OPENSSL_init_crypto.pod 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299
  1. =pod
  2. =head1 NAME
  3. OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename,
  4. OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags,
  5. OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit,
  6. OPENSSL_thread_stop_ex, OPENSSL_thread_stop - OpenSSL initialisation
  7. and deinitialisation functions
  8. =head1 SYNOPSIS
  9. #include <openssl/crypto.h>
  10. void OPENSSL_cleanup(void);
  11. int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
  12. int OPENSSL_atexit(void (*handler)(void));
  13. void OPENSSL_thread_stop_ex(OSSL_LIB_CTX *ctx);
  14. void OPENSSL_thread_stop(void);
  15. OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
  16. int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
  17. const char* filename);
  18. int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init,
  19. unsigned long flags);
  20. int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
  21. const char* name);
  22. void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
  23. =head1 DESCRIPTION
  24. During normal operation OpenSSL (libcrypto) will allocate various resources at
  25. start up that must, subsequently, be freed on close down of the library.
  26. Additionally some resources are allocated on a per thread basis (if the
  27. application is multi-threaded), and these resources must be freed prior to the
  28. thread closing.
  29. As of version 1.1.0 OpenSSL will automatically allocate all resources that it
  30. needs so no explicit initialisation is required. Similarly it will also
  31. automatically deinitialise as required.
  32. However, there may be situations when explicit initialisation is desirable or
  33. needed, for example when some nondefault initialisation is required. The
  34. function OPENSSL_init_crypto() can be used for this purpose for
  35. libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
  36. equivalent).
  37. Numerous internal OpenSSL functions call OPENSSL_init_crypto().
  38. Therefore, in order to perform nondefault initialisation,
  39. OPENSSL_init_crypto() MUST be called by application code prior to
  40. any other OpenSSL function calls.
  41. The B<opts> parameter specifies which aspects of libcrypto should be
  42. initialised. Valid options are:
  43. =over 4
  44. =item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
  45. Suppress automatic loading of the libcrypto error strings. This option is
  46. not a default option. Once selected subsequent calls to
  47. OPENSSL_init_crypto() with the option
  48. B<OPENSSL_INIT_LOAD_CRYPTO_STRINGS> will be ignored.
  49. =item OPENSSL_INIT_LOAD_CRYPTO_STRINGS
  50. Automatic loading of the libcrypto error strings. With this option the
  51. library will automatically load the libcrypto error strings.
  52. This option is a default option. Once selected subsequent calls to
  53. OPENSSL_init_crypto() with the option
  54. B<OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS> will be ignored.
  55. =item OPENSSL_INIT_ADD_ALL_CIPHERS
  56. With this option the library will automatically load and make available all
  57. libcrypto ciphers. This option is a default option. Once selected subsequent
  58. calls to OPENSSL_init_crypto() with the option
  59. B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
  60. =item OPENSSL_INIT_ADD_ALL_DIGESTS
  61. With this option the library will automatically load and make available all
  62. libcrypto digests. This option is a default option. Once selected subsequent
  63. calls to OPENSSL_init_crypto() with the option
  64. B<OPENSSL_INIT_NO_ADD_ALL_DIGESTS> will be ignored.
  65. =item OPENSSL_INIT_NO_ADD_ALL_CIPHERS
  66. With this option the library will suppress automatic loading of libcrypto
  67. ciphers. This option is not a default option. Once selected subsequent
  68. calls to OPENSSL_init_crypto() with the option
  69. B<OPENSSL_INIT_ADD_ALL_CIPHERS> will be ignored.
  70. =item OPENSSL_INIT_NO_ADD_ALL_DIGESTS
  71. With this option the library will suppress automatic loading of libcrypto
  72. digests. This option is not a default option. Once selected subsequent
  73. calls to OPENSSL_init_crypto() with the option
  74. B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
  75. =item OPENSSL_INIT_LOAD_CONFIG
  76. With this option an OpenSSL configuration file will be automatically loaded and
  77. used by calling OPENSSL_config(). This is a default option.
  78. Note that in OpenSSL 1.1.1 this was the default for libssl but not for
  79. libcrypto (see L<OPENSSL_init_ssl(3)> for further details about libssl
  80. initialisation).
