init.c 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887
  1. /*
  2. * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "e_os.h"
  10. #include "internal/cryptlib_int.h"
  11. #include <openssl/err.h>
  12. #include "internal/rand_int.h"
  13. #include "internal/bio.h"
  14. #include <openssl/evp.h>
  15. #include "internal/evp_int.h"
  16. #include "internal/conf.h"
  17. #include "internal/async.h"
  18. #include "internal/engine.h"
  19. #include "internal/comp.h"
  20. #include "internal/err.h"
  21. #include "internal/err_int.h"
  22. #include "internal/objects.h"
  23. #include <stdlib.h>
  24. #include <assert.h>
  25. #include "internal/thread_once.h"
  26. #include "internal/dso_conf.h"
  27. #include "internal/dso.h"
  28. #include "internal/store.h"
  29. static int stopped = 0;
  30. /*
  31. * Since per-thread-specific-data destructors are not universally
  32. * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key
  33. * is assumed to have destructor associated. And then an effort is made
  34. * to call this single destructor on non-pthread platform[s].
  35. *
  36. * Initial value is "impossible". It is used as guard value to shortcut
  37. * destructor for threads terminating before libcrypto is initialized or
  38. * after it's de-initialized. Access to the key doesn't have to be
  39. * serialized for the said threads, because they didn't use libcrypto
  40. * and it doesn't matter if they pick "impossible" or derefernce real
  41. * key value and pull NULL past initialization in the first thread that
  42. * intends to use libcrypto.
  43. */
  44. static union {
  45. long sane;
  46. CRYPTO_THREAD_LOCAL value;
  47. } destructor_key = { -1 };
  48. static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
  49. static void ossl_init_thread_destructor(void *local)
  50. {
  51. ossl_init_thread_stop((struct thread_local_inits_st *)local);
  52. }
  53. static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
  54. {
  55. struct thread_local_inits_st *local =
  56. CRYPTO_THREAD_get_local(&destructor_key.value);
  57. if (alloc) {
  58. if (local == NULL
  59. && (local = OPENSSL_zalloc(sizeof(*local))) != NULL
  60. && !CRYPTO_THREAD_set_local(&destructor_key.value, local)) {
  61. OPENSSL_free(local);
  62. return NULL;
  63. }
  64. } else {
  65. CRYPTO_THREAD_set_local(&destructor_key.value, NULL);
  66. }
  67. return local;
  68. }
  69. typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
  70. struct ossl_init_stop_st {
  71. void (*handler)(void);
  72. OPENSSL_INIT_STOP *next;
  73. };
  74. static OPENSSL_INIT_STOP *stop_handlers = NULL;
  75. static CRYPTO_RWLOCK *init_lock = NULL;
  76. static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
  77. static int base_inited = 0;
  78. DEFINE_RUN_ONCE_STATIC(ossl_init_base)
  79. {
  80. CRYPTO_THREAD_LOCAL key;
  81. #ifdef OPENSSL_INIT_DEBUG
  82. fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
  83. #endif
  84. #ifndef OPENSSL_NO_CRYPTO_MDEBUG
  85. ossl_malloc_setup_failures();
  86. #endif
  87. if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor))
  88. return 0;
  89. if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
  90. goto err;
  91. OPENSSL_cpuid_setup();
  92. destructor_key.value = key;
  93. base_inited = 1;
  94. return 1;
  95. err:
  96. #ifdef OPENSSL_INIT_DEBUG
  97. fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n");
  98. #endif
  99. CRYPTO_THREAD_lock_free(init_lock);
  100. init_lock = NULL;
  101. CRYPTO_THREAD_cleanup_local(&key);
  102. return 0;
  103. }
  104. static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT;
  105. #if !defined(OPENSSL_SYS_UEFI) && defined(_WIN32)
  106. static int win32atexit(void)
  107. {
  108. OPENSSL_cleanup();
  109. return 0;
  110. }
  111. #endif
  112. DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)
  113. {
  114. #ifdef OPENSSL_INIT_DEBUG
  115. fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n");
  116. #endif
  117. #ifndef OPENSSL_SYS_UEFI
  118. # ifdef _WIN32
  119. /* We use _onexit() in preference because it gets called on DLL unload */
  120. if (_onexit(win32atexit) == NULL)
  121. return 0;
  122. # else
  123. if (atexit(OPENSSL_cleanup) != 0)
  124. return 0;
  125. # endif
  126. #endif
  127. return 1;
  128. }
  129. DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,
  130. ossl_init_register_atexit)
  131. {
  132. #ifdef OPENSSL_INIT_DEBUG
  133. fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n");
  134. #endif
  135. /* Do nothing in this case */
  136. return 1;
  137. }
  138. static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT;
  139. DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
  140. {
  141. #ifdef OPENSSL_INIT_DEBUG
  142. fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n");
  143. #endif
