1 /*
2 * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "e_os.h"
11 #include "crypto/cryptlib.h"
12 #include <openssl/err.h>
13 #include "crypto/rand.h"
14 #include "internal/bio.h"
15 #include <openssl/evp.h>
16 #include "crypto/evp.h"
17 #include "internal/conf.h"
18 #include "crypto/async.h"
19 #include "crypto/engine.h"
20 #include "internal/comp.h"
21 #include "internal/err.h"
22 #include "crypto/err.h"
23 #include "crypto/objects.h"
24 #include <stdlib.h>
25 #include <assert.h>
26 #include "internal/thread_once.h"
27 #include "crypto/dso_conf.h"
28 #include "internal/dso.h"
29 #include "crypto/store.h"
30
31 static int stopped = 0;
32
33 /*
34 * Since per-thread-specific-data destructors are not universally
35 * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key
36 * is assumed to have destructor associated. And then an effort is made
37 * to call this single destructor on non-pthread platform[s].
38 *
39 * Initial value is "impossible". It is used as guard value to shortcut
40 * destructor for threads terminating before libcrypto is initialized or
41 * after it's de-initialized. Access to the key doesn't have to be
42 * serialized for the said threads, because they didn't use libcrypto
43 * and it doesn't matter if they pick "impossible" or dereference real
44 * key value and pull NULL past initialization in the first thread that
45 * intends to use libcrypto.
46 */
47 static union {
48 long sane;
49 CRYPTO_THREAD_LOCAL value;
50 } destructor_key = { -1 };
51
52 static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
53
ossl_init_thread_destructor(void * local)54 static void ossl_init_thread_destructor(void *local)
55 {
56 ossl_init_thread_stop((struct thread_local_inits_st *)local);
57 }
58
ossl_init_get_thread_local(int alloc)59 static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
60 {
61 struct thread_local_inits_st *local =
62 CRYPTO_THREAD_get_local(&destructor_key.value);
63
64 if (alloc) {
65 if (local == NULL
66 && (local = OPENSSL_zalloc(sizeof(*local))) != NULL
67 && !CRYPTO_THREAD_set_local(&destructor_key.value, local)) {
68 OPENSSL_free(local);
69 return NULL;
70 }
71 } else {
72 CRYPTO_THREAD_set_local(&destructor_key.value, NULL);
73 }
74
75 return local;
76 }
77
78 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
79 struct ossl_init_stop_st {
80 void (*handler)(void);
81 OPENSSL_INIT_STOP *next;
82 };
83
84 static OPENSSL_INIT_STOP *stop_handlers = NULL;
85 static CRYPTO_RWLOCK *init_lock = NULL;
86
87 static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
88 static int base_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_base)89 DEFINE_RUN_ONCE_STATIC(ossl_init_base)
90 {
91 CRYPTO_THREAD_LOCAL key;
92
93 #ifdef OPENSSL_INIT_DEBUG
94 fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
95 #endif
96 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
97 ossl_malloc_setup_failures();
98 #endif
99 if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor))
100 return 0;
101 if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
102 goto err;
103 OPENSSL_cpuid_setup();
104
105 destructor_key.value = key;
106 base_inited = 1;
107 return 1;
108
109 err:
110 #ifdef OPENSSL_INIT_DEBUG
111 fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n");
112 #endif
113 CRYPTO_THREAD_lock_free(init_lock);
114 init_lock = NULL;
115
116 CRYPTO_THREAD_cleanup_local(&key);
117 return 0;
118 }
119
120 static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT;
121 #if !defined(OPENSSL_SYS_UEFI) && defined(_WIN32)
win32atexit(void)122 static int win32atexit(void)
123 {
124 OPENSSL_cleanup();
125 return 0;
126 }
127 #endif
128
DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)129 DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)
130 {
131 #ifdef OPENSSL_INIT_DEBUG
132 fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n");
133 #endif
134 #ifndef OPENSSL_SYS_UEFI
135 # ifdef _WIN32
136 /* We use _onexit() in preference because it gets called on DLL unload */
137 if (_onexit(win32atexit) == NULL)
138 return 0;
139 # else
140 if (atexit(OPENSSL_cleanup) != 0)
141 return 0;
142 # endif
143 #endif
144
145 return 1;
146 }
147
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,ossl_init_register_atexit)148 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,
149 ossl_init_register_atexit)
150 {
151 #ifdef OPENSSL_INIT_DEBUG
152 fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n");
153 #endif
154 /* Do nothing in this case */
155 return 1;
156 }
157
