1OPENSSL_INIT_CRYPTO(3ossl)          OpenSSL         OPENSSL_INIT_CRYPTO(3ossl)
2
3
4

NAME

6       OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename,
7       OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags,
8       OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup,
9       OPENSSL_atexit, OPENSSL_thread_stop_ex, OPENSSL_thread_stop - OpenSSL
10       initialisation and deinitialisation functions
11

SYNOPSIS

13        #include <openssl/crypto.h>
14
15        void OPENSSL_cleanup(void);
16        int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
17        int OPENSSL_atexit(void (*handler)(void));
18        void OPENSSL_thread_stop_ex(OSSL_LIB_CTX *ctx);
19        void OPENSSL_thread_stop(void);
20
21        OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
22        int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
23                                             const char* filename);
24        int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init,
25                                               unsigned long flags);
26        int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
27                                            const char* name);
28        void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
29

DESCRIPTION

31       During normal operation OpenSSL (libcrypto) will allocate various
32       resources at start up that must, subsequently, be freed on close down
33       of the library.  Additionally some resources are allocated on a per
34       thread basis (if the application is multi-threaded), and these
35       resources must be freed prior to the thread closing.
36
37       As of version 1.1.0 OpenSSL will automatically allocate all resources
38       that it needs so no explicit initialisation is required. Similarly it
39       will also automatically deinitialise as required.
40
41       However, there may be situations when explicit initialisation is
42       desirable or needed, for example when some nondefault initialisation is
43       required. The function OPENSSL_init_crypto() can be used for this
44       purpose for libcrypto (see also OPENSSL_init_ssl(3) for the libssl
45       equivalent).
46
47       Numerous internal OpenSSL functions call OPENSSL_init_crypto().
48       Therefore, in order to perform nondefault initialisation,
49       OPENSSL_init_crypto() MUST be called by application code prior to any
50       other OpenSSL function calls.
51
52       The opts parameter specifies which aspects of libcrypto should be
53       initialised. Valid options are:
54
55       OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
56           Suppress automatic loading of the libcrypto error strings. This
57           option is not a default option. Once selected subsequent calls to
58           OPENSSL_init_crypto() with the option
59           OPENSSL_INIT_LOAD_CRYPTO_STRINGS will be ignored.
60
61       OPENSSL_INIT_LOAD_CRYPTO_STRINGS
62           Automatic loading of the libcrypto error strings. With this option
63           the library will automatically load the libcrypto error strings.
64           This option is a default option. Once selected subsequent calls to
65           OPENSSL_init_crypto() with the option
66           OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS will be ignored.
67
68       OPENSSL_INIT_ADD_ALL_CIPHERS
69           With this option the library will automatically load and make
70           available all libcrypto ciphers. This option is a default option.
71           Once selected subsequent calls to OPENSSL_init_crypto() with the
72           option OPENSSL_INIT_NO_ADD_ALL_CIPHERS will be ignored.
73
74       OPENSSL_INIT_ADD_ALL_DIGESTS
75           With this option the library will automatically load and make
76           available all libcrypto digests. This option is a default option.
77           Once selected subsequent calls to OPENSSL_init_crypto() with the
78           option OPENSSL_INIT_NO_ADD_ALL_DIGESTS will be ignored.
79
80       OPENSSL_INIT_NO_ADD_ALL_CIPHERS
81           With this option the library will suppress automatic loading of
82           libcrypto ciphers. This option is not a default option. Once
83           selected subsequent calls to OPENSSL_init_crypto() with the option
84           OPENSSL_INIT_ADD_ALL_CIPHERS will be ignored.
85
86       OPENSSL_INIT_NO_ADD_ALL_DIGESTS
87           With this option the library will suppress automatic loading of
88           libcrypto digests. This option is not a default option. Once
89           selected subsequent calls to OPENSSL_init_crypto() with the option
90           OPENSSL_INIT_ADD_ALL_DIGESTS will be ignored.
91
92       OPENSSL_INIT_LOAD_CONFIG
93           With this option an OpenSSL configuration file will be
94           automatically loaded and used by calling OPENSSL_config(). This is
95           a default option.  Note that in OpenSSL 1.1.1 this was the default
96           for libssl but not for libcrypto (see OPENSSL_init_ssl(3) for
97           further details about libssl initialisation).  In OpenSSL 1.1.0
98           this was a nondefault option for both libssl and libcrypto.  See
99           the description of OPENSSL_INIT_new(), below.
100
101       OPENSSL_INIT_NO_LOAD_CONFIG
102           With this option the loading of OpenSSL configuration files will be
103           suppressed.  It is the equivalent of calling OPENSSL_no_config().
104           This is not a default option.
105
106       OPENSSL_INIT_ASYNC
107           With this option the library with automatically initialise the
108           libcrypto async sub-library (see ASYNC_start_job(3)). This is a
109           default option.
110
111       OPENSSL_INIT_ENGINE_RDRAND
112           With this option the library will automatically load and initialise
113           the RDRAND engine (if available). This not a default option and is
114           deprecated in OpenSSL 3.0.
115
116       OPENSSL_INIT_ENGINE_DYNAMIC
117           With this option the library will automatically load and initialise
118           the dynamic engine. This not a default option and is deprecated in
119           OpenSSL 3.0.
120
121       OPENSSL_INIT_ENGINE_OPENSSL
122           With this option the library will automatically load and initialise
