1=pod 2 3=head1 NAME 4 5OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, 6OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, 7OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, 8OPENSSL_thread_stop_ex, OPENSSL_thread_stop - OpenSSL initialisation 9and deinitialisation functions 10 11=head1 SYNOPSIS 12 13 #include <openssl/crypto.h> 14 15 void OPENSSL_cleanup(void); 16 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); 17 int OPENSSL_atexit(void (*handler)(void)); 18 void OPENSSL_thread_stop_ex(OSSL_LIB_CTX *ctx); 19 void OPENSSL_thread_stop(void); 20 21 OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); 22 int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, 23 const char* filename); 24 int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, 25 unsigned long flags); 26 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, 27 const char* name); 28 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); 29 30=head1 DESCRIPTION 31 32During normal operation OpenSSL (libcrypto) will allocate various resources at 33start up that must, subsequently, be freed on close down of the library. 34Additionally some resources are allocated on a per thread basis (if the 35application is multi-threaded), and these resources must be freed prior to the 36thread closing. 37 38As of version 1.1.0 OpenSSL will automatically allocate all resources that it 39needs so no explicit initialisation is required. Similarly it will also 40automatically deinitialise as required. 41 42However, there may be situations when explicit initialisation is desirable or 43needed, for example when some nondefault initialisation is required. The 44function OPENSSL_init_crypto() can be used for this purpose for 45libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl 46equivalent). 47 48Numerous internal OpenSSL functions call OPENSSL_init_crypto(). 49Therefore, in order to perform nondefault initialisation, 50OPENSSL_init_crypto() MUST be called by application code prior to 51any other OpenSSL function calls. 52 53The B<opts> parameter specifies which aspects of libcrypto should be 54initialised. Valid options are: 55 56=over 4 57 58=item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 59 60Suppress automatic loading of the libcrypto error strings. This option is 61not a default option. Once selected subsequent calls to 62OPENSSL_init_crypto() with the option 63B<OPENSSL_INIT_LOAD_CRYPTO_STRINGS> will be ignored. 64 65=item OPENSSL_INIT_LOAD_CRYPTO_STRINGS 66 67Automatic loading of the libcrypto error strings. With this option the 68library will automatically load the libcrypto error strings. 69This option is a default option. Once selected subsequent calls to 70OPENSSL_init_crypto() with the option 71B<OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS> will be ignored. 72 73=item OPENSSL_INIT_ADD_ALL_CIPHERS 74 75With this option the library will automatically load and make available all 76libcrypto ciphers. This option is a default option. Once selected subsequent 77calls to OPENSSL_init_crypto() with the option 78B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored. 79 80=item OPENSSL_INIT_ADD_ALL_DIGESTS 81 82With this option the library will automatically load and make available all 83libcrypto digests. This option is a default option. Once selected subsequent 84calls to OPENSSL_init_crypto() with the option 85B<OPENSSL_INIT_NO_ADD_ALL_DIGESTS> will be ignored. 86 87=item OPENSSL_INIT_NO_ADD_ALL_CIPHERS 88 89With this option the library will suppress automatic loading of libcrypto 90ciphers. This option is not a default option. Once selected subsequent 91calls to OPENSSL_init_crypto() with the option 92B<OPENSSL_INIT_ADD_ALL_CIPHERS> will be ignored. 93 94=item OPENSSL_INIT_NO_ADD_ALL_DIGESTS 95 96With this option the library will suppress automatic loading of libcrypto 97digests. This option is not a default option. Once selected subsequent 98calls to OPENSSL_init_crypto() with the option 99B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored. 100 101=item OPENSSL_INIT_LOAD_CONFIG 102 103With this option an OpenSSL configuration file will be automatically loaded and 104used by calling OPENSSL_config(). This is a default option. 105Note that in OpenSSL 1.1.1 this was the default for libssl but not for 106libcrypto (see L<OPENSSL_init_ssl(3)> for further details about libssl 107initialisation). 108In OpenSSL 1.1.0 this was a nondefault option for both libssl and libcrypto. 