]>
Commit | Line | Data |
---|---|---|
b184e3ef MC |
1 | /* |
2 | * Written by Matt Caswell for the OpenSSL project. | |
3 | */ | |
4 | /* ==================================================================== | |
5 | * Copyright (c) 2016 The OpenSSL Project. All rights reserved. | |
6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | |
10 | * | |
11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | |
13 | * | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | |
15 | * notice, this list of conditions and the following disclaimer in | |
16 | * the documentation and/or other materials provided with the | |
17 | * distribution. | |
18 | * | |
19 | * 3. All advertising materials mentioning features or use of this | |
20 | * software must display the following acknowledgment: | |
21 | * "This product includes software developed by the OpenSSL Project | |
22 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
23 | * | |
24 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
25 | * endorse or promote products derived from this software without | |
26 | * prior written permission. For written permission, please contact | |
27 | * openssl-core@openssl.org. | |
28 | * | |
29 | * 5. Products derived from this software may not be called "OpenSSL" | |
30 | * nor may "OpenSSL" appear in their names without prior written | |
31 | * permission of the OpenSSL Project. | |
32 | * | |
33 | * 6. Redistributions of any form whatsoever must retain the following | |
34 | * acknowledgment: | |
35 | * "This product includes software developed by the OpenSSL Project | |
36 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
37 | * | |
38 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
39 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
40 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
41 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
42 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
43 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
44 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
45 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
46 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
47 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
48 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
49 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
50 | * ==================================================================== | |
51 | * | |
52 | * This product includes cryptographic software written by Eric Young | |
53 | * (eay@cryptsoft.com). This product includes software written by Tim | |
54 | * Hudson (tjh@cryptsoft.com). | |
55 | * | |
56 | */ | |
57 | ||
58 | #include <openssl/e_os2.h> | |
59 | ||
60 | #if defined(OPENSSL_SYS_WINDOWS) && !defined(_WIN32_WINNT) | |
61 | /* | |
62 | * We default to requiring Windows Vista, Windows Server 2008 or later. We can | |
63 | * support lower versions if _WIN32_WINNT is explicity defined to something | |
64 | * less | |
65 | */ | |
66 | # define _WIN32_WINNT 0x0600 | |
67 | #endif | |
68 | ||
69 | #include <openssl/crypto.h> | |
70 | #include <openssl/evp.h> | |
71 | #include "ssl_locl.h" | |
72 | ||
73 | /* Implement "once" functionality */ | |
74 | #if !defined(OPENSSL_THREADS) | |
75 | typedef int OPENSSL_INIT_ONCE; | |
76 | # define OPENSSL_INIT_ONCE_STATIC_INIT 0 | |
77 | # define OPENSSL_INIT_ONCE_DYNAMIC_INIT(once) (*(once) = 0) | |
78 | ||
79 | static void ossl_init_once_run(OPENSSL_INIT_ONCE *once, void (*init)(void)) | |
80 | { | |
81 | if (*once == OPENSSL_INIT_ONCE_STATIC_INIT) { | |
82 | *once = 1; | |
83 | init(); | |
84 | } | |
85 | } | |
86 | #elif defined(OPENSSL_SYS_WINDOWS) | |
87 | # include <windows.h> | |
88 | ||
89 | # if _WIN32_WINNT < 0x0600 | |
90 | ||
91 | /* | |
92 | * Versions before 0x0600 (Windows Vista, Windows Server 2008 or later) do not | |
