12c9d627fe7aa01f8f4e4e9bff0e17c6a3defa27
[openssl.git] / crypto / init.c
1 /*
2  * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 #include "e_os.h"
11 #include "internal/cryptlib_int.h"
12 #include <openssl/err.h>
13 #include "internal/rand_int.h"
14 #include "internal/bio.h"
15 #include <openssl/evp.h>
16 #include "internal/evp_int.h"
17 #include "internal/conf.h"
18 #include "internal/async.h"
19 #include "internal/engine.h"
20 #include "internal/comp.h"
21 #include "internal/err.h"
22 #include "internal/err_int.h"
23 #include "internal/objects.h"
24 #include <stdlib.h>
25 #include <assert.h>
26 #include "internal/thread_once.h"
27 #include "internal/dso_conf.h"
28 #include "internal/dso.h"
29 #include "internal/store.h"
30 #include <openssl/trace.h>
31
32 static int stopped = 0;
33
34 /*
35  * Since per-thread-specific-data destructors are not universally
36  * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key
37  * is assumed to have destructor associated. And then an effort is made
38  * to call this single destructor on non-pthread platform[s].
39  *
40  * Initial value is "impossible". It is used as guard value to shortcut
41  * destructor for threads terminating before libcrypto is initialized or
42  * after it's de-initialized. Access to the key doesn't have to be
43  * serialized for the said threads, because they didn't use libcrypto
44  * and it doesn't matter if they pick "impossible" or derefernce real
45  * key value and pull NULL past initialization in the first thread that
46  * intends to use libcrypto.
47  */
48 static union {
49     long sane;
50     CRYPTO_THREAD_LOCAL value;
51 } destructor_key = { -1 };
52
53 static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
54
55 static void ossl_init_thread_destructor(void *local)
56 {
57     ossl_init_thread_stop((struct thread_local_inits_st *)local);
58 }
59
60 static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
61 {
62     struct thread_local_inits_st *local =
63         CRYPTO_THREAD_get_local(&destructor_key.value);
64
65     if (alloc) {
66         if (local == NULL
67             && (local = OPENSSL_zalloc(sizeof(*local))) != NULL
68             && !CRYPTO_THREAD_set_local(&destructor_key.value, local)) {
69             OPENSSL_free(local);
70             return NULL;
71         }
72     } else {
73         CRYPTO_THREAD_set_local(&destructor_key.value, NULL);
74     }
75
76     return local;
77 }
78
79 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
80 struct ossl_init_stop_st {
81     void (*handler)(void);
82     OPENSSL_INIT_STOP *next;
83 };
84
85 static OPENSSL_INIT_STOP *stop_handlers = NULL;
86 static CRYPTO_RWLOCK *init_lock = NULL;
87
88 static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
89 static int base_inited = 0;
90 DEFINE_RUN_ONCE_STATIC(ossl_init_base)
91 {
92     CRYPTO_THREAD_LOCAL key;
93
94     if (ossl_trace_init() == 0)
95         return 0;
96
97     OSSL_TRACE(INIT, "ossl_init_base: setting up stop handlers\n");
98 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
99     ossl_malloc_setup_failures();
100 #endif
101     if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor))
102         return 0;
103     if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
104         goto err;
105     OPENSSL_cpuid_setup();
106
107     destructor_key.value = key;
108     base_inited = 1;
109     return 1;
110
111 err:
112     OSSL_TRACE(INIT, "ossl_init_base failed!\n");
113     CRYPTO_THREAD_lock_free(init_lock);
114     init_lock = NULL;
115
116     CRYPTO_THREAD_cleanup_local(&key);
117     return 0;
118 }
119
120 static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT;
121 #if !defined(OPENSSL_SYS_UEFI) && defined(_WIN32)
122 static int win32atexit(void)
123 {
124     OPENSSL_cleanup();
125     return 0;
126 }
127 #endif
128
129 DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)
130 {
131 #ifdef OPENSSL_INIT_DEBUG
132     fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n");
133 #endif
134 #ifndef OPENSSL_SYS_UEFI
135 # ifdef _WIN32
136     /* We use _onexit() in preference because it gets called on DLL unload */
137     if (_onexit(win32atexit) == NULL)
138         return 0;
139 # else
140     if (atexit(OPENSSL_cleanup) != 0)
141         return 0;
142 # endif
143 #endif
144
145     return 1;
146 }
147
148 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,
149                            ossl_init_register_atexit)
150 {
151 #ifdef OPENSSL_INIT_DEBUG
