1 /*
2 * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "e_os.h"
11 #include "crypto/cryptlib.h"
12 #include <openssl/err.h>
13 #include "crypto/rand.h"
14 #include "internal/bio.h"
15 #include <openssl/evp.h>
16 #include "crypto/evp.h"
17 #include "internal/conf.h"
18 #include "crypto/async.h"
19 #include "crypto/engine.h"
20 #include "internal/comp.h"
21 #include "internal/err.h"
22 #include "crypto/err.h"
23 #include "crypto/objects.h"
24 #include <stdlib.h>
25 #include <assert.h>
26 #include "internal/thread_once.h"
27 #include "crypto/dso_conf.h"
28 #include "internal/dso.h"
29 #include "crypto/store.h"
30
31 static int stopped = 0;
32
33 /*
34 * Since per-thread-specific-data destructors are not universally
35 * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key
36 * is assumed to have destructor associated. And then an effort is made
37 * to call this single destructor on non-pthread platform[s].
38 *
39 * Initial value is "impossible". It is used as guard value to shortcut
40 * destructor for threads terminating before libcrypto is initialized or
41 * after it's de-initialized. Access to the key doesn't have to be
42 * serialized for the said threads, because they didn't use libcrypto
43 * and it doesn't matter if they pick "impossible" or dereference real
44 * key value and pull NULL past initialization in the first thread that
45 * intends to use libcrypto.
46 */
47 static union {
48 long sane;
49 CRYPTO_THREAD_LOCAL value;
50 } destructor_key = { -1 };
51
52 static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
53
ossl_init_thread_destructor(void * local)54 static void ossl_init_thread_destructor(void *local)
55 {
56 ossl_init_thread_stop((struct thread_local_inits_st *)local);
57 }
58
ossl_init_get_thread_local(int alloc)59 static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
60 {
61 struct thread_local_inits_st *local =
62 CRYPTO_THREAD_get_local(&destructor_key.value);
63
64 if (alloc) {
65 if (local == NULL
66 && (local = OPENSSL_zalloc(sizeof(*local))) != NULL
67 && !CRYPTO_THREAD_set_local(&destructor_key.value, local)) {
68 OPENSSL_free(local);
69 return NULL;
70 }
71 } else {
72 CRYPTO_THREAD_set_local(&destructor_key.value, NULL);
73 }
74
75 return local;
76 }
77
78 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
79 struct ossl_init_stop_st {
80 void (*handler)(void);
81 OPENSSL_INIT_STOP *next;
82 };
83
84 static OPENSSL_INIT_STOP *stop_handlers = NULL;
85 static CRYPTO_RWLOCK *init_lock = NULL;
86
87 static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
88 static int base_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_base)89 DEFINE_RUN_ONCE_STATIC(ossl_init_base)
90 {
91 CRYPTO_THREAD_LOCAL key;
92
93 #ifdef OPENSSL_INIT_DEBUG
94 fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
95 #endif
96 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
97 ossl_malloc_setup_failures();
98 #endif
99 if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor))
100 return 0;
101 if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
102 goto err;
103 OPENSSL_cpuid_setup();
104
105 destructor_key.value = key;
106 base_inited = 1;
107 return 1;
108
109 err:
110 #ifdef OPENSSL_INIT_DEBUG
111 fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n");
112 #endif
113 CRYPTO_THREAD_lock_free(init_lock);
114 init_lock = NULL;
115
116 CRYPTO_THREAD_cleanup_local(&key);
117 return 0;
118 }
119
120 static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT;
121 #if !defined(OPENSSL_SYS_UEFI) && defined(_WIN32)
win32atexit(void)122 static int win32atexit(void)
123 {
124 OPENSSL_cleanup();
125 return 0;
126 }
127 #endif
128
DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)129 DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)
130 {
131 #ifdef OPENSSL_INIT_DEBUG
132 fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n");
133 #endif
134 #ifndef OPENSSL_SYS_UEFI
135 # ifdef _WIN32
136 /* We use _onexit() in preference because it gets called on DLL unload */
137 if (_onexit(win32atexit) == NULL)
138 return 0;
139 # else
140 if (atexit(OPENSSL_cleanup) != 0)
141 return 0;
142 # endif
143 #endif
144
145 return 1;
146 }
147
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,ossl_init_register_atexit)148 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,
149 ossl_init_register_atexit)
150 {
151 #ifdef OPENSSL_INIT_DEBUG
152 fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n");
153 #endif
154 /* Do nothing in this case */
