1 /* 2 * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "e_os.h" 11 #include "crypto/cryptlib.h" 12 #include <openssl/err.h> 13 #include "crypto/rand.h" 14 #include "internal/bio.h" 15 #include <openssl/evp.h> 16 #include "crypto/evp.h" 17 #include "internal/conf.h" 18 #include "crypto/async.h" 19 #include "crypto/engine.h" 20 #include "internal/comp.h" 21 #include "internal/err.h" 22 #include "crypto/err.h" 23 #include "crypto/objects.h" 24 #include <stdlib.h> 25 #include <assert.h> 26 #include "internal/thread_once.h" 27 #include "crypto/dso_conf.h" 28 #include "internal/dso.h" 29 #include "crypto/store.h" 30 31 static int stopped = 0; 32 33 /* 34 * Since per-thread-specific-data destructors are not universally 35 * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key 36 * is assumed to have destructor associated. And then an effort is made 37 * to call this single destructor on non-pthread platform[s]. 38 * 39 * Initial value is "impossible". It is used as guard value to shortcut 40 * destructor for threads terminating before libcrypto is initialized or 41 * after it's de-initialized. Access to the key doesn't have to be 42 * serialized for the said threads, because they didn't use libcrypto 43 * and it doesn't matter if they pick "impossible" or dereference real 44 * key value and pull NULL past initialization in the first thread that 45 * intends to use libcrypto. 46 */ 47 static union { 48 long sane; 49 CRYPTO_THREAD_LOCAL value; 50 } destructor_key = { -1 }; 51 52 static void ossl_init_thread_stop(struct thread_local_inits_st *locals); 53 54 static void ossl_init_thread_destructor(void *local) 55 { 56 ossl_init_thread_stop((struct thread_local_inits_st *)local); 57 } 58 59 static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc) 60 { 61 struct thread_local_inits_st *local = 62 CRYPTO_THREAD_get_local(&destructor_key.value); 63 64 if (alloc) { 65 if (local == NULL 66 && (local = OPENSSL_zalloc(sizeof(*local))) != NULL 67 && !CRYPTO_THREAD_set_local(&destructor_key.value, local)) { 68 OPENSSL_free(local); 69 return NULL; 70 } 71 } else { 72 CRYPTO_THREAD_set_local(&destructor_key.value, NULL); 73 } 74 75 return local; 76 } 77 78 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP; 79 struct ossl_init_stop_st { 80 void (*handler)(void); 81 OPENSSL_INIT_STOP *next; 82 }; 83 84 static OPENSSL_INIT_STOP *stop_handlers = NULL; 85 static CRYPTO_RWLOCK *init_lock = NULL; 86 87 static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT; 88 static int base_inited = 0; 89 DEFINE_RUN_ONCE_STATIC(ossl_init_base) 90 { 91 CRYPTO_THREAD_LOCAL key; 92 93 #ifdef OPENSSL_INIT_DEBUG 94 fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n"); 95 #endif 96 #ifndef OPENSSL_NO_CRYPTO_MDEBUG 97 ossl_malloc_setup_failures(); 98 #endif 99 if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor)) 100 return 0; 101 if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) 102 goto err; 103 OPENSSL_cpuid_setup(); 104 105 destructor_key.value = key; 106 base_inited = 1; 107 return 1; 108 109 err: 110 #ifdef OPENSSL_INIT_DEBUG 111 fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n"); 112 #endif 113 CRYPTO_THREAD_lock_free(init_lock); 114 init_lock = NULL; 115 116 CRYPTO_THREAD_cleanup_local(&key); 117 return 0; 118 } 119 120 static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT; 121 #if !defined(OPENSSL_SYS_UEFI) && defined(_WIN32) 122 static int win32atexit(void) 123 { 124 OPENSSL_cleanup(); 125 return 0; 126 } 127 #endif 128 129 DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit) 130 { 131 #ifdef OPENSSL_INIT_DEBUG 132 fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n"); 133 #endif 134 #ifndef OPENSSL_SYS_UEFI 135 # ifdef _WIN32 136 /* We use _onexit() in preference because it gets called on DLL unload */ 137 if (_onexit(win32atexit) == NULL) 138 return 0; 139 # else 140 if (atexit(OPENSSL_cleanup) != 0) 141 return 0; 142 # endif 143 #endif 144 145 return 1; 146 } 147 148 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit, 