152     fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n");
153 #endif
154     /* Do nothing in this case */
155     return 1;
156 }
157
158 static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT;
159 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
160 {
161     OSSL_TRACE(INIT, "ossl_init_load_crypto_nodelete()\n");
162
163 #if !defined(OPENSSL_NO_DSO) \
164     && !defined(OPENSSL_USE_NODELETE) \
165     && !defined(OPENSSL_NO_PINSHARED)
166 # ifdef DSO_WIN32
167     {
168         HMODULE handle = NULL;
169         BOOL ret;
170
171         /* We don't use the DSO route for WIN32 because there is a better way */
172         ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
173                                 | GET_MODULE_HANDLE_EX_FLAG_PIN,
174                                 (void *)&base_inited, &handle);
175
176         OSSL_TRACE1(INIT,
177                     "ossl_init_load_crypto_nodelete: "
178                     "obtained DSO reference? %s\n",
179                     (ret == TRUE ? "No!" : "Yes."));
180         return (ret == TRUE) ? 1 : 0;
181     }
182 # else
183     /*
184      * Deliberately leak a reference to ourselves. This will force the library
185      * to remain loaded until the atexit() handler is run at process exit.
186      */
187     {
188         DSO *dso;
189         void *err;
190
191         if (!err_shelve_state(&err))
192             return 0;
193
194         dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
195         /*
196          * In case of No!, it is uncertain our exit()-handlers can still be
197          * called. After dlclose() the whole library might have been unloaded
198          * already.
199          */
200         OSSL_TRACE1(INIT, "obtained DSO reference? %s\n",
201                     (dso == NULL ? "No!" : "Yes."));
202         DSO_free(dso);
203         err_unshelve_state(err);
204     }
205 # endif
206 #endif
207
208     return 1;
209 }
210
211 static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
212 static int load_crypto_strings_inited = 0;
213 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
214 {
215     int ret = 1;
216     /*
217      * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
218      * pulling in all the error strings during static linking
219      */
220 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
221     OSSL_TRACE(INIT, "err_load_crypto_strings_int()\n");
222     ret = err_load_crypto_strings_int();
223     load_crypto_strings_inited = 1;
224 #endif
225     return ret;
226 }
227
228 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,
229                            ossl_init_load_crypto_strings)
230 {
231     /* Do nothing in this case */
232     return 1;
233 }
234
235 static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
236 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
237 {
238     /*
239      * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
240      * pulling in all the ciphers during static linking
241      */
242 #ifndef OPENSSL_NO_AUTOALGINIT
243     OSSL_TRACE(INIT, "openssl_add_all_ciphers_int()\n");
244     openssl_add_all_ciphers_int();
245 #endif
246     return 1;
247 }
248
249 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers,
250                            ossl_init_add_all_ciphers)
251 {
252     /* Do nothing */
253     return 1;
254 }
255
256 static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
257 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
258 {
259     /*
260      * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
261      * pulling in all the ciphers during static linking
262      */
263 #ifndef OPENSSL_NO_AUTOALGINIT
264     OSSL_TRACE(INIT, "openssl_add_all_digests()\n");
265     openssl_add_all_digests_int();
266 #endif
267     return 1;
268 }
269
270 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
271                            ossl_init_add_all_digests)
272 {
273     /* Do nothing */
274     return 1;
275 }
276
277 static CRYPTO_ONCE add_all_macs = CRYPTO_ONCE_STATIC_INIT;
278 DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_macs)
279 {
280     /*
281      * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
282      * pulling in all the macs during static linking
283      */
284 #ifndef OPENSSL_NO_AUTOALGINIT
285     OSSL_TRACE(INIT, "openssl_add_all_macs_int()\n");
286     openssl_add_all_macs_int();
287 #endif
288     return 1;
289 }
290
291 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_macs, ossl_init_add_all_macs)