  81. In OpenSSL 1.1.0 this was a nondefault option for both libssl and libcrypto.
  82. See the description of OPENSSL_INIT_new(), below.
  83. =item OPENSSL_INIT_NO_LOAD_CONFIG
  84. With this option the loading of OpenSSL configuration files will be suppressed.
  85. It is the equivalent of calling OPENSSL_no_config(). This is not a default
  86. option.
  87. =item OPENSSL_INIT_ASYNC
  88. With this option the library with automatically initialise the libcrypto async
  89. sub-library (see L<ASYNC_start_job(3)>). This is a default option.
  90. =item OPENSSL_INIT_ENGINE_RDRAND
  91. With this option the library will automatically load and initialise the
  92. RDRAND engine (if available). This not a default option and is deprecated
  93. in OpenSSL 3.0.
  94. =item OPENSSL_INIT_ENGINE_DYNAMIC
  95. With this option the library will automatically load and initialise the
  96. dynamic engine. This not a default option and is deprecated
  97. in OpenSSL 3.0.
  98. =item OPENSSL_INIT_ENGINE_OPENSSL
  99. With this option the library will automatically load and initialise the
  100. openssl engine. This not a default option and is deprecated
  101. in OpenSSL 3.0.
  102. =item OPENSSL_INIT_ENGINE_CRYPTODEV
  103. With this option the library will automatically load and initialise the
  104. cryptodev engine (if available). This not a default option and is deprecated
  105. in OpenSSL 3.0.
  106. =item OPENSSL_INIT_ENGINE_CAPI
  107. With this option the library will automatically load and initialise the
  108. CAPI engine (if available). This not a default option and is deprecated
  109. in OpenSSL 3.0.
  110. =item OPENSSL_INIT_ENGINE_PADLOCK
  111. With this option the library will automatically load and initialise the
  112. padlock engine (if available). This not a default option and is deprecated
  113. in OpenSSL 3.0.
  114. =item OPENSSL_INIT_ENGINE_AFALG
  115. With this option the library will automatically load and initialise the
  116. AFALG engine. This not a default option and is deprecated
  117. in OpenSSL 3.0.
  118. =item OPENSSL_INIT_ENGINE_ALL_BUILTIN
  119. With this option the library will automatically load and initialise all the
  120. built in engines listed above with the exception of the openssl and afalg
  121. engines. This not a default option and is deprecated
  122. in OpenSSL 3.0.
  123. =item OPENSSL_INIT_ATFORK
  124. With this option the library will register its fork handlers.
  125. See OPENSSL_fork_prepare(3) for details.
  126. =item OPENSSL_INIT_NO_ATEXIT
  127. By default OpenSSL will attempt to clean itself up when the process exits via an
  128. "atexit" handler. Using this option suppresses that behaviour. This means that
  129. the application will have to clean up OpenSSL explicitly using
  130. OPENSSL_cleanup().
  131. =back
  132. Multiple options may be combined together in a single call to
  133. OPENSSL_init_crypto(). For example:
  134. OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
  135. | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
  136. The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
  137. and libssl). All resources allocated by OpenSSL are freed. Typically there
  138. should be no need to call this function directly as it is initiated
  139. automatically on application exit. This is done via the standard C library
  140. atexit() function. In the event that the application will close in a manner
  141. that will not call the registered atexit() handlers then the application should
  142. call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL
  143. are discouraged from calling this function and should instead, typically, rely
  144. on auto-deinitialisation. This is to avoid error conditions where both an
  145. application and a library it depends on both use OpenSSL, and the library
  146. deinitialises it before the application has finished using it.
  147. Once OPENSSL_cleanup() has been called the library cannot be reinitialised.
  148. Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error
  149. will be added to the error stack. Note that because initialisation has failed
  150. OpenSSL error strings will not be available, only an error code. This code can
  151. be put through the openssl errstr command line application to produce a human
  152. readable error (see L<openssl-errstr(1)>).
