openssl-prebuild/linux_amd64/share/man/man3/OPENSSL_init_crypto.3
2020-03-02 16:50:34 +00:00

392 lines
18 KiB
Groff
Executable File

.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.ie \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.el \{\
. de IX
..
.\}
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "OPENSSL_INIT_CRYPTO 3"
.TH OPENSSL_INIT_CRYPTO 3 "2020-03-02" "3.0.0-dev" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename,
OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags,
OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit,
OPENSSL_thread_stop_ex, OPENSSL_thread_stop \- OpenSSL initialisation
and deinitialisation functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/crypto.h>
\&
\& void OPENSSL_cleanup(void);
\& int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
\& int OPENSSL_atexit(void (*handler)(void));
\& void OPENSSL_thread_stop_ex(OPENSSL_CTX *ctx);
\& void OPENSSL_thread_stop(void);
\&
\& OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
\& int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
\& const char* filename);
\& int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init,
\& unsigned long flags);
\& int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
\& const char* name);
\& void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
During normal operation OpenSSL (libcrypto) will allocate various resources at
start up that must, subsequently, be freed on close down of the library.
Additionally some resources are allocated on a per thread basis (if the
application is multi-threaded), and these resources must be freed prior to the
thread closing.
.PP
As of version 1.1.0 OpenSSL will automatically allocate all resources that it
needs so no explicit initialisation is required. Similarly it will also
automatically deinitialise as required.
.PP
However, there may be situations when explicit initialisation is desirable or
needed, for example when some non-default initialisation is required. The
function \fIOPENSSL_init_crypto()\fR can be used for this purpose for
libcrypto (see also \fIOPENSSL_init_ssl\fR\|(3) for the libssl
equivalent).
.PP
Numerous internal OpenSSL functions call \fIOPENSSL_init_crypto()\fR.
Therefore, in order to perform non-default initialisation,
\&\fIOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to
any other OpenSSL function calls.
.PP
The \fBopts\fR parameter specifies which aspects of libcrypto should be
initialised. Valid options are:
.IP "\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0" 4
.IX Item "OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS"
Suppress automatic loading of the libcrypto error strings. This option is
not a default option. Once selected subsequent calls to
\&\fIOPENSSL_init_crypto()\fR with the option
\&\fB\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0\fR will be ignored.
.IP "\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0" 4
.IX Item "OPENSSL_INIT_LOAD_CRYPTO_STRINGS"
Automatic loading of the libcrypto error strings. With this option the
library will automatically load the libcrypto error strings.
This option is a default option. Once selected subsequent calls to
\&\fIOPENSSL_init_crypto()\fR with the option
\&\fB\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0\fR will be ignored.
.IP "\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0" 4
.IX Item "OPENSSL_INIT_ADD_ALL_CIPHERS"
With this option the library will automatically load and make available all
libcrypto ciphers. This option is a default option. Once selected subsequent
calls to \fIOPENSSL_init_crypto()\fR with the option
\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored.
.IP "\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0" 4
.IX Item "OPENSSL_INIT_ADD_ALL_DIGESTS"
With this option the library will automatically load and make available all
libcrypto digests. This option is a default option. Once selected subsequent
calls to \fIOPENSSL_init_crypto()\fR with the option
\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored.
.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0" 4
.IX Item "OPENSSL_INIT_NO_ADD_ALL_CIPHERS"
With this option the library will suppress automatic loading of libcrypto
ciphers. This option is not a default option. Once selected subsequent
calls to \fIOPENSSL_init_crypto()\fR with the option
\&\fB\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0\fR will be ignored.
.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0" 4
.IX Item "OPENSSL_INIT_NO_ADD_ALL_DIGESTS"
With this option the library will suppress automatic loading of libcrypto
digests. This option is not a default option. Once selected subsequent
calls to \fIOPENSSL_init_crypto()\fR with the option
\&\fB\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0\fR will be ignored.
.IP "\s-1OPENSSL_INIT_LOAD_CONFIG\s0" 4
.IX Item "OPENSSL_INIT_LOAD_CONFIG"
With this option an OpenSSL configuration file will be automatically loaded and
used by calling \fIOPENSSL_config()\fR. This is a default option.
Note that in OpenSSL 1.1.1 this was the default for libssl but not for
libcrypto (see \fIOPENSSL_init_ssl\fR\|(3) for further details about libssl
initialisation).
In OpenSSL 1.1.0 this was a non-default option for both libssl and libcrypto.
See the description of \fIOPENSSL_INIT_new()\fR, below.
