1 /* 2 * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "e_os.h" 11 #include "internal/cryptlib_int.h" 12 #include <openssl/err.h> 13 #include "internal/rand_int.h" 14 #include "internal/bio.h" 15 #include <openssl/evp.h> 16 #include "internal/evp_int.h" 17 #include "internal/conf.h" 18 #include "internal/async.h" 19 #include "internal/engine.h" 20 #include "internal/comp.h" 21 #include "internal/err.h" 22 #include "internal/err_int.h" 23 #include "internal/objects.h" 24 #include <stdlib.h> 25 #include <assert.h> 26 #include "internal/thread_once.h" 27 #include "internal/dso_conf.h" 28 #include "internal/dso.h" 29 #include "internal/store.h" 30 31 static int stopped = 0; 32 33 /* 34 * Since per-thread-specific-data destructors are not universally 35 * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key 36 * is assumed to have destructor associated. And then an effort is made 37 * to call this single destructor on non-pthread platform[s]. 38 * 39 * Initial value is "impossible". It is used as guard value to shortcut 40 * destructor for threads terminating before libcrypto is initialized or 41 * after it's de-initialized. Access to the key doesn't have to be 42 * serialized for the said threads, because they didn't use libcrypto 43 * and it doesn't matter if they pick "impossible" or derefernce real 44 * key value and pull NULL past initialization in the first thread that 45 * intends to use libcrypto. 46 */ 47 static union { 48 long sane; 49 CRYPTO_THREAD_LOCAL value; 50 } destructor_key = { -1 }; 51 52 static void ossl_init_thread_stop(struct thread_local_inits_st *locals); 53 54 static void ossl_init_thread_destructor(void *local) 55 { 56 ossl_init_thread_stop((struct thread_local_inits_st *)local); 57 } 58 59 static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc) 60 { 61 struct thread_local_inits_st *local = 62 CRYPTO_THREAD_get_local(&destructor_key.value); 63 64 if (alloc) { 65 if (local == NULL 66 && (local = OPENSSL_zalloc(sizeof(*local))) != NULL 67 && !CRYPTO_THREAD_set_local(&destructor_key.value, local)) { 68 OPENSSL_free(local); 69 return NULL; 70 } 71 } else { 72 CRYPTO_THREAD_set_local(&destructor_key.value, NULL); 73 } 74 75 return local; 76 } 77 78 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP; 79 struct ossl_init_stop_st { 80 void (*handler)(void); 81 OPENSSL_INIT_STOP *next; 82 }; 83 84 static OPENSSL_INIT_STOP *stop_handlers = NULL; 85 static CRYPTO_RWLOCK *init_lock = NULL; 86 87 static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT; 88 static int base_inited = 0; 89 DEFINE_RUN_ONCE_STATIC(ossl_init_base) 90 { 91 CRYPTO_THREAD_LOCAL key; 92 93 #ifdef OPENSSL_INIT_DEBUG 94 fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n"); 95 #endif 96 #ifndef OPENSSL_NO_CRYPTO_MDEBUG 97 ossl_malloc_setup_failures(); 98 #endif 99 if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor)) 100 return 0; 101 if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) 102 goto err; 103 OPENSSL_cpuid_setup(); 104 105 destructor_key.value = key; 106 base_inited = 1; 107 return 1; 108 109 err: 110 #ifdef OPENSSL_INIT_DEBUG 111 fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n"); 112 #endif 113 CRYPTO_THREAD_lock_free(init_lock); 114 init_lock = NULL; 115 116 CRYPTO_THREAD_cleanup_local(&key); 117 return 0; 118 } 119 120 static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT; 121 #if !defined(OPENSSL_SYS_UEFI) && defined(_WIN32) 122 static int win32atexit(void) 123 { 124 OPENSSL_cleanup(); 125 return 0; 126 } 127 #endif 128 129 DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit) 130 { 131 #ifdef OPENSSL_INIT_DEBUG 132 fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n"); 133 #endif 134 #ifndef OPENSSL_SYS_UEFI 135 # ifdef _WIN32 136 /* We use _onexit() in preference because it gets called on DLL unload */ 137 if (_onexit(win32atexit) == NULL) 138 return 0; 139 # else 140 if (atexit(OPENSSL_cleanup) != 0) 141 return 0; 142 # endif 143 #endif 144 145 return 1; 146 } 147 148 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit, 149 