  153. The OPENSSL_atexit() function enables the registration of a
  154. function to be called during OPENSSL_cleanup(). Stop handlers are
  155. called after deinitialisation of resources local to a thread, but before other
  156. process wide resources are freed. In the event that multiple stop handlers are
  157. registered, no guarantees are made about the order of execution.
  158. The OPENSSL_thread_stop_ex() function deallocates resources associated
  159. with the current thread for the given OSSL_LIB_CTX B<ctx>. The B<ctx> parameter
  160. can be NULL in which case the default OSSL_LIB_CTX is used.
  161. Typically, this function will be called automatically by the library when
  162. the thread exits as long as the OSSL_LIB_CTX has not been freed before the thread
  163. exits. If OSSL_LIB_CTX_free() is called OPENSSL_thread_stop_ex will be called
  164. automatically for the current thread (but not any other threads that may have
  165. used this OSSL_LIB_CTX).
  166. OPENSSL_thread_stop_ex should be called on all threads that will exit after the
  167. OSSL_LIB_CTX is freed.
  168. Typically this is not necessary for the default OSSL_LIB_CTX (because all
  169. resources are cleaned up on library exit) except if thread local resources
  170. should be freed before library exit, or under the circumstances described in
  171. the NOTES section below.
  172. OPENSSL_thread_stop() is the same as OPENSSL_thread_stop_ex() except that the
  173. default OSSL_LIB_CTX is always used.
  174. The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a configuration file, as with
  175. L<CONF_modules_load_file(3)> with NULL filename and application name and the
  176. B<CONF_MFLAGS_IGNORE_MISSING_FILE>, B<CONF_MFLAGS_IGNORE_RETURN_CODES> and
  177. B<CONF_MFLAGS_DEFAULT_SECTION> flags.
  178. The filename, application name, and flags can be customized by providing a
  179. non-null B<OPENSSL_INIT_SETTINGS> object.
  180. The object can be allocated via B<OPENSSL_INIT_new()>.
  181. The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a
  182. nondefault filename, which is copied and need not refer to persistent storage.
  183. Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a
  184. nondefault application name.
  185. Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags.
  186. If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in
  187. the configuration file will cause an error return from B<OPENSSL_init_crypto>
  188. or indirectly L<OPENSSL_init_ssl(3)>.
  189. The object can be released with OPENSSL_INIT_free() when done.
  190. =head1 NOTES
  191. Resources local to a thread are deallocated automatically when the thread exits
  192. (e.g. in a pthreads environment, when pthread_exit() is called). On Windows
  193. platforms this is done in response to a DLL_THREAD_DETACH message being sent to
  194. the libcrypto32.dll entry point. Some windows functions may cause threads to exit
  195. without sending this message (for example ExitProcess()). If the application
  196. uses such functions, then the application must free up OpenSSL resources
  197. directly via a call to OPENSSL_thread_stop() on each thread. Similarly this
  198. message will also not be sent if OpenSSL is linked statically, and therefore
  199. applications using static linking should also call OPENSSL_thread_stop() on each
  200. thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the
  201. threads are not destroyed until after FreeLibrary() is called then each thread
  202. should call OPENSSL_thread_stop() prior to the FreeLibrary() call.
  203. On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is
  204. multi-threaded and if dlclose() is subsequently called prior to the threads
  205. being destroyed then OpenSSL will not be able to deallocate resources associated
  206. with those threads. The application should either call OPENSSL_thread_stop() on
  207. each thread prior to the dlclose() call, or alternatively the original dlopen()
  208. call should use the RTLD_NODELETE flag (where available on the platform).
  209. =head1 RETURN VALUES
  210. The functions OPENSSL_init_crypto, OPENSSL_atexit() and
  211. OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.
  212. =head1 SEE ALSO
  213. L<OPENSSL_init_ssl(3)>
  214. =head1 HISTORY
  215. The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
  216. OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname()
  217. and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.
  218. =head1 COPYRIGHT
  219. Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  220. Licensed under the Apache License 2.0 (the "License"). You may not use
  221. this file except in compliance with the License. You can obtain a copy
  222. in the file LICENSE in the source distribution or at
  223. L<https://www.openssl.org/source/license.html>.
  224. =cut