• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /* We need to use some engine deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12 
13 #include "e_os.h"
14 #include "crypto/cryptlib.h"
15 #include <openssl/err.h>
16 #include "crypto/rand.h"
17 #include "internal/bio.h"
18 #include <openssl/evp.h>
19 #include "crypto/evp.h"
20 #include "internal/conf.h"
21 #include "crypto/async.h"
22 #include "crypto/engine.h"
23 #include "internal/comp.h"
24 #include "internal/err.h"
25 #include "crypto/err.h"
26 #include "crypto/objects.h"
27 #include <stdlib.h>
28 #include <assert.h>
29 #include "internal/thread_once.h"
30 #include "crypto/dso_conf.h"
31 #include "internal/dso.h"
32 #include "crypto/store.h"
33 #include <openssl/cmp_util.h> /* for OSSL_CMP_log_close() */
34 #include <openssl/trace.h>
35 #include "crypto/ctype.h"
36 
37 static int stopped = 0;
38 static uint64_t optsdone = 0;
39 
40 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
41 struct ossl_init_stop_st {
42     void (*handler)(void);
43     OPENSSL_INIT_STOP *next;
44 };
45 
46 static OPENSSL_INIT_STOP *stop_handlers = NULL;
47 /* Guards access to the optsdone variable on platforms without atomics */
48 static CRYPTO_RWLOCK *optsdone_lock = NULL;
49 /* Guards simultaneous INIT_LOAD_CONFIG calls with non-NULL settings */
50 static CRYPTO_RWLOCK *init_lock = NULL;
51 static CRYPTO_THREAD_LOCAL in_init_config_local;
52 
53 static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
54 static int base_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_base)55 DEFINE_RUN_ONCE_STATIC(ossl_init_base)
56 {
57     /* no need to init trace */
58 
59     OSSL_TRACE(INIT, "ossl_init_base: setting up stop handlers\n");
60 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
61     ossl_malloc_setup_failures();
62 #endif
63 
64     if ((optsdone_lock = CRYPTO_THREAD_lock_new()) == NULL
65         || (init_lock = CRYPTO_THREAD_lock_new()) == NULL)
66         goto err;
67 
68     OPENSSL_cpuid_setup();
69 
70     if (!ossl_init_thread())
71         goto err;
72 
73     if (!CRYPTO_THREAD_init_local(&in_init_config_local, NULL))
74         goto err;
75 
76     base_inited = 1;
77     return 1;
78 
79 err:
80     OSSL_TRACE(INIT, "ossl_init_base failed!\n");
81     CRYPTO_THREAD_lock_free(optsdone_lock);
82     optsdone_lock = NULL;
83     CRYPTO_THREAD_lock_free(init_lock);
84     init_lock = NULL;
85 
86     return 0;
87 }
88 
89 static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT;
90 #if !defined(OPENSSL_SYS_UEFI) && defined(_WIN32)
win32atexit(void)91 static int win32atexit(void)
92 {
93     OPENSSL_cleanup();
94     return 0;
95 }
96 #endif
97 
DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)98 DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)
99 {
100 #ifdef OPENSSL_INIT_DEBUG
101     fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n");
102 #endif
103 #ifndef OPENSSL_SYS_UEFI
104 # if defined(_WIN32) && !defined(__BORLANDC__)
105     /* We use _onexit() in preference because it gets called on DLL unload */
106     if (_onexit(win32atexit) == NULL)
107         return 0;
108 # else
109     if (atexit(OPENSSL_cleanup) != 0)
110         return 0;
111 # endif
112 #endif
113 
114     return 1;
115 }
116 
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,ossl_init_register_atexit)117 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,
118                            ossl_init_register_atexit)
119 {
120 #ifdef OPENSSL_INIT_DEBUG
121     fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n");
122 #endif
123     /* Do nothing in this case */
124     return 1;
125 }
126 
127 static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)128 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
129 {
130     OSSL_TRACE(INIT, "ossl_init_load_crypto_nodelete()\n");
131 
132 #if !defined(OPENSSL_USE_NODELETE) \
133     && !defined(OPENSSL_NO_PINSHARED)
134 # if defined(DSO_WIN32) && !defined(_WIN32_WCE)
135     {
136         HMODULE handle = NULL;
137         BOOL ret;
138 
139         /* We don't use the DSO route for WIN32 because there is a better way */
140         ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
141                                 | GET_MODULE_HANDLE_EX_FLAG_PIN,
142                                 (void *)&base_inited, &handle);
143 
144         OSSL_TRACE1(INIT,
145                     "ossl_init_load_crypto_nodelete: "
146                     "obtained DSO reference? %s\n",
147                     (ret == TRUE ? "No!" : "Yes."));
148         return (ret == TRUE) ? 1 : 0;
149     }
150 # elif !defined(DSO_NONE)
151     /*
152      * Deliberately leak a reference to ourselves. This will force the library
153      * to remain loaded until the atexit() handler is run at process exit.