155 return 1;
156 }
157
158 static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)159 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
160 {
161 #ifdef OPENSSL_INIT_DEBUG
162 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n");
163 #endif
164 #if !defined(OPENSSL_USE_NODELETE) \
165 && !defined(OPENSSL_NO_PINSHARED)
166 # if defined(DSO_WIN32) && !defined(_WIN32_WCE)
167 {
168 HMODULE handle = NULL;
169 BOOL ret;
170
171 /* We don't use the DSO route for WIN32 because there is a better way */
172 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
173 | GET_MODULE_HANDLE_EX_FLAG_PIN,
174 (void *)&base_inited, &handle);
175
176 # ifdef OPENSSL_INIT_DEBUG
177 fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
178 (ret == TRUE ? "No!" : "Yes."));
179 # endif
180 return (ret == TRUE) ? 1 : 0;
181 }
182 # elif !defined(DSO_NONE)
183 /*
184 * Deliberately leak a reference to ourselves. This will force the library
185 * to remain loaded until the atexit() handler is run at process exit.
186 */
187 {
188 DSO *dso;
189 void *err;
190
191 if (!err_shelve_state(&err))
192 return 0;
193
194 dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
195 # ifdef OPENSSL_INIT_DEBUG
196 fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
197 (dso == NULL ? "No!" : "Yes."));
198 /*
199 * In case of No!, it is uncertain our exit()-handlers can still be
200 * called. After dlclose() the whole library might have been unloaded
201 * already.
202 */
203 # endif
204 DSO_free(dso);
205 err_unshelve_state(err);
206 }
207 # endif
208 #endif
209
210 return 1;
211 }
212
213 static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
214
DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)215 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
216 {
217 int ret = 1;
218 /*
219 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
220 * pulling in all the error strings during static linking
221 */
222 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
223 # ifdef OPENSSL_INIT_DEBUG
224 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
225 "err_load_crypto_strings_int()\n");
226 # endif
227 ret = err_load_crypto_strings_int();
228 #endif
229 return ret;
230 }
231
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,ossl_init_load_crypto_strings)232 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,
233 ossl_init_load_crypto_strings)
234 {
235 /* Do nothing in this case */
236 return 1;
237 }
238
239 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)240 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
241 {
242 /*
243 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
244 * pulling in all the ciphers during static linking
245 */
246 #ifndef OPENSSL_NO_AUTOALGINIT
247 # ifdef OPENSSL_INIT_DEBUG
248 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
249 "openssl_add_all_ciphers_int()\n");
250 # endif
251 openssl_add_all_ciphers_int();
252 #endif
253 return 1;
254 }
255
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers,ossl_init_add_all_ciphers)256 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers,
257 ossl_init_add_all_ciphers)
258 {
259 /* Do nothing */
260 return 1;
261 }
262
263 static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)264 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
265 {
266 /*
267 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
268 * pulling in all the ciphers during static linking
269 */
270 #ifndef OPENSSL_NO_AUTOALGINIT
271 # ifdef OPENSSL_INIT_DEBUG
272 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: "
273 "openssl_add_all_digests()\n");
274 # endif
275 openssl_add_all_digests_int();
276 #endif
277 return 1;
278 }
279
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,ossl_init_add_all_digests)280 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
281 ossl_init_add_all_digests)
282 {
283 /* Do nothing */
284 return 1;
285 }
286
287 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
288 static int config_inited = 0;
289 static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
DEFINE_RUN_ONCE_STATIC(ossl_init_config)290 DEFINE_RUN_ONCE_STATIC(ossl_init_config)
291 {
292 int ret = openssl_config_int(conf_settings);
293 config_inited = 1;
294 return ret;
295 }
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config,ossl_init_config)296 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
297 {
298 #ifdef OPENSSL_INIT_DEBUG
299 fprintf(stderr,
300 "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
