1OPENSSL_INIT_CRYPTO(3ossl) OpenSSL OPENSSL_INIT_CRYPTO(3ossl)
2
3
4
6 OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename,
7 OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags,
8 OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup,
9 OPENSSL_atexit, OPENSSL_thread_stop_ex, OPENSSL_thread_stop - OpenSSL
10 initialisation and deinitialisation functions
11
13 #include <openssl/crypto.h>
14
15 void OPENSSL_cleanup(void);
16 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
17 int OPENSSL_atexit(void (*handler)(void));
18 void OPENSSL_thread_stop_ex(OSSL_LIB_CTX *ctx);
19 void OPENSSL_thread_stop(void);
20
21 OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
22 int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
23 const char* filename);
24 int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init,
25 unsigned long flags);
26 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
27 const char* name);
28 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
29
31 During normal operation OpenSSL (libcrypto) will allocate various
32 resources at start up that must, subsequently, be freed on close down
33 of the library. Additionally some resources are allocated on a per
34 thread basis (if the application is multi-threaded), and these
35 resources must be freed prior to the thread closing.
36
37 As of version 1.1.0 OpenSSL will automatically allocate all resources
38 that it needs so no explicit initialisation is required. Similarly it
39 will also automatically deinitialise as required.
40
41 However, there may be situations when explicit initialisation is
42 desirable or needed, for example when some nondefault initialisation is
43 required. The function OPENSSL_init_crypto() can be used for this
44 purpose for libcrypto (see also OPENSSL_init_ssl(3) for the libssl
45 equivalent).
46
47 Numerous internal OpenSSL functions call OPENSSL_init_crypto().
48 Therefore, in order to perform nondefault initialisation,
49 OPENSSL_init_crypto() MUST be called by application code prior to any
50 other OpenSSL function calls.
51
52 The opts parameter specifies which aspects of libcrypto should be
53 initialised. Valid options are:
54
55 OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
56 Suppress automatic loading of the libcrypto error strings. This
57 option is not a default option. Once selected subsequent calls to
58 OPENSSL_init_crypto() with the option
59 OPENSSL_INIT_LOAD_CRYPTO_STRINGS will be ignored.
60
61 OPENSSL_INIT_LOAD_CRYPTO_STRINGS
62 Automatic loading of the libcrypto error strings. With this option
63 the library will automatically load the libcrypto error strings.
64 This option is a default option. Once selected subsequent calls to
65 OPENSSL_init_crypto() with the option
66 OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS will be ignored.
67
68 OPENSSL_INIT_ADD_ALL_CIPHERS
69 With this option the library will automatically load and make
70 available all libcrypto ciphers. This option is a default option.
71 Once selected subsequent calls to OPENSSL_init_crypto() with the
72 option OPENSSL_INIT_NO_ADD_ALL_CIPHERS will be ignored.
73
74 OPENSSL_INIT_ADD_ALL_DIGESTS
75 With this option the library will automatically load and make
76 available all libcrypto digests. This option is a default option.
77 Once selected subsequent calls to OPENSSL_init_crypto() with the
78 option OPENSSL_INIT_NO_ADD_ALL_DIGESTS will be ignored.
79
80 OPENSSL_INIT_NO_ADD_ALL_CIPHERS
81 With this option the library will suppress automatic loading of
82 libcrypto ciphers. This option is not a default option. Once
83 selected subsequent calls to OPENSSL_init_crypto() with the option
84 OPENSSL_INIT_ADD_ALL_CIPHERS will be ignored.
85
86 OPENSSL_INIT_NO_ADD_ALL_DIGESTS
87 With this option the library will suppress automatic loading of
88 libcrypto digests. This option is not a default option. Once
89 selected subsequent calls to OPENSSL_init_crypto() with the option
90 OPENSSL_INIT_ADD_ALL_DIGESTS will be ignored.
91
92 OPENSSL_INIT_LOAD_CONFIG
93 With this option an OpenSSL configuration file will be
94 automatically loaded and used by calling OPENSSL_config(). This is
95 a default option. Note that in OpenSSL 1.1.1 this was the default
96 for libssl but not for libcrypto (see OPENSSL_init_ssl(3) for
97 further details about libssl initialisation). In OpenSSL 1.1.0
98 this was a nondefault option for both libssl and libcrypto. See
99 the description of OPENSSL_INIT_new(), below.