123           the openssl engine. This not a default option and is deprecated in
124           OpenSSL 3.0.
125
126       OPENSSL_INIT_ENGINE_CRYPTODEV
127           With this option the library will automatically load and initialise
128           the cryptodev engine (if available). This not a default option and
129           is deprecated in OpenSSL 3.0.
130
131       OPENSSL_INIT_ENGINE_CAPI
132           With this option the library will automatically load and initialise
133           the CAPI engine (if available). This not a default option and is
134           deprecated in OpenSSL 3.0.
135
136       OPENSSL_INIT_ENGINE_PADLOCK
137           With this option the library will automatically load and initialise
138           the padlock engine (if available). This not a default option and is
139           deprecated in OpenSSL 3.0.
140
141       OPENSSL_INIT_ENGINE_AFALG
142           With this option the library will automatically load and initialise
143           the AFALG engine. This not a default option and is deprecated in
144           OpenSSL 3.0.
145
146       OPENSSL_INIT_ENGINE_ALL_BUILTIN
147           With this option the library will automatically load and initialise
148           all the built in engines listed above with the exception of the
149           openssl and afalg engines. This not a default option and is
150           deprecated in OpenSSL 3.0.
151
152       OPENSSL_INIT_ATFORK
153           With this option the library will register its fork handlers.  See
154           OPENSSL_fork_prepare(3) for details.
155
156       OPENSSL_INIT_NO_ATEXIT
157           By default OpenSSL will attempt to clean itself up when the process
158           exits via an "atexit" handler. Using this option suppresses that
159           behaviour. This means that the application will have to clean up
160           OpenSSL explicitly using OPENSSL_cleanup().
161
162       Multiple options may be combined together in a single call to
163       OPENSSL_init_crypto(). For example:
164
165        OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
166                            | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
167
168       The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
169       and libssl). All resources allocated by OpenSSL are freed. Typically
170       there should be no need to call this function directly as it is
171       initiated automatically on application exit. This is done via the
172       standard C library atexit() function. In the event that the application
173       will close in a manner that will not call the registered atexit()
174       handlers then the application should call OPENSSL_cleanup() directly.
175       Developers of libraries using OpenSSL are discouraged from calling this
176       function and should instead, typically, rely on auto-deinitialisation.
177       This is to avoid error conditions where both an application and a
178       library it depends on both use OpenSSL, and the library deinitialises
179       it before the application has finished using it.
180
181       Once OPENSSL_cleanup() has been called the library cannot be
182       reinitialised.  Attempts to call OPENSSL_init_crypto() will fail and an
183       ERR_R_INIT_FAIL error will be added to the error stack. Note that
184       because initialisation has failed OpenSSL error strings will not be
185       available, only an error code. This code can be put through the openssl
186       errstr command line application to produce a human readable error (see
187       openssl-errstr(1)).
188
189       The OPENSSL_atexit() function enables the registration of a function to
190       be called during OPENSSL_cleanup(). Stop handlers are called after
191       deinitialisation of resources local to a thread, but before other
192       process wide resources are freed. In the event that multiple stop
193       handlers are registered, no guarantees are made about the order of
194       execution.
195
196       The OPENSSL_thread_stop_ex() function deallocates resources associated
197       with the current thread for the given OSSL_LIB_CTX ctx. The ctx
198       parameter can be NULL in which case the default OSSL_LIB_CTX is used.
199
200       Typically, this function will be called automatically by the library
201       when the thread exits as long as the OSSL_LIB_CTX has not been freed
202       before the thread exits. If OSSL_LIB_CTX_free() is called
203       OPENSSL_thread_stop_ex will be called automatically for the current
204       thread (but not any other threads that may have used this
205       OSSL_LIB_CTX).
206
207       OPENSSL_thread_stop_ex should be called on all threads that will exit
208       after the OSSL_LIB_CTX is freed.  Typically this is not necessary for
209       the default OSSL_LIB_CTX (because all resources are cleaned up on
210       library exit) except if thread local resources should be freed before
211       library exit, or under the circumstances described in the NOTES section
212       below.
213
214       OPENSSL_thread_stop() is the same as OPENSSL_thread_stop_ex() except
215       that the default OSSL_LIB_CTX is always used.
216
217       The OPENSSL_INIT_LOAD_CONFIG flag will load a configuration file, as
218       with CONF_modules_load_file(3) with NULL filename and application name
219       and the CONF_MFLAGS_IGNORE_MISSING_FILE,
220       CONF_MFLAGS_IGNORE_RETURN_CODES  and CONF_MFLAGS_DEFAULT_SECTION flags.
221       The filename, application name, and flags can be customized by
222       providing a non-null OPENSSL_INIT_SETTINGS object.  The object can be
223       allocated via OPENSSL_INIT_new().  The
224       OPENSSL_INIT_set_config_filename() function can be used to specify a
225       nondefault filename, which is copied and need not refer to persistent
226       storage.  Similarly, OPENSSL_INIT_set_config_appname() can be used to
227       specify a nondefault application name.  Finally,
228       OPENSSL_INIT_set_file_flags can be used to specify nondefault flags.
229       If the CONF_MFLAGS_IGNORE_RETURN_CODES flag is not included, any errors
230       in the configuration file will cause an error return from
231       OPENSSL_init_crypto or indirectly OPENSSL_init_ssl(3).  The object can
232       be released with OPENSSL_INIT_free() when done.
233