301 #endif
302 openssl_no_config_int();
303 config_inited = 1;
304 return 1;
305 }
306
307 static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
308 static int async_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_async)309 DEFINE_RUN_ONCE_STATIC(ossl_init_async)
310 {
311 #ifdef OPENSSL_INIT_DEBUG
312 fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
313 #endif
314 if (!async_init())
315 return 0;
316 async_inited = 1;
317 return 1;
318 }
319
320 #ifndef OPENSSL_NO_ENGINE
321 static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)322 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
323 {
324 # ifdef OPENSSL_INIT_DEBUG
325 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
326 "engine_load_openssl_int()\n");
327 # endif
328 engine_load_openssl_int();
329 return 1;
330 }
331 # ifndef OPENSSL_NO_DEVCRYPTOENG
332 static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)333 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
334 {
335 # ifdef OPENSSL_INIT_DEBUG
336 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
337 "engine_load_devcrypto_int()\n");
338 # endif
339 engine_load_devcrypto_int();
340 return 1;
341 }
342 # endif
343
344 # ifndef OPENSSL_NO_RDRAND
345 static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)346 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
347 {
348 # ifdef OPENSSL_INIT_DEBUG
349 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
350 "engine_load_rdrand_int()\n");
351 # endif
352 engine_load_rdrand_int();
353 return 1;
354 }
355 # endif
356 static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)357 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
358 {
359 # ifdef OPENSSL_INIT_DEBUG
360 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
361 "engine_load_dynamic_int()\n");
362 # endif
363 engine_load_dynamic_int();
364 return 1;
365 }
366 # ifndef OPENSSL_NO_STATIC_ENGINE
367 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
368 static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)369 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
370 {
371 # ifdef OPENSSL_INIT_DEBUG
372 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
373 "engine_load_padlock_int()\n");
374 # endif
375 engine_load_padlock_int();
376 return 1;
377 }
378 # endif
379 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
380 static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)381 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
382 {
383 # ifdef OPENSSL_INIT_DEBUG
384 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
385 "engine_load_capi_int()\n");
386 # endif
387 engine_load_capi_int();
388 return 1;
389 }
390 # endif
391 # if !defined(OPENSSL_NO_AFALGENG)
392 static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)393 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
394 {
395 # ifdef OPENSSL_INIT_DEBUG
396 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
397 "engine_load_afalg_int()\n");
398 # endif
399 engine_load_afalg_int();
400 return 1;
401 }
402 # endif
403 # endif
404 #endif
405
406 #ifndef OPENSSL_NO_COMP
407 static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
408
409 static int zlib_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)410 DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
411 {
412 /* Do nothing - we need to know about this for the later cleanup */
413 zlib_inited = 1;
414 return 1;
415 }
416 #endif
417
ossl_init_thread_stop(struct thread_local_inits_st * locals)418 static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
419 {
420 /* Can't do much about this */
421 if (locals == NULL)
422 return;
423
424 if (locals->async) {
425 #ifdef OPENSSL_INIT_DEBUG
426 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
427 "async_delete_thread_state()\n");
428 #endif
429 async_delete_thread_state();
430 }
431
432 if (locals->err_state) {
433 #ifdef OPENSSL_INIT_DEBUG
434 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
435 "err_delete_thread_state()\n");
436 #endif
437 err_delete_thread_state();
438 }
439
440 if (locals->rand) {
441 #ifdef OPENSSL_INIT_DEBUG
442 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
443 "drbg_delete_thread_state()\n");
444 #endif
445 drbg_delete_thread_state();
446 }
447
448 OPENSSL_free(locals);
449 }
450
OPENSSL_thread_stop(void)451 void OPENSSL_thread_stop(void)
452 {
453 if (destructor_key.sane != -1)
454 ossl_init_thread_stop(ossl_init_get_thread_local(0));
455 }
456
