• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include "e_os.h"
11 #include "crypto/cryptlib.h"
12 #include <openssl/err.h>
13 #include "crypto/rand.h"
14 #include "internal/bio.h"
15 #include <openssl/evp.h>
16 #include "crypto/evp.h"
17 #include "internal/conf.h"
18 #include "crypto/async.h"
19 #include "crypto/engine.h"
20 #include "internal/comp.h"
21 #include "internal/err.h"
22 #include "crypto/err.h"
23 #include "crypto/objects.h"
24 #include <stdlib.h>
25 #include <assert.h>
26 #include "internal/thread_once.h"
27 #include "crypto/dso_conf.h"
28 #include "internal/dso.h"
29 #include "crypto/store.h"
30 
31 static int stopped = 0;
32 
33 /*
34  * Since per-thread-specific-data destructors are not universally
35  * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key
36  * is assumed to have destructor associated. And then an effort is made
37  * to call this single destructor on non-pthread platform[s].
38  *
39  * Initial value is "impossible". It is used as guard value to shortcut
40  * destructor for threads terminating before libcrypto is initialized or
41  * after it's de-initialized. Access to the key doesn't have to be
42  * serialized for the said threads, because they didn't use libcrypto
43  * and it doesn't matter if they pick "impossible" or dereference real
44  * key value and pull NULL past initialization in the first thread that
45  * intends to use libcrypto.
46  */
47 static union {
48     long sane;
49     CRYPTO_THREAD_LOCAL value;
50 } destructor_key = { -1 };
51 
52 static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
53 
ossl_init_thread_destructor(void * local)54 static void ossl_init_thread_destructor(void *local)
55 {
56     ossl_init_thread_stop((struct thread_local_inits_st *)local);
57 }
58 
ossl_init_get_thread_local(int alloc)59 static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
60 {
61     struct thread_local_inits_st *local =
62         CRYPTO_THREAD_get_local(&destructor_key.value);
63 
64     if (alloc) {
65         if (local == NULL
66             && (local = OPENSSL_zalloc(sizeof(*local))) != NULL
67             && !CRYPTO_THREAD_set_local(&destructor_key.value, local)) {
68             OPENSSL_free(local);
69             return NULL;
70         }
71     } else {
72         CRYPTO_THREAD_set_local(&destructor_key.value, NULL);
73     }
74 
75     return local;
76 }
77 
78 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
79 struct ossl_init_stop_st {
80     void (*handler)(void);
81     OPENSSL_INIT_STOP *next;
82 };
83 
84 static OPENSSL_INIT_STOP *stop_handlers = NULL;
85 static CRYPTO_RWLOCK *init_lock = NULL;
86 
87 static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
88 static int base_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_base)89 DEFINE_RUN_ONCE_STATIC(ossl_init_base)
90 {
91     CRYPTO_THREAD_LOCAL key;
92 
93 #ifdef OPENSSL_INIT_DEBUG
94     fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
95 #endif
96 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
97     ossl_malloc_setup_failures();
98 #endif
99     if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor))
100         return 0;
101     if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
102         goto err;
103     OPENSSL_cpuid_setup();
104 
105     destructor_key.value = key;
106     base_inited = 1;
107     return 1;
108 
109 err:
110 #ifdef OPENSSL_INIT_DEBUG
111     fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n");
112 #endif
113     CRYPTO_THREAD_lock_free(init_lock);
114     init_lock = NULL;
115 
116     CRYPTO_THREAD_cleanup_local(&key);
117     return 0;
118 }
119 
120 static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT;
121 #if !defined(OPENSSL_SYS_UEFI) && defined(_WIN32)
win32atexit(void)122 static int win32atexit(void)
123 {
124     OPENSSL_cleanup();
125     return 0;
126 }
127 #endif
128 
DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)129 DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)
130 {
131 #ifdef OPENSSL_INIT_DEBUG
132     fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n");
133 #endif
134 #ifndef OPENSSL_SYS_UEFI
135 # ifdef _WIN32
136     /* We use _onexit() in preference because it gets called on DLL unload */
137     if (_onexit(win32atexit) == NULL)
138         return 0;
139 # else
140     if (atexit(OPENSSL_cleanup) != 0)
141         return 0;
142 # endif
143 #endif
144 
145     return 1;
146 }
147 
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,ossl_init_register_atexit)148 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,
149                            ossl_init_register_atexit)
150 {
151 #ifdef OPENSSL_INIT_DEBUG
152     fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n");
153 #endif
154     /* Do nothing in this case */
155     return 1;
156 }
157 
158 static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)159 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
160 {
161 #ifdef OPENSSL_INIT_DEBUG
162     fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n");
163 #endif
164 #if !defined(OPENSSL_USE_NODELETE) \
165     && !defined(OPENSSL_NO_PINSHARED)