ossl_init_register_atexit) 150 { 151 #ifdef OPENSSL_INIT_DEBUG 152 fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n"); 153 #endif 154 /* Do nothing in this case */ 155 return 1; 156 } 157 158 static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT; 159 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) 160 { 161 #ifdef OPENSSL_INIT_DEBUG 162 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n"); 163 #endif 164 #if !defined(OPENSSL_NO_DSO) \ 165 && !defined(OPENSSL_USE_NODELETE) \ 166 && !defined(OPENSSL_NO_PINSHARED) 167 # ifdef DSO_WIN32 168 { 169 HMODULE handle = NULL; 170 BOOL ret; 171 172 /* We don't use the DSO route for WIN32 because there is a better way */ 173 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS 174 | GET_MODULE_HANDLE_EX_FLAG_PIN, 175 (void *)&base_inited, &handle); 176 177 # ifdef OPENSSL_INIT_DEBUG 178 fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n", 179 (ret == TRUE ? "No!" : "Yes.")); 180 # endif 181 return (ret == TRUE) ? 1 : 0; 182 } 183 # else 184 /* 185 * Deliberately leak a reference to ourselves. This will force the library 186 * to remain loaded until the atexit() handler is run at process exit. 187 */ 188 { 189 DSO *dso; 190 void *err; 191 192 if (!err_shelve_state(&err)) 193 return 0; 194 195 dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE); 196 # ifdef OPENSSL_INIT_DEBUG 197 fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n", 198 (dso == NULL ? "No!" : "Yes.")); 199 /* 200 * In case of No!, it is uncertain our exit()-handlers can still be 201 * called. After dlclose() the whole library might have been unloaded 202 * already. 203 */ 204 # endif 205 DSO_free(dso); 206 err_unshelve_state(err); 207 } 208 # endif 209 #endif 210 211 return 1; 212 } 213 214 static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT; 215 static int load_crypto_strings_inited = 0; 216 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings) 217 { 218 int ret = 1; 219 /* 220 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time 221 * pulling in all the error strings during static linking 222 */ 223 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) 224 # ifdef OPENSSL_INIT_DEBUG 225 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: " 226 "err_load_crypto_strings_int()\n"); 227 # endif 228 ret = err_load_crypto_strings_int(); 229 load_crypto_strings_inited = 1; 230 #endif 231 return ret; 232 } 233 234 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings, 235 ossl_init_load_crypto_strings) 236 { 237 /* Do nothing in this case */ 238 return 1; 239 } 240 241 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT; 242 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers) 243 { 244 /* 245 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time 246 * pulling in all the ciphers during static linking 247 */ 248 #ifndef OPENSSL_NO_AUTOALGINIT 249 # ifdef OPENSSL_INIT_DEBUG 250 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: " 251 "openssl_add_all_ciphers_int()\n"); 252 # endif 253 openssl_add_all_ciphers_int(); 254 #endif 255 return 1; 256 } 257 258 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers, 259 ossl_init_add_all_ciphers) 260 { 261 /* Do nothing */ 262 return 1; 263 } 264 265 static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT; 266 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests) 267 { 268 /* 269 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time 270 * pulling in all the ciphers during static linking 271 */ 272 #ifndef OPENSSL_NO_AUTOALGINIT 273 # ifdef OPENSSL_INIT_DEBUG 274 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: " 275 "openssl_add_all_digests()\n"); 276 # endif 277 openssl_add_all_digests_int(); 278 #endif 279 return 1; 280 } 281 282 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests, 283 ossl_init_add_all_digests) 284 { 285 /* Do nothing */ 286 return 1; 287 } 288 289 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT; 290 static int config_inited = 0; 291 static const OPENSSL_INIT_SETTINGS *conf_settings = NULL; 292 DEFINE_RUN_ONCE_STATIC(ossl_init_config) 