154      */
155     {
156         DSO *dso;
157         void *err;
158 
159         if (!err_shelve_state(&err))
160             return 0;
161 
162         dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
163         /*
164          * In case of No!, it is uncertain our exit()-handlers can still be
165          * called. After dlclose() the whole library might have been unloaded
166          * already.
167          */
168         OSSL_TRACE1(INIT, "obtained DSO reference? %s\n",
169                     (dso == NULL ? "No!" : "Yes."));
170         DSO_free(dso);
171         err_unshelve_state(err);
172     }
173 # endif
174 #endif
175 
176     return 1;
177 }
178 
179 static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
180 
DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)181 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
182 {
183     int ret = 1;
184     /*
185      * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
186      * pulling in all the error strings during static linking
187      */
188 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
189     OSSL_TRACE(INIT, "ossl_err_load_crypto_strings()\n");
190     ret = ossl_err_load_crypto_strings();
191 #endif
192     return ret;
193 }
194 
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,ossl_init_load_crypto_strings)195 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,
196                            ossl_init_load_crypto_strings)
197 {
198     /* Do nothing in this case */
199     return 1;
200 }
201 
202 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)203 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
204 {
205     /*
206      * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
207      * pulling in all the ciphers during static linking
208      */
209 #ifndef OPENSSL_NO_AUTOALGINIT
210     OSSL_TRACE(INIT, "openssl_add_all_ciphers_int()\n");
211     openssl_add_all_ciphers_int();
212 #endif
213     return 1;
214 }
215 
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers,ossl_init_add_all_ciphers)216 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers,
217                            ossl_init_add_all_ciphers)
218 {
219     /* Do nothing */
220     return 1;
221 }
222 
223 static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)224 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
225 {
226     /*
227      * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
228      * pulling in all the ciphers during static linking
229      */
230 #ifndef OPENSSL_NO_AUTOALGINIT
231     OSSL_TRACE(INIT, "openssl_add_all_digests()\n");
232     openssl_add_all_digests_int();
233 #endif
234     return 1;
235 }
236 
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,ossl_init_add_all_digests)237 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
238                            ossl_init_add_all_digests)
239 {
240     /* Do nothing */
241     return 1;
242 }
243 
244 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
245 static int config_inited = 0;
246 static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
DEFINE_RUN_ONCE_STATIC(ossl_init_config)247 DEFINE_RUN_ONCE_STATIC(ossl_init_config)
248 {
249     int ret = ossl_config_int(NULL);
250 
251     config_inited = 1;
252     return ret;
253 }
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_config_settings,ossl_init_config)254 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_config_settings, ossl_init_config)
255 {
256     int ret = ossl_config_int(conf_settings);
257 
258     config_inited = 1;
259     return ret;
260 }
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config,ossl_init_config)261 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
262 {
263     OSSL_TRACE(INIT, "ossl_no_config_int()\n");
264     ossl_no_config_int();
265     config_inited = 1;
266     return 1;
267 }
268 
269 static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
270 static int async_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_async)271 DEFINE_RUN_ONCE_STATIC(ossl_init_async)
272 {
273     OSSL_TRACE(INIT, "async_init()\n");
274     if (!async_init())
275         return 0;
276     async_inited = 1;
277     return 1;
278 }
279 
280 #ifndef OPENSSL_NO_ENGINE
281 static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)282 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
283 {
284     OSSL_TRACE(INIT, "engine_load_openssl_int()\n");
285     engine_load_openssl_int();
286     return 1;
287 }
288 # ifndef OPENSSL_NO_RDRAND
289 static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)290 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
291 {
292     OSSL_TRACE(INIT, "engine_load_rdrand_int()\n");
293     engine_load_rdrand_int();
294     return 1;
295 }
296 # endif
297 static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)298 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
299 {
300     OSSL_TRACE(INIT, "engine_load_dynamic_int()\n");
301     engine_load_dynamic_int();
302     return 1;
303 }
304 # ifndef OPENSSL_NO_STATIC_ENGINE
305 #  ifndef OPENSSL_NO_DEVCRYPTOENG
306 static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)307 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
308 {
309     OSSL_TRACE(INIT, "engine_load_devcrypto_int()\n");
310     engine_load_devcrypto_int();
311     return 1;
312 }
313 #  endif
314 #  if !defined(OPENSSL_NO_PADLOCKENG)
315 static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)316 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
317 {
318     OSSL_TRACE(INIT, "engine_load_padlock_int()\n");
319     engine_load_padlock_int();
320     return 1;
321 }
322 #  endif
323 #  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
324 static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)325 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
326 {
327     OSSL_TRACE(INIT, "engine_load_capi_int()\n");
328     engine_load_capi_int();
329     return 1;
330 }
331 #  endif
332 #  if !defined(OPENSSL_NO_AFALGENG)
333 static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)334 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
335 {
336     OSSL_TRACE(INIT, "engine_load_afalg_int()\n");
337     engine_load_afalg_int();
338     return 1;
339 }
340 #  endif
341 # endif
342 #endif
343 
OPENSSL_cleanup(void)344 void OPENSSL_cleanup(void)
345 {
346     OPENSSL_INIT_STOP *currhandler, *lasthandler;
347 
348     /*
349      * At some point we should consider looking at this function with a view to
350      * moving most/all of this into onfree handlers in OSSL_LIB_CTX.