166 # if defined(DSO_WIN32) && !defined(_WIN32_WCE)
167     {
168         HMODULE handle = NULL;
169         BOOL ret;
170 
171         /* We don't use the DSO route for WIN32 because there is a better way */
172         ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
173                                 | GET_MODULE_HANDLE_EX_FLAG_PIN,
174                                 (void *)&base_inited, &handle);
175 
176 #  ifdef OPENSSL_INIT_DEBUG
177         fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
178                 (ret == TRUE ? "No!" : "Yes."));
179 #  endif
180         return (ret == TRUE) ? 1 : 0;
181     }
182 # elif !defined(DSO_NONE)
183     /*
184      * Deliberately leak a reference to ourselves. This will force the library
185      * to remain loaded until the atexit() handler is run at process exit.
186      */
187     {
188         DSO *dso;
189         void *err;
190 
191         if (!err_shelve_state(&err))
192             return 0;
193 
194         dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
195 #  ifdef OPENSSL_INIT_DEBUG
196         fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
197                 (dso == NULL ? "No!" : "Yes."));
198         /*
199          * In case of No!, it is uncertain our exit()-handlers can still be
200          * called. After dlclose() the whole library might have been unloaded
201          * already.
202          */
203 #  endif
204         DSO_free(dso);
205         err_unshelve_state(err);
206     }
207 # endif
208 #endif
209 
210     return 1;
211 }
212 
213 static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
214 static int load_crypto_strings_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)215 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
216 {
217     int ret = 1;
218     /*
219      * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
220      * pulling in all the error strings during static linking
221      */
222 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
223 # ifdef OPENSSL_INIT_DEBUG
224     fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
225                     "err_load_crypto_strings_int()\n");
226 # endif
227     ret = err_load_crypto_strings_int();
228     load_crypto_strings_inited = 1;
229 #endif
230     return ret;
231 }
232 
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,ossl_init_load_crypto_strings)233 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,
234                            ossl_init_load_crypto_strings)
235 {
236     /* Do nothing in this case */
237     return 1;
238 }
239 
240 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)241 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
242 {
243     /*
244      * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
245      * pulling in all the ciphers during static linking
246      */
247 #ifndef OPENSSL_NO_AUTOALGINIT
248 # ifdef OPENSSL_INIT_DEBUG
249     fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
250                     "openssl_add_all_ciphers_int()\n");
251 # endif
252     openssl_add_all_ciphers_int();
253 #endif
254     return 1;
255 }
256 
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers,ossl_init_add_all_ciphers)257 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers,
258                            ossl_init_add_all_ciphers)
259 {
260     /* Do nothing */
261     return 1;
262 }
263 
264 static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)265 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
266 {
267     /*
268      * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
269      * pulling in all the ciphers during static linking
270      */
271 #ifndef OPENSSL_NO_AUTOALGINIT
272 # ifdef OPENSSL_INIT_DEBUG
273     fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: "
274                     "openssl_add_all_digests()\n");
275 # endif
276     openssl_add_all_digests_int();
277 #endif
278     return 1;
279 }
280 
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,ossl_init_add_all_digests)281 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
282                            ossl_init_add_all_digests)
283 {
284     /* Do nothing */
285     return 1;
286 }
287 
288 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
289 static int config_inited = 0;
290 static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
DEFINE_RUN_ONCE_STATIC(ossl_init_config)291 DEFINE_RUN_ONCE_STATIC(ossl_init_config)
292 {
293     int ret = openssl_config_int(conf_settings);
294     config_inited = 1;
295     return ret;
296 }
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config,ossl_init_config)297 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
298 {
299 #ifdef OPENSSL_INIT_DEBUG
300     fprintf(stderr,
301             "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
302 #endif
303     openssl_no_config_int();
304     config_inited = 1;
305     return 1;
306 }
307 
308 static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
309 static int async_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_async)310 DEFINE_RUN_ONCE_STATIC(ossl_init_async)
