1=pod
2
3=head1 NAME
4
5OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free,
6OPENSSL_init_crypto, OPENSSL_cleanup,
7OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL
8initialisation and deinitialisation functions
9
10=head1 SYNOPSIS
11
12 #include <openssl/crypto.h>
13
14 void OPENSSL_cleanup(void);
15 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
16 int OPENSSL_atexit(void (*handler)(void));
17 void OPENSSL_thread_stop(void);
18
19 OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
20 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
21                                     const char* name);
22 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
23
24=head1 DESCRIPTION
25
26During normal operation OpenSSL (libcrypto) will allocate various resources at
27start up that must, subsequently, be freed on close down of the library.
28Additionally some resources are allocated on a per thread basis (if the
29application is multi-threaded), and these resources must be freed prior to the
30thread closing.
31
32As of version 1.1.0 OpenSSL will automatically allocate all resources that it
33needs so no explicit initialisation is required. Similarly it will also
34automatically deinitialise as required.
35
36However, there way be situations when explicit initialisation is desirable or
37needed, for example when some non-default initialisation is required. The
38function OPENSSL_init_crypto() can be used for this purpose for
39libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
40equivalent).
41
42Numerous internal OpenSSL functions call OPENSSL_init_crypto().
43Therefore, in order to perform non-default initialisation,
44OPENSSL_init_crypto() MUST be called by application code prior to
45any other OpenSSL function calls.
46
47The B<opts> parameter specifies which aspects of libcrypto should be
48initialised. Valid options are:
49
50=over 4
51
52=item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
53
54Suppress automatic loading of the libcrypto error strings. This option is
55not a default option. Once selected subsequent calls to
56OPENSSL_init_crypto() with the option
57B<OPENSSL_INIT_LOAD_CRYPTO_STRINGS> will be ignored.
58
59=item OPENSSL_INIT_LOAD_CRYPTO_STRINGS
60
61Automatic loading of the libcrypto error strings. With this option the
62library will automatically load the libcrypto error strings.
63This option is a default option. Once selected subsequent calls to
64OPENSSL_init_crypto() with the option
65B<OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS> will be ignored.
66
67=item OPENSSL_INIT_ADD_ALL_CIPHERS
68
69With this option the library will automatically load and make available all
70libcrypto ciphers. This option is a default option. Once selected subsequent
71calls to OPENSSL_init_crypto() with the option
72B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
73
74=item OPENSSL_INIT_ADD_ALL_DIGESTS
75
76With this option the library will automatically load and make available all
77libcrypto digests. This option is a default option. Once selected subsequent
78calls to OPENSSL_init_crypto() with the option
79B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
80
81=item OPENSSL_INIT_NO_ADD_ALL_CIPHERS
82
83With this option the library will suppress automatic loading of libcrypto
84ciphers. This option is not a default option. Once selected subsequent
85calls to OPENSSL_init_crypto() with the option
86B<OPENSSL_INIT_ADD_ALL_CIPHERS> will be ignored.
87
88=item OPENSSL_INIT_NO_ADD_ALL_DIGESTS
89
90With this option the library will suppress automatic loading of libcrypto
91digests. This option is not a default option. Once selected subsequent
92calls to OPENSSL_init_crypto() with the option
93B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
94
95=item OPENSSL_INIT_LOAD_CONFIG
96
97With this option an OpenSSL configuration file will be automatically loaded and
98used by calling OPENSSL_config(). This is not a default option for libcrypto.
99From OpenSSL 1.1.1 this is a default option for libssl (see
100L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the
101description of OPENSSL_INIT_new(), below.
102
103=item OPENSSL_INIT_NO_LOAD_CONFIG
104
105With this option the loading of OpenSSL configuration files will be suppressed.
106It is the equivalent of calling OPENSSL_no_config(). This is not a default
107option.
108
109=item OPENSSL_INIT_ASYNC
110
111With this option the library with automatically initialise the libcrypto async
112sub-library (see L<ASYNC_start_job(3)>). This is a default option.
113
114=item OPENSSL_INIT_ENGINE_RDRAND
115
116With this option the library will automatically load and initialise the
117RDRAND engine (if available). This not a default option.
118
119=item OPENSSL_INIT_ENGINE_DYNAMIC
120
121With this option the library will automatically load and initialise the
122dynamic engine. This not a default option.
123
124=item OPENSSL_INIT_ENGINE_OPENSSL
125
126With this option the library will automatically load and initialise the
127openssl engine. This not a default option.