  144. #if !defined(OPENSSL_NO_DSO) \
  145. && !defined(OPENSSL_USE_NODELETE) \
  146. && !defined(OPENSSL_NO_PINSHARED)
  147. # ifdef DSO_WIN32
  148. {
  149. HMODULE handle = NULL;
  150. BOOL ret;
  151. /* We don't use the DSO route for WIN32 because there is a better way */
  152. ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
  153. | GET_MODULE_HANDLE_EX_FLAG_PIN,
  154. (void *)&base_inited, &handle);
  155. # ifdef OPENSSL_INIT_DEBUG
  156. fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
  157. (ret == TRUE ? "No!" : "Yes."));
  158. # endif
  159. return (ret == TRUE) ? 1 : 0;
  160. }
  161. # else
  162. /*
  163. * Deliberately leak a reference to ourselves. This will force the library
  164. * to remain loaded until the atexit() handler is run at process exit.
  165. */
  166. {
  167. DSO *dso;
  168. void *err;
  169. if (!err_shelve_state(&err))
  170. return 0;
  171. dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
  172. # ifdef OPENSSL_INIT_DEBUG
  173. fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
  174. (dso == NULL ? "No!" : "Yes."));
  175. /*
  176. * In case of No!, it is uncertain our exit()-handlers can still be
  177. * called. After dlclose() the whole library might have been unloaded
  178. * already.
  179. */
  180. # endif
  181. DSO_free(dso);
  182. err_unshelve_state(err);
  183. }
  184. # endif
  185. #endif
  186. return 1;
  187. }
  188. static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
  189. static int load_crypto_strings_inited = 0;
  190. DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
  191. {
  192. int ret = 1;
  193. /*
  194. * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
  195. * pulling in all the error strings during static linking
  196. */
  197. #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
  198. # ifdef OPENSSL_INIT_DEBUG
  199. fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
  200. "err_load_crypto_strings_int()\n");
  201. # endif
  202. ret = err_load_crypto_strings_int();
  203. load_crypto_strings_inited = 1;
  204. #endif
  205. return ret;
  206. }
  207. DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,
  208. ossl_init_load_crypto_strings)
  209. {
  210. /* Do nothing in this case */
  211. return 1;
  212. }
  213. static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
  214. DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
  215. {
  216. /*
  217. * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
  218. * pulling in all the ciphers during static linking
  219. */
  220. #ifndef OPENSSL_NO_AUTOALGINIT
  221. # ifdef OPENSSL_INIT_DEBUG
  222. fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
  223. "openssl_add_all_ciphers_int()\n");
  224. # endif
  225. openssl_add_all_ciphers_int();
  226. #endif
  227. return 1;
  228. }
  229. DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers,
  230. ossl_init_add_all_ciphers)
  231. {
  232. /* Do nothing */
  233. return 1;
  234. }
  235. static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
  236. DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
  237. {
  238. /*
  239. * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
  240. * pulling in all the ciphers during static linking
  241. */
  242. #ifndef OPENSSL_NO_AUTOALGINIT
  243. # ifdef OPENSSL_INIT_DEBUG
  244. fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: "
  245. "openssl_add_all_digests()\n");
  246. # endif
  247. openssl_add_all_digests_int();
  248. #endif
  249. return 1;
  250. }
  251. DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
  252. ossl_init_add_all_digests)
  253. {
  254. /* Do nothing */
  255. return 1;
  256. }
  257. static CRYPTO_ONCE add_all_macs = CRYPTO_ONCE_STATIC_INIT;
  258. DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_macs)
  259. {
  260. /*
  261. * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
  262. * pulling in all the macs during static linking
  263. */
  264. #ifndef OPENSSL_NO_AUTOALGINIT
  265. # ifdef OPENSSL_INIT_DEBUG
  266. fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_macs: "
  267. "openssl_add_all_macs_int()\n");
  268. # endif
  269. openssl_add_all_macs_int();
  270. #endif
  271. return 1;
  272. }
  273. DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_macs, ossl_init_add_all_macs)
  274. {
  275. /* Do nothing */
  276. return 1;
  277. }
  278. static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
  279. static int config_inited = 0;
  280. static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
  281. DEFINE_RUN_ONCE_STATIC(ossl_init_config)
  282. {
  283. int ret = openssl_config_int(conf_settings);
  284. config_inited = 1;
  285. return ret;
  286. }
  287. DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
  288. {
  289. #ifdef OPENSSL_INIT_DEBUG
  290. fprintf(stderr,