ossl_init_thread_start(uint64_t opts)457 int ossl_init_thread_start(uint64_t opts)
458 {
459 struct thread_local_inits_st *locals;
460
461 if (!OPENSSL_init_crypto(0, NULL))
462 return 0;
463
464 locals = ossl_init_get_thread_local(1);
465
466 if (locals == NULL)
467 return 0;
468
469 if (opts & OPENSSL_INIT_THREAD_ASYNC) {
470 #ifdef OPENSSL_INIT_DEBUG
471 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
472 "marking thread for async\n");
473 #endif
474 locals->async = 1;
475 }
476
477 if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
478 #ifdef OPENSSL_INIT_DEBUG
479 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
480 "marking thread for err_state\n");
481 #endif
482 locals->err_state = 1;
483 }
484
485 if (opts & OPENSSL_INIT_THREAD_RAND) {
486 #ifdef OPENSSL_INIT_DEBUG
487 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
488 "marking thread for rand\n");
489 #endif
490 locals->rand = 1;
491 }
492
493 return 1;
494 }
495
OPENSSL_cleanup(void)496 void OPENSSL_cleanup(void)
497 {
498 OPENSSL_INIT_STOP *currhandler, *lasthandler;
499 CRYPTO_THREAD_LOCAL key;
500
501 /* If we've not been inited then no need to deinit */
502 if (!base_inited)
503 return;
504
505 /* Might be explicitly called and also by atexit */
506 if (stopped)
507 return;
508 stopped = 1;
509
510 /*
511 * Thread stop may not get automatically called by the thread library for
512 * the very last thread in some situations, so call it directly.
513 */
514 ossl_init_thread_stop(ossl_init_get_thread_local(0));
515
516 currhandler = stop_handlers;
517 while (currhandler != NULL) {
518 currhandler->handler();
519 lasthandler = currhandler;
520 currhandler = currhandler->next;
521 OPENSSL_free(lasthandler);
522 }
523 stop_handlers = NULL;
524
525 CRYPTO_THREAD_lock_free(init_lock);
526 init_lock = NULL;
527
528 /*
529 * We assume we are single-threaded for this function, i.e. no race
530 * conditions for the various "*_inited" vars below.
531 */
532
533 #ifndef OPENSSL_NO_COMP
534 if (zlib_inited) {
535 #ifdef OPENSSL_INIT_DEBUG
536 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
537 "comp_zlib_cleanup_int()\n");
538 #endif
539 comp_zlib_cleanup_int();
540 }
541 #endif
542
543 if (async_inited) {
544 # ifdef OPENSSL_INIT_DEBUG
545 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
546 "async_deinit()\n");
547 # endif
548 async_deinit();
549 }
550
551 key = destructor_key.value;
552 destructor_key.sane = -1;
553 CRYPTO_THREAD_cleanup_local(&key);
554
555 #ifdef OPENSSL_INIT_DEBUG
556 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
557 "rand_cleanup_int()\n");
558 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
559 "conf_modules_free_int()\n");
560 #ifndef OPENSSL_NO_ENGINE
561 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
562 "engine_cleanup_int()\n");
563 #endif
564 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
565 "crypto_cleanup_all_ex_data_int()\n");
566 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
567 "bio_sock_cleanup_int()\n");
568 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
569 "bio_cleanup()\n");
570 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
571 "evp_cleanup_int()\n");
572 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
573 "obj_cleanup_int()\n");
574 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
575 "err_cleanup()\n");
576 #endif
577 /*
578 * Note that cleanup order is important:
579 * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
580 * must be called before engine_cleanup_int()
581 * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
582 * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
583 * - conf_modules_free_int() can end up in ENGINE code so must be called
584 * before engine_cleanup_int()
585 * - ENGINEs and additional EVP algorithms might use added OIDs names so
586 * obj_cleanup_int() must be called last
587 */
588 rand_cleanup_int();
589 rand_drbg_cleanup_int();
590 conf_modules_free_int();
591 #ifndef OPENSSL_NO_ENGINE
592 engine_cleanup_int();
593 #endif
594 ossl_store_cleanup_int();
595 crypto_cleanup_all_ex_data_int();
596 bio_cleanup();
597 evp_cleanup_int();
598 obj_cleanup_int();
599 err_cleanup();
600
601 CRYPTO_secure_malloc_done();
602
603 base_inited = 0;
604 }
605
606 /*
607 * If this function is called with a non NULL settings value then it must be
608 * called prior to any threads making calls to any OpenSSL functions,
609 * i.e. passing a non-null settings value is assumed to be single-threaded.