158 static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)159 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
160 {
161 #ifdef OPENSSL_INIT_DEBUG
162 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n");
163 #endif
164 #if !defined(OPENSSL_USE_NODELETE) \
165 && !defined(OPENSSL_NO_PINSHARED)
166 # if defined(DSO_WIN32) && !defined(_WIN32_WCE)
167 {
168 HMODULE handle = NULL;
169 BOOL ret;
170
171 /* We don't use the DSO route for WIN32 because there is a better way */
172 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
173 | GET_MODULE_HANDLE_EX_FLAG_PIN,
174 (void *)&base_inited, &handle);
175
176 # ifdef OPENSSL_INIT_DEBUG
177 fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
178 (ret == TRUE ? "No!" : "Yes."));
179 # endif
180 return (ret == TRUE) ? 1 : 0;
181 }
182 # elif !defined(DSO_NONE)
183 /*
184 * Deliberately leak a reference to ourselves. This will force the library
185 * to remain loaded until the atexit() handler is run at process exit.
186 */
187 {
188 DSO *dso;
189 void *err;
190
191 if (!err_shelve_state(&err))
192 return 0;
193
194 dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
195 # ifdef OPENSSL_INIT_DEBUG
196 fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
197 (dso == NULL ? "No!" : "Yes."));
198 /*
199 * In case of No!, it is uncertain our exit()-handlers can still be
200 * called. After dlclose() the whole library might have been unloaded
201 * already.
202 */
203 # endif
204 DSO_free(dso);
205 err_unshelve_state(err);
206 }
207 # endif
208 #endif
209
210 return 1;
211 }
212
213 static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
214 static int load_crypto_strings_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)215 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
216 {
217 int ret = 1;
218 /*
219 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
220 * pulling in all the error strings during static linking
221 */
222 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
223 # ifdef OPENSSL_INIT_DEBUG
224 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
225 "err_load_crypto_strings_int()\n");
226 # endif
227 ret = err_load_crypto_strings_int();
228 load_crypto_strings_inited = 1;
229 #endif
230 return ret;
231 }
232
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,ossl_init_load_crypto_strings)233 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,
234 ossl_init_load_crypto_strings)
235 {
236 /* Do nothing in this case */
237 return 1;
238 }
239
240 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)241 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
242 {
243 /*
244 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
245 * pulling in all the ciphers during static linking
246 */
247 #ifndef OPENSSL_NO_AUTOALGINIT
248 # ifdef OPENSSL_INIT_DEBUG
249 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
250 "openssl_add_all_ciphers_int()\n");
251 # endif
252 openssl_add_all_ciphers_int();
253 #endif
254 return 1;
255 }
256
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers,ossl_init_add_all_ciphers)257 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers,
258 ossl_init_add_all_ciphers)
259 {
260 /* Do nothing */
261 return 1;
262 }
263
264 static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)265 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
266 {
267 /*
268 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
269 * pulling in all the ciphers during static linking
270 */
271 #ifndef OPENSSL_NO_AUTOALGINIT
272 # ifdef OPENSSL_INIT_DEBUG
273 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: "
274 "openssl_add_all_digests()\n");
275 # endif
276 openssl_add_all_digests_int();
277 #endif
278 return 1;
279 }
280
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,ossl_init_add_all_digests)281 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
282 ossl_init_add_all_digests)
283 {
284 /* Do nothing */
285 return 1;
286 }
287
288 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
289 static int config_inited = 0;
290 static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
DEFINE_RUN_ONCE_STATIC(ossl_init_config)291 DEFINE_RUN_ONCE_STATIC(ossl_init_config)
292 {
293 int ret = openssl_config_int(conf_settings);
294 config_inited = 1;
295 return ret;
296 }
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config,ossl_init_config)297 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
298 {
299 #ifdef OPENSSL_INIT_DEBUG
300 fprintf(stderr,
301 "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
302 #endif
303 openssl_no_config_int();
304 config_inited = 1;