  291. "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
  292. #endif
  293. openssl_no_config_int();
  294. config_inited = 1;
  295. return 1;
  296. }
  297. static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
  298. static int async_inited = 0;
  299. DEFINE_RUN_ONCE_STATIC(ossl_init_async)
  300. {
  301. #ifdef OPENSSL_INIT_DEBUG
  302. fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
  303. #endif
  304. if (!async_init())
  305. return 0;
  306. async_inited = 1;
  307. return 1;
  308. }
  309. #ifndef OPENSSL_NO_ENGINE
  310. static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
  311. DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
  312. {
  313. # ifdef OPENSSL_INIT_DEBUG
  314. fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
  315. "engine_load_openssl_int()\n");
  316. # endif
  317. engine_load_openssl_int();
  318. return 1;
  319. }
  320. # ifndef OPENSSL_NO_RDRAND
  321. static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
  322. DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
  323. {
  324. # ifdef OPENSSL_INIT_DEBUG
  325. fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
  326. "engine_load_rdrand_int()\n");
  327. # endif
  328. engine_load_rdrand_int();
  329. return 1;
  330. }
  331. # endif
  332. static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
  333. DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
  334. {
  335. # ifdef OPENSSL_INIT_DEBUG
  336. fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
  337. "engine_load_dynamic_int()\n");
  338. # endif
  339. engine_load_dynamic_int();
  340. return 1;
  341. }
  342. # ifndef OPENSSL_NO_STATIC_ENGINE
  343. # ifndef OPENSSL_NO_DEVCRYPTOENG
  344. static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
  345. DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
  346. {
  347. # ifdef OPENSSL_INIT_DEBUG
  348. fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
  349. "engine_load_devcrypto_int()\n");
  350. # endif
  351. engine_load_devcrypto_int();
  352. return 1;
  353. }
  354. # endif
  355. # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
  356. static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
  357. DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
  358. {
  359. # ifdef OPENSSL_INIT_DEBUG
  360. fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
  361. "engine_load_padlock_int()\n");
  362. # endif
  363. engine_load_padlock_int();
  364. return 1;
  365. }
  366. # endif
  367. # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
  368. static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
  369. DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
  370. {
  371. # ifdef OPENSSL_INIT_DEBUG
  372. fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
  373. "engine_load_capi_int()\n");
  374. # endif
  375. engine_load_capi_int();
  376. return 1;
  377. }
  378. # endif
  379. # if !defined(OPENSSL_NO_AFALGENG)
  380. static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
  381. DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
  382. {
  383. # ifdef OPENSSL_INIT_DEBUG
  384. fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
  385. "engine_load_afalg_int()\n");
  386. # endif
  387. engine_load_afalg_int();
  388. return 1;
  389. }
  390. # endif
  391. # endif
  392. #endif
  393. #ifndef OPENSSL_NO_COMP
  394. static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
  395. static int zlib_inited = 0;
  396. DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
  397. {
  398. /* Do nothing - we need to know about this for the later cleanup */
  399. zlib_inited = 1;
  400. return 1;
  401. }
  402. #endif
  403. static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
  404. {
  405. /* Can't do much about this */
  406. if (locals == NULL)
  407. return;
  408. if (locals->async) {
  409. #ifdef OPENSSL_INIT_DEBUG
  410. fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
  411. "async_delete_thread_state()\n");
  412. #endif
  413. async_delete_thread_state();
  414. }
  415. if (locals->err_state) {
  416. #ifdef OPENSSL_INIT_DEBUG
  417. fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
  418. "err_delete_thread_state()\n");
  419. #endif
  420. err_delete_thread_state();
  421. }
  422. if (locals->rand) {
  423. #ifdef OPENSSL_INIT_DEBUG
  424. fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
  425. "drbg_delete_thread_state()\n");
  426. #endif
  427. drbg_delete_thread_state();
  428. }
  429. OPENSSL_free(locals);
  430. }
  431. void OPENSSL_thread_stop(void)
  432. {
  433. if (destructor_key.sane != -1)
  434. ossl_init_thread_stop(ossl_init_get_thread_local(0));
  435. }
  436. int ossl_init_thread_start(uint64_t opts)
  437. {
  438. struct thread_local_inits_st *locals;