292 {
293     /* Do nothing */
294     return 1;
295 }
296
297 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
298 static int config_inited = 0;
299 static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
300 DEFINE_RUN_ONCE_STATIC(ossl_init_config)
301 {
302     int ret = openssl_config_int(conf_settings);
303     config_inited = 1;
304     return ret;
305 }
306 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
307 {
308     OSSL_TRACE(INIT, "openssl_no_config_int()\n");
309     openssl_no_config_int();
310     config_inited = 1;
311     return 1;
312 }
313
314 static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
315 static int async_inited = 0;
316 DEFINE_RUN_ONCE_STATIC(ossl_init_async)
317 {
318     OSSL_TRACE(INIT, "async_init()\n");
319     if (!async_init())
320         return 0;
321     async_inited = 1;
322     return 1;
323 }
324
325 #ifndef OPENSSL_NO_ENGINE
326 static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
327 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
328 {
329     OSSL_TRACE(INIT, "engine_load_openssl_int()\n");
330     engine_load_openssl_int();
331     return 1;
332 }
333 # ifndef OPENSSL_NO_RDRAND
334 static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
335 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
336 {
337     OSSL_TRACE(INIT, "engine_load_rdrand_int()\n");
338     engine_load_rdrand_int();
339     return 1;
340 }
341 # endif
342 static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
343 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
344 {
345     OSSL_TRACE(INIT, "engine_load_dynamic_int()\n");
346     engine_load_dynamic_int();
347     return 1;
348 }
349 # ifndef OPENSSL_NO_STATIC_ENGINE
350 #  ifndef OPENSSL_NO_DEVCRYPTOENG
351 static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
352 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
353 {
354     OSSL_TRACE(INIT, "engine_load_devcrypto_int()\n");
355     engine_load_devcrypto_int();
356     return 1;
357 }
358 #  endif
359 #  if !defined(OPENSSL_NO_PADLOCKENG)
360 static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
361 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
362 {
363     OSSL_TRACE(INIT, "engine_load_padlock_int()\n");
364     engine_load_padlock_int();
365     return 1;
366 }
367 #  endif
368 #  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
369 static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
370 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
371 {
372     OSSL_TRACE(INIT, "engine_load_capi_int()\n");
373     engine_load_capi_int();
374     return 1;
375 }
376 #  endif
377 #  if !defined(OPENSSL_NO_AFALGENG)
378 static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
379 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
380 {
381     OSSL_TRACE(INIT, "engine_load_afalg_int()\n");
382     engine_load_afalg_int();
383     return 1;
384 }
385 #  endif
386 # endif
387 #endif
388
389 #ifndef OPENSSL_NO_COMP
390 static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
391
392 static int zlib_inited = 0;
393 DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
394 {
395     /* Do nothing - we need to know about this for the later cleanup */
396     zlib_inited = 1;
397     return 1;
398 }
399 #endif
400
401 static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
402 {
403     /* Can't do much about this */
404     if (locals == NULL)
405         return;
406
407     if (locals->async) {
408         OSSL_TRACE(INIT, "async_delete_thread_state()\n");
409         async_delete_thread_state();
410     }
411
412     if (locals->err_state) {
413         OSSL_TRACE(INIT, "err_delete_thread_state()\n");
414         err_delete_thread_state();
415     }
416
417     if (locals->rand) {
418         OSSL_TRACE(INIT, "drbg_delete_thread_state()\n");
419         drbg_delete_thread_state();
420     }
421
422     OPENSSL_free(locals);
423 }
424
425 void OPENSSL_thread_stop(void)
426 {
427     if (destructor_key.sane != -1)
428         ossl_init_thread_stop(ossl_init_get_thread_local(0));
429 }
430
431 int ossl_init_thread_start(uint64_t opts)
432 {
433     struct thread_local_inits_st *locals;
434
435     if (!OPENSSL_init_crypto(0, NULL))
436         return 0;
437
438     locals = ossl_init_get_thread_local(1);
439
440     if (locals == NULL)
441         return 0;
442
443     if (opts & OPENSSL_INIT_THREAD_ASYNC) {
444         OSSL_TRACE(INIT,
445                    "ossl_init_thread_start: "
