5 OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename,
6 OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags,
7 OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit,
8 OPENSSL_thread_stop - OpenSSL initialisation
9 and deinitialisation functions
13 #include <openssl/crypto.h>
15 void OPENSSL_cleanup(void);
16 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
17 int OPENSSL_atexit(void (*handler)(void));
18 void OPENSSL_thread_stop(void);
20 OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
21 int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
22 const char* filename);
23 int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init,
25 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
27 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
31 During normal operation OpenSSL (libcrypto) will allocate various resources at
32 start up that must, subsequently, be freed on close down of the library.
33 Additionally some resources are allocated on a per thread basis (if the
34 application is multi-threaded), and these resources must be freed prior to the
37 As of version 1.1.0 OpenSSL will automatically allocate all resources that it
38 needs so no explicit initialisation is required. Similarly it will also
39 automatically deinitialise as required.
41 However, there may be situations when explicit initialisation is desirable or
42 needed, for example when some nondefault initialisation is required. The
43 function OPENSSL_init_crypto() can be used for this purpose for
44 libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
47 Numerous internal OpenSSL functions call OPENSSL_init_crypto().
48 Therefore, in order to perform nondefault initialisation,
49 OPENSSL_init_crypto() MUST be called by application code prior to
50 any other OpenSSL function calls.
52 The B<opts> parameter specifies which aspects of libcrypto should be
53 initialised. Valid options are:
57 =item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
59 Suppress automatic loading of the libcrypto error strings. This option is
60 not a default option. Once selected subsequent calls to
61 OPENSSL_init_crypto() with the option
62 B<OPENSSL_INIT_LOAD_CRYPTO_STRINGS> will be ignored.
64 =item OPENSSL_INIT_LOAD_CRYPTO_STRINGS
66 Automatic loading of the libcrypto error strings. With this option the
67 library will automatically load the libcrypto error strings.
68 This option is a default option. Once selected subsequent calls to
69 OPENSSL_init_crypto() with the option
70 B<OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS> will be ignored.
72 =item OPENSSL_INIT_ADD_ALL_CIPHERS
74 With this option the library will automatically load and make available all
75 libcrypto ciphers. This option is a default option. Once selected subsequent
76 calls to OPENSSL_init_crypto() with the option
77 B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
79 =item OPENSSL_INIT_ADD_ALL_DIGESTS
81 With this option the library will automatically load and make available all
82 libcrypto digests. This option is a default option. Once selected subsequent
83 calls to OPENSSL_init_crypto() with the option
84 B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
86 =item OPENSSL_INIT_NO_ADD_ALL_CIPHERS
88 With this option the library will suppress automatic loading of libcrypto
89 ciphers. This option is not a default option. Once selected subsequent
90 calls to OPENSSL_init_crypto() with the option
91 B<OPENSSL_INIT_ADD_ALL_CIPHERS> will be ignored.
93 =item OPENSSL_INIT_NO_ADD_ALL_DIGESTS
95 With this option the library will suppress automatic loading of libcrypto
96 digests. This option is not a default option. Once selected subsequent
97 calls to OPENSSL_init_crypto() with the option
98 B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
100 =item OPENSSL_INIT_LOAD_CONFIG
102 With this option an OpenSSL configuration file will be automatically loaded and
103 used by calling OPENSSL_config(). This is not a default option for libcrypto.
104 As of OpenSSL 1.1.1 this is a default option for libssl (see
105 L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the
106 description of OPENSSL_INIT_new(), below.
108 =item OPENSSL_INIT_NO_LOAD_CONFIG
110 With this option the loading of OpenSSL configuration files will be suppressed.
111 It is the equivalent of calling OPENSSL_no_config(). This is not a default
114 =item OPENSSL_INIT_ASYNC
116 With this option the library with automatically initialise the libcrypto async
117 sub-library (see L<ASYNC_start_job(3)>). This is a default option.
119 =item OPENSSL_INIT_ENGINE_RDRAND
121 With this option the library will automatically load and initialise the
122 RDRAND engine (if available). This not a default option.
124 =item OPENSSL_INIT_ENGINE_DYNAMIC
126 With this option the library will automatically load and initialise the
127 dynamic engine. This not a default option.
129 =item OPENSSL_INIT_ENGINE_OPENSSL
131 With this option the library will automatically load and initialise the
132 openssl engine. This not a default option.
134 =item OPENSSL_INIT_ENGINE_CRYPTODEV
136 With this option the library will automatically load and initialise the
137 cryptodev engine (if available). This not a default option.
139 =item OPENSSL_INIT_ENGINE_CAPI
141 With this option the library will automatically load and initialise the
142 CAPI engine (if available). This not a default option.
144 =item OPENSSL_INIT_ENGINE_PADLOCK
146 With this option the library will automatically load and initialise the
147 padlock engine (if available). This not a default option.
