5 OPENSSL_init_crypto, OPENSSL_cleanup,
6 OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL
7 initialisation and deinitialisation functions
11 #include <openssl/crypto.h>
13 void OPENSSL_cleanup(void);
14 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
15 int OPENSSL_atexit(void (*handler)(void));
16 void OPENSSL_thread_stop(void);
20 During normal operation OpenSSL (libcrypto) will allocate various resources at
21 start up that must, subsequently, be freed on close down of the library.
22 Additionally some resources are allocated on a per thread basis (if the
23 application is multi-threaded), and these resources must be freed prior to the
26 As of version 1.1.0 OpenSSL will automatically allocate all resources that it
27 needs so no explicit initialisation is required. Similarly it will also
28 automatically deinitialise as required.
30 However, there way be situations when explicit initialisation is desirable or
31 needed, for example when some non-default initialisation is required. The
32 function OPENSSL_init_crypto() can be used for this purpose for
33 libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
36 Numerous internal OpenSSL functions call OPENSSL_init_crypto().
37 Therefore, in order to perform non-default initialisation,
38 OPENSSL_init_crypto() MUST be called by application code prior to
39 any other OpenSSL function calls.
41 The B<opts> parameter specifies which aspects of libcrypto should be
42 initialised. Valid options are:
46 =item OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
48 Suppress automatic loading of the libcrypto error strings. This option is
49 not a default option. Once selected subsequent calls to
50 OPENSSL_init_crypto() with the option
51 B<OPENSSL_INIT_LOAD_CRYPTO_STRINGS> will be ignored.
53 =item OPENSSL_INIT_LOAD_CRYPTO_STRINGS
55 Automatic loading of the libcrypto error strings. With this option the
56 library will automatically load the libcrypto error strings.
57 This option is a default option. Once selected subsequent calls to
58 OPENSSL_init_crypto() with the option
59 B<OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS> will be ignored.
61 =item OPENSSL_INIT_ADD_ALL_CIPHERS
63 With this option the library will automatically load and make available all
64 libcrypto ciphers. This option is a default option. Once selected subsequent
65 calls to OPENSSL_init_crypto() with the option
66 B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
68 =item OPENSSL_INIT_ADD_ALL_DIGESTS
70 With this option the library will automatically load and make available all
71 libcrypto digests. This option is a default option. Once selected subsequent
72 calls to OPENSSL_init_crypto() with the option
73 B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
75 =item OPENSSL_INIT_NO_ADD_ALL_CIPHERS
77 With this option the library will suppress automatic loading of libcrypto
78 ciphers. This option is not a default option. Once selected subsequent
79 calls to OPENSSL_init_crypto() with the option
80 B<OPENSSL_INIT_ADD_ALL_CIPHERS> will be ignored.
82 =item OPENSSL_INIT_NO_ADD_ALL_DIGESTS
84 With this option the library will suppress automatic loading of libcrypto
85 digests. This option is not a default option. Once selected subsequent
86 calls to OPENSSL_init_crypto() with the option
87 B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
89 =item OPENSSL_INIT_LOAD_CONFIG
91 With this option an OpenSSL configuration file will be automatically loaded and
92 used by calling OPENSSL_config(). This is not a default option.
94 =item OPENSSL_INIT_NO_LOAD_CONFIG
96 With this option the loading of OpenSSL configuration files will be suppressed.
97 It is the equivalent of calling OPENSSL_no_config(). This is not a default
100 =item OPENSSL_INIT_ASYNC
102 With this option the library with automatically initialise the libcrypto async
103 sub-library (see L<ASYNC_start_job(3)>). This is a default option.
105 =item OPENSSL_INIT_ENGINE_RDRAND
107 With this option the library will automatically load and initialise the
108 RDRAND engine (if available). This not a default option.
110 =item OPENSSL_INIT_ENGINE_DYNAMIC
112 With this option the library will automatically load and initialise the
113 dynamic engine. This not a default option.
115 =item OPENSSL_INIT_ENGINE_OPENSSL
117 With this option the library will automatically load and initialise the
118 openssl engine. This not a default option.