446                    "marking thread for async\n");
447         locals->async = 1;
448     }
449
450     if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
451         OSSL_TRACE(INIT,
452                    "ossl_init_thread_start: "
453                    "marking thread for err_state\n");
454         locals->err_state = 1;
455     }
456
457     if (opts & OPENSSL_INIT_THREAD_RAND) {
458         OSSL_TRACE(INIT,
459                    "ossl_init_thread_start: "
460                    "marking thread for rand\n");
461         locals->rand = 1;
462     }
463
464     return 1;
465 }
466
467 void OPENSSL_cleanup(void)
468 {
469     OPENSSL_INIT_STOP *currhandler, *lasthandler;
470     CRYPTO_THREAD_LOCAL key;
471
472     /* If we've not been inited then no need to deinit */
473     if (!base_inited)
474         return;
475
476     /* Might be explicitly called and also by atexit */
477     if (stopped)
478         return;
479     stopped = 1;
480
481     /*
482      * Thread stop may not get automatically called by the thread library for
483      * the very last thread in some situations, so call it directly.
484      */
485     ossl_init_thread_stop(ossl_init_get_thread_local(0));
486
487     currhandler = stop_handlers;
488     while (currhandler != NULL) {
489         currhandler->handler();
490         lasthandler = currhandler;
491         currhandler = currhandler->next;
492         OPENSSL_free(lasthandler);
493     }
494     stop_handlers = NULL;
495
496     CRYPTO_THREAD_lock_free(init_lock);
497     init_lock = NULL;
498
499     /*
500      * We assume we are single-threaded for this function, i.e. no race
501      * conditions for the various "*_inited" vars below.
502      */
503
504 #ifndef OPENSSL_NO_COMP
505     if (zlib_inited) {
506         OSSL_TRACE(INIT, "OPENSSL_cleanup: comp_zlib_cleanup_int()\n");
507         comp_zlib_cleanup_int();
508     }
509 #endif
510
511     if (async_inited) {
512         OSSL_TRACE(INIT, "OPENSSL_cleanup: async_deinit()\n");
513         async_deinit();
514     }
515
516     if (load_crypto_strings_inited) {
517         OSSL_TRACE(INIT, "OPENSSL_cleanup: err_free_strings_int()\n");
518         err_free_strings_int();
519     }
520
521     key = destructor_key.value;
522     destructor_key.sane = -1;
523     CRYPTO_THREAD_cleanup_local(&key);
524
525     /*
526      * Note that cleanup order is important:
527      * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
528      * must be called before engine_cleanup_int()
529      * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
530      * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
531      * - conf_modules_free_int() can end up in ENGINE code so must be called
532      * before engine_cleanup_int()
533      * - ENGINEs and additional EVP algorithms might use added OIDs names so
534      * obj_cleanup_int() must be called last
535      */
536     OSSL_TRACE(INIT, "OPENSSL_cleanup: rand_cleanup_int()\n");
537     rand_cleanup_int();
538
539     OSSL_TRACE(INIT, "OPENSSL_cleanup: rand_drbg_cleanup_int()\n");
540     rand_drbg_cleanup_int();
541
542     OSSL_TRACE(INIT, "OPENSSL_cleanup: conf_modules_free_int()\n");
543     conf_modules_free_int();
544 #ifndef OPENSSL_NO_ENGINE
545     OSSL_TRACE(INIT, "OPENSSL_cleanup: engine_cleanup_int()\n");
546     engine_cleanup_int();
547 #endif
548     OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_store_cleanup_int()\n");
549     ossl_store_cleanup_int();
550
551     OSSL_TRACE(INIT, "OPENSSL_cleanup: crypto_cleanup_all_ex_data_int()\n");
552     crypto_cleanup_all_ex_data_int();
553
554     OSSL_TRACE(INIT, "OPENSSL_cleanup: bio_cleanup()\n");
555     bio_cleanup();
556
557     OSSL_TRACE(INIT, "OPENSSL_cleanup: evp_cleanup_int()\n");
558     evp_cleanup_int();
559
560     OSSL_TRACE(INIT, "OPENSSL_cleanup: obj_cleanup_int()\n");
561     obj_cleanup_int();
562
563     OSSL_TRACE(INIT, "OPENSSL_cleanup: err_int()\n");
564     err_cleanup();
565
566     OSSL_TRACE(INIT, "OPENSSL_cleanup: CRYPTO_secure_malloc_done()\n");
567     CRYPTO_secure_malloc_done();
568
569     OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_trace_cleanup()\n");
570     ossl_trace_cleanup();
571
572     base_inited = 0;
573 }
574
575 /*
576  * If this function is called with a non NULL settings value then it must be
577  * called prior to any threads making calls to any OpenSSL functions,
578  * i.e. passing a non-null settings value is assumed to be single-threaded.