610 */
OPENSSL_init_crypto(uint64_t opts,const OPENSSL_INIT_SETTINGS * settings)611 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
612 {
613 if (stopped) {
614 if (!(opts & OPENSSL_INIT_BASE_ONLY))
615 CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
616 return 0;
617 }
618
619 /*
620 * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the
621 * *only* option specified. With that option we return immediately after
622 * doing the requested limited initialization. Note that
623 * err_shelve_state() called by us via ossl_init_load_crypto_nodelete()
624 * re-enters OPENSSL_init_crypto() with OPENSSL_INIT_BASE_ONLY, but with
625 * base already initialized this is a harmless NOOP.
626 *
627 * If we remain the only caller of err_shelve_state() the recursion should
628 * perhaps be removed, but if in doubt, it can be left in place.
629 */
630 if (!RUN_ONCE(&base, ossl_init_base))
631 return 0;
632 if (opts & OPENSSL_INIT_BASE_ONLY)
633 return 1;
634
635 /*
636 * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls
637 * should not have the side-effect of setting up exit handlers, and
638 * therefore, this code block is below the INIT_BASE_ONLY-conditioned early
639 * return above.
640 */
641 if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) {
642 if (!RUN_ONCE_ALT(®ister_atexit, ossl_init_no_register_atexit,
643 ossl_init_register_atexit))
644 return 0;
645 } else if (!RUN_ONCE(®ister_atexit, ossl_init_register_atexit)) {
646 return 0;
647 }
648
649 if (!RUN_ONCE(&load_crypto_nodelete, ossl_init_load_crypto_nodelete))
650 return 0;
651
652 if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
653 && !RUN_ONCE_ALT(&load_crypto_strings,
654 ossl_init_no_load_crypto_strings,
655 ossl_init_load_crypto_strings))
656 return 0;
657
658 if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
659 && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
660 return 0;
661
662 if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
663 && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers,
664 ossl_init_add_all_ciphers))
665 return 0;
666
667 if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
668 && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
669 return 0;
670
671 if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
672 && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests,
673 ossl_init_add_all_digests))
674 return 0;
675
676 if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
677 && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
678 return 0;
679
680 if ((opts & OPENSSL_INIT_ATFORK)
681 && !openssl_init_fork_handlers())
682 return 0;
683
684 if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
685 && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config))
686 return 0;
687
688 if (opts & OPENSSL_INIT_LOAD_CONFIG) {
689 int ret;
690 CRYPTO_THREAD_write_lock(init_lock);
691 conf_settings = settings;
692 ret = RUN_ONCE(&config, ossl_init_config);
693 conf_settings = NULL;
694 CRYPTO_THREAD_unlock(init_lock);
695 if (ret <= 0)
696 return 0;
697 }
698
699 if ((opts & OPENSSL_INIT_ASYNC)
700 && !RUN_ONCE(&async, ossl_init_async))
701 return 0;
702
703 #ifndef OPENSSL_NO_ENGINE
704 if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
705 && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
706 return 0;
707 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
708 if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
709 && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
710 return 0;
711 # endif
712 # ifndef OPENSSL_NO_RDRAND