305 return 1;
306 }
307
308 static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
309 static int async_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_async)310 DEFINE_RUN_ONCE_STATIC(ossl_init_async)
311 {
312 #ifdef OPENSSL_INIT_DEBUG
313 fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
314 #endif
315 if (!async_init())
316 return 0;
317 async_inited = 1;
318 return 1;
319 }
320
321 #ifndef OPENSSL_NO_ENGINE
322 static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)323 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
324 {
325 # ifdef OPENSSL_INIT_DEBUG
326 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
327 "engine_load_openssl_int()\n");
328 # endif
329 engine_load_openssl_int();
330 return 1;
331 }
332 # ifndef OPENSSL_NO_DEVCRYPTOENG
333 static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)334 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
335 {
336 # ifdef OPENSSL_INIT_DEBUG
337 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
338 "engine_load_devcrypto_int()\n");
339 # endif
340 engine_load_devcrypto_int();
341 return 1;
342 }
343 # endif
344
345 # ifndef OPENSSL_NO_RDRAND
346 static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)347 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
348 {
349 # ifdef OPENSSL_INIT_DEBUG
350 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
351 "engine_load_rdrand_int()\n");
352 # endif
353 engine_load_rdrand_int();
354 return 1;
355 }
356 # endif
357 static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)358 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
359 {
360 # ifdef OPENSSL_INIT_DEBUG
361 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
362 "engine_load_dynamic_int()\n");
363 # endif
364 engine_load_dynamic_int();
365 return 1;
366 }
367 # ifndef OPENSSL_NO_STATIC_ENGINE
368 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
369 static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)370 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
371 {
372 # ifdef OPENSSL_INIT_DEBUG
373 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
374 "engine_load_padlock_int()\n");
375 # endif
376 engine_load_padlock_int();
377 return 1;
378 }
379 # endif
380 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
381 static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)382 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
383 {
384 # ifdef OPENSSL_INIT_DEBUG
385 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
386 "engine_load_capi_int()\n");
387 # endif
388 engine_load_capi_int();
389 return 1;
390 }
391 # endif
392 # if !defined(OPENSSL_NO_AFALGENG)
393 static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)394 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
395 {
396 # ifdef OPENSSL_INIT_DEBUG
397 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
398 "engine_load_afalg_int()\n");
399 # endif
400 engine_load_afalg_int();
401 return 1;
402 }
403 # endif
404 # endif
405 #endif
406
407 #ifndef OPENSSL_NO_COMP
408 static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
409
410 static int zlib_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)411 DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
412 {
413 /* Do nothing - we need to know about this for the later cleanup */
414 zlib_inited = 1;
415 return 1;
416 }
417 #endif
418
ossl_init_thread_stop(struct thread_local_inits_st * locals)419 static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
420 {
421 /* Can't do much about this */
422 if (locals == NULL)
423 return;
424
425 if (locals->async) {
426 #ifdef OPENSSL_INIT_DEBUG
427 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
428 "async_delete_thread_state()\n");
429 #endif
430 async_delete_thread_state();
431 }
432
433 if (locals->err_state) {
434 #ifdef OPENSSL_INIT_DEBUG
435 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
436 "err_delete_thread_state()\n");
437 #endif
438 err_delete_thread_state();
439 }
440
441 if (locals->rand) {
442 #ifdef OPENSSL_INIT_DEBUG
443 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
444 "drbg_delete_thread_state()\n");
445 #endif
446 drbg_delete_thread_state();
447 }
448
449 OPENSSL_free(locals);
450 }
451
OPENSSL_thread_stop(void)452 void OPENSSL_thread_stop(void)
453 {
454 if (destructor_key.sane != -1)
455 ossl_init_thread_stop(ossl_init_get_thread_local(0));
456 }
457
ossl_init_thread_start(uint64_t opts)458 int ossl_init_thread_start(uint64_t opts)
459 {
460 struct thread_local_inits_st *locals;
461
462 if (!OPENSSL_init_crypto(0, NULL))