149 =item OPENSSL_INIT_ENGINE_AFALG
151 With this option the library will automatically load and initialise the
152 AFALG engine. This not a default option.
154 =item OPENSSL_INIT_ENGINE_ALL_BUILTIN
156 With this option the library will automatically load and initialise all the
157 built in engines listed above with the exception of the openssl and afalg
158 engines. This not a default option.
160 =item OPENSSL_INIT_ATFORK
162 With this option the library will register its fork handlers.
163 See OPENSSL_fork_prepare(3) for details.
165 =item OPENSSL_INIT_NO_ATEXIT
167 By default OpenSSL will attempt to clean itself up when the process exits via an
168 "atexit" handler. Using this option suppresses that behaviour. This means that
169 the application will have to clean up OpenSSL explicitly using
174 Multiple options may be combined together in a single call to
175 OPENSSL_init_crypto(). For example:
177 OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
178 | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
180 The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
181 and libssl). All resources allocated by OpenSSL are freed. Typically there
182 should be no need to call this function directly as it is initiated
183 automatically on application exit. This is done via the standard C library
184 atexit() function. In the event that the application will close in a manner
185 that will not call the registered atexit() handlers then the application should
186 call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL
187 are discouraged from calling this function and should instead, typically, rely
188 on auto-deinitialisation. This is to avoid error conditions where both an
189 application and a library it depends on both use OpenSSL, and the library
190 deinitialises it before the application has finished using it.
192 Once OPENSSL_cleanup() has been called the library cannot be reinitialised.
193 Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error
194 will be added to the error stack. Note that because initialisation has failed
195 OpenSSL error strings will not be available, only an error code. This code can
196 be put through the openssl errstr command line application to produce a human
197 readable error (see L<errstr(1)>).
199 The OPENSSL_atexit() function enables the registration of a
200 function to be called during OPENSSL_cleanup(). Stop handlers are
201 called after deinitialisation of resources local to a thread, but before other
202 process wide resources are freed. In the event that multiple stop handlers are
203 registered, no guarantees are made about the order of execution.
205 The OPENSSL_thread_stop() function deallocates resources associated
206 with the current thread. Typically this function will be called automatically by
207 the library when the thread exits. This should only be called directly if
208 resources should be freed at an earlier time, or under the circumstances
209 described in the NOTES section below.
211 The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a configuration file, as with
212 L<CONF_modules_load_file(3)> with NULL filename and application name and the
213 B<CONF_MFLAGS_IGNORE_MISSING_FILE>, B<CONF_MFLAGS_IGNORE_RETURN_CODES> and
214 B<CONF_MFLAGS_DEFAULT_SECTION> flags.
215 The filename, application name, and flags can be customized by providing a
216 non-null B<OPENSSL_INIT_SETTINGS> object.
217 The object can be allocated via B<OPENSSL_init_new()>.
218 The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a
219 nondefault filename, which is copied and need not refer to persistent storage.
220 Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a
221 nondefault application name.
222 Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags.
223 If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in
224 the configuration file will cause an error return from B<OPENSSL_init_crypto>
225 or indirectly L<OPENSSL_init_ssl(3)>.
226 The object can be released with OPENSSL_INIT_free() when done.
230 Resources local to a thread are deallocated automatically when the thread exits
231 (e.g. in a pthreads environment, when pthread_exit() is called). On Windows
232 platforms this is done in response to a DLL_THREAD_DETACH message being sent to
233 the libcrypto32.dll entry point. Some windows functions may cause threads to exit
234 without sending this message (for example ExitProcess()). If the application
235 uses such functions, then the application must free up OpenSSL resources
236 directly via a call to OPENSSL_thread_stop() on each thread. Similarly this
237 message will also not be sent if OpenSSL is linked statically, and therefore
238 applications using static linking should also call OPENSSL_thread_stop() on each
239 thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the
240 threads are not destroyed until after FreeLibrary() is called then each thread
241 should call OPENSSL_thread_stop() prior to the FreeLibrary() call.
243 On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is
244 multi-threaded and if dlclose() is subsequently called prior to the threads
245 being destroyed then OpenSSL will not be able to deallocate resources associated
246 with those threads. The application should either call OPENSSL_thread_stop() on
247 each thread prior to the dlclose() call, or alternatively the original dlopen()
248 call should use the RTLD_NODELETE flag (where available on the platform).
252 The functions OPENSSL_init_crypto, OPENSSL_atexit() and
253 OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.
257 L<OPENSSL_init_ssl(3)>
261 The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
262 OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname()
263 and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.
267 Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
269 Licensed under the OpenSSL license (the "License"). You may not use
270 this file except in compliance with the License. You can obtain a copy
271 in the file LICENSE in the source distribution or at
272 L<https://www.openssl.org/source/license.html>.