149 ossl_init_register_atexit) 150 { 151 #ifdef OPENSSL_INIT_DEBUG 152 fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n"); 153 #endif 154 /* Do nothing in this case */ 155 return 1; 156 } 157 158 static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT; 159 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) 160 { 161 #ifdef OPENSSL_INIT_DEBUG 162 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n"); 163 #endif 164 #if !defined(OPENSSL_USE_NODELETE) \ 165 && !defined(OPENSSL_NO_PINSHARED) 166 # if defined(DSO_WIN32) && !defined(_WIN32_WCE) 167 { 168 HMODULE handle = NULL; 169 BOOL ret; 170 171 /* We don't use the DSO route for WIN32 because there is a better way */ 172 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS 173 | GET_MODULE_HANDLE_EX_FLAG_PIN, 174 (void *)&base_inited, &handle); 175 176 # ifdef OPENSSL_INIT_DEBUG 177 fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n", 178 (ret == TRUE ? "No!" : "Yes.")); 179 # endif 180 return (ret == TRUE) ? 1 : 0; 181 } 182 # elif !defined(DSO_NONE) 183 /* 184 * Deliberately leak a reference to ourselves. This will force the library 185 * to remain loaded until the atexit() handler is run at process exit. 186 */ 187 { 188 DSO *dso; 189 void *err; 190 191 if (!err_shelve_state(&err)) 192 return 0; 193 194 dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE); 195 # ifdef OPENSSL_INIT_DEBUG 196 fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n", 197 (dso == NULL ? "No!" : "Yes.")); 198 /* 199 * In case of No!, it is uncertain our exit()-handlers can still be 200 * called. After dlclose() the whole library might have been unloaded 201 * already. 202 */ 203 # endif 204 DSO_free(dso); 205 err_unshelve_state(err); 206 } 207 # endif 208 #endif 209 210 return 1; 211 } 212 213 static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT; 214 215 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings) 216 { 217 int ret = 1; 218 /* 219 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time 220 * pulling in all the error strings during static linking 221 */ 222 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) 223 # ifdef OPENSSL_INIT_DEBUG 224 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: " 225 "err_load_crypto_strings_int()\n"); 226 # endif 227 ret = err_load_crypto_strings_int(); 228 #endif 229 return ret; 230 } 231 232 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings, 233 ossl_init_load_crypto_strings) 234 { 235 /* Do nothing in this case */ 236 return 1; 237 } 238 239 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT; 240 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers) 241 { 242 /* 243 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time 244 * pulling in all the ciphers during static linking 245 */ 246 #ifndef OPENSSL_NO_AUTOALGINIT 247 # ifdef OPENSSL_INIT_DEBUG 248 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: " 249 "openssl_add_all_ciphers_int()\n"); 250 # endif 251 openssl_add_all_ciphers_int(); 252 #endif 253 return 1; 254 } 255 256 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers, 257 ossl_init_add_all_ciphers) 258 { 259 /* Do nothing */ 260 return 1; 261 } 262 263 static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT; 264 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests) 265 { 266 /* 267 * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time 268 * pulling in all the ciphers during static linking 269 */ 270 #ifndef OPENSSL_NO_AUTOALGINIT 271 # ifdef OPENSSL_INIT_DEBUG 272 fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: " 273 "openssl_add_all_digests()\n"); 274 # endif 275 openssl_add_all_digests_int(); 276 #endif 277 return 1; 278 } 279 280 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests, 281 ossl_init_add_all_digests) 282 { 283 /* Do nothing */ 284 return 1; 285 } 286 287 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT; 288 static int config_inited = 0; 289 static const OPENSSL_INIT_SETTINGS *conf_settings = NULL; 290 DEFINE_RUN_ONCE_STATIC(ossl_init_config) 