463 return 0;
464
465 locals = ossl_init_get_thread_local(1);
466
467 if (locals == NULL)
468 return 0;
469
470 if (opts & OPENSSL_INIT_THREAD_ASYNC) {
471 #ifdef OPENSSL_INIT_DEBUG
472 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
473 "marking thread for async\n");
474 #endif
475 locals->async = 1;
476 }
477
478 if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
479 #ifdef OPENSSL_INIT_DEBUG
480 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
481 "marking thread for err_state\n");
482 #endif
483 locals->err_state = 1;
484 }
485
486 if (opts & OPENSSL_INIT_THREAD_RAND) {
487 #ifdef OPENSSL_INIT_DEBUG
488 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
489 "marking thread for rand\n");
490 #endif
491 locals->rand = 1;
492 }
493
494 return 1;
495 }
496
OPENSSL_cleanup(void)497 void OPENSSL_cleanup(void)
498 {
499 OPENSSL_INIT_STOP *currhandler, *lasthandler;
500 CRYPTO_THREAD_LOCAL key;
501
502 /* If we've not been inited then no need to deinit */
503 if (!base_inited)
504 return;
505
506 /* Might be explicitly called and also by atexit */
507 if (stopped)
508 return;
509 stopped = 1;
510
511 /*
512 * Thread stop may not get automatically called by the thread library for
513 * the very last thread in some situations, so call it directly.
514 */
515 ossl_init_thread_stop(ossl_init_get_thread_local(0));
516
517 currhandler = stop_handlers;
518 while (currhandler != NULL) {
519 currhandler->handler();
520 lasthandler = currhandler;
521 currhandler = currhandler->next;
522 OPENSSL_free(lasthandler);
523 }
524 stop_handlers = NULL;
525
526 CRYPTO_THREAD_lock_free(init_lock);
527 init_lock = NULL;
528
529 /*
530 * We assume we are single-threaded for this function, i.e. no race
531 * conditions for the various "*_inited" vars below.
532 */
533
534 #ifndef OPENSSL_NO_COMP
535 if (zlib_inited) {
536 #ifdef OPENSSL_INIT_DEBUG
537 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
538 "comp_zlib_cleanup_int()\n");
539 #endif
540 comp_zlib_cleanup_int();
541 }
542 #endif
543
544 if (async_inited) {
545 # ifdef OPENSSL_INIT_DEBUG
546 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
547 "async_deinit()\n");
548 # endif
549 async_deinit();
550 }
551
552 if (load_crypto_strings_inited) {
553 #ifdef OPENSSL_INIT_DEBUG
554 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
555 "err_free_strings_int()\n");
556 #endif
557 err_free_strings_int();
558 }
559
560 key = destructor_key.value;
561 destructor_key.sane = -1;
562 CRYPTO_THREAD_cleanup_local(&key);
563
564 #ifdef OPENSSL_INIT_DEBUG
565 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
566 "rand_cleanup_int()\n");
567 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
568 "conf_modules_free_int()\n");
569 #ifndef OPENSSL_NO_ENGINE
570 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
571 "engine_cleanup_int()\n");
572 #endif
573 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
574 "crypto_cleanup_all_ex_data_int()\n");
575 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
576 "bio_sock_cleanup_int()\n");
577 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
578 "bio_cleanup()\n");
579 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
580 "evp_cleanup_int()\n");
581 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
582 "obj_cleanup_int()\n");
583 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
584 "err_cleanup()\n");
585 #endif
586 /*
587 * Note that cleanup order is important:
588 * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
589 * must be called before engine_cleanup_int()
590 * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
591 * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
592 * - conf_modules_free_int() can end up in ENGINE code so must be called
593 * before engine_cleanup_int()
594 * - ENGINEs and additional EVP algorithms might use added OIDs names so
595 * obj_cleanup_int() must be called last
596 */
597 rand_cleanup_int();
598 rand_drbg_cleanup_int();
599 conf_modules_free_int();
600 #ifndef OPENSSL_NO_ENGINE
601 engine_cleanup_int();
602 #endif
603 ossl_store_cleanup_int();
604 crypto_cleanup_all_ex_data_int();
605 bio_cleanup();
606 evp_cleanup_int();
607 obj_cleanup_int();
608 err_cleanup();
609
610 CRYPTO_secure_malloc_done();
611
612 base_inited = 0;
613 }
614
615 /*
616 * If this function is called with a non NULL settings value then it must be
617 * called prior to any threads making calls to any OpenSSL functions,
618 * i.e. passing a non-null settings value is assumed to be single-threaded.
