]>
Commit | Line | Data |
---|---|---|
b184e3ef MC |
1 | /* |
2 | * Written by Matt Caswell for the OpenSSL project. | |
3 | */ | |
4 | /* ==================================================================== | |
5 | * Copyright (c) 2016 The OpenSSL Project. All rights reserved. | |
6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | |
10 | * | |
11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | |
13 | * | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | |
15 | * notice, this list of conditions and the following disclaimer in | |
16 | * the documentation and/or other materials provided with the | |
17 | * distribution. | |
18 | * | |
19 | * 3. All advertising materials mentioning features or use of this | |
20 | * software must display the following acknowledgment: | |
21 | * "This product includes software developed by the OpenSSL Project | |
22 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
23 | * | |
24 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
25 | * endorse or promote products derived from this software without | |
26 | * prior written permission. For written permission, please contact | |
27 | * openssl-core@openssl.org. | |
28 | * | |
29 | * 5. Products derived from this software may not be called "OpenSSL" | |
30 | * nor may "OpenSSL" appear in their names without prior written | |
31 | * permission of the OpenSSL Project. | |
32 | * | |
33 | * 6. Redistributions of any form whatsoever must retain the following | |
34 | * acknowledgment: | |
35 | * "This product includes software developed by the OpenSSL Project | |
36 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
37 | * | |
38 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
39 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
40 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
41 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
42 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
43 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
44 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
45 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
46 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
47 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
48 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
49 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
50 | * ==================================================================== | |
51 | * | |
52 | * This product includes cryptographic software written by Eric Young | |
53 | * (eay@cryptsoft.com). This product includes software written by Tim | |
54 | * Hudson (tjh@cryptsoft.com). | |
55 | * | |
56 | */ | |
57 | ||
35d8fa56 | 58 | #include "e_os.h" |
b184e3ef | 59 | |
6827cb36 MC |
60 | #include "internal/threads.h" |
61 | #include "internal/err.h" | |
b184e3ef MC |
62 | #include <openssl/crypto.h> |
63 | #include <openssl/evp.h> | |
dd27f16e | 64 | #include <assert.h> |
b184e3ef MC |
65 | #include "ssl_locl.h" |
66 | ||
dd27f16e RS |
67 | static int stopped; |
68 | ||
b184e3ef MC |
69 | static void ssl_library_stop(void); |
70 | ||
b1f1e7ae | 71 | static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; |
b184e3ef MC |
72 | static int ssl_base_inited = 0; |
73 | static void ossl_init_ssl_base(void) | |
74 | { | |
75 | #ifdef OPENSSL_INIT_DEBUG | |
76 | fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " | |
77 | "Adding SSL ciphers and digests\n"); | |
78 | #endif | |
79 | #ifndef OPENSSL_NO_DES | |
80 | EVP_add_cipher(EVP_des_cbc()); | |
81 | EVP_add_cipher(EVP_des_ede3_cbc()); | |
82 | #endif | |
83 | #ifndef OPENSSL_NO_IDEA | |
84 | EVP_add_cipher(EVP_idea_cbc()); | |
85 | #endif | |
86 | #ifndef OPENSSL_NO_RC4 | |
87 | EVP_add_cipher(EVP_rc4()); | |
88 | # ifndef OPENSSL_NO_MD5 | |
89 | EVP_add_cipher(EVP_rc4_hmac_md5()); | |
90 | # endif | |
91 | #endif | |
92 | #ifndef OPENSSL_NO_RC2 | |
93 | EVP_add_cipher(EVP_rc2_cbc()); | |
94 | /* | |
95 | * Not actually used for SSL/TLS but this makes PKCS#12 work if an | |
96 | * application only calls SSL_library_init(). | |
97 | */ | |
98 | EVP_add_cipher(EVP_rc2_40_cbc()); | |
99 | #endif | |
100 | #ifndef OPENSSL_NO_AES | |
101 | EVP_add_cipher(EVP_aes_128_cbc()); | |
102 | EVP_add_cipher(EVP_aes_192_cbc()); | |
103 | EVP_add_cipher(EVP_aes_256_cbc()); | |
104 | EVP_add_cipher(EVP_aes_128_gcm()); | |
105 | EVP_add_cipher(EVP_aes_256_gcm()); | |
106 | EVP_add_cipher(EVP_aes_128_ccm()); | |
107 | EVP_add_cipher(EVP_aes_256_ccm()); | |
108 | EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); | |
109 | EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); | |
110 | EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); | |
111 | EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); | |
112 | #endif | |
113 | #ifndef OPENSSL_NO_CAMELLIA | |
114 | EVP_add_cipher(EVP_camellia_128_cbc()); | |
115 | EVP_add_cipher(EVP_camellia_256_cbc()); | |
116 | #endif | |
117 | #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) | |
118 | EVP_add_cipher(EVP_chacha20_poly1305()); | |
119 | #endif | |
120 | ||
121 | #ifndef OPENSSL_NO_SEED | |
122 | EVP_add_cipher(EVP_seed_cbc()); | |
123 | #endif | |
124 | ||
125 | #ifndef OPENSSL_NO_MD5 | |
126 | EVP_add_digest(EVP_md5()); | |
127 | EVP_add_digest_alias(SN_md5, "ssl3-md5"); | |
128 | # ifndef OPENSSL_NO_SHA | |