NOTES

235       Resources local to a thread are deallocated automatically when the
236       thread exits (e.g. in a pthreads environment, when pthread_exit() is
237       called). On Windows platforms this is done in response to a
238       DLL_THREAD_DETACH message being sent to the libcrypto32.dll entry
239       point. Some windows functions may cause threads to exit without sending
240       this message (for example ExitProcess()). If the application uses such
241       functions, then the application must free up OpenSSL resources directly
242       via a call to OPENSSL_thread_stop() on each thread. Similarly this
243       message will also not be sent if OpenSSL is linked statically, and
244       therefore applications using static linking should also call
245       OPENSSL_thread_stop() on each thread. Additionally if OpenSSL is loaded
246       dynamically via LoadLibrary() and the threads are not destroyed until
247       after FreeLibrary() is called then each thread should call
248       OPENSSL_thread_stop() prior to the FreeLibrary() call.
249
250       On Linux/Unix where OpenSSL has been loaded via dlopen() and the
251       application is multi-threaded and if dlclose() is subsequently called
252       prior to the threads being destroyed then OpenSSL will not be able to
253       deallocate resources associated with those threads. The application
254       should either call OPENSSL_thread_stop() on each thread prior to the
255       dlclose() call, or alternatively the original dlopen() call should use
256       the RTLD_NODELETE flag (where available on the platform).
257

RETURN VALUES

259       The functions OPENSSL_init_crypto, OPENSSL_atexit() and
260       OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.
261

SEE ALSO

263       OPENSSL_init_ssl(3)
264

HISTORY

266       The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
267       OPENSSL_thread_stop(), OPENSSL_INIT_new(),
268       OPENSSL_INIT_set_config_appname() and OPENSSL_INIT_free() functions
269       were added in OpenSSL 1.1.0.
270
272       Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
273
274       Licensed under the Apache License 2.0 (the "License").  You may not use
275       this file except in compliance with the License.  You can obtain a copy
276       in the file LICENSE in the source distribution or at
277       <https://www.openssl.org/source/license.html>.
278
279
280
2813.0.9                             2023-07-27        OPENSSL_INIT_CRYPTO(3ossl)
Impressum