291 { 292 int ret = openssl_config_int(conf_settings); 293 config_inited = 1; 294 return ret; 295 } 296 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config) 297 { 298 #ifdef OPENSSL_INIT_DEBUG 299 fprintf(stderr, 300 "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n"); 301 #endif 302 openssl_no_config_int(); 303 config_inited = 1; 304 return 1; 305 } 306 307 static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT; 308 static int async_inited = 0; 309 DEFINE_RUN_ONCE_STATIC(ossl_init_async) 310 { 311 #ifdef OPENSSL_INIT_DEBUG 312 fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n"); 313 #endif 314 if (!async_init()) 315 return 0; 316 async_inited = 1; 317 return 1; 318 } 319 320 #ifndef OPENSSL_NO_ENGINE 321 static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT; 322 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl) 323 { 324 # ifdef OPENSSL_INIT_DEBUG 325 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: " 326 "engine_load_openssl_int()\n"); 327 # endif 328 engine_load_openssl_int(); 329 return 1; 330 } 331 # ifndef OPENSSL_NO_DEVCRYPTOENG 332 static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT; 333 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto) 334 { 335 # ifdef OPENSSL_INIT_DEBUG 336 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: " 337 "engine_load_devcrypto_int()\n"); 338 # endif 339 engine_load_devcrypto_int(); 340 return 1; 341 } 342 # endif 343 344 # ifndef OPENSSL_NO_RDRAND 345 static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT; 346 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand) 347 { 348 # ifdef OPENSSL_INIT_DEBUG 349 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: " 350 "engine_load_rdrand_int()\n"); 351 # endif 352 engine_load_rdrand_int(); 353 return 1; 354 } 355 # endif 356 static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT; 357 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic) 358 { 359 # ifdef OPENSSL_INIT_DEBUG 360 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: " 361 "engine_load_dynamic_int()\n"); 362 # endif 363 engine_load_dynamic_int(); 364 return 1; 365 } 366 # ifndef OPENSSL_NO_STATIC_ENGINE 367 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) 368 static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT; 369 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock) 370 { 371 # ifdef OPENSSL_INIT_DEBUG 372 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: " 373 "engine_load_padlock_int()\n"); 374 # endif 375 engine_load_padlock_int(); 376 return 1; 377 } 378 # endif 379 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) 380 static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT; 381 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi) 382 { 383 # ifdef OPENSSL_INIT_DEBUG 384 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: " 385 "engine_load_capi_int()\n"); 386 # endif 387 engine_load_capi_int(); 388 return 1; 389 } 390 # endif 391 # if !defined(OPENSSL_NO_AFALGENG) 392 static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT; 393 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg) 394 { 395 # ifdef OPENSSL_INIT_DEBUG 396 fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: " 397 "engine_load_afalg_int()\n"); 398 # endif 399 engine_load_afalg_int(); 400 return 1; 401 } 402 # endif 403 # endif 404 #endif 405 406 #ifndef OPENSSL_NO_COMP 407 static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT; 408 409 static int zlib_inited = 0; 410 DEFINE_RUN_ONCE_STATIC(ossl_init_zlib) 411 { 412 /* Do nothing - we need to know about this for the later cleanup */ 413 zlib_inited = 1; 414 return 1; 415 } 416 #endif 417 418 static void ossl_init_thread_stop(struct thread_local_inits_st *locals) 419 { 420 /* Can't do much about this */ 421 if (locals == NULL) 422 return; 423 424 if (locals->async) { 425 #ifdef OPENSSL_INIT_DEBUG 426 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " 427 "async_delete_thread_state()\n"); 428 #endif 429 async_delete_thread_state(); 