579  */
580 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
581 {
582     if (stopped) {
583         if (!(opts & OPENSSL_INIT_BASE_ONLY))
584             CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
585         return 0;
586     }
587
588     /*
589      * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the
590      * *only* option specified.  With that option we return immediately after
591      * doing the requested limited initialization.  Note that
592      * err_shelve_state() called by us via ossl_init_load_crypto_nodelete()
593      * re-enters OPENSSL_init_crypto() with OPENSSL_INIT_BASE_ONLY, but with
594      * base already initialized this is a harmless NOOP.
595      *
596      * If we remain the only caller of err_shelve_state() the recursion should
597      * perhaps be removed, but if in doubt, it can be left in place.
598      */
599     if (!RUN_ONCE(&base, ossl_init_base))
600         return 0;
601
602     if (opts & OPENSSL_INIT_BASE_ONLY)
603         return 1;
604
605     /*
606      * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls
607      * should not have the side-effect of setting up exit handlers, and
608      * therefore, this code block is below the INIT_BASE_ONLY-conditioned early
609      * return above.
610      */
611     if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) {
612         if (!RUN_ONCE_ALT(&register_atexit, ossl_init_no_register_atexit,
613                           ossl_init_register_atexit))
614             return 0;
615     } else if (!RUN_ONCE(&register_atexit, ossl_init_register_atexit)) {
616         return 0;
617     }
618
619     if (!RUN_ONCE(&load_crypto_nodelete, ossl_init_load_crypto_nodelete))
620         return 0;
621
622     if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
623             && !RUN_ONCE_ALT(&load_crypto_strings,
624                              ossl_init_no_load_crypto_strings,
625                              ossl_init_load_crypto_strings))
626         return 0;
627
628     if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
629             && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
630         return 0;
631
632     if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
633             && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers,
634                              ossl_init_add_all_ciphers))
635         return 0;
636
637     if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
638             && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
639         return 0;
640
641     if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
642             && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests,
643                              ossl_init_add_all_digests))
644         return 0;
645
646     if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
647             && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
648         return 0;
649
650     if ((opts & OPENSSL_INIT_NO_ADD_ALL_MACS)
651             && !RUN_ONCE_ALT(&add_all_macs, ossl_init_no_add_all_macs,
652                              ossl_init_add_all_macs))
653         return 0;
654
655     if ((opts & OPENSSL_INIT_ADD_ALL_MACS)
656             && !RUN_ONCE(&add_all_macs, ossl_init_add_all_macs))
657         return 0;
658
659     if ((opts & OPENSSL_INIT_ATFORK)
660             && !openssl_init_fork_handlers())
661         return 0;
662
663     if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
664             && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config))
665         return 0;
666
667     if (opts & OPENSSL_INIT_LOAD_CONFIG) {
668         int ret;
669         CRYPTO_THREAD_write_lock(init_lock);
670         conf_settings = settings;
671         ret = RUN_ONCE(&config, ossl_init_config);
672         conf_settings = NULL;
673         CRYPTO_THREAD_unlock(init_lock);
674         if (!ret)
675             return 0;
676     }
677
678     if ((opts & OPENSSL_INIT_ASYNC)
679             && !RUN_ONCE(&async, ossl_init_async))
680         return 0;
681
682 #ifndef OPENSSL_NO_ENGINE
683     if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
684             && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
685         return 0;
686 # ifndef OPENSSL_NO_RDRAND
687     if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