100
101 OPENSSL_INIT_NO_LOAD_CONFIG
102 With this option the loading of OpenSSL configuration files will be
103 suppressed. It is the equivalent of calling OPENSSL_no_config().
104 This is not a default option.
105
106 OPENSSL_INIT_ASYNC
107 With this option the library with automatically initialise the
108 libcrypto async sub-library (see ASYNC_start_job(3)). This is a
109 default option.
110
111 OPENSSL_INIT_ENGINE_RDRAND
112 With this option the library will automatically load and initialise
113 the RDRAND engine (if available). This not a default option and is
114 deprecated in OpenSSL 3.0.
115
116 OPENSSL_INIT_ENGINE_DYNAMIC
117 With this option the library will automatically load and initialise
118 the dynamic engine. This not a default option and is deprecated in
119 OpenSSL 3.0.
120
121 OPENSSL_INIT_ENGINE_OPENSSL
122 With this option the library will automatically load and initialise
123 the openssl engine. This not a default option and is deprecated in
124 OpenSSL 3.0.
125
126 OPENSSL_INIT_ENGINE_CRYPTODEV
127 With this option the library will automatically load and initialise
128 the cryptodev engine (if available). This not a default option and
129 is deprecated in OpenSSL 3.0.
130
131 OPENSSL_INIT_ENGINE_CAPI
132 With this option the library will automatically load and initialise
133 the CAPI engine (if available). This not a default option and is
134 deprecated in OpenSSL 3.0.
135
136 OPENSSL_INIT_ENGINE_PADLOCK
137 With this option the library will automatically load and initialise
138 the padlock engine (if available). This not a default option and is
139 deprecated in OpenSSL 3.0.
140
141 OPENSSL_INIT_ENGINE_AFALG
142 With this option the library will automatically load and initialise
143 the AFALG engine. This not a default option and is deprecated in
144 OpenSSL 3.0.
145
146 OPENSSL_INIT_ENGINE_ALL_BUILTIN
147 With this option the library will automatically load and initialise
148 all the built in engines listed above with the exception of the
149 openssl and afalg engines. This not a default option and is
150 deprecated in OpenSSL 3.0.
151
152 OPENSSL_INIT_ATFORK
153 With this option the library will register its fork handlers. See
154 OPENSSL_fork_prepare(3) for details.
155
156 OPENSSL_INIT_NO_ATEXIT
157 By default OpenSSL will attempt to clean itself up when the process
158 exits via an "atexit" handler. Using this option suppresses that
159 behaviour. This means that the application will have to clean up
160 OpenSSL explicitly using OPENSSL_cleanup().
161
162 Multiple options may be combined together in a single call to
163 OPENSSL_init_crypto(). For example:
164
165 OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
166 | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
167
168 The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
169 and libssl). All resources allocated by OpenSSL are freed. Typically
170 there should be no need to call this function directly as it is
171 initiated automatically on application exit. This is done via the
172 standard C library atexit() function. In the event that the application
173 will close in a manner that will not call the registered atexit()
174 handlers then the application should call OPENSSL_cleanup() directly.
175 Developers of libraries using OpenSSL are discouraged from calling this
176 function and should instead, typically, rely on auto-deinitialisation.
177 This is to avoid error conditions where both an application and a
178 library it depends on both use OpenSSL, and the library deinitialises
179 it before the application has finished using it.
180
181 Once OPENSSL_cleanup() has been called the library cannot be
182 reinitialised. Attempts to call OPENSSL_init_crypto() will fail and an
183 ERR_R_INIT_FAIL error will be added to the error stack. Note that
184 because initialisation has failed OpenSSL error strings will not be
185 available, only an error code. This code can be put through the openssl
186 errstr command line application to produce a human readable error (see
187 openssl-errstr(1)).
188
189 The OPENSSL_atexit() function enables the registration of a function to
190 be called during OPENSSL_cleanup(). Stop handlers are called after
191 deinitialisation of resources local to a thread, but before other
192 process wide resources are freed. In the event that multiple stop
193 handlers are registered, no guarantees are made about the order of
194 execution.