.IP "\s-1OPENSSL_INIT_NO_LOAD_CONFIG\s0" 4
.IX Item "OPENSSL_INIT_NO_LOAD_CONFIG"
With this option the loading of OpenSSL configuration files will be suppressed.
It is the equivalent of calling \fIOPENSSL_no_config()\fR. This is not a default
option.
.IP "\s-1OPENSSL_INIT_ASYNC\s0" 4
.IX Item "OPENSSL_INIT_ASYNC"
With this option the library with automatically initialise the libcrypto async
sub-library (see \fIASYNC_start_job\fR\|(3)). This is a default option.
.IP "\s-1OPENSSL_INIT_ENGINE_RDRAND\s0" 4
.IX Item "OPENSSL_INIT_ENGINE_RDRAND"
With this option the library will automatically load and initialise the
\&\s-1RDRAND\s0 engine (if available). This not a default option.
.IP "\s-1OPENSSL_INIT_ENGINE_DYNAMIC\s0" 4
.IX Item "OPENSSL_INIT_ENGINE_DYNAMIC"
With this option the library will automatically load and initialise the
dynamic engine. This not a default option.
.IP "\s-1OPENSSL_INIT_ENGINE_OPENSSL\s0" 4
.IX Item "OPENSSL_INIT_ENGINE_OPENSSL"
With this option the library will automatically load and initialise the
openssl engine. This not a default option.
.IP "\s-1OPENSSL_INIT_ENGINE_CRYPTODEV\s0" 4
.IX Item "OPENSSL_INIT_ENGINE_CRYPTODEV"
With this option the library will automatically load and initialise the
cryptodev engine (if available). This not a default option.
.IP "\s-1OPENSSL_INIT_ENGINE_CAPI\s0" 4
.IX Item "OPENSSL_INIT_ENGINE_CAPI"
With this option the library will automatically load and initialise the
\&\s-1CAPI\s0 engine (if available). This not a default option.
.IP "\s-1OPENSSL_INIT_ENGINE_PADLOCK\s0" 4
.IX Item "OPENSSL_INIT_ENGINE_PADLOCK"
With this option the library will automatically load and initialise the
padlock engine (if available). This not a default option.
.IP "\s-1OPENSSL_INIT_ENGINE_AFALG\s0" 4
.IX Item "OPENSSL_INIT_ENGINE_AFALG"
With this option the library will automatically load and initialise the
\&\s-1AFALG\s0 engine. This not a default option.
.IP "\s-1OPENSSL_INIT_ENGINE_ALL_BUILTIN\s0" 4
.IX Item "OPENSSL_INIT_ENGINE_ALL_BUILTIN"
With this option the library will automatically load and initialise all the
built in engines listed above with the exception of the openssl and afalg
engines. This not a default option.
.IP "\s-1OPENSSL_INIT_ATFORK\s0" 4
.IX Item "OPENSSL_INIT_ATFORK"
With this option the library will register its fork handlers.
See \fIOPENSSL_fork_prepare\fR\|(3) for details.
.IP "\s-1OPENSSL_INIT_NO_ATEXIT\s0" 4
.IX Item "OPENSSL_INIT_NO_ATEXIT"
By default OpenSSL will attempt to clean itself up when the process exits via an
\&\*(L"atexit\*(R" handler. Using this option suppresses that behaviour. This means that
the application will have to clean up OpenSSL explicitly using
\&\fIOPENSSL_cleanup()\fR.
.PP
Multiple options may be combined together in a single call to
\&\fIOPENSSL_init_crypto()\fR. For example:
.PP
.Vb 2
\& OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
\& | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
.Ve
.PP
The \fIOPENSSL_cleanup()\fR function deinitialises OpenSSL (both libcrypto
and libssl). All resources allocated by OpenSSL are freed. Typically there
should be no need to call this function directly as it is initiated
automatically on application exit. This is done via the standard C library
\&\fIatexit()\fR function. In the event that the application will close in a manner
that will not call the registered \fIatexit()\fR handlers then the application should
call \fIOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL
are discouraged from calling this function and should instead, typically, rely
on auto-deinitialisation. This is to avoid error conditions where both an
application and a library it depends on both use OpenSSL, and the library
deinitialises it before the application has finished using it.
.PP
Once \fIOPENSSL_cleanup()\fR has been called the library cannot be reinitialised.
Attempts to call \fIOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error
will be added to the error stack. Note that because initialisation has failed
OpenSSL error strings will not be available, only an error code. This code can
be put through the openssl errstr command line application to produce a human
readable error (see \fIopenssl\-errstr\fR\|(1)).
