2
0

OPENSSL_init_crypto.pod 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252
  1. =pod
  2. =head1 NAME
  3. OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free,
  4. OPENSSL_init_crypto, OPENSSL_cleanup,
  5. OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL
  6. initialisation and deinitialisation functions
  7. =head1 SYNOPSIS
  8. #include <openssl/crypto.h>
  9. void OPENSSL_cleanup(void);
  10. int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
  11. int OPENSSL_atexit(void (*handler)(void));
  12. void OPENSSL_thread_stop(void);
  13. OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
  14. int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
  15. const char* name);
  16. void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
  17. =head1 DESCRIPTION
  18. During normal operation OpenSSL (libcrypto) will allocate various resources at
  19. start up that must, subsequently, be freed on close down of the library.
  20. Additionally some resources are allocated on a per thread basis (if the
  21. application is multi-threaded), and these resources must be freed prior to the
  22. thread closing.
  23. As of version 1.1.0 OpenSSL will automatically allocate all resources that it
  24. needs so no explicit initialisation is required. Similarly it will also
  25. automatically deinitialise as required.
  26. However, there way be situations when explicit initialisation is desirable or
  27. needed, for example when some non-default initialisation is required. The
  28. function OPENSSL_init_crypto() can be used for this purpose for
  29. libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
  30. equivalent).
  31. Numerous internal OpenSSL functions call OPENSSL_init_crypto().
  32. Therefore, in order to perform non-default initialisation,
  33. OPENSSL_init_crypto() MUST be called by application code prior to
  34. any other OpenSSL function calls.
  35. The B<opts> parameter specifies which aspects of libcrypto should be
  36. initialised. Valid options are:
  37. =over 4
  38. =item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
  39. Suppress automatic loading of the libcrypto error strings. This option is
  40. not a default option. Once selected subsequent calls to
  41. OPENSSL_init_crypto() with the option
  42. B<OPENSSL_INIT_LOAD_CRYPTO_STRINGS> will be ignored.
  43. =item OPENSSL_INIT_LOAD_CRYPTO_STRINGS
  44. Automatic loading of the libcrypto error strings. With this option the
  45. library will automatically load the libcrypto error strings.
  46. This option is a default option. Once selected subsequent calls to
  47. OPENSSL_init_crypto() with the option
  48. B<OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS> will be ignored.
  49. =item OPENSSL_INIT_ADD_ALL_CIPHERS
  50. With this option the library will automatically load and make available all
  51. libcrypto ciphers. This option is a default option. Once selected subsequent
  52. calls to OPENSSL_init_crypto() with the option
  53. B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
  54. =item OPENSSL_INIT_ADD_ALL_DIGESTS
  55. With this option the library will automatically load and make available all
  56. libcrypto digests. This option is a default option. Once selected subsequent
  57. calls to OPENSSL_init_crypto() with the option
  58. B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
  59. =item OPENSSL_INIT_NO_ADD_ALL_CIPHERS
  60. With this option the library will suppress automatic loading of libcrypto
  61. ciphers. This option is not a default option. Once selected subsequent
  62. calls to OPENSSL_init_crypto() with the option
  63. B<OPENSSL_INIT_ADD_ALL_CIPHERS> will be ignored.
  64. =item OPENSSL_INIT_NO_ADD_ALL_DIGESTS
  65. With this option the library will suppress automatic loading of libcrypto
  66. digests. This option is not a default option. Once selected subsequent
  67. calls to OPENSSL_init_crypto() with the option
  68. B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
  69. =item OPENSSL_INIT_LOAD_CONFIG
  70. With this option an OpenSSL configuration file will be automatically loaded and
  71. used by calling OPENSSL_config(). This is not a default option for libcrypto.
  72. From OpenSSL 1.1.1 this is a default option for libssl (see
  73. L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the
  74. description of OPENSSL_INIT_new(), below.
  75. =item OPENSSL_INIT_NO_LOAD_CONFIG
  76. With this option the loading of OpenSSL configuration files will be suppressed.
  77. It is the equivalent of calling OPENSSL_no_config(). This is not a default
  78. option.
  79. =item OPENSSL_INIT_ASYNC
  80. With this option the library with automatically initialise the libcrypto async
  81. sub-library (see L<ASYNC_start_job(3)>). This is a default option.
  82. =item OPENSSL_INIT_ENGINE_RDRAND
  83. With this option the library will automatically load and initialise the
  84. RDRAND engine (if available). This not a default option.
  85. =item OPENSSL_INIT_ENGINE_DYNAMIC
  86. With this option the library will automatically load and initialise the
  87. dynamic engine. This not a default option.
  88. =item OPENSSL_INIT_ENGINE_OPENSSL
  89. With this option the library will automatically load and initialise the
  90. openssl engine. This not a default option.
