=head1 NAME
-OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free,
-OPENSSL_init_crypto, OPENSSL_cleanup,
-OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL
-initialisation and deinitialisation functions
+OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename,
+OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags,
+OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit,
+OPENSSL_thread_stop_ex, OPENSSL_thread_stop - OpenSSL initialisation
+and deinitialisation functions
=head1 SYNOPSIS
void OPENSSL_cleanup(void);
int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
int OPENSSL_atexit(void (*handler)(void));
+ void OPENSSL_thread_stop_ex(OPENSSL_CTX *ctx);
void OPENSSL_thread_stop(void);
OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
+ int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
+ const char* filename);
+ int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init,
+ unsigned long flags);
int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
const char* name);
void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
needs so no explicit initialisation is required. Similarly it will also
automatically deinitialise as required.
-However, there way be situations when explicit initialisation is desirable or
-needed, for example when some non-default initialisation is required. The
+However, there may be situations when explicit initialisation is desirable or
+needed, for example when some nondefault initialisation is required. The
function OPENSSL_init_crypto() can be used for this purpose for
libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
equivalent).
Numerous internal OpenSSL functions call OPENSSL_init_crypto().
-Therefore, in order to perform non-default initialisation,
+Therefore, in order to perform nondefault initialisation,
OPENSSL_init_crypto() MUST be called by application code prior to
any other OpenSSL function calls.
=item OPENSSL_INIT_LOAD_CONFIG
With this option an OpenSSL configuration file will be automatically loaded and
-used by calling OPENSSL_config(). This is not a default option.
+used by calling OPENSSL_config(). This is a default option.
+Note that in OpenSSL 1.1.1 this was the default for libssl but not for
+libcrypto (see L<OPENSSL_init_ssl(3)> for further details about libssl
+initialisation).
+In OpenSSL 1.1.0 this was a nondefault option for both libssl and libcrypto.
See the description of OPENSSL_INIT_new(), below.
=item OPENSSL_INIT_NO_LOAD_CONFIG
=item OPENSSL_INIT_ENGINE_RDRAND
With this option the library will automatically load and initialise the
-RDRAND engine (if available). This not a default option.
+RDRAND engine (if available). This not a default option and is deprecated
+in OpenSSL 3.0.
=item OPENSSL_INIT_ENGINE_DYNAMIC
With this option the library will automatically load and initialise the
-dynamic engine. This not a default option.
+dynamic engine. This not a default option and is deprecated
+in OpenSSL 3.0.
=item OPENSSL_INIT_ENGINE_OPENSSL
With this option the library will automatically load and initialise the
-openssl engine. This not a default option.
+openssl engine. This not a default option and is deprecated
+in OpenSSL 3.0.
=item OPENSSL_INIT_ENGINE_CRYPTODEV
With this option the library will automatically load and initialise the
-cryptodev engine (if available). This not a default option.
+cryptodev engine (if available). This not a default option and is deprecated
+in OpenSSL 3.0.
=item OPENSSL_INIT_ENGINE_CAPI
With this option the library will automatically load and initialise the
-CAPI engine (if available). This not a default option.
+CAPI engine (if available). This not a default option and is deprecated
+in OpenSSL 3.0.
=item OPENSSL_INIT_ENGINE_PADLOCK
With this option the library will automatically load and initialise the
-padlock engine (if available). This not a default option.
+padlock engine (if available). This not a default option and is deprecated
+in OpenSSL 3.0.
-=item OPENSSL_INIT_ENGINE_DASYNC
+=item OPENSSL_INIT_ENGINE_AFALG
With this option the library will automatically load and initialise the
-DASYNC engine. This not a default option.
+AFALG engine. This not a default option and is deprecated
+in OpenSSL 3.0.
=item OPENSSL_INIT_ENGINE_ALL_BUILTIN
With this option the library will automatically load and initialise all the
-built in engines listed above with the exception of the openssl and dasync
-engines. This not a default option.
+built in engines listed above with the exception of the openssl and afalg
+engines. This not a default option and is deprecated
+in OpenSSL 3.0.
-=item OPENSSL_INIT_NO_ATFORK
+=item OPENSSL_INIT_ATFORK
-With this option the library will not register its fork handlers.
+With this option the library will register its fork handlers.
See OPENSSL_fork_prepare(3) for details.
+=item OPENSSL_INIT_NO_ATEXIT
+
+By default OpenSSL will attempt to clean itself up when the process exits via an
+"atexit" handler. Using this option suppresses that behaviour. This means that
+the application will have to clean up OpenSSL explicitly using
+OPENSSL_cleanup().
+
=back
Multiple options may be combined together in a single call to
will be added to the error stack. Note that because initialisation has failed
OpenSSL error strings will not be available, only an error code. This code can
be put through the openssl errstr command line application to produce a human
-readable error (see L<errstr(1)>).
+readable error (see L<openssl-errstr(1)>).
The OPENSSL_atexit() function enables the registration of a
function to be called during OPENSSL_cleanup(). Stop handlers are
process wide resources are freed. In the event that multiple stop handlers are
registered, no guarantees are made about the order of execution.
-The OPENSSL_thread_stop() function deallocates resources associated
-with the current thread. Typically this function will be called automatically by
-the library when the thread exits. This should only be called directly if
-resources should be freed at an earlier time, or under the circumstances
-described in the NOTES section below.
-
-The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration
-file. To specify a different file, an B<OPENSSL_INIT_SETTINGS> must
-be created and used. The routines
-OPENSSL_INIT_new() and OPENSSL_INIT_set_config_appname() can be used to
-allocate the object and set the application name, and then the
-object can be released with OPENSSL_INIT_free() when done.
+The OPENSSL_thread_stop_ex() function deallocates resources associated
+with the current thread for the given OPENSSL_CTX B<ctx>. The B<ctx> parameter
+can be NULL in which case the default OPENSSL_CTX is used.
+
+Typically, this function will be called automatically by the library when
+the thread exits as long as the OPENSSL_CTX has not been freed before the thread
+exits. If OPENSSL_CTX_free() is called OPENSSL_thread_stop_ex will be called
+automatically for the current thread (but not any other threads that may have
+used this OPENSSL_CTX).
+
+OPENSSL_thread_stop_ex should be called on all threads that will exit after the
+OPENSSL_CTX is freed.
+Typically this is not necessary for the default OPENSSL_CTX (because all
+resources are cleaned up on library exit) except if thread local resources
+should be freed before library exit, or under the circumstances described in
+the NOTES section below.
+
+OPENSSL_thread_stop() is the same as OPENSSL_thread_stop_ex() except that the
+default OPENSSL_CTX is always used.
+
+The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a configuration file, as with
+L<CONF_modules_load_file(3)> with NULL filename and application name and the
+B<CONF_MFLAGS_IGNORE_MISSING_FILE>, B<CONF_MFLAGS_IGNORE_RETURN_CODES> and
+B<CONF_MFLAGS_DEFAULT_SECTION> flags.
+The filename, application name, and flags can be customized by providing a
+non-null B<OPENSSL_INIT_SETTINGS> object.
+The object can be allocated via B<OPENSSL_INIT_new()>.
+The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a
+nondefault filename, which is copied and need not refer to persistent storage.
+Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a
+nondefault application name.
+Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags.
+If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in
+the configuration file will cause an error return from B<OPENSSL_init_crypto>
+or indirectly L<OPENSSL_init_ssl(3)>.
+The object can be released with OPENSSL_INIT_free() when done.
=head1 NOTES
=head1 COPYRIGHT
-Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
projects / openssl.git / blobdiff