311 {
312 #ifdef OPENSSL_INIT_DEBUG
313     fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
314 #endif
315     if (!async_init())
316         return 0;
317     async_inited = 1;
318     return 1;
319 }
320 
321 #ifndef OPENSSL_NO_ENGINE
322 static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)323 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
324 {
325 # ifdef OPENSSL_INIT_DEBUG
326     fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
327                     "engine_load_openssl_int()\n");
328 # endif
329     engine_load_openssl_int();
330     return 1;
331 }
332 # ifndef OPENSSL_NO_DEVCRYPTOENG
333 static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)334 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
335 {
336 #  ifdef OPENSSL_INIT_DEBUG
337     fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
338                     "engine_load_devcrypto_int()\n");
339 #  endif
340     engine_load_devcrypto_int();
341     return 1;
342 }
343 # endif
344 
345 # ifndef OPENSSL_NO_RDRAND
346 static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)347 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
348 {
349 #  ifdef OPENSSL_INIT_DEBUG
350     fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
351                     "engine_load_rdrand_int()\n");
352 #  endif
353     engine_load_rdrand_int();
354     return 1;
355 }
356 # endif
357 static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)358 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
359 {
360 # ifdef OPENSSL_INIT_DEBUG
361     fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
362                     "engine_load_dynamic_int()\n");
363 # endif
364     engine_load_dynamic_int();
365     return 1;
366 }
367 # ifndef OPENSSL_NO_STATIC_ENGINE
368 #  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
369 static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)370 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
371 {
372 #   ifdef OPENSSL_INIT_DEBUG
373     fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
374                     "engine_load_padlock_int()\n");
375 #   endif
376     engine_load_padlock_int();
377     return 1;
378 }
379 #  endif
380 #  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
381 static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)382 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
383 {
384 #   ifdef OPENSSL_INIT_DEBUG
385     fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
386                     "engine_load_capi_int()\n");
387 #   endif
388     engine_load_capi_int();
389     return 1;
390 }
391 #  endif
392 #  if !defined(OPENSSL_NO_AFALGENG)
393 static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)394 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
395 {
396 #   ifdef OPENSSL_INIT_DEBUG
397     fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
398                     "engine_load_afalg_int()\n");
399 #   endif
400     engine_load_afalg_int();
401     return 1;
402 }
403 #  endif
404 # endif
405 #endif
406 
407 #ifndef OPENSSL_NO_COMP
408 static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
409 
410 static int zlib_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)411 DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
412 {
413     /* Do nothing - we need to know about this for the later cleanup */
414     zlib_inited = 1;
415     return 1;
416 }
417 #endif
418 
ossl_init_thread_stop(struct thread_local_inits_st * locals)419 static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
420 {
421     /* Can't do much about this */
422     if (locals == NULL)
423         return;
424 
425     if (locals->async) {
426 #ifdef OPENSSL_INIT_DEBUG
427         fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
428                         "async_delete_thread_state()\n");
429 #endif
430         async_delete_thread_state();
431     }
432 
433     if (locals->err_state) {
434 #ifdef OPENSSL_INIT_DEBUG
435         fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
436                         "err_delete_thread_state()\n");
437 #endif
438         err_delete_thread_state();
439     }
440 
441     if (locals->rand) {
442 #ifdef OPENSSL_INIT_DEBUG
443         fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
444                         "drbg_delete_thread_state()\n");
445 #endif
446         drbg_delete_thread_state();
447     }
448 
449     OPENSSL_free(locals);
450 }
451 
OPENSSL_thread_stop(void)452 void OPENSSL_thread_stop(void)
453 {
454     if (destructor_key.sane != -1)
455         ossl_init_thread_stop(ossl_init_get_thread_local(0));
456 }
457 
ossl_init_thread_start(uint64_t opts)458 int ossl_init_thread_start(uint64_t opts)
459 {
460     struct thread_local_inits_st *locals;
461 
462     if (!OPENSSL_init_crypto(0, NULL))
463         return 0;
464 
465     locals = ossl_init_get_thread_local(1);
466 
467     if (locals == NULL)
468         return 0;
469 
470     if (opts & OPENSSL_INIT_THREAD_ASYNC) {
471 #ifdef OPENSSL_INIT_DEBUG
472         fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