619 */
OPENSSL_init_crypto(uint64_t opts,const OPENSSL_INIT_SETTINGS * settings)620 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
621 {
622 if (stopped) {
623 if (!(opts & OPENSSL_INIT_BASE_ONLY))
624 CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
625 return 0;
626 }
627
628 /*
629 * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the
630 * *only* option specified. With that option we return immediately after
631 * doing the requested limited initialization. Note that
632 * err_shelve_state() called by us via ossl_init_load_crypto_nodelete()
633 * re-enters OPENSSL_init_crypto() with OPENSSL_INIT_BASE_ONLY, but with
634 * base already initialized this is a harmless NOOP.
635 *
636 * If we remain the only caller of err_shelve_state() the recursion should
637 * perhaps be removed, but if in doubt, it can be left in place.
638 */
639 if (!RUN_ONCE(&base, ossl_init_base))
640 return 0;
641 if (opts & OPENSSL_INIT_BASE_ONLY)
642 return 1;
643
644 /*
645 * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls
646 * should not have the side-effect of setting up exit handlers, and
647 * therefore, this code block is below the INIT_BASE_ONLY-conditioned early
648 * return above.
649 */
650 if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) {
651 if (!RUN_ONCE_ALT(®ister_atexit, ossl_init_no_register_atexit,
652 ossl_init_register_atexit))
653 return 0;
654 } else if (!RUN_ONCE(®ister_atexit, ossl_init_register_atexit)) {
655 return 0;
656 }
657
658 if (!RUN_ONCE(&load_crypto_nodelete, ossl_init_load_crypto_nodelete))
659 return 0;
660
661 if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
662 && !RUN_ONCE_ALT(&load_crypto_strings,
663 ossl_init_no_load_crypto_strings,
664 ossl_init_load_crypto_strings))
665 return 0;
666
667 if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
668 && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
669 return 0;
670
671 if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
672 && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers,
673 ossl_init_add_all_ciphers))
674 return 0;
675
676 if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
677 && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
678 return 0;
679
680 if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
681 && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests,
682 ossl_init_add_all_digests))
683 return 0;
684
685 if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
686 && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
687 return 0;
688
689 if ((opts & OPENSSL_INIT_ATFORK)
690 && !openssl_init_fork_handlers())
691 return 0;
692
693 if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
694 && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config))
695 return 0;
696
697 if (opts & OPENSSL_INIT_LOAD_CONFIG) {
698 int ret;
699 CRYPTO_THREAD_write_lock(init_lock);
700 conf_settings = settings;
701 ret = RUN_ONCE(&config, ossl_init_config);
702 conf_settings = NULL;
703 CRYPTO_THREAD_unlock(init_lock);
704 if (ret <= 0)
705 return 0;
706 }
707
708 if ((opts & OPENSSL_INIT_ASYNC)
709 && !RUN_ONCE(&async, ossl_init_async))
710 return 0;
711
712 #ifndef OPENSSL_NO_ENGINE
713 if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
714 && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
715 return 0;
716 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
717 if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
718 && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
719 return 0;
720 # endif
721 # ifndef OPENSSL_NO_RDRAND