430 } 431 432 if (locals->err_state) { 433 #ifdef OPENSSL_INIT_DEBUG 434 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " 435 "err_delete_thread_state()\n"); 436 #endif 437 err_delete_thread_state(); 438 } 439 440 if (locals->rand) { 441 #ifdef OPENSSL_INIT_DEBUG 442 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " 443 "drbg_delete_thread_state()\n"); 444 #endif 445 drbg_delete_thread_state(); 446 } 447 448 OPENSSL_free(locals); 449 } 450 451 void OPENSSL_thread_stop(void) 452 { 453 if (destructor_key.sane != -1) 454 ossl_init_thread_stop(ossl_init_get_thread_local(0)); 455 } 456 457 int ossl_init_thread_start(uint64_t opts) 458 { 459 struct thread_local_inits_st *locals; 460 461 if (!OPENSSL_init_crypto(0, NULL)) 462 return 0; 463 464 locals = ossl_init_get_thread_local(1); 465 466 if (locals == NULL) 467 return 0; 468 469 if (opts & OPENSSL_INIT_THREAD_ASYNC) { 470 #ifdef OPENSSL_INIT_DEBUG 471 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: " 472 "marking thread for async\n"); 473 #endif 474 locals->async = 1; 475 } 476 477 if (opts & OPENSSL_INIT_THREAD_ERR_STATE) { 478 #ifdef OPENSSL_INIT_DEBUG 479 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: " 480 "marking thread for err_state\n"); 481 #endif 482 locals->err_state = 1; 483 } 484 485 if (opts & OPENSSL_INIT_THREAD_RAND) { 486 #ifdef OPENSSL_INIT_DEBUG 487 fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: " 488 "marking thread for rand\n"); 489 #endif 490 locals->rand = 1; 491 } 492 493 return 1; 494 } 495 496 void OPENSSL_cleanup(void) 497 { 498 OPENSSL_INIT_STOP *currhandler, *lasthandler; 499 CRYPTO_THREAD_LOCAL key; 500 501 /* If we've not been inited then no need to deinit */ 502 if (!base_inited) 503 return; 504 505 /* Might be explicitly called and also by atexit */ 506 if (stopped) 507 return; 508 stopped = 1; 509 510 /* 511 * Thread stop may not get automatically called by the thread library for 512 * the very last thread in some situations, so call it directly. 513 */ 514 ossl_init_thread_stop(ossl_init_get_thread_local(0)); 515 516 currhandler = stop_handlers; 517 while (currhandler != NULL) { 518 currhandler->handler(); 519 lasthandler = currhandler; 520 currhandler = currhandler->next; 521 OPENSSL_free(lasthandler); 522 } 523 stop_handlers = NULL; 524 525 CRYPTO_THREAD_lock_free(init_lock); 526 init_lock = NULL; 527 528 /* 529 * We assume we are single-threaded for this function, i.e. no race 530 * conditions for the various "*_inited" vars below. 531 */ 532 533 #ifndef OPENSSL_NO_COMP 534 if (zlib_inited) { 535 #ifdef OPENSSL_INIT_DEBUG 536 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 537 "comp_zlib_cleanup_int()\n"); 538 #endif 539 comp_zlib_cleanup_int(); 540 } 541 #endif 542 543 if (async_inited) { 544 # ifdef OPENSSL_INIT_DEBUG 545 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 546 "async_deinit()\n"); 547 # endif 548 async_deinit(); 549 } 550 551 key = destructor_key.value; 552 destructor_key.sane = -1; 553 CRYPTO_THREAD_cleanup_local(&key); 554 555 #ifdef OPENSSL_INIT_DEBUG 556 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 557 "rand_cleanup_int()\n"); 558 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 559 "conf_modules_free_int()\n"); 560 #ifndef OPENSSL_NO_ENGINE 561 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 562 "engine_cleanup_int()\n"); 563 #endif 564 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 565 "crypto_cleanup_all_ex_data_int()\n"); 566 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 567 "bio_sock_cleanup_int()\n"); 568 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 569 "bio_cleanup()\n"); 570 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 571 "evp_cleanup_int()\n"); 572 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 573 "obj_cleanup_int()\n"); 574 fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " 575 "err_cleanup()\n"); 576 #endif 577 /* 578 * Note that cleanup order is important: 579 * - rand_cleanup_int could call an ENGINE's RAND cleanup function so 580 * must be called before engine_cleanup_int() 581 * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up 582 * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data(). 