195
196 The OPENSSL_thread_stop_ex() function deallocates resources associated
197 with the current thread for the given OSSL_LIB_CTX ctx. The ctx
198 parameter can be NULL in which case the default OSSL_LIB_CTX is used.
199
200 Typically, this function will be called automatically by the library
201 when the thread exits as long as the OSSL_LIB_CTX has not been freed
202 before the thread exits. If OSSL_LIB_CTX_free() is called
203 OPENSSL_thread_stop_ex will be called automatically for the current
204 thread (but not any other threads that may have used this
205 OSSL_LIB_CTX).
206
207 OPENSSL_thread_stop_ex should be called on all threads that will exit
208 after the OSSL_LIB_CTX is freed. Typically this is not necessary for
209 the default OSSL_LIB_CTX (because all resources are cleaned up on
210 library exit) except if thread local resources should be freed before
211 library exit, or under the circumstances described in the NOTES section
212 below.
213
214 OPENSSL_thread_stop() is the same as OPENSSL_thread_stop_ex() except
215 that the default OSSL_LIB_CTX is always used.
216
217 The OPENSSL_INIT_LOAD_CONFIG flag will load a configuration file, as
218 with CONF_modules_load_file(3) with NULL filename and application name
219 and the CONF_MFLAGS_IGNORE_MISSING_FILE,
220 CONF_MFLAGS_IGNORE_RETURN_CODES and CONF_MFLAGS_DEFAULT_SECTION flags.
221 The filename, application name, and flags can be customized by
222 providing a non-null OPENSSL_INIT_SETTINGS object. The object can be
223 allocated via OPENSSL_INIT_new(). The
224 OPENSSL_INIT_set_config_filename() function can be used to specify a
225 nondefault filename, which is copied and need not refer to persistent
226 storage. Similarly, OPENSSL_INIT_set_config_appname() can be used to
227 specify a nondefault application name. Finally,
228 OPENSSL_INIT_set_file_flags can be used to specify nondefault flags.
229 If the CONF_MFLAGS_IGNORE_RETURN_CODES flag is not included, any errors
230 in the configuration file will cause an error return from
231 OPENSSL_init_crypto or indirectly OPENSSL_init_ssl(3). The object can
232 be released with OPENSSL_INIT_free() when done.
233
235 Resources local to a thread are deallocated automatically when the
236 thread exits (e.g. in a pthreads environment, when pthread_exit() is
237 called). On Windows platforms this is done in response to a
238 DLL_THREAD_DETACH message being sent to the libcrypto32.dll entry
239 point. Some windows functions may cause threads to exit without sending
240 this message (for example ExitProcess()). If the application uses such
241 functions, then the application must free up OpenSSL resources directly
242 via a call to OPENSSL_thread_stop() on each thread. Similarly this
243 message will also not be sent if OpenSSL is linked statically, and
244 therefore applications using static linking should also call
245 OPENSSL_thread_stop() on each thread. Additionally if OpenSSL is loaded
246 dynamically via LoadLibrary() and the threads are not destroyed until
247 after FreeLibrary() is called then each thread should call
248 OPENSSL_thread_stop() prior to the FreeLibrary() call.
249
250 On Linux/Unix where OpenSSL has been loaded via dlopen() and the
251 application is multi-threaded and if dlclose() is subsequently called
252 prior to the threads being destroyed then OpenSSL will not be able to
253 deallocate resources associated with those threads. The application
254 should either call OPENSSL_thread_stop() on each thread prior to the
255 dlclose() call, or alternatively the original dlopen() call should use
256 the RTLD_NODELETE flag (where available on the platform).
257
259 The functions OPENSSL_init_crypto, OPENSSL_atexit() and
260 OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.
261
263 OPENSSL_init_ssl(3)
264
266 The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
267 OPENSSL_thread_stop(), OPENSSL_INIT_new(),
268 OPENSSL_INIT_set_config_appname() and OPENSSL_INIT_free() functions
269 were added in OpenSSL 1.1.0.
270
272 Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
273
274 Licensed under the Apache License 2.0 (the "License"). You may not use
275 this file except in compliance with the License. You can obtain a copy
276 in the file LICENSE in the source distribution or at
277 <https://www.openssl.org/source/license.html>.
278
279
280
2813.0.9 2023-07-27 OPENSSL_INIT_CRYPTO(3ossl)