128
129=item OPENSSL_INIT_ENGINE_CRYPTODEV
130
131With this option the library will automatically load and initialise the
132cryptodev engine (if available). This not a default option.
133
134=item OPENSSL_INIT_ENGINE_CAPI
135
136With this option the library will automatically load and initialise the
137CAPI engine (if available). This not a default option.
138
139=item OPENSSL_INIT_ENGINE_PADLOCK
140
141With this option the library will automatically load and initialise the
142padlock engine (if available). This not a default option.
143
144=item OPENSSL_INIT_ENGINE_AFALG
145
146With this option the library will automatically load and initialise the
147AFALG engine. This not a default option.
148
149=item OPENSSL_INIT_ENGINE_ALL_BUILTIN
150
151With this option the library will automatically load and initialise all the
152built in engines listed above with the exception of the openssl and afalg
153engines. This not a default option.
154
155=item OPENSSL_INIT_ATFORK
156
157With this option the library will register its fork handlers.
158See OPENSSL_fork_prepare(3) for details.
159
160=back
161
162Multiple options may be combined together in a single call to
163OPENSSL_init_crypto(). For example:
164
165 OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
166                     | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
167
168The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
169and libssl). All resources allocated by OpenSSL are freed. Typically there
170should be no need to call this function directly as it is initiated
171automatically on application exit. This is done via the standard C library
172atexit() function. In the event that the application will close in a manner
173that will not call the registered atexit() handlers then the application should
174call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL
175are discouraged from calling this function and should instead, typically, rely
176on auto-deinitialisation. This is to avoid error conditions where both an
177application and a library it depends on both use OpenSSL, and the library
178deinitialises it before the application has finished using it.
179
180Once OPENSSL_cleanup() has been called the library cannot be reinitialised.
181Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error
182will be added to the error stack. Note that because initialisation has failed
183OpenSSL error strings will not be available, only an error code. This code can
184be put through the openssl errstr command line application to produce a human
185readable error (see L<errstr(1)>).
186
187The OPENSSL_atexit() function enables the registration of a
188function to be called during OPENSSL_cleanup(). Stop handlers are
189called after deinitialisation of resources local to a thread, but before other
190process wide resources are freed. In the event that multiple stop handlers are
191registered, no guarantees are made about the order of execution.
192
193The OPENSSL_thread_stop() function deallocates resources associated
194with the current thread. Typically this function will be called automatically by
195the library when the thread exits. This should only be called directly if
196resources should be freed at an earlier time, or under the circumstances
197described in the NOTES section below.
198
199The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration
200file. For optional configuration file settings, an B<OPENSSL_INIT_SETTINGS>
201must be created and used.
202The routines OPENSSL_init_new() and OPENSSL_INIT_set_config_appname() can
203be used to allocate the object and set the application name, and then the
204object can be released with OPENSSL_INIT_free() when done.
205
206=head1 NOTES
207
208Resources local to a thread are deallocated automatically when the thread exits
209(e.g. in a pthreads environment, when pthread_exit() is called). On Windows
210platforms this is done in response to a DLL_THREAD_DETACH message being sent to
211the libcrypto32.dll entry point. Some windows functions may cause threads to exit
212without sending this message (for example ExitProcess()). If the application
213uses such functions, then the application must free up OpenSSL resources
214directly via a call to OPENSSL_thread_stop() on each thread. Similarly this
215message will also not be sent if OpenSSL is linked statically, and therefore
216applications using static linking should also call OPENSSL_thread_stop() on each
217thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the
218threads are not destroyed until after FreeLibrary() is called then each thread
219should call OPENSSL_thread_stop() prior to the FreeLibrary() call.
220
221On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is
222multi-threaded and if dlclose() is subsequently called prior to the threads
223being destroyed then OpenSSL will not be able to deallocate resources associated
224with those threads. The application should either call OPENSSL_thread_stop() on
225each thread prior to the dlclose() call, or alternatively the original dlopen()
226call should use the RTLD_NODELETE flag (where available on the platform).
227
228=head1 RETURN VALUES
229
230The functions OPENSSL_init_crypto, OPENSSL_atexit() and
231OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.
232
233=head1 SEE ALSO
234
235L<OPENSSL_init_ssl(3)>
236
237=head1 HISTORY
238
239The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
240OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname()
241and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.
242
243=head1 COPYRIGHT
244
245Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
246
247Licensed under the OpenSSL license (the "License").  You may not use
248this file except in compliance with the License.  You can obtain a copy
249in the file LICENSE in the source distribution or at
250L<https://www.openssl.org/source/license.html>.
251
252=cut
253