Implement OPENSSL_INIT_NO_ATEXIT (c2b3db24) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/init.c

+32 −4

Original line number	Diff line number	Diff line
		@@ -100,10 +100,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base)
		return 0;
		if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
		goto err;
		#ifndef OPENSSL_SYS_UEFI
		if (atexit(OPENSSL_cleanup) != 0)
		goto err;
		#endif
		OPENSSL_cpuid_setup();

		destructor_key.value = key;
		@@ -121,6 +117,30 @@ err:
		return 0;
		}

		static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT;
		DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)
		{
		# ifdef OPENSSL_INIT_DEBUG
		fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n");
		# endif
		#ifndef OPENSSL_SYS_UEFI
		if (atexit(OPENSSL_cleanup) != 0)
		return 0;
		#endif

		return 1;
		}

		DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,
		ossl_init_register_atexit)
		{
		#ifdef OPENSSL_INIT_DEBUG
		fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n");
		#endif
		/* Do nothing in this case */
		return 1;
		}

		static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT;
		DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
		{
		@@ -598,6 +618,14 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
		if (!RUN_ONCE(&base, ossl_init_base))
		return 0;

		if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) {
		if (!RUN_ONCE_ALT(&register_atexit, ossl_init_no_register_atexit,
		ossl_init_register_atexit))
		return 0;
		} else if (!RUN_ONCE(&register_atexit, ossl_init_register_atexit)) {
		return 0;
		}

		if (!(opts & OPENSSL_INIT_BASE_ONLY)
		&& !RUN_ONCE(&load_crypto_nodelete,
		ossl_init_load_crypto_nodelete))

+8 −1

Original line number	Diff line number	Diff line
		@@ -33,7 +33,7 @@ As of version 1.1.0 OpenSSL will automatically allocate all resources that it
		needs so no explicit initialisation is required. Similarly it will also
		automatically deinitialise as required.

		However, there way be situations when explicit initialisation is desirable or
		However, there may be situations when explicit initialisation is desirable or
		needed, for example when some non-default initialisation is required. The
		function OPENSSL_init_crypto() can be used for this purpose for
		libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
		@@ -157,6 +157,13 @@ engines. This not a default option.
		With this option the library will register its fork handlers.
		See OPENSSL_fork_prepare(3) for details.

		=item OPENSSL_INIT_NO_ATEXIT

		By default OpenSSL will attempt to clean itself up when the process exits via an
		"atexit" handler. Using this option suppresses that behaviour. This means that
		the application will have to clean up OpenSSL explicitly using
		OPENSSL_cleanup().

		=back

		Multiple options may be combined together in a single call to

+1 −0

Original line number	Diff line number	Diff line
		@@ -377,6 +377,7 @@ int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len);
		/* OPENSSL_INIT_ZLIB 0x00010000L */
		# define OPENSSL_INIT_ATFORK 0x00020000L
		/* OPENSSL_INIT_BASE_ONLY 0x00040000L */
		# define OPENSSL_INIT_NO_ATEXIT 0x00080000L
		/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */
		/* Max OPENSSL_INIT flag value is 0x80000000 */