713 if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
714 && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
715 return 0;
716 # endif
717 if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
718 && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
719 return 0;
720 # ifndef OPENSSL_NO_STATIC_ENGINE
721 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
722 if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
723 && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
724 return 0;
725 # endif
726 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
727 if ((opts & OPENSSL_INIT_ENGINE_CAPI)
728 && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
729 return 0;
730 # endif
731 # if !defined(OPENSSL_NO_AFALGENG)
732 if ((opts & OPENSSL_INIT_ENGINE_AFALG)
733 && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
734 return 0;
735 # endif
736 # endif
737 if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
738 | OPENSSL_INIT_ENGINE_OPENSSL
739 | OPENSSL_INIT_ENGINE_AFALG)) {
740 ENGINE_register_all_complete();
741 }
742 #endif
743
744 #ifndef OPENSSL_NO_COMP
745 if ((opts & OPENSSL_INIT_ZLIB)
746 && !RUN_ONCE(&zlib, ossl_init_zlib))
747 return 0;
748 #endif
749
750 return 1;
751 }
752
OPENSSL_atexit(void (* handler)(void))753 int OPENSSL_atexit(void (*handler)(void))
754 {
755 OPENSSL_INIT_STOP *newhand;
756
757 #if !defined(OPENSSL_USE_NODELETE)\
758 && !defined(OPENSSL_NO_PINSHARED)
759 {
760 union {
761 void *sym;
762 void (*func)(void);
763 } handlersym;
764
765 handlersym.func = handler;
766 # if defined(DSO_WIN32) && !defined(_WIN32_WCE)
767 {
768 HMODULE handle = NULL;
769 BOOL ret;
770
771 /*
772 * We don't use the DSO route for WIN32 because there is a better
773 * way
774 */
775 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
776 | GET_MODULE_HANDLE_EX_FLAG_PIN,
777 handlersym.sym, &handle);
778
779 if (!ret)
780 return 0;
781 }
782 # elif !defined(DSO_NONE)
783 /*
784 * Deliberately leak a reference to the handler. This will force the
785 * library/code containing the handler to remain loaded until we run the
786 * atexit handler. If -znodelete has been used then this is
787 * unnecessary.
788 */
789 {
790 DSO *dso = NULL;
791
792 ERR_set_mark();
793 dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
794 # ifdef OPENSSL_INIT_DEBUG
795 fprintf(stderr,
796 "OPENSSL_INIT: OPENSSL_atexit: obtained DSO reference? %s\n",
797 (dso == NULL ? "No!" : "Yes."));
798 /* See same code above in ossl_init_base() for an explanation. */
799 # endif
800 DSO_free(dso);
801 ERR_pop_to_mark();
802 }
803 # endif
804 }
805 #endif
806
807 if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) {
808 CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE);
809 return 0;
810 }
811
812 newhand->handler = handler;
813 newhand->next = stop_handlers;
814 stop_handlers = newhand;
815
816 return 1;
817 }
818
819 #ifdef OPENSSL_SYS_UNIX
820 /*
821 * The following three functions are for OpenSSL developers. This is
822 * where we set/reset state across fork (called via pthread_atfork when
823 * it exists, or manually by the application when it doesn't).
824 *
825 * WARNING! If you put code in either OPENSSL_fork_parent or
826 * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
827 * safe. See this link, for example:
828 * http://man7.org/linux/man-pages/man7/signal-safety.7.html
829 */
830
OPENSSL_fork_prepare(void)831 void OPENSSL_fork_prepare(void)
832 {
833 }
834
OPENSSL_fork_parent(void)835 void OPENSSL_fork_parent(void)
836 {
837 }
838
OPENSSL_fork_child(void)839 void OPENSSL_fork_child(void)
840 {
841 }
842 #endif
843