]>
Commit | Line | Data |
---|---|---|
b184e3ef | 1 | /* |
28428130 | 2 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. |
b184e3ef | 3 | * |
2c18d164 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
b184e3ef MC |
8 | */ |
9 | ||
35d8fa56 | 10 | #include "e_os.h" |
b184e3ef | 11 | |
6827cb36 | 12 | #include "internal/err.h" |
b184e3ef MC |
13 | #include <openssl/crypto.h> |
14 | #include <openssl/evp.h> | |
15 | #include "ssl_locl.h" | |
c2e4e5d2 | 16 | #include "internal/thread_once.h" |
b184e3ef | 17 | |
dd27f16e RS |
18 | static int stopped; |
19 | ||
b184e3ef MC |
20 | static void ssl_library_stop(void); |
21 | ||
b1f1e7ae | 22 | static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; |
b184e3ef | 23 | static int ssl_base_inited = 0; |
c2e4e5d2 | 24 | DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) |
b184e3ef MC |
25 | { |
26 | #ifdef OPENSSL_INIT_DEBUG | |
27 | fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " | |
a230b26e | 28 | "Adding SSL ciphers and digests\n"); |
b184e3ef MC |
29 | #endif |
30 | #ifndef OPENSSL_NO_DES | |
31 | EVP_add_cipher(EVP_des_cbc()); | |
32 | EVP_add_cipher(EVP_des_ede3_cbc()); | |
33 | #endif | |
34 | #ifndef OPENSSL_NO_IDEA | |
35 | EVP_add_cipher(EVP_idea_cbc()); | |
36 | #endif | |
37 | #ifndef OPENSSL_NO_RC4 | |
38 | EVP_add_cipher(EVP_rc4()); | |
39 | # ifndef OPENSSL_NO_MD5 | |
40 | EVP_add_cipher(EVP_rc4_hmac_md5()); | |
41 | # endif | |
42 | #endif | |
43 | #ifndef OPENSSL_NO_RC2 | |
44 | EVP_add_cipher(EVP_rc2_cbc()); | |
45 | /* | |
46 | * Not actually used for SSL/TLS but this makes PKCS#12 work if an | |
47 | * application only calls SSL_library_init(). | |
48 | */ | |
49 | EVP_add_cipher(EVP_rc2_40_cbc()); | |
50 | #endif | |
b184e3ef MC |
51 | EVP_add_cipher(EVP_aes_128_cbc()); |
52 | EVP_add_cipher(EVP_aes_192_cbc()); | |
53 | EVP_add_cipher(EVP_aes_256_cbc()); | |
54 | EVP_add_cipher(EVP_aes_128_gcm()); | |
55 | EVP_add_cipher(EVP_aes_256_gcm()); | |
56 | EVP_add_cipher(EVP_aes_128_ccm()); | |
57 | EVP_add_cipher(EVP_aes_256_ccm()); | |
58 | EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); | |
59 | EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); | |
60 | EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); | |
61 | EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); | |
bc326738 JS |
62 | #ifndef OPENSSL_NO_ARIA |
63 | EVP_add_cipher(EVP_aria_128_gcm()); | |
64 | EVP_add_cipher(EVP_aria_256_gcm()); | |
65 | #endif | |
b184e3ef MC |
66 | #ifndef OPENSSL_NO_CAMELLIA |
67 | EVP_add_cipher(EVP_camellia_128_cbc()); | |
68 | EVP_add_cipher(EVP_camellia_256_cbc()); | |
69 | #endif | |
70 | #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) | |
71 | EVP_add_cipher(EVP_chacha20_poly1305()); | |
72 | #endif | |
73 | ||
74 | #ifndef OPENSSL_NO_SEED | |
75 | EVP_add_cipher(EVP_seed_cbc()); | |
76 | #endif | |
77 | ||
78 | #ifndef OPENSSL_NO_MD5 | |
79 | EVP_add_digest(EVP_md5()); | |
80 | EVP_add_digest_alias(SN_md5, "ssl3-md5"); | |
b184e3ef | 81 | EVP_add_digest(EVP_md5_sha1()); |
b184e3ef MC |
82 | #endif |
83 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | |
84 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); | |
85 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); | |
86 | EVP_add_digest(EVP_sha224()); | |
87 | EVP_add_digest(EVP_sha256()); | |
88 | EVP_add_digest(EVP_sha384()); | |
89 | EVP_add_digest(EVP_sha512()); | |
90 | #ifndef OPENSSL_NO_COMP | |
a230b26e | 91 | # ifdef OPENSSL_INIT_DEBUG |
b184e3ef | 92 | fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " |
a230b26e EK |
93 | "SSL_COMP_get_compression_methods()\n"); |
94 | # endif | |
b184e3ef MC |
95 | /* |
96 | * This will initialise the built-in compression algorithms. The value | |
97 | * returned is a STACK_OF(SSL_COMP), but that can be discarded safely | |
98 | */ | |
99 | SSL_COMP_get_compression_methods(); | |
100 | #endif | |
101 | /* initialize cipher/digest methods table */ | |
380a522f MC |
102 | if (!ssl_load_ciphers()) |
103 | return 0; | |
b184e3ef MC |
104 | |
105 | #ifdef OPENSSL_INIT_DEBUG | |
106 | fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " | |
a230b26e | 107 | "SSL_add_ssl_module()\n"); |
b184e3ef | 108 | #endif |
b184e3ef MC |
109 | /* |
110 | * We ignore an error return here. Not much we can do - but not that bad | |
111 | * either. We can still safely continue. | |