  439. if (!OPENSSL_init_crypto(0, NULL))
  440. return 0;
  441. locals = ossl_init_get_thread_local(1);
  442. if (locals == NULL)
  443. return 0;
  444. if (opts & OPENSSL_INIT_THREAD_ASYNC) {
  445. #ifdef OPENSSL_INIT_DEBUG
  446. fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
  447. "marking thread for async\n");
  448. #endif
  449. locals->async = 1;
  450. }
  451. if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
  452. #ifdef OPENSSL_INIT_DEBUG
  453. fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
  454. "marking thread for err_state\n");
  455. #endif
  456. locals->err_state = 1;
  457. }
  458. if (opts & OPENSSL_INIT_THREAD_RAND) {
  459. #ifdef OPENSSL_INIT_DEBUG
  460. fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
  461. "marking thread for rand\n");
  462. #endif
  463. locals->rand = 1;
  464. }
  465. return 1;
  466. }
  467. void OPENSSL_cleanup(void)
  468. {
  469. OPENSSL_INIT_STOP *currhandler, *lasthandler;
  470. CRYPTO_THREAD_LOCAL key;
  471. /* If we've not been inited then no need to deinit */
  472. if (!base_inited)
  473. return;
  474. /* Might be explicitly called and also by atexit */
  475. if (stopped)
  476. return;
  477. stopped = 1;
  478. /*
  479. * Thread stop may not get automatically called by the thread library for
  480. * the very last thread in some situations, so call it directly.
  481. */
  482. ossl_init_thread_stop(ossl_init_get_thread_local(0));
  483. currhandler = stop_handlers;
  484. while (currhandler != NULL) {
  485. currhandler->handler();
  486. lasthandler = currhandler;
  487. currhandler = currhandler->next;
  488. OPENSSL_free(lasthandler);
  489. }
  490. stop_handlers = NULL;
  491. CRYPTO_THREAD_lock_free(init_lock);
  492. init_lock = NULL;
  493. /*
  494. * We assume we are single-threaded for this function, i.e. no race
  495. * conditions for the various "*_inited" vars below.
  496. */
  497. #ifndef OPENSSL_NO_COMP
  498. if (zlib_inited) {
  499. #ifdef OPENSSL_INIT_DEBUG
  500. fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
  501. "comp_zlib_cleanup_int()\n");
  502. #endif
  503. comp_zlib_cleanup_int();
  504. }
  505. #endif
  506. if (async_inited) {
  507. # ifdef OPENSSL_INIT_DEBUG
  508. fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
  509. "async_deinit()\n");
  510. # endif
  511. async_deinit();
  512. }
  513. if (load_crypto_strings_inited) {
  514. #ifdef OPENSSL_INIT_DEBUG
  515. fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
  516. "err_free_strings_int()\n");
  517. #endif
  518. err_free_strings_int();
  519. }
  520. key = destructor_key.value;
  521. destructor_key.sane = -1;
  522. CRYPTO_THREAD_cleanup_local(&key);
  523. #ifdef OPENSSL_INIT_DEBUG
  524. fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
  525. "rand_cleanup_int()\n");
  526. fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
  527. "conf_modules_free_int()\n");
  528. #ifndef OPENSSL_NO_ENGINE
  529. fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
  530. "engine_cleanup_int()\n");
  531. #endif
  532. fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
  533. "crypto_cleanup_all_ex_data_int()\n");
  534. fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
  535. "bio_sock_cleanup_int()\n");
  536. fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
  537. "bio_cleanup()\n");
  538. fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
  539. "evp_cleanup_int()\n");
  540. fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
  541. "obj_cleanup_int()\n");
  542. fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
  543. "err_cleanup()\n");
  544. #endif
  545. /*
  546. * Note that cleanup order is important:
  547. * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
  548. * must be called before engine_cleanup_int()
  549. * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
  550. * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
  551. * - conf_modules_free_int() can end up in ENGINE code so must be called
  552. * before engine_cleanup_int()
  553. * - ENGINEs and additional EVP algorithms might use added OIDs names so
  554. * obj_cleanup_int() must be called last
  555. */
  556. rand_cleanup_int();
  557. rand_drbg_cleanup_int();
  558. conf_modules_free_int();
  559. #ifndef OPENSSL_NO_ENGINE
  560. engine_cleanup_int();
  561. #endif
  562. ossl_store_cleanup_int();
  563. crypto_cleanup_all_ex_data_int();
  564. bio_cleanup();
  565. evp_cleanup_int();
  566. obj_cleanup_int();
  567. err_cleanup();
  568. CRYPTO_secure_malloc_done();
  569. base_inited = 0;
  570. }
  571. /*
  572. * If this function is called with a non NULL settings value then it must be
  573. * called prior to any threads making calls to any OpenSSL functions,
  574. * i.e. passing a non-null settings value is assumed to be single-threaded.