293 { 294 int ret = openssl_config_int(conf_settings); 295 config_inited = 1; 296 return ret; 297 } 298 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config) 299 { 300 #ifdef OPENSSL_INIT_DEBUG 301 fprintf(stderr, 302 "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n"); 303 #endif 304 openssl_no_config_int(); 305 config_inited = 1; 306 return 1; 307 } 308 309 static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT; 310 static int async_inited = 0; 311 DEFINE_RUN_ONCE_STATIC(ossl_init_async) 312 { 313 #ifdef OPENSSL_INIT_DEBUG 314 fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n"); 315 #endif 316 if (!async_init()) 317 return 0; 318 async_inited = 1; 319 return 1; 320 } 321 322 #ifndef OPENSSL_NO_ENGINE 323 static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT; 324 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl) 325 { 326 # ifdef OPENSSL_INIT_DEBUG 327 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: " 328 "engine_load_openssl_int()\n"); 329 # endif 330 engine_load_openssl_int(); 331 return 1; 332 } 333 # ifndef OPENSSL_NO_DEVCRYPTOENG 334 static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT; 335 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto) 336 { 337 # ifdef OPENSSL_INIT_DEBUG 338 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: " 339 "engine_load_devcrypto_int()\n"); 340 # endif 341 engine_load_devcrypto_int(); 342 return 1; 343 } 344 # endif 345 346 # ifndef OPENSSL_NO_RDRAND 347 static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT; 348 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand) 349 { 350 # ifdef OPENSSL_INIT_DEBUG 351 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: " 352 "engine_load_rdrand_int()\n"); 353 # endif 354 engine_load_rdrand_int(); 355 return 1; 356 } 357 # endif 358 static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT; 359 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic) 360 { 361 # ifdef OPENSSL_INIT_DEBUG 362 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: " 363 "engine_load_dynamic_int()\n"); 364 # endif 365 engine_load_dynamic_int(); 366 return 1; 367 } 368 # ifndef OPENSSL_NO_STATIC_ENGINE 369 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) 370 static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT; 371 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock) 372 { 373 # ifdef OPENSSL_INIT_DEBUG 374 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: " 375 "engine_load_padlock_int()\n"); 376 # endif 377 engine_load_padlock_int(); 378 return 1; 379 } 380 # endif 381 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) 382 static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT; 383 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi) 384 { 385 # ifdef OPENSSL_INIT_DEBUG 386 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: " 387 "engine_load_capi_int()\n"); 388 # endif 389 engine_load_capi_int(); 390 return 1; 391 } 392 # endif 393 # if !defined(OPENSSL_NO_AFALGENG) 394 static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT; 395 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg) 396 { 397 # ifdef OPENSSL_INIT_DEBUG 398 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: " 399 "engine_load_afalg_int()\n"); 400 # endif 401 engine_load_afalg_int(); 402 return 1; 403 } 404 # endif 405 # endif 406 #endif 407 408 #ifndef OPENSSL_NO_COMP 409 static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT; 410 411 static int zlib_inited = 0; 412 DEFINE_RUN_ONCE_STATIC(ossl_init_zlib) 413 { 414 /* Do nothing - we need to know about this for the later cleanup */ 415 zlib_inited = 1; 416 return 1; 417 } 418 #endif 419 420 static void ossl_init_thread_stop(struct thread_local_inits_st *locals) 421 { 422 /* Can't do much about this */ 423 if (locals == NULL) 424 return; 425 426 if (locals->async) { 427 #ifdef OPENSSL_INIT_DEBUG 428 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " 429 "async_delete_thread_state()\n"); 430 #endif 431 async_delete_thread_state(); 432 } 433 434 if (locals->err_state) { 435 #ifdef