112 | */ | |
f672aee4 | 113 | OPENSSL_atexit(ssl_library_stop); |
b184e3ef | 114 | ssl_base_inited = 1; |
c2e4e5d2 | 115 | return 1; |
b184e3ef MC |
116 | } |
117 | ||
b1f1e7ae | 118 | static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT; |
b184e3ef | 119 | static int ssl_strings_inited = 0; |
c2e4e5d2 | 120 | DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) |
b184e3ef | 121 | { |
498abff0 MC |
122 | /* |
123 | * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time | |
124 | * pulling in all the error strings during static linking | |
125 | */ | |
126 | #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) | |
127 | # ifdef OPENSSL_INIT_DEBUG | |
a230b26e EK |
128 | fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: " |
129 | "ERR_load_SSL_strings()\n"); | |
498abff0 | 130 | # endif |
b184e3ef MC |
131 | ERR_load_SSL_strings(); |
132 | ssl_strings_inited = 1; | |
10281e83 | 133 | #endif |
c2e4e5d2 | 134 | return 1; |
b184e3ef MC |
135 | } |
136 | ||
c2e4e5d2 | 137 | DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_ssl_strings) |
b184e3ef MC |
138 | { |
139 | /* Do nothing in this case */ | |
c2e4e5d2 | 140 | return 1; |
b184e3ef MC |
141 | } |
142 | ||
143 | static void ssl_library_stop(void) | |
144 | { | |
dd27f16e RS |
145 | /* Might be explicitly called and also by atexit */ |
146 | if (stopped) | |
147 | return; | |
148 | stopped = 1; | |
149 | ||
b184e3ef MC |
150 | if (ssl_base_inited) { |
151 | #ifndef OPENSSL_NO_COMP | |
a230b26e | 152 | # ifdef OPENSSL_INIT_DEBUG |
b184e3ef | 153 | fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " |
a230b26e EK |
154 | "ssl_comp_free_compression_methods_int()\n"); |
155 | # endif | |
b3599dbb | 156 | ssl_comp_free_compression_methods_int(); |
b184e3ef MC |
157 | #endif |
158 | } | |
159 | ||
160 | if (ssl_strings_inited) { | |
161 | #ifdef OPENSSL_INIT_DEBUG | |
162 | fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " | |
a230b26e | 163 | "err_free_strings_int()\n"); |
b184e3ef MC |
164 | #endif |
165 | /* | |
166 | * If both crypto and ssl error strings are inited we will end up | |
b3599dbb | 167 | * calling err_free_strings_int() twice - but that's ok. The second |
6827cb36 | 168 | * time will be a no-op. It's easier to do that than to try and track |
b184e3ef MC |
169 | * between the two libraries whether they have both been inited. |
170 | */ | |
b3599dbb | 171 | err_free_strings_int(); |
b184e3ef MC |
172 | } |
173 | } | |
174 | ||
175 | /* | |
176 | * If this function is called with a non NULL settings value then it must be | |
177 | * called prior to any threads making calls to any OpenSSL functions, | |
178 | * i.e. passing a non-null settings value is assumed to be single-threaded. | |
179 | */ | |
a230b26e | 180 | int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) |
b184e3ef | 181 | { |
302f7588 MC |
182 | static int stoperrset = 0; |
183 | ||
184 | if (stopped) { | |
185 | if (!stoperrset) { | |
186 | /* | |
187 | * We only ever set this once to avoid getting into an infinite | |
188 | * loop where the error system keeps trying to init and fails so | |
189 | * sets an error etc | |
190 | */ | |
191 | stoperrset = 1; | |
a4625290 | 192 | SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL); |
302f7588 | 193 | } |
0fc32b07 | 194 | return 0; |
302f7588 | 195 | } |
dd27f16e | 196 | |
d8f031e8 | 197 | if (!OPENSSL_init_crypto(opts |
dbabc862 | 198 | #ifndef OPENSSL_NO_AUTOLOAD_CONFIG |
d8f031e8 | 199 | | OPENSSL_INIT_LOAD_CONFIG |
dbabc862 | 200 | #endif |
d8f031e8 | 201 | | OPENSSL_INIT_ADD_ALL_CIPHERS |
0145dd32 RL |
202 | | OPENSSL_INIT_ADD_ALL_DIGESTS |
203 | | OPENSSL_INIT_ADD_ALL_MACS, | |
d8f031e8 | 204 | settings)) |
0fc32b07 | 205 | return 0; |
b184e3ef | 206 | |
d8f031e8 | 207 | if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) |
b1f1e7ae | 208 | return 0; |
b184e3ef | 209 | |
b1f1e7ae | 210 | if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) |
a230b26e | 211 | && !RUN_ONCE(&ssl_strings, ossl_init_no_load_ssl_strings)) |
b1f1e7ae | 212 | return 0; |
b184e3ef | 213 | |
b1f1e7ae | 214 | if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) |
a230b26e | 215 | && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings)) |
b1f1e7ae | 216 | return 0; |
0fc32b07 MC |
217 | |
218 | return 1; | |
b184e3ef | 219 | } |