diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3')
| -rw-r--r-- | secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 | 379 |
1 files changed, 379 insertions, 0 deletions
diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 b/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 new file mode 100644 index 000000000000..18c08554a47c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 @@ -0,0 +1,379 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INIT_CRYPTO 3" +.TH OPENSSL_INIT_CRYPTO 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop \- OpenSSL initialisation and deinitialisation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/crypto.h> +\& +\& void OPENSSL_cleanup(void); +\& int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +\& int OPENSSL_atexit(void (*handler)(void)); +\& void OPENSSL_thread_stop(void); +\& +\& OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +\& int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, +\& const char* filename); +\& int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, +\& unsigned long flags); +\& int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, +\& const char* name); +\& void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During normal operation OpenSSL (libcrypto) will allocate various resources at +start up that must, subsequently, be freed on close down of the library. +Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing. +.PP +As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required. +.PP +However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function \fBOPENSSL_init_crypto()\fR can be used for this purpose for +libcrypto (see also \fBOPENSSL_init_ssl\fR\|(3) for the libssl +equivalent). +.PP +Numerous internal OpenSSL functions call \fBOPENSSL_init_crypto()\fR. +Therefore, in order to perform non-default initialisation, +\&\fBOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to +any other OpenSSL function calls. +.PP +The \fBopts\fR parameter specifies which aspects of libcrypto should be +initialised. Valid options are: +.IP "\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS" +Suppress automatic loading of the libcrypto error strings. This option is +not a default option. Once selected subsequent calls to +\&\fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_CRYPTO_STRINGS" +Automatic loading of the libcrypto error strings. With this option the +library will automatically load the libcrypto error strings. +This option is a default option. Once selected subsequent calls to +\&\fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0" 4 +.IX Item "OPENSSL_INIT_ADD_ALL_CIPHERS" +With this option the library will automatically load and make available all +libcrypto ciphers. This option is a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0" 4 +.IX Item "OPENSSL_INIT_ADD_ALL_DIGESTS" +With this option the library will automatically load and make available all +libcrypto digests. This option is a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0" 4 +.IX Item "OPENSSL_INIT_NO_ADD_ALL_CIPHERS" +With this option the library will suppress automatic loading of libcrypto +ciphers. This option is not a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0" 4 +.IX Item "OPENSSL_INIT_NO_ADD_ALL_DIGESTS" +With this option the library will suppress automatic loading of libcrypto +digests. This option is not a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_CONFIG\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_CONFIG" +With this option an OpenSSL configuration file will be automatically loaded and +used by calling \fBOPENSSL_config()\fR. This is not a default option for libcrypto. +As of OpenSSL 1.1.1 this is a default option for libssl (see +\&\fBOPENSSL_init_ssl\fR\|(3) for further details about libssl initialisation). See the +description of \fBOPENSSL_INIT_new()\fR, below. +.IP "\s-1OPENSSL_INIT_NO_LOAD_CONFIG\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_CONFIG" +With this option the loading of OpenSSL configuration files will be suppressed. +It is the equivalent of calling \fBOPENSSL_no_config()\fR. This is not a default +option. +.IP "\s-1OPENSSL_INIT_ASYNC\s0" 4 +.IX Item "OPENSSL_INIT_ASYNC" +With this option the library with automatically initialise the libcrypto async +sub-library (see \fBASYNC_start_job\fR\|(3)). This is a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_RDRAND\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_RDRAND" +With this option the library will automatically load and initialise the +\&\s-1RDRAND\s0 engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_DYNAMIC\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_DYNAMIC" +With this option the library will automatically load and initialise the +dynamic engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_OPENSSL\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_OPENSSL" +With this option the library will automatically load and initialise the +openssl engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_CRYPTODEV\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_CRYPTODEV" +With this option the library will automatically load and initialise the +cryptodev engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_CAPI\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_CAPI" +With this option the library will automatically load and initialise the +\&\s-1CAPI\s0 engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_PADLOCK\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_PADLOCK" +With this option the library will automatically load and initialise the +padlock engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_AFALG\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_AFALG" +With this option the library will automatically load and initialise the +\&\s-1AFALG\s0 engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_ALL_BUILTIN\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_ALL_BUILTIN" +With this option the library will automatically load and initialise all the +built in engines listed above with