OPENSSL_INIT_DEBUG 436 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " 437 "err_delete_thread_state()\n"); 438 #endif 439 err_delete_thread_state(); 440 } 441 442 if (locals->rand) { 443 #ifdef OPENSSL_INIT_DEBUG 444 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " 445 "drbg_delete_thread_state()\n"); 446 #endif 447 drbg_delete_thread_state(); 448 } 449 450 OPENSSL_free(locals); 451 } 452 453 void OPENSSL_thread_stop(void) 454 { 455 if (destructor_key.sane != -1) 456 ossl_init_thread_stop(ossl_init_get_thread_local(0)); 457 } 458 459 int ossl_init_thread_start(uint64_t opts) 460 { 461 struct thread_local_inits_st *locals; 462 463 if (!OPENSSL_init_crypto(0, NULL)) 464 return 0; 465 466 locals = ossl_init_get_thread_local(1); 467 468 if (locals == NULL) 469 return 0; 470 471 if (opts & OPENSSL_INIT_THREAD_ASYNC) { 472 #ifdef OPENSSL_INIT_DEBUG 473 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: " 474 "marking thread for async\n"); 475 #endif 476 locals->async = 1; 477 } 478 479 if (opts & OPENSSL_INIT_THREAD_ERR_STATE) { 480 #ifdef OPENSSL_INIT_DEBUG 481 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: " 482 "marking thread for err_state\n"); 483 #endif 484 locals->err_state = 1; 485 } 486 487 if (opts & OPENSSL_INIT_THREAD_RAND) { 488 #ifdef OPENSSL_INIT_DEBUG 489 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: " 490 "marking thread for rand\n"); 491 #endif 492 locals->rand = 1; 493 } 494 495 return 1; 496 } 497 498 void OPENSSL_cleanup(void) 499 { 500 OPENSSL_INIT_STOP *currhandler, *lasthandler; 501 CRYPTO_THREAD_LOCAL key; 502 503 /* If we've not been inited then no need to deinit */ 504 if (!base_inited) 505 return; 506 507 /* Might be explicitly called and also by atexit */ 508 if (stopped) 509 return; 510 stopped = 1; 511 512 /* 513 * Thread stop may not get automatically called by the thread library for 514 * the very last thread in some situations, so call it directly. 515 */ 516 ossl_init_thread_stop(ossl_init_get_thread_local(0)); 517 518 currhandler = stop_handlers; 519 while (currhandler != NULL) { 520 currhandler->handler(); 521 lasthandler = currhandler; 522 currhandler = currhandler->next; 523 OPENSSL_free(lasthandler); 524 } 525 stop_handlers = NULL; 526 527 CRYPTO_THREAD_lock_free(init_lock); 528 init_lock = NULL; 529 530 /* 531 * We assume we are single-threaded for this function, i.e. no race 532 * conditions for the various "*_inited" vars below. 533 */ 534 535 #ifndef OPENSSL_NO_COMP 536 if (zlib_inited) { 537 #ifdef OPENSSL_INIT_DEBUG 538 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 539 "comp_zlib_cleanup_int()\n"); 540 #endif 541 comp_zlib_cleanup_int(); 542 } 543 #endif 544 545 if (async_inited) { 546 # ifdef OPENSSL_INIT_DEBUG 547 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 548 "async_deinit()\n"); 549 # endif 550 async_deinit(); 551 } 552 553 if (load_crypto_strings_inited) { 554 #ifdef OPENSSL_INIT_DEBUG 555 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 556 "err_free_strings_int()\n"); 557 #endif 558 err_free_strings_int(); 559 } 560 561 key = destructor_key.value; 562 destructor_key.sane = -1; 563 CRYPTO_THREAD_cleanup_local(&key); 564 565 #ifdef OPENSSL_INIT_DEBUG 566 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 567 "rand_cleanup_int()\n"); 568 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 569 "conf_modules_free_int()\n"); 570 #ifndef OPENSSL_NO_ENGINE 571 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 572 "engine_cleanup_int()\n"); 573 #endif 574 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 575 "crypto_cleanup_all_ex_data_int()\n"); 576 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 577 "bio_sock_cleanup_int()\n"); 578 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 579 "bio_cleanup()\n"); 580 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 581 "evp_cleanup_int()\n"); 582 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 583 "obj_cleanup_int()\n"); 584 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 585 "err_cleanup()\n"); 586 #endif 587 /* 588 * Note that cleanup order is important: 589 * - rand_cleanup_int could call an ENGINE's RAND cleanup function so 590 * must be called before engine_cleanup_int() 591 * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up 592 * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data(). 