  575. */
  576. int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
  577. {
  578. if (stopped) {
  579. if (!(opts & OPENSSL_INIT_BASE_ONLY))
  580. CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
  581. return 0;
  582. }
  583. /*
  584. * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the
  585. * *only* option specified. With that option we return immediately after
  586. * doing the requested limited initialization. Note that
  587. * err_shelve_state() called by us via ossl_init_load_crypto_nodelete()
  588. * re-enters OPENSSL_init_crypto() with OPENSSL_INIT_BASE_ONLY, but with
  589. * base already initialized this is a harmless NOOP.
  590. *
  591. * If we remain the only caller of err_shelve_state() the recursion should
  592. * perhaps be removed, but if in doubt, it can be left in place.
  593. */
  594. if (!RUN_ONCE(&base, ossl_init_base))
  595. return 0;
  596. if (opts & OPENSSL_INIT_BASE_ONLY)
  597. return 1;
  598. /*
  599. * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls
  600. * should not have the side-effect of setting up exit handlers, and
  601. * therefore, this code block is below the INIT_BASE_ONLY-conditioned early
  602. * return above.
  603. */
  604. if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) {
  605. if (!RUN_ONCE_ALT(&register_atexit, ossl_init_no_register_atexit,
  606. ossl_init_register_atexit))
  607. return 0;
  608. } else if (!RUN_ONCE(&register_atexit, ossl_init_register_atexit)) {
  609. return 0;
  610. }
  611. if (!RUN_ONCE(&load_crypto_nodelete, ossl_init_load_crypto_nodelete))
  612. return 0;
  613. if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
  614. && !RUN_ONCE_ALT(&load_crypto_strings,
  615. ossl_init_no_load_crypto_strings,
  616. ossl_init_load_crypto_strings))
  617. return 0;
  618. if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
  619. && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
  620. return 0;
  621. if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
  622. && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers,
  623. ossl_init_add_all_ciphers))
  624. return 0;
  625. if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
  626. && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
  627. return 0;
  628. if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
  629. && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests,
  630. ossl_init_add_all_digests))
  631. return 0;
  632. if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
  633. && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
  634. return 0;
  635. if ((opts & OPENSSL_INIT_NO_ADD_ALL_MACS)
  636. && !RUN_ONCE_ALT(&add_all_macs, ossl_init_no_add_all_macs,
  637. ossl_init_add_all_macs))
  638. return 0;
  639. if ((opts & OPENSSL_INIT_ADD_ALL_MACS)
  640. && !RUN_ONCE(&add_all_macs, ossl_init_add_all_macs))
  641. return 0;
  642. if ((opts & OPENSSL_INIT_ATFORK)
  643. && !openssl_init_fork_handlers())
  644. return 0;
  645. if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
  646. && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config))
  647. return 0;
  648. if (opts & OPENSSL_INIT_LOAD_CONFIG) {
  649. int ret;
  650. CRYPTO_THREAD_write_lock(init_lock);
  651. conf_settings = settings;
  652. ret = RUN_ONCE(&config, ossl_init_config);
  653. conf_settings = NULL;
  654. CRYPTO_THREAD_unlock(init_lock);
  655. if (!ret)
  656. return 0;
  657. }
  658. if ((opts & OPENSSL_INIT_ASYNC)
  659. && !RUN_ONCE(&async, ossl_init_async))
  660. return 0;
  661. #ifndef OPENSSL_NO_ENGINE
  662. if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
  663. && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
  664. return 0;
  665. # ifndef OPENSSL_NO_RDRAND
  666. if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
  667. && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