688             && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
689         return 0;
690 # endif
691     if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
692             && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
693         return 0;
694 # ifndef OPENSSL_NO_STATIC_ENGINE
695 #  ifndef OPENSSL_NO_DEVCRYPTOENG
696     if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
697             && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
698         return 0;
699 #  endif
700 #  if !defined(OPENSSL_NO_PADLOCKENG)
701     if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
702             && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
703         return 0;
704 #  endif
705 #  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
706     if ((opts & OPENSSL_INIT_ENGINE_CAPI)
707             && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
708         return 0;
709 #  endif
710 #  if !defined(OPENSSL_NO_AFALGENG)
711     if ((opts & OPENSSL_INIT_ENGINE_AFALG)
712             && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
713         return 0;
714 #  endif
715 # endif
716     if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
717                 | OPENSSL_INIT_ENGINE_OPENSSL
718                 | OPENSSL_INIT_ENGINE_AFALG)) {
719         ENGINE_register_all_complete();
720     }
721 #endif
722
723 #ifndef OPENSSL_NO_COMP
724     if ((opts & OPENSSL_INIT_ZLIB)
725             && !RUN_ONCE(&zlib, ossl_init_zlib))
726         return 0;
727 #endif
728
729     return 1;
730 }
731
732 int OPENSSL_atexit(void (*handler)(void))
733 {
734     OPENSSL_INIT_STOP *newhand;
735
736 #if !defined(OPENSSL_NO_DSO) \
737     && !defined(OPENSSL_USE_NODELETE)\
738     && !defined(OPENSSL_NO_PINSHARED)
739     {
740         union {
741             void *sym;
742             void (*func)(void);
743         } handlersym;
744
745         handlersym.func = handler;
746 # ifdef DSO_WIN32
747         {
748             HMODULE handle = NULL;
749             BOOL ret;
750
751             /*
752              * We don't use the DSO route for WIN32 because there is a better
753              * way
754              */
755             ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
756                                     | GET_MODULE_HANDLE_EX_FLAG_PIN,
757                                     handlersym.sym, &handle);
758
759             if (!ret)
760                 return 0;
761         }
762 # else
763         /*
764          * Deliberately leak a reference to the handler. This will force the
765          * library/code containing the handler to remain loaded until we run the
766          * atexit handler. If -znodelete has been used then this is
767          * unnecessary.
768          */
769         {
770             DSO *dso = NULL;
771
772             ERR_set_mark();
773             dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
774             /* See same code above in ossl_init_base() for an explanation. */
775             OSSL_TRACE1(INIT,
776                        "atexit: obtained DSO reference? %s\n",
777                        (dso == NULL ? "No!" : "Yes."));
778             DSO_free(dso);
779             ERR_pop_to_mark();
780         }
781 # endif
782     }
783 #endif
784
785     if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) {
786         CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE);
787         return 0;
788     }
789
790     newhand->handler = handler;
791     newhand->next = stop_handlers;
792     stop_handlers = newhand;
793
794     return 1;
795 }
796
797 #ifdef OPENSSL_SYS_UNIX
798 /*
799  * The following three functions are for OpenSSL developers.  This is
800  * where we set/reset state across fork (called via pthread_atfork when
801  * it exists, or manually by the application when it doesn't).
802  *
803  * WARNING!  If you put code in either OPENSSL_fork_parent or
804  * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
805  * safe.  See this link, for example:
806  *      http://man7.org/linux/man-pages/man7/signal-safety.7.html
807  */
808
809 void OPENSSL_fork_prepare(void)
810 {
811 }
812
813 void OPENSSL_fork_parent(void)
814 {
815 }
816
817 void OPENSSL_fork_child(void)
818 {
819     rand_fork();
820 }
821 #endif