  91. =item OPENSSL_INIT_ENGINE_CRYPTODEV
  92. With this option the library will automatically load and initialise the
  93. cryptodev engine (if available). This not a default option.
  94. =item OPENSSL_INIT_ENGINE_CAPI
  95. With this option the library will automatically load and initialise the
  96. CAPI engine (if available). This not a default option.
  97. =item OPENSSL_INIT_ENGINE_PADLOCK
  98. With this option the library will automatically load and initialise the
  99. padlock engine (if available). This not a default option.
  100. =item OPENSSL_INIT_ENGINE_AFALG
  101. With this option the library will automatically load and initialise the
  102. AFALG engine. This not a default option.
  103. =item OPENSSL_INIT_ENGINE_ALL_BUILTIN
  104. With this option the library will automatically load and initialise all the
  105. built in engines listed above with the exception of the openssl and afalg
  106. engines. This not a default option.
  107. =item OPENSSL_INIT_ATFORK
  108. With this option the library will register its fork handlers.
  109. See OPENSSL_fork_prepare(3) for details.
  110. =back
  111. Multiple options may be combined together in a single call to
  112. OPENSSL_init_crypto(). For example:
  113. OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
  114. | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
  115. The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
  116. and libssl). All resources allocated by OpenSSL are freed. Typically there
  117. should be no need to call this function directly as it is initiated
  118. automatically on application exit. This is done via the standard C library
  119. atexit() function. In the event that the application will close in a manner
  120. that will not call the registered atexit() handlers then the application should
  121. call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL
  122. are discouraged from calling this function and should instead, typically, rely
  123. on auto-deinitialisation. This is to avoid error conditions where both an
  124. application and a library it depends on both use OpenSSL, and the library
  125. deinitialises it before the application has finished using it.
  126. Once OPENSSL_cleanup() has been called the library cannot be reinitialised.
  127. Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error
  128. will be added to the error stack. Note that because initialisation has failed
  129. OpenSSL error strings will not be available, only an error code. This code can
  130. be put through the openssl errstr command line application to produce a human
  131. readable error (see L<errstr(1)>).
  132. The OPENSSL_atexit() function enables the registration of a
  133. function to be called during OPENSSL_cleanup(). Stop handlers are
  134. called after deinitialisation of resources local to a thread, but before other
  135. process wide resources are freed. In the event that multiple stop handlers are
  136. registered, no guarantees are made about the order of execution.
  137. The OPENSSL_thread_stop() function deallocates resources associated
  138. with the current thread. Typically this function will be called automatically by
  139. the library when the thread exits. This should only be called directly if
  140. resources should be freed at an earlier time, or under the circumstances
  141. described in the NOTES section below.
  142. The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration
  143. file. For optional configuration file settings, an B<OPENSSL_INIT_SETTINGS>
  144. must be created and used.
  145. The routines OPENSSL_init_new() and OPENSSL_INIT_set_config_appname() can
  146. be used to allocate the object and set the application name, and then the
  147. object can be released with OPENSSL_INIT_free() when done.
  148. =head1 NOTES
  149. Resources local to a thread are deallocated automatically when the thread exits
  150. (e.g. in a pthreads environment, when pthread_exit() is called). On Windows
  151. platforms this is done in response to a DLL_THREAD_DETACH message being sent to
  152. the libcrypto32.dll entry point. Some windows functions may cause threads to exit
  153. without sending this message (for example ExitProcess()). If the application
  154. uses such functions, then the application must free up OpenSSL resources
  155. directly via a call to OPENSSL_thread_stop() on each thread. Similarly this
  156. message will also not be sent if OpenSSL is linked statically, and therefore
  157. applications using static linking should also call OPENSSL_thread_stop() on each
  158. thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the
  159. threads are not destroyed until after FreeLibrary() is called then each thread
  160. should call OPENSSL_thread_stop() prior to the FreeLibrary() call.
  161. On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is
  162. multi-threaded and if dlclose() is subsequently called prior to the threads
  163. being destroyed then OpenSSL will not be able to deallocate resources associated
  164. with those threads. The application should either call OPENSSL_thread_stop() on
  165. each thread prior to the dlclose() call, or alternatively the original dlopen()
  166. call should use the RTLD_NODELETE flag (where available on the platform).
  167. =head1 RETURN VALUES
  168. The functions OPENSSL_init_crypto, OPENSSL_atexit() and
  169. OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.
  170. =head1 SEE ALSO
  171. L<OPENSSL_init_ssl(3)>
  172. =head1 HISTORY
  173. The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
  174. OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname()
  175. and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.
  176. =head1 COPYRIGHT
  177. Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  178. Licensed under the OpenSSL license (the "License"). You may not use
  179. this file except in compliance with the License. You can obtain a copy
  180. in the file LICENSE in the source distribution or at
  181. L<https://www.openssl.org/source/license.html>.
  182. =cut