473                         "marking thread for async\n");
474 #endif
475         locals->async = 1;
476     }
477 
478     if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
479 #ifdef OPENSSL_INIT_DEBUG
480         fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
481                         "marking thread for err_state\n");
482 #endif
483         locals->err_state = 1;
484     }
485 
486     if (opts & OPENSSL_INIT_THREAD_RAND) {
487 #ifdef OPENSSL_INIT_DEBUG
488         fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
489                         "marking thread for rand\n");
490 #endif
491         locals->rand = 1;
492     }
493 
494     return 1;
495 }
496 
OPENSSL_cleanup(void)497 void OPENSSL_cleanup(void)
498 {
499     OPENSSL_INIT_STOP *currhandler, *lasthandler;
500     CRYPTO_THREAD_LOCAL key;
501 
502     /* If we've not been inited then no need to deinit */
503     if (!base_inited)
504         return;
505 
506     /* Might be explicitly called and also by atexit */
507     if (stopped)
508         return;
509     stopped = 1;
510 
511     /*
512      * Thread stop may not get automatically called by the thread library for
513      * the very last thread in some situations, so call it directly.
514      */
515     ossl_init_thread_stop(ossl_init_get_thread_local(0));
516 
517     currhandler = stop_handlers;
518     while (currhandler != NULL) {
519         currhandler->handler();
520         lasthandler = currhandler;
521         currhandler = currhandler->next;
522         OPENSSL_free(lasthandler);
523     }
524     stop_handlers = NULL;
525 
526     CRYPTO_THREAD_lock_free(init_lock);
527     init_lock = NULL;
528 
529     /*
530      * We assume we are single-threaded for this function, i.e. no race
531      * conditions for the various "*_inited" vars below.
532      */
533 
534 #ifndef OPENSSL_NO_COMP
535     if (zlib_inited) {
536 #ifdef OPENSSL_INIT_DEBUG
537         fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
538                         "comp_zlib_cleanup_int()\n");
539 #endif
540         comp_zlib_cleanup_int();
541     }
542 #endif
543 
544     if (async_inited) {
545 # ifdef OPENSSL_INIT_DEBUG
546         fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
547                         "async_deinit()\n");
548 # endif
549         async_deinit();
550     }
551 
552     if (load_crypto_strings_inited) {
553 #ifdef OPENSSL_INIT_DEBUG
554         fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
555                         "err_free_strings_int()\n");
556 #endif
557         err_free_strings_int();
558     }
559 
560     key = destructor_key.value;
561     destructor_key.sane = -1;
562     CRYPTO_THREAD_cleanup_local(&key);
563 
564 #ifdef OPENSSL_INIT_DEBUG
565     fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
566                     "rand_cleanup_int()\n");
567     fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
568                     "conf_modules_free_int()\n");
569 #ifndef OPENSSL_NO_ENGINE
570     fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
571                     "engine_cleanup_int()\n");
572 #endif
573     fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
574                     "crypto_cleanup_all_ex_data_int()\n");
575     fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
576                     "bio_sock_cleanup_int()\n");
577     fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
578                     "bio_cleanup()\n");
579     fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
580                     "evp_cleanup_int()\n");
581     fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
582                     "obj_cleanup_int()\n");
583     fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
584                     "err_cleanup()\n");
585 #endif
586     /*
587      * Note that cleanup order is important:
588      * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
589      * must be called before engine_cleanup_int()
590      * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
591      * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
592      * - conf_modules_free_int() can end up in ENGINE code so must be called
593      * before engine_cleanup_int()
594      * - ENGINEs and additional EVP algorithms might use added OIDs names so
595      * obj_cleanup_int() must be called last
596      */
597     rand_cleanup_int();
598     rand_drbg_cleanup_int();
599     conf_modules_free_int();
600 #ifndef OPENSSL_NO_ENGINE
601     engine_cleanup_int();
602 #endif
603     ossl_store_cleanup_int();
604     crypto_cleanup_all_ex_data_int();
605     bio_cleanup();
606     evp_cleanup_int();
607     obj_cleanup_int();
608     err_cleanup();
609 
610     CRYPTO_secure_malloc_done();
611 
612     base_inited = 0;
613 }
614 
615 /*
616  * If this function is called with a non NULL settings value then it must be
617  * called prior to any threads making calls to any OpenSSL functions,
618  * i.e. passing a non-null settings value is assumed to be single-threaded.