93 | * have InitOnceExecuteOnce, so we fall back to using a spinlock instead. | |
94 | */ | |
95 | typedef LONG OPENSSL_INIT_ONCE; | |
96 | # define OPENSSL_INIT_ONCE_STATIC_INIT 0 | |
97 | # define OPENSSL_INIT_ONCE_DYNAMIC_INIT(once) (*(once) = 0) | |
98 | ||
99 | # define ONCE_UNINITED 0 | |
100 | # define ONCE_ININIT 1 | |
101 | # define ONCE_DONE 2 | |
102 | ||
103 | static void ossl_init_once_run(OPENSSL_INIT_ONCE *once, void (*init)(void)) | |
104 | { | |
105 | LONG volatile *lock = (LONG *)once; | |
106 | LONG result; | |
107 | ||
108 | if (*lock == ONCE_DONE) | |
109 | return; | |
110 | ||
111 | do { | |
112 | result = InterlockedCompareExchange(lock, ONCE_ININIT, ONCE_UNINITED); | |
113 | if (result == ONCE_UNINITED) { | |
114 | init(); | |
115 | *lock = ONCE_DONE; | |
116 | return; | |
117 | } | |
118 | } while (result == ONCE_ININIT); | |
119 | } | |
120 | ||
121 | # else | |
122 | ||
123 | typedef INIT_ONCE OPENSSL_INIT_ONCE; | |
124 | # define OPENSSL_INIT_ONCE_STATIC_INIT INIT_ONCE_STATIC_INIT | |
125 | # define OPENSSL_INIT_ONCE_DYNAMIC_INIT(once) \ | |
126 | InitOnceInitialize((PINIT_ONCE)(once)) | |
127 | ||
128 | static BOOL CALLBACK once_cb(PINIT_ONCE once, PVOID initfp, PVOID *unused) | |
129 | { | |
130 | void (*init)(void) = initfp; | |
131 | ||
132 | init(); | |
133 | ||
134 | return TRUE; | |
135 | } | |
136 | ||
137 | static void ossl_init_once_run(OPENSSL_INIT_ONCE *once, void (*init)(void)) | |
138 | { | |
139 | InitOnceExecuteOnce((INIT_ONCE *)once, once_cb, init, NULL); | |
140 | } | |
141 | # endif | |
142 | #else /* pthreads */ | |
143 | # include <pthread.h> | |
144 | ||
145 | typedef pthread_once_t OPENSSL_INIT_ONCE; | |
146 | # define OPENSSL_INIT_ONCE_STATIC_INIT PTHREAD_ONCE_INIT | |
147 | # define OPENSSL_INIT_ONCE_DYNAMIC_INIT(once) (*(once) = PTHREAD_ONCE_INIT) | |
148 | ||
149 | static void ossl_init_once_run(OPENSSL_INIT_ONCE *once, void (*init)(void)) | |
150 | { | |
151 | pthread_once(once, init); | |
152 | } | |
153 | #endif | |
154 | ||
155 | static void ssl_library_stop(void); | |
156 | ||
157 | static OPENSSL_INIT_ONCE ssl_base = OPENSSL_INIT_ONCE_STATIC_INIT; | |
158 | static int ssl_base_inited = 0; | |
159 | static void ossl_init_ssl_base(void) | |
160 | { | |
161 | #ifdef OPENSSL_INIT_DEBUG | |
162 | fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " | |
163 | "Adding SSL ciphers and digests\n"); | |
164 | #endif | |
165 | #ifndef OPENSSL_NO_DES | |
166 | EVP_add_cipher(EVP_des_cbc()); | |
167 | EVP_add_cipher(EVP_des_ede3_cbc()); | |
168 | #endif | |
169 | #ifndef OPENSSL_NO_IDEA | |
170 | EVP_add_cipher(EVP_idea_cbc()); | |
171 | #endif | |
172 | #ifndef OPENSSL_NO_RC4 | |
173 | EVP_add_cipher(EVP_rc4()); | |
174 | # ifndef OPENSSL_NO_MD5 | |
175 | EVP_add_cipher(EVP_rc4_hmac_md5()); | |
176 | # endif | |
177 | #endif | |
178 | #ifndef OPENSSL_NO_RC2 | |
179 | EVP_add_cipher(EVP_rc2_cbc()); | |
180 | /* | |
181 | * Not actually used for SSL/TLS but this makes PKCS#12 work if an | |
182 | * application only calls SSL_library_init(). | |
183 | */ | |
184 | EVP_add_cipher(EVP_rc2_40_cbc()); | |
185 | #endif | |
186 | #ifndef OPENSSL_NO_AES | |
187 | EVP_add_cipher(EVP_aes_128_cbc()); | |
188 | EVP_add_cipher(EVP_aes_192_cbc()); | |
189 | EVP_add_cipher(EVP_aes_256_cbc()); | |
190 | EVP_add_cipher(EVP_aes_128_gcm()); | |
191 | EVP_add_cipher(EVP_aes_256_gcm()); | |
192 | EVP_add_cipher(EVP_aes_128_ccm()); | |
193 | EVP_add_cipher(EVP_aes_256_ccm()); | |
194 | EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); | |
195 | EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); | |
196 | EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); | |
197 | EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); | |
198 | #endif | |
199 | #ifndef OPENSSL_NO_CAMELLIA | |
200 | EVP_add_cipher(EVP_camellia_128_cbc()); | |
201 | EVP_add_cipher(EVP_camellia_256_cbc()); | |
202 | #endif | |