129 | EVP_add_digest(EVP_md5_sha1()); | |
130 | # endif | |
131 | #endif | |
132 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | |
133 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); | |
134 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); | |
135 | EVP_add_digest(EVP_sha224()); | |
136 | EVP_add_digest(EVP_sha256()); | |
137 | EVP_add_digest(EVP_sha384()); | |
138 | EVP_add_digest(EVP_sha512()); | |
139 | #ifndef OPENSSL_NO_COMP | |
140 | #ifdef OPENSSL_INIT_DEBUG | |
141 | fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " | |
142 | "SSL_COMP_get_compression_methods()\n"); | |
143 | #endif | |
144 | /* | |
145 | * This will initialise the built-in compression algorithms. The value | |
146 | * returned is a STACK_OF(SSL_COMP), but that can be discarded safely | |
147 | */ | |
148 | SSL_COMP_get_compression_methods(); | |
149 | #endif | |
150 | /* initialize cipher/digest methods table */ | |
151 | ssl_load_ciphers(); | |
152 | ||
153 | #ifdef OPENSSL_INIT_DEBUG | |
154 | fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " | |
155 | "SSL_add_ssl_module()\n"); | |
156 | #endif | |
157 | SSL_add_ssl_module(); | |
158 | /* | |
159 | * We ignore an error return here. Not much we can do - but not that bad | |
160 | * either. We can still safely continue. | |
161 | */ | |
f672aee4 | 162 | OPENSSL_atexit(ssl_library_stop); |
b184e3ef MC |
163 | ssl_base_inited = 1; |
164 | } | |
165 | ||
b1f1e7ae | 166 | static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT; |
b184e3ef MC |
167 | static int ssl_strings_inited = 0; |
168 | static void ossl_init_load_ssl_strings(void) | |
169 | { | |
498abff0 MC |
170 | /* |
171 | * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time | |
172 | * pulling in all the error strings during static linking | |
173 | */ | |
174 | #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) | |
175 | # ifdef OPENSSL_INIT_DEBUG | |
b184e3ef MC |
176 | fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: " |
177 | "ERR_load_SSL_strings()\n"); | |
498abff0 | 178 | # endif |
b184e3ef | 179 | ERR_load_SSL_strings(); |
498abff0 | 180 | #endif |
b184e3ef MC |
181 | ssl_strings_inited = 1; |
182 | } | |
183 | ||
184 | static void ossl_init_no_load_ssl_strings(void) | |
185 | { | |
186 | /* Do nothing in this case */ | |
187 | return; | |
188 | } | |
189 | ||
190 | static void ssl_library_stop(void) | |
191 | { | |
dd27f16e RS |
192 | /* Might be explicitly called and also by atexit */ |
193 | if (stopped) | |
194 | return; | |
195 | stopped = 1; | |
196 | ||
b184e3ef MC |
197 | if (ssl_base_inited) { |
198 | #ifndef OPENSSL_NO_COMP | |
199 | #ifdef OPENSSL_INIT_DEBUG | |
200 | fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " | |
342c21cd | 201 | "int_ssl_comp_free_compression_methods()\n"); |
b184e3ef | 202 | #endif |
342c21cd | 203 | int_ssl_comp_free_compression_methods(); |
b184e3ef MC |
204 | #endif |
205 | } | |
206 | ||
207 | if (ssl_strings_inited) { | |
208 | #ifdef OPENSSL_INIT_DEBUG | |
209 | fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " | |
342c21cd | 210 | "int_err_free_strings()\n"); |
b184e3ef MC |
211 | #endif |
212 | /* | |
213 | * If both crypto and ssl error strings are inited we will end up | |
342c21cd | 214 | * calling int_err_free_strings() twice - but that's ok. The second |
6827cb36 | 215 | * time will be a no-op. It's easier to do that than to try and track |
b184e3ef MC |
216 | * between the two libraries whether they have both been inited. |
217 | */ | |
342c21cd | 218 | int_err_free_strings(); |
b184e3ef MC |
219 | } |
220 | } | |
221 | ||
7253fd55 | 222 | |
b184e3ef MC |
223 | /* |
224 | * If this function is called with a non NULL settings value then it must be | |
225 | * called prior to any threads making calls to any OpenSSL functions, | |
226 | * i.e. passing a non-null settings value is assumed to be single-threaded. | |
227 | */ | |
0fc32b07 | 228 | int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) |
b184e3ef | 229 | { |
302f7588 MC |
230 | static int stoperrset = 0; |
231 | ||
232 | if (stopped) { | |
233 | if (!stoperrset) { | |
234 | /* | |
235 | * We only ever set this once to avoid getting into an infinite | |
236 | * loop where the error system keeps trying to init and fails so | |
237 | * sets an error etc | |
238 | */ | |
239 | stoperrset = 1; | |
a4625290 | 240 | SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL); |
302f7588 | 241 | } |
0fc32b07 | 242 | return 0; |
302f7588 | 243 | } |
dd27f16e | 244 | |
0fc32b07 MC |
245 | if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS |
246 | | OPENSSL_INIT_ADD_ALL_DIGESTS, settings)) | |
247 | return 0; | |
b184e3ef | 248 | |
b1f1e7ae MC |
249 | if (!CRYPTO_THREAD_run_once(&ssl_base, ossl_init_ssl_base)) |
250 | return 0; | |
b184e3ef | 251 | |
b1f1e7ae MC |
252 | if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) |
253 | && !CRYPTO_THREAD_run_once(&ssl_strings, | |
254 | ossl_init_no_load_ssl_strings)) | |
255 | return 0; | |
b184e3ef | 256 | |
b1f1e7ae MC |
257 | if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) |
258 | && !CRYPTO_THREAD_run_once(&ssl_strings, | |
259 | ossl_init_load_ssl_strings)) | |
260 | return 0; | |
0fc32b07 MC |
261 | |
262 | return 1; | |
b184e3ef MC |
263 | } |
264 |