120 =item OPENSSL_INIT_ENGINE_CRYPTODEV
122 With this option the library will automatically load and initialise the
123 cryptodev engine (if available). This not a default option.
125 =item OPENSSL_INIT_ENGINE_CAPI
127 With this option the library will automatically load and initialise the
128 CAPI engine (if available). This not a default option.
130 =item OPENSSL_INIT_ENGINE_PADLOCK
132 With this option the library will automatically load and initialise the
133 padlock engine (if available). This not a default option.
135 =item OPENSSL_INIT_ENGINE_DASYNC
137 With this option the library will automatically load and initialise the
138 DASYNC engine. This not a default option.
140 =item OPENSSL_INIT_ENGINE_ALL_BUILTIN
142 With this option the library will automatically load and initialise all the
143 built in engines listed above with the exception of the openssl and dasync
144 engines. This not a default option.
148 Multiple options may be combined together in a single call to
149 OPENSSL_init_crypto(). For example:
151 OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
152 | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
155 The B<settings> parameter to OPENSSL_init_crypto() may be used to provide
156 optional settings values to an option. Currently the only option this
157 applies to is OPENSSL_INIT_LOAD_CONFIG. This provides the optional
158 OPENSSL_INIT_SET_CONF_FILENAME parameter to provide a filename to load
159 configuration from. If no filename is provided then the system default
160 configuration file is assumed. For example
162 const OPENSSL_INIT_SETTINGS settings[2] = {
163 { OPENSSL_INIT_SET_CONF_FILENAME, .value.type_string = "myconf.cnf" },
164 { OPENSSL_INIT_SET_END, .value.type_int = 0 }
166 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, settings);
168 The B<settings> parameter must be an array of OPENSSL_INIT_SETTINGS values
169 terminated with an OPENSSL_INIT_SET_END entry.
171 The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
172 and libssl). All resources allocated by OpenSSL are freed. Typically there
173 should be no need to call this function directly as it is initiated
174 automatically on application exit. This is done via the standard C library
175 L<atexit(3)> function. In the event that the application will close in a manner
176 that will not call the registered atexit() handlers then the application should
177 call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL
178 are discouraged from calling this function and should instead, typically, rely
179 on auto-deinitialisation. This is to avoid error conditions where both an
180 application and a library it depends on both use OpenSSL, and the library
181 deinitialises it before the application has finished using it.
183 Once OPENSSL_cleanup() has been called the library cannot be reinitialised.
184 Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error
185 will be added to the error stack. Note that because initialisation has failed
186 OpenSSL error strings will not be available, only an error code. This code can
187 be put through the openssl errstr command line application to produce a human
188 readable error (see L<errstr(1)>).
190 The OPENSSL_atexit() function enables the registration of a
191 function to be called during OPENSSL_cleanup(). Stop handlers are
192 called after deinitialisation of resources local to a thread, but before other
193 process wide resources are freed. In the event that multiple stop handlers are
194 registered, no guarantees are made about the order of execution.
196 The OPENSSL_thread_stop() function deallocates resources associated
197 with the current thread. Typically this function will be called automatically by
198 the library when the thread exits. This should only be called directly if
199 resources should be freed at an earlier time, or under the circumstances
200 described in the NOTES section below.
204 Resources local to a thread are deallocated automatically when the thread exits
205 (e.g. in a pthreads environment, when pthread_exit() is called). On Windows
206 platforms this is done in response to a DLL_THREAD_DETACH message being sent to
207 the libeay32.dll entry point. Some windows functions may cause threads to exit
208 without sending this message (for example ExitProcess()). If the application
209 uses such functions, then the application must free up OpenSSL resources
210 directly via a call to OPENSSL_thread_stop(). Similarly this message will
211 also not be sent if OpenSSL is linked statically, and therefore applications
212 using static linking should also call OPENSSL_thread_stop().
216 The functions OPENSSL_init_crypto and OPENSSL_atexit() returns 1 on success or
221 L<OPENSSL_init_ssl(3)>
225 The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(),
226 and OPENSSL_thread_stop() functions were added in OpenSSL 1.1.0.