351      */
352 
353     /* If we've not been inited then no need to deinit */
354     if (!base_inited)
355         return;
356 
357     /* Might be explicitly called and also by atexit */
358     if (stopped)
359         return;
360     stopped = 1;
361 
362     /*
363      * Thread stop may not get automatically called by the thread library for
364      * the very last thread in some situations, so call it directly.
365      */
366     OPENSSL_thread_stop();
367 
368     currhandler = stop_handlers;
369     while (currhandler != NULL) {
370         currhandler->handler();
371         lasthandler = currhandler;
372         currhandler = currhandler->next;
373         OPENSSL_free(lasthandler);
374     }
375     stop_handlers = NULL;
376 
377     CRYPTO_THREAD_lock_free(optsdone_lock);
378     optsdone_lock = NULL;
379     CRYPTO_THREAD_lock_free(init_lock);
380     init_lock = NULL;
381 
382     CRYPTO_THREAD_cleanup_local(&in_init_config_local);
383 
384     /*
385      * We assume we are single-threaded for this function, i.e. no race
386      * conditions for the various "*_inited" vars below.
387      */
388 
389 #ifndef OPENSSL_NO_COMP
390     OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_comp_zlib_cleanup()\n");
391     ossl_comp_zlib_cleanup();
392 #endif
393 
394     if (async_inited) {
395         OSSL_TRACE(INIT, "OPENSSL_cleanup: async_deinit()\n");
396         async_deinit();
397     }
398 
399     /*
400      * Note that cleanup order is important:
401      * - ossl_rand_cleanup_int could call an ENGINE's RAND cleanup function so
402      * must be called before engine_cleanup_int()
403      * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
404      * before the ex data handlers are wiped during default ossl_lib_ctx deinit.
405      * - ossl_config_modules_free() can end up in ENGINE code so must be called
406      * before engine_cleanup_int()
407      * - ENGINEs and additional EVP algorithms might use added OIDs names so
408      * ossl_obj_cleanup_int() must be called last
409      */
410     OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_rand_cleanup_int()\n");
411     ossl_rand_cleanup_int();
412 
413     OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_config_modules_free()\n");
414     ossl_config_modules_free();
415 
416 #ifndef OPENSSL_NO_ENGINE
417     OSSL_TRACE(INIT, "OPENSSL_cleanup: engine_cleanup_int()\n");
418     engine_cleanup_int();
419 #endif
420 
421 #ifndef OPENSSL_NO_DEPRECATED_3_0
422     OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_store_cleanup_int()\n");
423     ossl_store_cleanup_int();
424 #endif
425 
426     OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_lib_ctx_default_deinit()\n");
427     ossl_lib_ctx_default_deinit();
428 
429     ossl_cleanup_thread();
430 
431     OSSL_TRACE(INIT, "OPENSSL_cleanup: bio_cleanup()\n");
432     bio_cleanup();
433 
434     OSSL_TRACE(INIT, "OPENSSL_cleanup: evp_cleanup_int()\n");
435     evp_cleanup_int();
436 
437     OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_obj_cleanup_int()\n");
438     ossl_obj_cleanup_int();
439 
440     OSSL_TRACE(INIT, "OPENSSL_cleanup: err_int()\n");
441     err_cleanup();
442 
443     OSSL_TRACE(INIT, "OPENSSL_cleanup: CRYPTO_secure_malloc_done()\n");
444     CRYPTO_secure_malloc_done();
445 
446 #ifndef OPENSSL_NO_CMP
447     OSSL_TRACE(INIT, "OPENSSL_cleanup: OSSL_CMP_log_close()\n");
448     OSSL_CMP_log_close();
449 #endif
450 
451     OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_trace_cleanup()\n");
452     ossl_trace_cleanup();
453 
454     base_inited = 0;
455 }
456 
457 /*
458  * If this function is called with a non NULL settings value then it must be
459  * called prior to any threads making calls to any OpenSSL functions,
460  * i.e. passing a non-null settings value is assumed to be single-threaded.