109See the description of OPENSSL_INIT_new(), below. 110 111=item OPENSSL_INIT_NO_LOAD_CONFIG 112 113With this option the loading of OpenSSL configuration files will be suppressed. 114It is the equivalent of calling OPENSSL_no_config(). This is not a default 115option. 116 117=item OPENSSL_INIT_ASYNC 118 119With this option the library with automatically initialise the libcrypto async 120sub-library (see L<ASYNC_start_job(3)>). This is a default option. 121 122=item OPENSSL_INIT_ENGINE_RDRAND 123 124With this option the library will automatically load and initialise the 125RDRAND engine (if available). This not a default option and is deprecated 126in OpenSSL 3.0. 127 128=item OPENSSL_INIT_ENGINE_DYNAMIC 129 130With this option the library will automatically load and initialise the 131dynamic engine. This not a default option and is deprecated 132in OpenSSL 3.0. 133 134=item OPENSSL_INIT_ENGINE_OPENSSL 135 136With this option the library will automatically load and initialise the 137openssl engine. This not a default option and is deprecated 138in OpenSSL 3.0. 139 140=item OPENSSL_INIT_ENGINE_CRYPTODEV 141 142With this option the library will automatically load and initialise the 143cryptodev engine (if available). This not a default option and is deprecated 144in OpenSSL 3.0. 145 146=item OPENSSL_INIT_ENGINE_CAPI 147 148With this option the library will automatically load and initialise the 149CAPI engine (if available). This not a default option and is deprecated 150in OpenSSL 3.0. 151 152=item OPENSSL_INIT_ENGINE_PADLOCK 153 154With this option the library will automatically load and initialise the 155padlock engine (if available). This not a default option and is deprecated 156in OpenSSL 3.0. 157 158=item OPENSSL_INIT_ENGINE_AFALG 159 160With this option the library will automatically load and initialise the 161AFALG engine. This not a default option and is deprecated 162in OpenSSL 3.0. 163 164=item OPENSSL_INIT_ENGINE_ALL_BUILTIN 165 166With this option the library will automatically load and initialise all the 167built in engines listed above with the exception of the openssl and afalg 168engines. This not a default option and is deprecated 169in OpenSSL 3.0. 170 171=item OPENSSL_INIT_ATFORK 172 173With this option the library will register its fork handlers. 174See OPENSSL_fork_prepare(3) for details. 175 176=item OPENSSL_INIT_NO_ATEXIT 177 178By default OpenSSL will attempt to clean itself up when the process exits via an 179"atexit" handler. Using this option suppresses that behaviour. This means that 180the application will have to clean up OpenSSL explicitly using 181OPENSSL_cleanup(). 182 183=back 184 185Multiple options may be combined together in a single call to 186OPENSSL_init_crypto(). For example: 187 188 OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS 189 | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL); 190 191The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto 192and libssl). All resources allocated by OpenSSL are freed. Typically there 193should be no need to call this function directly as it is initiated 194automatically on application exit. This is done via the standard C library 195atexit() function. In the event that the application will close in a manner 196that will not call the registered atexit() handlers then the application should 197call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL 198are discouraged from calling this function and should instead, typically, rely 199on auto-deinitialisation. This is to avoid error conditions where both an 200application and a library it depends on both use OpenSSL, and the library 201deinitialises it before the application has finished using it. 202 203Once OPENSSL_cleanup() has been called the library cannot be reinitialised. 204Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error 205will be added to the error stack. Note that because initialisation has failed 206OpenSSL error strings will not be available, only an error code. This code can 207be put through the openssl errstr command line application to produce a human 208readable error (see L<openssl-errstr(1)>). 209 210The OPENSSL_atexit() function enables the registration of a 211function to be called during OPENSSL_cleanup(). Stop handlers are 212called after deinitialisation of resources local to a thread, but before other 213process wide resources are freed. In the event that multiple stop handlers are 214registered, no guarantees are made about the order of execution. 