619  */
OPENSSL_init_crypto(uint64_t opts,const OPENSSL_INIT_SETTINGS * settings)620 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
621 {
622     if (stopped) {
623         if (!(opts & OPENSSL_INIT_BASE_ONLY))
624             CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
625         return 0;
626     }
627 
628     /*
629      * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the
630      * *only* option specified.  With that option we return immediately after
631      * doing the requested limited initialization.  Note that
632      * err_shelve_state() called by us via ossl_init_load_crypto_nodelete()
633      * re-enters OPENSSL_init_crypto() with OPENSSL_INIT_BASE_ONLY, but with
634      * base already initialized this is a harmless NOOP.
635      *
636      * If we remain the only caller of err_shelve_state() the recursion should
637      * perhaps be removed, but if in doubt, it can be left in place.
638      */
639     if (!RUN_ONCE(&base, ossl_init_base))
640         return 0;
641     if (opts & OPENSSL_INIT_BASE_ONLY)
642         return 1;
643 
644     /*
645      * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls
646      * should not have the side-effect of setting up exit handlers, and
647      * therefore, this code block is below the INIT_BASE_ONLY-conditioned early
648      * return above.
649      */
650     if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) {
651         if (!RUN_ONCE_ALT(&register_atexit, ossl_init_no_register_atexit,
652                           ossl_init_register_atexit))
653             return 0;
654     } else if (!RUN_ONCE(&register_atexit, ossl_init_register_atexit)) {
655         return 0;
656     }
657 
658     if (!RUN_ONCE(&load_crypto_nodelete, ossl_init_load_crypto_nodelete))
659         return 0;
660 
661     if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
662             && !RUN_ONCE_ALT(&load_crypto_strings,
663                              ossl_init_no_load_crypto_strings,
664                              ossl_init_load_crypto_strings))
665         return 0;
666 
667     if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
668             && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
669         return 0;
670 
671     if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
672             && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers,
673                              ossl_init_add_all_ciphers))
674         return 0;
675 
676     if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
677             && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
678         return 0;
679 
680     if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
681             && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests,
682                              ossl_init_add_all_digests))
683         return 0;
684 
685     if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
686             && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
687         return 0;
688 
689     if ((opts & OPENSSL_INIT_ATFORK)
690             && !openssl_init_fork_handlers())
691         return 0;
692 
693     if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
694             && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config))
695         return 0;
696 
697     if (opts & OPENSSL_INIT_LOAD_CONFIG) {
698         int ret;
699         CRYPTO_THREAD_write_lock(init_lock);
700         conf_settings = settings;
701         ret = RUN_ONCE(&config, ossl_init_config);
702         conf_settings = NULL;
703         CRYPTO_THREAD_unlock(init_lock);
704         if (ret <= 0)
705             return 0;
706     }
707 
708     if ((opts & OPENSSL_INIT_ASYNC)
709             && !RUN_ONCE(&async, ossl_init_async))
710         return 0;
711 
712 #ifndef OPENSSL_NO_ENGINE
713     if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
714             && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
715         return 0;
716 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
717     if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
718             && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
719         return 0;
720 # endif
721 # ifndef OPENSSL_NO_RDRAND
722     if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