461  */
OPENSSL_init_crypto(uint64_t opts,const OPENSSL_INIT_SETTINGS * settings)462 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
463 {
464     uint64_t tmp;
465     int aloaddone = 0;
466 
467    /* Applications depend on 0 being returned when cleanup was already done */
468     if (stopped) {
469         if (!(opts & OPENSSL_INIT_BASE_ONLY))
470             ERR_raise(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL);
471         return 0;
472     }
473 
474     /*
475      * We ignore failures from this function. It is probably because we are
476      * on a platform that doesn't support lockless atomic loads (we may not
477      * have created optsdone_lock yet so we can't use it). This is just an
478      * optimisation to skip the full checks in this function if we don't need
479      * to, so we carry on regardless in the event of failure.
480      *
481      * There could be a race here with other threads, so that optsdone has not
482      * been updated yet, even though the options have in fact been initialised.
483      * This doesn't matter - it just means we will run the full function
484      * unnecessarily - but all the critical code is contained in RUN_ONCE
485      * functions anyway so we are safe.
486      */
487     if (CRYPTO_atomic_load(&optsdone, &tmp, NULL)) {
488         if ((tmp & opts) == opts)
489             return 1;
490         aloaddone = 1;
491     }
492 
493     /*
494      * At some point we should look at this function with a view to moving
495      * most/all of this into OSSL_LIB_CTX.
496      *
497      * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the
498      * *only* option specified.  With that option we return immediately after
499      * doing the requested limited initialization.  Note that
500      * err_shelve_state() called by us via ossl_init_load_crypto_nodelete()
501      * re-enters OPENSSL_init_crypto() with OPENSSL_INIT_BASE_ONLY, but with
502      * base already initialized this is a harmless NOOP.
503      *
504      * If we remain the only caller of err_shelve_state() the recursion should
505      * perhaps be removed, but if in doubt, it can be left in place.
506      */
507     if (!RUN_ONCE(&base, ossl_init_base))
508         return 0;
509 
510     if (opts & OPENSSL_INIT_BASE_ONLY)
511         return 1;
512 
513     /*
514      * optsdone_lock should definitely be set up now, so we can now repeat the
515      * same check from above but be sure that it will work even on platforms
516      * without lockless CRYPTO_atomic_load
517      */
518     if (!aloaddone) {
519         if (!CRYPTO_atomic_load(&optsdone, &tmp, optsdone_lock))
520             return 0;
521         if ((tmp & opts) == opts)
522             return 1;
523     }
524 
525     /*
526      * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls
527      * should not have the side-effect of setting up exit handlers, and
528      * therefore, this code block is below the INIT_BASE_ONLY-conditioned early
529      * return above.