the exception of the openssl and afalg +engines. This not a default option. +.IP "\s-1OPENSSL_INIT_ATFORK\s0" 4 +.IX Item "OPENSSL_INIT_ATFORK" +With this option the library will register its fork handlers. +See \fBOPENSSL_fork_prepare\fR\|(3) for details. +.IP "\s-1OPENSSL_INIT_NO_ATEXIT\s0" 4 +.IX Item "OPENSSL_INIT_NO_ATEXIT" +By default OpenSSL will attempt to clean itself up when the process exits via an +\&\*(L"atexit\*(R" handler. Using this option suppresses that behaviour. This means that +the application will have to clean up OpenSSL explicitly using +\&\fBOPENSSL_cleanup()\fR. +.PP +Multiple options may be combined together in a single call to +\&\fBOPENSSL_init_crypto()\fR. For example: +.PP +.Vb 2 +\& OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS +\& | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL); +.Ve +.PP +The \fBOPENSSL_cleanup()\fR function deinitialises OpenSSL (both libcrypto +and libssl). All resources allocated by OpenSSL are freed. Typically there +should be no need to call this function directly as it is initiated +automatically on application exit. This is done via the standard C library +\&\fBatexit()\fR function. In the event that the application will close in a manner +that will not call the registered \fBatexit()\fR handlers then the application should +call \fBOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL +are discouraged from calling this function and should instead, typically, rely +on auto-deinitialisation. This is to avoid error conditions where both an +application and a library it depends on both use OpenSSL, and the library +deinitialises it before the application has finished using it. +.PP +Once \fBOPENSSL_cleanup()\fR has been called the library cannot be reinitialised. +Attempts to call \fBOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error +will be added to the error stack. Note that because initialisation has failed +OpenSSL error strings will not be available, only an error code. This code can +be put through the openssl errstr command line application to produce a human +readable error (see \fBerrstr\fR\|(1)). +.PP +The \fBOPENSSL_atexit()\fR function enables the registration of a +function to be called during \fBOPENSSL_cleanup()\fR. Stop handlers are +called after deinitialisation of resources local to a thread, but before other +process wide resources are freed. In the event that multiple stop handlers are +registered, no guarantees are made about the order of execution. +.PP +The \fBOPENSSL_thread_stop()\fR function deallocates resources associated +with the current thread. Typically this function will be called automatically by +the library when the thread exits. This should only be called directly if +resources should be freed at an earlier time, or under the circumstances +described in the \s-1NOTES\s0 section below. +.PP +The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, as with +\&\fBCONF_modules_load_file\fR\|(3) with \s-1NULL\s0 filename and application name and the +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR, \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR and +\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR flags. +The filename, application name, and flags can be customized by providing a +non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object. +The object can be allocated via \fB\fBOPENSSL_init_new()\fB\fR. +The \fB\fBOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a +non-default filename, which is copied and need not refer to persistent storage. +Similarly, \fBOPENSSL_INIT_set_config_appname()\fR can be used to specify a +non-default application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +If the \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR flag is not included, any errors in +the configuration file will cause an error return from \fBOPENSSL_init_crypto\fR +or indirectly \fBOPENSSL_init_ssl\fR\|(3). +The object can be released with \fBOPENSSL_INIT_free()\fR when done. +.SH "NOTES" +.IX Header "NOTES" +Resources local to a thread are deallocated automatically when the thread exits +(e.g. in a pthreads environment, when \fBpthread_exit()\fR is called). On Windows +platforms this is done in response to a \s-1DLL_THREAD_DETACH\s0 message being sent to +the libcrypto32.dll entry point. Some windows functions may cause threads to exit +without sending this message (for example \fBExitProcess()\fR). If the application +uses such functions, then the application must free up OpenSSL resources +directly via a call to \fBOPENSSL_thread_stop()\fR on each thread. Similarly this +message will also not be sent if OpenSSL is linked statically, and therefore +applications using static linking should also call \fBOPENSSL_thread_stop()\fR on each +thread. Additionally if OpenSSL is loaded dynamically via \fBLoadLibrary()\fR and the +threads are not destroyed until after \fBFreeLibrary()\fR is called then each thread +should call \fBOPENSSL_thread_stop()\fR prior to the \fBFreeLibrary()\fR call. +.PP +On Linux/Unix where OpenSSL has been loaded via \fBdlopen()\fR and the application is +multi-threaded and if \fBdlclose()\fR is subsequently called prior to the threads +being destroyed then OpenSSL will not be able to deallocate resources associated +with those threads. The application should either call \fBOPENSSL_thread_stop()\fR on +each thread prior to the \fBdlclose()\fR call, or alternatively the original \fBdlopen()\fR +call should use the \s-1RTLD_NODELETE\s0 flag (where available on the platform). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions OPENSSL_init_crypto, \fBOPENSSL_atexit()\fR and +\&\fBOPENSSL_INIT_set_config_appname()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_init_ssl\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOPENSSL_init_crypto()\fR, \fBOPENSSL_cleanup()\fR, \fBOPENSSL_atexit()\fR, +\&\fBOPENSSL_thread_stop()\fR, \fBOPENSSL_INIT_new()\fR, \fBOPENSSL_INIT_set_config_appname()\fR +and \fBOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +<https://www.openssl.org/source/license.html>. |