.PP
The \fIOPENSSL_atexit()\fR function enables the registration of a
function to be called during \fIOPENSSL_cleanup()\fR. Stop handlers are
called after deinitialisation of resources local to a thread, but before other
process wide resources are freed. In the event that multiple stop handlers are
registered, no guarantees are made about the order of execution.
.PP
The \fIOPENSSL_thread_stop_ex()\fR function deallocates resources associated
with the current thread for the given \s-1OPENSSL_CTX\s0 \fBctx\fR. The \fBctx\fR parameter
can be \s-1NULL\s0 in which case the default \s-1OPENSSL_CTX\s0 is used.
.PP
Typically, this function will be called automatically by the library when
the thread exits as long as the \s-1OPENSSL_CTX\s0 has not been freed before the thread
exits. If \fIOPENSSL_CTX_free()\fR is called OPENSSL_thread_stop_ex will be called
automatically for the current thread (but not any other threads that may have
used this \s-1OPENSSL_CTX\s0).
.PP
OPENSSL_thread_stop_ex should be called on all threads that will exit after the
\&\s-1OPENSSL_CTX\s0 is freed.
Typically this is not necessary for the default \s-1OPENSSL_CTX\s0 (because all
resources are cleaned up on library exit) except if thread local resources
should be freed before library exit, or under the circumstances described in
the \s-1NOTES\s0 section below.
.PP
\&\fIOPENSSL_thread_stop()\fR is the same as \fIOPENSSL_thread_stop_ex()\fR except that the
default \s-1OPENSSL_CTX\s0 is always used.
.PP
The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, as with
\&\fICONF_modules_load_file\fR\|(3) with \s-1NULL\s0 filename and application name and the
\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR, \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR and
\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR flags.
The filename, application name, and flags can be customized by providing a
non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object.
The object can be allocated via \fB\f(BIOPENSSL_INIT_new()\fB\fR.
The \fB\f(BIOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a
non-default filename, which is copied and need not refer to persistent storage.
Similarly, \fIOPENSSL_INIT_set_config_appname()\fR can be used to specify a
non-default application name.
Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags.
If the \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR flag is not included, any errors in
the configuration file will cause an error return from \fBOPENSSL_init_crypto\fR
or indirectly \fIOPENSSL_init_ssl\fR\|(3).
The object can be released with \fIOPENSSL_INIT_free()\fR when done.
.SH "NOTES"
.IX Header "NOTES"
Resources local to a thread are deallocated automatically when the thread exits
(e.g. in a pthreads environment, when \fIpthread_exit()\fR is called). On Windows
platforms this is done in response to a \s-1DLL_THREAD_DETACH\s0 message being sent to
the libcrypto32.dll entry point. Some windows functions may cause threads to exit
without sending this message (for example \fIExitProcess()\fR). If the application
uses such functions, then the application must free up OpenSSL resources
directly via a call to \fIOPENSSL_thread_stop()\fR on each thread. Similarly this
message will also not be sent if OpenSSL is linked statically, and therefore
applications using static linking should also call \fIOPENSSL_thread_stop()\fR on each
thread. Additionally if OpenSSL is loaded dynamically via \fILoadLibrary()\fR and the
threads are not destroyed until after \fIFreeLibrary()\fR is called then each thread
should call \fIOPENSSL_thread_stop()\fR prior to the \fIFreeLibrary()\fR call.
.PP
On Linux/Unix where OpenSSL has been loaded via \fIdlopen()\fR and the application is
multi-threaded and if \fIdlclose()\fR is subsequently called prior to the threads
being destroyed then OpenSSL will not be able to deallocate resources associated
with those threads. The application should either call \fIOPENSSL_thread_stop()\fR on
each thread prior to the \fIdlclose()\fR call, or alternatively the original \fIdlopen()\fR
call should use the \s-1RTLD_NODELETE\s0 flag (where available on the platform).
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The functions OPENSSL_init_crypto, \fIOPENSSL_atexit()\fR and
\&\fIOPENSSL_INIT_set_config_appname()\fR return 1 on success or 0 on error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIOPENSSL_init_ssl\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
The \fIOPENSSL_init_crypto()\fR, \fIOPENSSL_cleanup()\fR, \fIOPENSSL_atexit()\fR,
\&\fIOPENSSL_thread_stop()\fR, \fIOPENSSL_INIT_new()\fR, \fIOPENSSL_INIT_set_config_appname()\fR
and \fIOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.