  668. return 0;
  669. # endif
  670. if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
  671. && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
  672. return 0;
  673. # ifndef OPENSSL_NO_STATIC_ENGINE
  674. # ifndef OPENSSL_NO_DEVCRYPTOENG
  675. if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
  676. && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
  677. return 0;
  678. # endif
  679. # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
  680. if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
  681. && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
  682. return 0;
  683. # endif
  684. # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
  685. if ((opts & OPENSSL_INIT_ENGINE_CAPI)
  686. && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
  687. return 0;
  688. # endif
  689. # if !defined(OPENSSL_NO_AFALGENG)
  690. if ((opts & OPENSSL_INIT_ENGINE_AFALG)
  691. && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
  692. return 0;
  693. # endif
  694. # endif
  695. if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
  696. | OPENSSL_INIT_ENGINE_OPENSSL
  697. | OPENSSL_INIT_ENGINE_AFALG)) {
  698. ENGINE_register_all_complete();
  699. }
  700. #endif
  701. #ifndef OPENSSL_NO_COMP
  702. if ((opts & OPENSSL_INIT_ZLIB)
  703. && !RUN_ONCE(&zlib, ossl_init_zlib))
  704. return 0;
  705. #endif
  706. return 1;
  707. }
  708. int OPENSSL_atexit(void (*handler)(void))
  709. {
  710. OPENSSL_INIT_STOP *newhand;
  711. #if !defined(OPENSSL_NO_DSO) \
  712. && !defined(OPENSSL_USE_NODELETE)\
  713. && !defined(OPENSSL_NO_PINSHARED)
  714. {
  715. union {
  716. void *sym;
  717. void (*func)(void);
  718. } handlersym;
  719. handlersym.func = handler;
  720. # ifdef DSO_WIN32
  721. {
  722. HMODULE handle = NULL;
  723. BOOL ret;
  724. /*
  725. * We don't use the DSO route for WIN32 because there is a better
  726. * way
  727. */
  728. ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
  729. | GET_MODULE_HANDLE_EX_FLAG_PIN,
  730. handlersym.sym, &handle);
  731. if (!ret)
  732. return 0;
  733. }
  734. # else
  735. /*
  736. * Deliberately leak a reference to the handler. This will force the
  737. * library/code containing the handler to remain loaded until we run the
  738. * atexit handler. If -znodelete has been used then this is
  739. * unnecessary.
  740. */
  741. {
  742. DSO *dso = NULL;
  743. ERR_set_mark();
  744. dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
  745. # ifdef OPENSSL_INIT_DEBUG
  746. fprintf(stderr,
  747. "OPENSSL_INIT: OPENSSL_atexit: obtained DSO reference? %s\n",
  748. (dso == NULL ? "No!" : "Yes."));
  749. /* See same code above in ossl_init_base() for an explanation. */
  750. # endif
  751. DSO_free(dso);
  752. ERR_pop_to_mark();
  753. }
  754. # endif
  755. }
  756. #endif
  757. if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) {
  758. CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE);
  759. return 0;
  760. }
  761. newhand->handler = handler;
  762. newhand->next = stop_handlers;
  763. stop_handlers = newhand;
  764. return 1;
  765. }
  766. #ifdef OPENSSL_SYS_UNIX
  767. /*
  768. * The following three functions are for OpenSSL developers. This is
  769. * where we set/reset state across fork (called via pthread_atfork when
  770. * it exists, or manually by the application when it doesn't).
  771. *
  772. * WARNING! If you put code in either OPENSSL_fork_parent or
  773. * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
  774. * safe. See this link, for example:
  775. * http://man7.org/linux/man-pages/man7/signal-safety.7.html
  776. */
  777. void OPENSSL_fork_prepare(void)
  778. {
  779. }
  780. void OPENSSL_fork_parent(void)
  781. {
  782. }
  783. void OPENSSL_fork_child(void)
  784. {
  785. rand_fork();
  786. }
  787. #endif