593 * - conf_modules_free_int() can end up in ENGINE code so must be called 594 * before engine_cleanup_int() 595 * - ENGINEs and additional EVP algorithms might use added OIDs names so 596 * obj_cleanup_int() must be called last 597 */ 598 rand_cleanup_int(); 599 rand_drbg_cleanup_int(); 600 conf_modules_free_int(); 601 #ifndef OPENSSL_NO_ENGINE 602 engine_cleanup_int(); 603 #endif 604 ossl_store_cleanup_int(); 605 crypto_cleanup_all_ex_data_int(); 606 bio_cleanup(); 607 evp_cleanup_int(); 608 obj_cleanup_int(); 609 err_cleanup(); 610 611 CRYPTO_secure_malloc_done(); 612 613 base_inited = 0; 614 } 615 616 /* 617 * If this function is called with a non NULL settings value then it must be 618 * called prior to any threads making calls to any OpenSSL functions, 619 * i.e. passing a non-null settings value is assumed to be single-threaded. 620 */ 621 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) 622 { 623 if (stopped) { 624 if (!(opts & OPENSSL_INIT_BASE_ONLY)) 625 CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL); 626 return 0; 627 } 628 629 /* 630 * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the 631 * *only* option specified. With that option we return immediately after 632 * doing the requested limited initialization. Note that 633 * err_shelve_state() called by us via ossl_init_load_crypto_nodelete() 634 * re-enters OPENSSL_init_crypto() with OPENSSL_INIT_BASE_ONLY, but with 635 * base already initialized this is a harmless NOOP. 636 * 637 * If we remain the only caller of err_shelve_state() the recursion should 638 * perhaps be removed, but if in doubt, it can be left in place. 639 */ 640 if (!RUN_ONCE(&base, ossl_init_base)) 641 return 0; 642 if (opts & OPENSSL_INIT_BASE_ONLY) 643 return 1; 644 645 /* 646 * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls 647 * should not have the side-effect of setting up exit handlers, and 648 * therefore, this code block is below the INIT_BASE_ONLY-conditioned early 649 * return above. 650 */ 651 if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) { 652 if (!RUN_ONCE_ALT(®ister_atexit, ossl_init_no_register_atexit, 653 ossl_init_register_atexit)) 654 return 0; 655 } else if (!RUN_ONCE(®ister_atexit, ossl_init_register_atexit)) { 656 return 0; 657 } 658 659 if (!RUN_ONCE(&load_crypto_nodelete, ossl_init_load_crypto_nodelete)) 660 return 0; 661 662 if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS) 663 && !RUN_ONCE_ALT(&load_crypto_strings, 664 ossl_init_no_load_crypto_strings, 665 ossl_init_load_crypto_strings)) 666 return 0; 667 668 if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS) 669 && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings)) 670 return 0; 671 672 if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS) 673 && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers, 674 ossl_init_add_all_ciphers)) 675 return 0; 676 677 if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS) 678 && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers)) 679 return 0; 680 681 if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS) 682 && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests, 683 ossl_init_add_all_digests)) 684 return 0; 685 686 if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS) 687 && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests)) 688 return 0; 689 690 if ((opts & OPENSSL_INIT_ATFORK) 691 && !openssl_init_fork_handlers()) 692 return 0; 693 694 if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) 695 && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config)) 696 return 0; 697 698 if (opts & OPENSSL_INIT_LOAD_CONFIG) { 699 int ret; 700 CRYPTO_THREAD_write_lock(init_lock); 701 conf_settings = settings; 702 ret = RUN_ONCE(&config, ossl_init_config); 703 conf_settings = NULL; 704 CRYPTO_THREAD_unlock(init_lock); 705 if (!ret) 706 return 0; 707 } 708 709 if ((opts & OPENSSL_INIT_ASYNC) 710 && !RUN_ONCE(&async, ossl_init_async)) 711 return 0; 712 713 #ifndef OPENSSL_NO_ENGINE 714 if ((opts & OPENSSL_INIT_ENGINE_OPENSSL) 715 && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl)) 716 return 0; 717 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG) 718 if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV) 719 && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto)) 720 return 0; 721 # endif 722 # ifndef OPENSSL_NO_RDRAND 723 if ((opts & OPENSSL_INIT_ENGINE_RDRAND) 724 && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand)) 725 return 0; 726 # endif 727 if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC) 728 && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic)) 729 return 0; 730 # ifndef OPENSSL_NO_STATIC_ENGINE 731 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) 732 if ((opts & OPENSSL_INIT_ENGINE_PADLOCK) 733 && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock)) 734 return 0; 735 # endif 736 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) 737 if ((opts & OPENSSL_INIT_ENGINE_CAPI) 738 && !RUN_ONCE(&engine_capi, ossl_init_engine_capi)) 739 return 0; 740 # endif 741 # if !defined(OPENSSL_NO_AFALGENG) 742 if ((opts & OPENSSL_INIT_ENGINE_AFALG) 743 && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg)) 744 return 0; 745 # endif 746 # endif 747 if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN 748 | OPENSSL_INIT_ENGINE_OPENSSL 749 | OPENSSL_INIT_ENGINE_AFALG)) { 750 ENGINE_register_all_complete(); 751 } 752 #endif 753 754 #ifndef OPENSSL_NO_COMP 755 if ((opts & OPENSSL_INIT_ZLIB) 756 && !RUN_ONCE(&zlib, ossl_init_zlib)) 757 return 0; 758 #endif 759 760 return 1; 761 } 762 763 int OPENSSL_atexit(void (*handler)(void)) 764 { 765 OPENSSL_INIT_STOP *newhand; 766 767 #if !defined(OPENSSL_NO_DSO) \ 768 && !defined(OPENSSL_USE_NODELETE)\ 769 && !defined(OPENSSL_NO_PINSHARED) 770 { 771 union { 772 void *sym; 773 void (*func)(void); 774 } handlersym; 775 776 handlersym.func = handler; 777 # ifdef DSO_WIN32 778 { 779 HMODULE handle = NULL; 780 BOOL ret; 781 782 /* 783 * We don't use the DSO route for WIN32 because there is a better 784 * way 785 */ 786 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS 787 | GET_MODULE_HANDLE_EX_FLAG_PIN, 788 handlersym.sym, &handle); 789 790 if (!ret) 791 return 0; 792 } 793 # else 794 /* 795 * Deliberately leak a reference to the handler. This will force the 796 * library/code containing the handler to remain loaded until we run the 797 * atexit handler. If -znodelete has been used then this is 798 * unnecessary. 799 */ 800 { 801 DSO *dso = NULL; 802 803 ERR_set_mark(); 804 dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); 805 # ifdef OPENSSL_INIT_DEBUG 806 fprintf(stderr, 807 "OPENSSL_INIT: OPENSSL_atexit: obtained DSO reference? %s\n", 808 (dso == NULL ? "No!" : "Yes.")); 809 /* See same code above in ossl_init_base() for an explanation. */ 810 # endif 811 DSO_free(dso); 812 ERR_pop_to_mark(); 813 } 814 # endif 815 } 816 #endif 817 818 if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) { 819 CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE); 820 return 0; 821 } 822 823 newhand->handler = handler; 824 newhand->next = stop_handlers; 825 stop_handlers = newhand; 826 827 return 1; 828 } 829 830 #ifdef OPENSSL_SYS_UNIX 831 /* 832 * The following three functions are for OpenSSL developers. This is 833 * where we set/reset state across fork (called via pthread_atfork when 834 * it exists, or manually by the application when it doesn't). 835 * 836 * WARNING! If you put code in either OPENSSL_fork_parent or 837 * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal- 838 * safe. See this link, for example: 839 * http://man7.org/linux/man-pages/man7/signal-safety.7.html 840 */ 841 842 void OPENSSL_fork_prepare(void) 843 { 844 } 845 846 void OPENSSL_fork_parent(void) 847 { 848 } 849 850 void OPENSSL_fork_child(void) 851 { 852 rand_fork(); 853 } 854 #endif 855