OPENSSL_fork_prepare.3ossl - Man Page

OpenSSL fork handlers


 #include <openssl/crypto.h>

The following functions have been deprecated since OpenSSL 3.0, and can be hidden entirely by defining OPENSSL_API_COMPAT with a suitable version value, see openssl_user_macros(7):

 void OPENSSL_fork_prepare(void);
 void OPENSSL_fork_parent(void);
 void OPENSSL_fork_child(void);


These methods are currently unused, and as such, no replacement methods are required or planned.

OpenSSL has state that should be reset when a process forks. For example, the entropy pool used to generate random numbers (and therefore encryption keys) should not be shared across multiple programs. The OPENSSL_fork_prepare(), OPENSSL_fork_parent(), and OPENSSL_fork_child() functions are used to reset this internal state.

Platforms without fork(2) will probably not need to use these functions. Platforms with fork(2) but without pthread_atfork(3) will probably need to call them manually, as described in the following paragraph.  Platforms such as Linux that have both functions will normally not need to call these functions as the OpenSSL library will do so automatically.

OPENSSL_init_crypto(3) will register these functions with the appropriate handler, when the OPENSSL_INIT_ATFORK flag is used. For other applications, these functions can be called directly. They should be used according to the calling sequence described by the pthread_atfork(3) documentation, which is summarized here.  OPENSSL_fork_prepare() should be called before a fork() is done.  After the fork() returns, the parent process should call OPENSSL_fork_parent() and the child process should call OPENSSL_fork_child().

Return Values

OPENSSL_fork_prepare(), OPENSSL_fork_parent() and OPENSSL_fork_child() do not return values.

See Also



These functions were added in OpenSSL 1.1.1.

Referenced By


The man pages OPENSSL_fork_child.3ossl(3) and OPENSSL_fork_parent.3ossl(3) are aliases of OPENSSL_fork_prepare.3ossl(3).

2023-10-26 3.1.4 OpenSSL