have to clean up OpenSSL explicitly using
181OPENSSL_cleanup().
182
183=back
184
185Multiple options may be combined together in a single call to
186OPENSSL_init_crypto(). For example:
187
188 OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
189                     | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
190
191The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
192and libssl). All resources allocated by OpenSSL are freed. Typically there
193should be no need to call this function directly as it is initiated
194automatically on application exit. This is done via the standard C library
195atexit() function. In the event that the application will close in a manner
196that will not call the registered atexit() handlers then the application should
197call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL
198are discouraged from calling this function and should instead, typically, rely
199on auto-deinitialisation. This is to avoid error conditions where both an
200application and a library it depends on both use OpenSSL, and the library
201deinitialises it before the application has finished using it.
202
203Once OPENSSL_cleanup() has been called the library cannot be reinitialised.
204Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error
205will be added to the error stack. Note that because initialisation has failed
206OpenSSL error strings will not be available, only an error code. This code can
207be put through the openssl errstr command line application to produce a human
208readable error (see L<openssl-errstr(1)>).
209
210The OPENSSL_atexit() function enables the registration of a
211function to be called during OPENSSL_cleanup(). Stop handlers are
212called after deinitialisation of resources local to a thread, but before other
213process wide resources are freed. In the event that multiple stop handlers are
214registered, no guarantees are made about the order of execution.
215
216The OPENSSL_thread_stop_ex() function deallocates resources associated
217with the current thread for the given OSSL_LIB_CTX B<ctx>. The B<ctx> parameter
218can be NULL in which case the default OSSL_LIB_CTX is used.
219
220Typically, this function will be called automatically by the library when
221the thread exits as long as the OSSL_LIB_CTX has not been freed before the thread
222exits. If OSSL_LIB_CTX_free() is called OPENSSL_thread_stop_ex will be called
223automatically for the current thread (but not any other threads that may have
224used this OSSL_LIB_CTX).
225
226OPENSSL_thread_stop_ex should be called on all threads that will exit after the
227OSSL_LIB_CTX is freed.
228Typically this is not necessary for the default OSSL_LIB_CTX (because all
229resources are cleaned up on library exit) except if thread local resources
230should be freed before library exit, or under the circumstances described in
231the NOTES section below.
232
233OPENSSL_thread_stop() is the same as OPENSSL_thread_stop_ex() except that the
234default OSSL_LIB_CTX is always used.
235
236The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a configuration file, as with
237L<CONF_modules_load_file(3)> with NULL filename and application name and the
238B<CONF_MFLAGS_IGNORE_MISSING_FILE>, B<CONF_MFLAGS_IGNORE_RETURN_CODES>  and
239B<CONF_MFLAGS_DEFAULT_SECTION> flags.
240The filename, application name, and flags can be customized by providing a
241non-null B<OPENSSL_INIT_SETTINGS> object.
242The object can be allocated via B<OPENSSL_INIT_new()>.
243The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a
244nondefault filename, which is copied and need not refer to persistent storage.
245Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a
246nondefault application name.
247Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags.
248If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in
249the configuration file will cause an error return from B<OPENSSL_init_crypto>
250or indirectly L<OPENSSL_init_ssl(3)>.
251The object can be released with OPENSSL_INIT_free() when done.
252
253=head1 NOTES
254
255Resources local to a thread are deallocated automatically when the thread exits
256(e.g. in a pthreads environment, when pthread_exit() is called). On Windows
257platforms this is done in response to a DLL_THREAD_DETACH message being sent to
258the libcrypto32.dll entry point. Some windows functions may cause threads to exit
259without sending this message (for example ExitProcess()). If the application
260uses such functions, then the application must free up OpenSSL resources
261directly via a call to OPENSSL_thread_stop() on each thread. Similarly this
262message will also not be sent if OpenSSL is linked statically, and therefore
263applications using static linking should also call OPENSSL_thread_stop() on each
264thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the
265threads are not destroyed until after FreeLibrary() is called then each thread
266should call OPENSSL_thread_stop() prior to the FreeLibrary() call.
267
268On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is
269multi-threaded and if dlclose() is subsequently called prior to the threads
270being destroyed then OpenSSL will not be able to deallocate resources associated
271with those threads. The application should either call OPENSSL_thread_stop() on
272each thread prior to the dlclose() call, or alternatively the original dlopen()
273call should use the RTLD_NODELETE flag (where available on the platform).
274
275=head1 RETURN VALUES
276
277The functions OPENSSL_init_crypto, OPENSSL_atexit() and
278OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.
279
280=head1 SEE ALSO
281
282L<OPENSSL_init_ssl(3)>
283
284=head1 HISTORY
285
286The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
287OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname()
288and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.
289
290=head1 COPYRIGHT
291
292Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
293
294Licensed under the Apache License 2.0 (the "License").  You may not use
295this file except in compliance with the License.  You can obtain a copy
296in the file LICENSE in the source distribution or at
297L<https://www.openssl.org/source/license.html>.
298
299=cut
300