723             && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
724         return 0;
725 # endif
726     if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
727             && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
728         return 0;
729 # ifndef OPENSSL_NO_STATIC_ENGINE
730 #  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
731     if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
732             && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
733         return 0;
734 #  endif
735 #  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
736     if ((opts & OPENSSL_INIT_ENGINE_CAPI)
737             && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
738         return 0;
739 #  endif
740 #  if !defined(OPENSSL_NO_AFALGENG)
741     if ((opts & OPENSSL_INIT_ENGINE_AFALG)
742             && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
743         return 0;
744 #  endif
745 # endif
746     if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
747                 | OPENSSL_INIT_ENGINE_OPENSSL
748                 | OPENSSL_INIT_ENGINE_AFALG)) {
749         ENGINE_register_all_complete();
750     }
751 #endif
752 
753 #ifndef OPENSSL_NO_COMP
754     if ((opts & OPENSSL_INIT_ZLIB)
755             && !RUN_ONCE(&zlib, ossl_init_zlib))
756         return 0;
757 #endif
758 
759     return 1;
760 }
761 
OPENSSL_atexit(void (* handler)(void))762 int OPENSSL_atexit(void (*handler)(void))
763 {
764     OPENSSL_INIT_STOP *newhand;
765 
766 #if !defined(OPENSSL_USE_NODELETE)\
767     && !defined(OPENSSL_NO_PINSHARED)
768     {
769         union {
770             void *sym;
771             void (*func)(void);
772         } handlersym;
773 
774         handlersym.func = handler;
775 # if defined(DSO_WIN32) && !defined(_WIN32_WCE)
776         {
777             HMODULE handle = NULL;
778             BOOL ret;
779 
780             /*
781              * We don't use the DSO route for WIN32 because there is a better
782              * way
783              */
784             ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
785                                     | GET_MODULE_HANDLE_EX_FLAG_PIN,
786                                     handlersym.sym, &handle);
787 
788             if (!ret)
789                 return 0;
790         }
791 # elif !defined(DSO_NONE)
792         /*
793          * Deliberately leak a reference to the handler. This will force the
794          * library/code containing the handler to remain loaded until we run the
795          * atexit handler. If -znodelete has been used then this is
796          * unnecessary.
797          */
798         {
799             DSO *dso = NULL;
800 
801             ERR_set_mark();
802             dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
803 #  ifdef OPENSSL_INIT_DEBUG
804             fprintf(stderr,
805                     "OPENSSL_INIT: OPENSSL_atexit: obtained DSO reference? %s\n",
806                     (dso == NULL ? "No!" : "Yes."));
807             /* See same code above in ossl_init_base() for an explanation. */
808 #  endif
809             DSO_free(dso);
810             ERR_pop_to_mark();
811         }
812 # endif
813     }
814 #endif
815 
816     if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) {
817         CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE);
818         return 0;
819     }
820 
821     newhand->handler = handler;
822     newhand->next = stop_handlers;
823     stop_handlers = newhand;
824 
825     return 1;
826 }
827 
828 #ifdef OPENSSL_SYS_UNIX
829 /*
830  * The following three functions are for OpenSSL developers.  This is
831  * where we set/reset state across fork (called via pthread_atfork when
832  * it exists, or manually by the application when it doesn't).
833  *
834  * WARNING!  If you put code in either OPENSSL_fork_parent or
835  * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
836  * safe.  See this link, for example:
837  *      http://man7.org/linux/man-pages/man7/signal-safety.7.html
838  */
839 
OPENSSL_fork_prepare(void)840 void OPENSSL_fork_prepare(void)
841 {
842 }
843 
OPENSSL_fork_parent(void)844 void OPENSSL_fork_parent(void)
845 {
846 }
847 
OPENSSL_fork_child(void)848 void OPENSSL_fork_child(void)
849 {
850 }
851 #endif
852