583 * - conf_modules_free_int() can end up in ENGINE code so must be called 584 * before engine_cleanup_int() 585 * - ENGINEs and additional EVP algorithms might use added OIDs names so 586 * obj_cleanup_int() must be called last 587 */ 588 rand_cleanup_int(); 589 rand_drbg_cleanup_int(); 590 conf_modules_free_int(); 591 #ifndef OPENSSL_NO_ENGINE 592 engine_cleanup_int(); 593 #endif 594 ossl_store_cleanup_int(); 595 crypto_cleanup_all_ex_data_int(); 596 bio_cleanup(); 597 evp_cleanup_int(); 598 obj_cleanup_int(); 599 err_cleanup(); 600 601 CRYPTO_secure_malloc_done(); 602 603 base_inited = 0; 604 } 605 606 /* 607 * If this function is called with a non NULL settings value then it must be 608 * called prior to any threads making calls to any OpenSSL functions, 609 * i.e. passing a non-null settings value is assumed to be single-threaded. 610 */ 611 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) 612 { 613 if (stopped) { 614 if (!(opts & OPENSSL_INIT_BASE_ONLY)) 615 CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL); 616 return 0; 617 } 618 619 /* 620 * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the 621 * *only* option specified. With that option we return immediately after 622 * doing the requested limited initialization. Note that 623 * err_shelve_state() called by us via ossl_init_load_crypto_nodelete() 624 * re-enters OPENSSL_init_crypto() with OPENSSL_INIT_BASE_ONLY, but with 625 * base already initialized this is a harmless NOOP. 626 * 627 * If we remain the only caller of err_shelve_state() the recursion should 628 * perhaps be removed, but if in doubt, it can be left in place. 629 */ 630 if (!RUN_ONCE(&base, ossl_init_base)) 631 return 0; 632 if (opts & OPENSSL_INIT_BASE_ONLY) 633 return 1; 634 635 /* 636 * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls 637 * should not have the side-effect of setting up exit handlers, and 638 * therefore, this code block is below the INIT_BASE_ONLY-conditioned early 639 * return above. 640 */ 641 if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) { 642 if (!RUN_ONCE_ALT(®ister_atexit, ossl_init_no_register_atexit, 643 ossl_init_register_atexit)) 644 return 0; 645 } else if (!RUN_ONCE(®ister_atexit, ossl_init_register_atexit)) { 646 return 0; 647 } 648 649 if (!RUN_ONCE(&load_crypto_nodelete, ossl_init_load_crypto_nodelete)) 650 return 0; 651 652 if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS) 653 && !RUN_ONCE_ALT(&load_crypto_strings, 654 ossl_init_no_load_crypto_strings, 655 ossl_init_load_crypto_strings)) 656 return 0; 657 658 if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS) 659 && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings)) 660 return 0; 661 662 if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS) 663 && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers, 664 ossl_init_add_all_ciphers)) 665 return 0; 666 667 if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS) 668 && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers)) 669 return 0; 670 671 if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS) 672 && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests, 673 ossl_init_add_all_digests)) 674 return 0; 675 676 if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS) 677 && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests)) 678 return 0; 679 680 if ((opts & OPENSSL_INIT_ATFORK) 681 && !openssl_init_fork_handlers()) 682 return 0; 683 684 if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) 685 && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config)) 686 return 0; 687 688 if (opts & OPENSSL_INIT_LOAD_CONFIG) { 689 int ret; 690 CRYPTO_THREAD_write_lock(init_lock); 691 conf_settings = settings; 692 ret = RUN_ONCE(&config, ossl_init_config); 693 conf_settings = NULL; 694 CRYPTO_THREAD_unlock(init_lock); 695 if (ret <= 0) 696 return 0; 697 } 698 699 if ((opts & OPENSSL_INIT_ASYNC) 700 && !RUN_ONCE(&async, ossl_init_async)) 701 return 0; 702 703 #ifndef OPENSSL_NO_ENGINE 704 if ((opts & OPENSSL_INIT_ENGINE_OPENSSL) 705 && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl)) 706 return 0; 707 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG) 708 if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV) 709 && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto)) 710 return 0; 711 # endif 712 # ifndef OPENSSL_NO_RDRAND 713 if ((opts & OPENSSL_INIT_ENGINE_RDRAND) 714 && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand)) 715 return 0; 716 # endif 717 if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC) 718 && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic)) 719 return 0; 720 # ifndef OPENSSL_NO_STATIC_ENGINE 721 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) 722 if ((opts & OPENSSL_INIT_ENGINE_PADLOCK) 723 && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock)) 724 return 0; 725 # endif 726 # if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) 727 if ((opts & OPENSSL_INIT_ENGINE_CAPI) 728 && !RUN_ONCE(&engine_capi, ossl_init_engine_capi)) 729 return 0; 730 # endif 731 # if !defined(OPENSSL_NO_AFALGENG) 732 if ((opts & OPENSSL_INIT_ENGINE_AFALG) 733 && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg)) 734 return 0; 735 # endif 736 # endif 737 if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN 738 | OPENSSL_INIT_ENGINE_OPENSSL 739 | OPENSSL_INIT_ENGINE_AFALG)) { 740 ENGINE_register_all_complete(); 741 } 742 #endif 743 744 #ifndef OPENSSL_NO_COMP 745 if ((opts & OPENSSL_INIT_ZLIB) 746 && !RUN_ONCE(&zlib, ossl_init_zlib)) 747 return 0; 748 #endif 749 750 return 1; 751 } 752 753 int OPENSSL_atexit(void (*handler)(void)) 754 { 755 OPENSSL_INIT_STOP *newhand; 756 757 #if !defined(OPENSSL_USE_NODELETE)\ 758 && !defined(OPENSSL_NO_PINSHARED) 759 { 760 union { 761 void *sym; 762 void (*func)(void); 763 } handlersym; 764 765 handlersym.func = handler; 766 # if defined(DSO_WIN32) && !defined(_WIN32_WCE) 767 { 768 HMODULE handle = NULL; 769 BOOL ret; 770 771 /* 772 * We don't use the DSO route for WIN32 because there is a better 773 * way 774 */ 775 ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS 776 | GET_MODULE_HANDLE_EX_FLAG_PIN, 777 handlersym.sym, &handle); 778 779 if (!ret) 780 return 0; 781 } 782 # elif !defined(DSO_NONE) 783 /* 784 * Deliberately leak a reference to the handler. This will force the 785 * library/code containing the handler to remain loaded until we run the 786 * atexit handler. If -znodelete has been used then this is 787 * unnecessary. 788 */ 789 { 790 DSO *dso = NULL; 791 792 ERR_set_mark(); 793 dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); 794 # ifdef OPENSSL_INIT_DEBUG 795 fprintf(stderr, 796 "OPENSSL_INIT: OPENSSL_atexit: obtained DSO reference? %s\n", 797 (dso == NULL ? "No!" : "Yes.")); 798 /* See same code above in ossl_init_base() for an explanation. */ 799 # endif 800 DSO_free(dso); 801 ERR_pop_to_mark(); 802 } 803 # endif 804 } 805 #endif 806 807 if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) { 808 CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE); 809 return 0; 810 } 811 812 newhand->handler = handler; 813 newhand->next = stop_handlers; 814 stop_handlers = newhand; 815 816 return 1; 817 } 818 819 #ifdef OPENSSL_SYS_UNIX 820 /* 821 * The following three functions are for OpenSSL developers. This is 822 * where we set/reset state across fork (called via pthread_atfork when 823 * it exists, or manually by the application when it doesn't). 824 * 825 * WARNING! If you put code in either OPENSSL_fork_parent or 826 * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal- 827 * safe. See this link, for example: 828 * http://man7.org/linux/man-pages/man7/signal-safety.7.html 829 */ 830 831 void OPENSSL_fork_prepare(void) 832 { 833 } 834 835 void OPENSSL_fork_parent(void) 836 { 837 } 838 839 void OPENSSL_fork_child(void) 840 { 841 } 842 #endif 843