215 216The OPENSSL_thread_stop_ex() function deallocates resources associated 217with the current thread for the given OSSL_LIB_CTX B<ctx>. The B<ctx> parameter 218can be NULL in which case the default OSSL_LIB_CTX is used. 219 220Typically, this function will be called automatically by the library when 221the thread exits as long as the OSSL_LIB_CTX has not been freed before the thread 222exits. If OSSL_LIB_CTX_free() is called OPENSSL_thread_stop_ex will be called 223automatically for the current thread (but not any other threads that may have 224used this OSSL_LIB_CTX). 225 226OPENSSL_thread_stop_ex should be called on all threads that will exit after the 227OSSL_LIB_CTX is freed. 228Typically this is not necessary for the default OSSL_LIB_CTX (because all 229resources are cleaned up on library exit) except if thread local resources 230should be freed before library exit, or under the circumstances described in 231the NOTES section below. 232 233OPENSSL_thread_stop() is the same as OPENSSL_thread_stop_ex() except that the 234default OSSL_LIB_CTX is always used. 235 236The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a configuration file, as with 237L<CONF_modules_load_file(3)> with NULL filename and application name and the 238B<CONF_MFLAGS_IGNORE_MISSING_FILE>, B<CONF_MFLAGS_IGNORE_RETURN_CODES> and 239B<CONF_MFLAGS_DEFAULT_SECTION> flags. 240The filename, application name, and flags can be customized by providing a 241non-null B<OPENSSL_INIT_SETTINGS> object. 242The object can be allocated via B<OPENSSL_INIT_new()>. 243The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a 244nondefault filename, which is copied and need not refer to persistent storage. 245Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a 246nondefault application name. 247Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags. 248If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in 249the configuration file will cause an error return from B<OPENSSL_init_crypto> 250or indirectly L<OPENSSL_init_ssl(3)>. 251The object can be released with OPENSSL_INIT_free() when done. 252If the argument to OPENSSL_INIT_free() is NULL, nothing is done. 253 254=head1 NOTES 255 256Resources local to a thread are deallocated automatically when the thread exits 257(e.g. in a pthreads environment, when pthread_exit() is called). On Windows 258platforms this is done in response to a DLL_THREAD_DETACH message being sent to 259the libcrypto32.dll entry point. Some windows functions may cause threads to exit 260without sending this message (for example ExitProcess()). If the application 261uses such functions, then the application must free up OpenSSL resources 262directly via a call to OPENSSL_thread_stop() on each thread. Similarly this 263message will also not be sent if OpenSSL is linked statically, and therefore 264applications using static linking should also call OPENSSL_thread_stop() on each 265thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the 266threads are not destroyed until after FreeLibrary() is called then each thread 267should call OPENSSL_thread_stop() prior to the FreeLibrary() call. 268 269On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is 270multi-threaded and if dlclose() is subsequently called prior to the threads 271being destroyed then OpenSSL will not be able to deallocate resources associated 272with those threads. The application should either call OPENSSL_thread_stop() on 273each thread prior to the dlclose() call, or alternatively the original dlopen() 274call should use the RTLD_NODELETE flag (where available on the platform). 275 276=head1 RETURN VALUES 277 278The functions OPENSSL_init_crypto, OPENSSL_atexit() and 279OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error. 280 281=head1 SEE ALSO 282 283L<OPENSSL_init_ssl(3)> 284 285=head1 HISTORY 286 287The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(), 288OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname() 289and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0. 290 291=head1 COPYRIGHT 292 293Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 294 295Licensed under the Apache License 2.0 (the "License"). You may not use 296this file except in compliance with the License. You can obtain a copy 297in the file LICENSE in the source distribution or at 298L<https://www.openssl.org/source/license.html>. 299 300=cut 301