530      */
531     if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) {
532         if (!RUN_ONCE_ALT(&register_atexit, ossl_init_no_register_atexit,
533                           ossl_init_register_atexit))
534             return 0;
535     } else if (!RUN_ONCE(&register_atexit, ossl_init_register_atexit)) {
536         return 0;
537     }
538 
539     if (!RUN_ONCE(&load_crypto_nodelete, ossl_init_load_crypto_nodelete))
540         return 0;
541 
542     if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
543             && !RUN_ONCE_ALT(&load_crypto_strings,
544                              ossl_init_no_load_crypto_strings,
545                              ossl_init_load_crypto_strings))
546         return 0;
547 
548     if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
549             && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
550         return 0;
551 
552     if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
553             && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers,
554                              ossl_init_add_all_ciphers))
555         return 0;
556 
557     if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
558             && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
559         return 0;
560 
561     if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
562             && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests,
563                              ossl_init_add_all_digests))
564         return 0;
565 
566     if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
567             && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
568         return 0;
569 
570     if ((opts & OPENSSL_INIT_ATFORK)
571             && !openssl_init_fork_handlers())
572         return 0;
573 
574     if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
575             && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config))
576         return 0;
577 
578     if (opts & OPENSSL_INIT_LOAD_CONFIG) {
579         int loading = CRYPTO_THREAD_get_local(&in_init_config_local) != NULL;
580 
581         /* If called recursively from OBJ_ calls, just skip it. */
582         if (!loading) {
583             int ret;
584 
585             if (!CRYPTO_THREAD_set_local(&in_init_config_local, (void *)-1))
586                 return 0;
587             if (settings == NULL) {
588                 ret = RUN_ONCE(&config, ossl_init_config);
589             } else {
590                 if (!CRYPTO_THREAD_write_lock(init_lock))
591                     return 0;
592                 conf_settings = settings;
593                 ret = RUN_ONCE_ALT(&config, ossl_init_config_settings,
594                                    ossl_init_config);
595                 conf_settings = NULL;
596                 CRYPTO_THREAD_unlock(init_lock);
597             }
598 
599             if (ret <= 0)
600                 return 0;
601         }
602     }
603 
604     if ((opts & OPENSSL_INIT_ASYNC)
605             && !RUN_ONCE(&async, ossl_init_async))
606         return 0;
607 
608 #ifndef OPENSSL_NO_ENGINE
609     if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
610             && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
611         return 0;
612 # ifndef OPENSSL_NO_RDRAND
613     if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
614             && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
615         return 0;
616 # endif
617     if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
618             && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
619         return 0;
620 # ifndef OPENSSL_NO_STATIC_ENGINE
621 #  ifndef OPENSSL_NO_DEVCRYPTOENG
622     if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
623             && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
624         return 0;
625 #  endif
626 #  if !defined(OPENSSL_NO_PADLOCKENG)
627     if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
628             && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
629         return 0;
630 #  endif
631 #  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
632     if ((opts & OPENSSL_INIT_ENGINE_CAPI)
633             && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
634         return 0;
635 #  endif
636 #  if !defined(OPENSSL_NO_AFALGENG)
637     if ((opts & OPENSSL_INIT_ENGINE_AFALG)
638             && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
639         return 0;
640 #  endif
641 # endif
642     if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
643                 | OPENSSL_INIT_ENGINE_OPENSSL
644                 | OPENSSL_INIT_ENGINE_AFALG)) {
645         ENGINE_register_all_complete();
646     }
647 #endif
648 
649     if (!CRYPTO_atomic_or(&optsdone, opts, &tmp, optsdone_lock))
650         return 0;
651 
652     return 1;
653 }
654 
OPENSSL_atexit(void (* handler)(void))655 int OPENSSL_atexit(void (*handler)(void))
656 {
657     OPENSSL_INIT_STOP *newhand;
658 
659 #if !defined(OPENSSL_USE_NODELETE)\
660     && !defined(OPENSSL_NO_PINSHARED)
661     {
662 # if defined(DSO_WIN32) && !defined(_WIN32_WCE)
663         HMODULE handle = NULL;
664         BOOL ret;
665         union {
666             void *sym;
667             void (*func)(void);
668         } handlersym;
669 
670         handlersym.func = handler;
671 
672         /*
673          * We don't use the DSO route for WIN32 because there is a better
674          * way
675          */
676         ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
677                                 | GET_MODULE_HANDLE_EX_FLAG_PIN,
678                                 handlersym.sym, &handle);
679 
680         if (!ret)
681             return 0;
682 # elif !defined(DSO_NONE)
683         /*
684          * Deliberately leak a reference to the handler. This will force the
685          * library/code containing the handler to remain loaded until we run the
686          * atexit handler. If -znodelete has been used then this is
687          * unnecessary.
688          */
689         DSO *dso = NULL;
690         union {
691             void *sym;
692             void (*func)(void);
693         } handlersym;
694 
695         handlersym.func = handler;
696 
697         ERR_set_mark();
698         dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
699         /* See same code above in ossl_init_base() for an explanation. */
700         OSSL_TRACE1(INIT,
701                    "atexit: obtained DSO reference? %s\n",
702                    (dso == NULL ? "No!" : "Yes."));
703         DSO_free(dso);
704         ERR_pop_to_mark();
705 # endif
706     }
707 #endif
708 
709     if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) {
710         ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
711         return 0;
712     }
713 
714     newhand->handler = handler;
715     newhand->next = stop_handlers;
716     stop_handlers = newhand;
717 
718     return 1;
719 }
720 
721