722 if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
723 && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
724 return 0;
725 # endif
726 if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
727 && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
728 return 0;
729 # ifndef OPENSSL_NO_STATIC_ENGINE
730 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
731 if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
732 && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
733 return 0;
734 # endif
735 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
736 if ((opts & OPENSSL_INIT_ENGINE_CAPI)
737 && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
738 return 0;
739 # endif
740 # if !defined(OPENSSL_NO_AFALGENG)
741 if ((opts & OPENSSL_INIT_ENGINE_AFALG)
742 && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
743 return 0;
744 # endif
745 # endif
746 if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
747 | OPENSSL_INIT_ENGINE_OPENSSL
748 | OPENSSL_INIT_ENGINE_AFALG)) {
749 ENGINE_register_all_complete();
750 }
751 #endif
752
753 #ifndef OPENSSL_NO_COMP
754 if ((opts & OPENSSL_INIT_ZLIB)
755 && !RUN_ONCE(&zlib, ossl_init_zlib))
756 return 0;
757 #endif
758
759 return 1;
760 }
761
OPENSSL_atexit(void (* handler)(void))762 int OPENSSL_atexit(void (*handler)(void))
763 {
764 OPENSSL_INIT_STOP *newhand;
765
766 #if !defined(OPENSSL_USE_NODELETE)\
767 && !defined(OPENSSL_NO_PINSHARED)
768 {
769 union {
770 void *sym;
771 void (*func)(void);
772 } handlersym;
773
774 handlersym.func = handler;
775 # if defined(DSO_WIN32) && !defined(_WIN32_WCE)
776 {
777 HMODULE handle = NULL;
778 BOOL ret;
779
780 /*
781 * We don't use the DSO route for WIN32 because there is a better
782 * way
783 */
784 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
785 | GET_MODULE_HANDLE_EX_FLAG_PIN,
786 handlersym.sym, &handle);
787
788 if (!ret)
789 return 0;
790 }
791 # elif !defined(DSO_NONE)
792 /*
793 * Deliberately leak a reference to the handler. This will force the
794 * library/code containing the handler to remain loaded until we run the
795 * atexit handler. If -znodelete has been used then this is
796 * unnecessary.
797 */
798 {
799 DSO *dso = NULL;
800
801 ERR_set_mark();
802 dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
803 # ifdef OPENSSL_INIT_DEBUG
804 fprintf(stderr,
805 "OPENSSL_INIT: OPENSSL_atexit: obtained DSO reference? %s\n",
806 (dso == NULL ? "No!" : "Yes."));
807 /* See same code above in ossl_init_base() for an explanation. */
808 # endif
809 DSO_free(dso);
810 ERR_pop_to_mark();
811 }
812 # endif
813 }
814 #endif
815
816 if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) {
817 CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE);
818 return 0;
819 }
820
821 newhand->handler = handler;
822 newhand->next = stop_handlers;
823 stop_handlers = newhand;
824
825 return 1;
826 }
827
828 #ifdef OPENSSL_SYS_UNIX
829 /*
830 * The following three functions are for OpenSSL developers. This is
831 * where we set/reset state across fork (called via pthread_atfork when
832 * it exists, or manually by the application when it doesn't).
833 *
834 * WARNING! If you put code in either OPENSSL_fork_parent or
835 * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
836 * safe. See this link, for example:
837 * http://man7.org/linux/man-pages/man7/signal-safety.7.html
838 */
839
OPENSSL_fork_prepare(void)840 void OPENSSL_fork_prepare(void)
841 {
842 }
843
OPENSSL_fork_parent(void)844 void OPENSSL_fork_parent(void)
845 {
846 }
847
OPENSSL_fork_child(void)848 void OPENSSL_fork_child(void)
849 {
850 }
851 #endif
852