203 | #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) | |
204 | EVP_add_cipher(EVP_chacha20_poly1305()); | |
205 | #endif | |
206 | ||
207 | #ifndef OPENSSL_NO_SEED | |
208 | EVP_add_cipher(EVP_seed_cbc()); | |
209 | #endif | |
210 | ||
211 | #ifndef OPENSSL_NO_MD5 | |
212 | EVP_add_digest(EVP_md5()); | |
213 | EVP_add_digest_alias(SN_md5, "ssl3-md5"); | |
214 | # ifndef OPENSSL_NO_SHA | |
215 | EVP_add_digest(EVP_md5_sha1()); | |
216 | # endif | |
217 | #endif | |
218 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | |
219 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); | |
220 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); | |
221 | EVP_add_digest(EVP_sha224()); | |
222 | EVP_add_digest(EVP_sha256()); | |
223 | EVP_add_digest(EVP_sha384()); | |
224 | EVP_add_digest(EVP_sha512()); | |
225 | #ifndef OPENSSL_NO_COMP | |
226 | #ifdef OPENSSL_INIT_DEBUG | |
227 | fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " | |
228 | "SSL_COMP_get_compression_methods()\n"); | |
229 | #endif | |
230 | /* | |
231 | * This will initialise the built-in compression algorithms. The value | |
232 | * returned is a STACK_OF(SSL_COMP), but that can be discarded safely | |
233 | */ | |
234 | SSL_COMP_get_compression_methods(); | |
235 | #endif | |
236 | /* initialize cipher/digest methods table */ | |
237 | ssl_load_ciphers(); | |
238 | ||
239 | #ifdef OPENSSL_INIT_DEBUG | |
240 | fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " | |
241 | "SSL_add_ssl_module()\n"); | |
242 | #endif | |
243 | SSL_add_ssl_module(); | |
244 | /* | |
245 | * We ignore an error return here. Not much we can do - but not that bad | |
246 | * either. We can still safely continue. | |
247 | */ | |
248 | OPENSSL_INIT_register_stop_handler(ssl_library_stop); | |
249 | ssl_base_inited = 1; | |
250 | } | |
251 | ||
252 | static OPENSSL_INIT_ONCE ssl_strings = OPENSSL_INIT_ONCE_STATIC_INIT; | |
253 | static int ssl_strings_inited = 0; | |
254 | static void ossl_init_load_ssl_strings(void) | |
255 | { | |
256 | #ifdef OPENSSL_INIT_DEBUG | |
257 | fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: " | |
258 | "ERR_load_SSL_strings()\n"); | |
259 | #endif | |
260 | ERR_load_SSL_strings(); | |
261 | ssl_strings_inited = 1; | |
262 | } | |
263 | ||
264 | static void ossl_init_no_load_ssl_strings(void) | |
265 | { | |
266 | /* Do nothing in this case */ | |
267 | return; | |
268 | } | |
269 | ||
270 | static void ssl_library_stop(void) | |
271 | { | |
272 | if (ssl_base_inited) { | |
273 | #ifndef OPENSSL_NO_COMP | |
274 | #ifdef OPENSSL_INIT_DEBUG | |
275 | fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " | |
276 | "SSL_COMP_free_compression_methods()\n"); | |
277 | #endif | |
278 | SSL_COMP_free_compression_methods(); | |
279 | ssl_base_inited = 0; | |
280 | OPENSSL_INIT_ONCE_DYNAMIC_INIT(&ssl_base); | |
281 | #endif | |
282 | } | |
283 | ||
284 | if (ssl_strings_inited) { | |
285 | #ifdef OPENSSL_INIT_DEBUG | |
286 | fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " | |
287 | "ERR_free_strings()\n"); | |
288 | #endif | |
289 | /* | |
290 | * If both crypto and ssl error strings are inited we will end up | |
291 | * calling ERR_free_strings() twice - but that's ok. The second time | |
292 | * will be a no-op. It's easier to do that than to try and track | |
293 | * between the two libraries whether they have both been inited. | |
294 | */ | |
295 | ERR_free_strings(); | |
296 | ssl_strings_inited = 0; | |
297 | OPENSSL_INIT_ONCE_DYNAMIC_INIT(&ssl_strings); | |
298 | } | |
299 | } | |
300 | ||
301 | /* | |
302 | * If this function is called with a non NULL settings value then it must be | |
303 | * called prior to any threads making calls to any OpenSSL functions, | |
304 | * i.e. passing a non-null settings value is assumed to be single-threaded. | |
305 | */ | |
306 | void OPENSSL_INIT_ssl_library_start(uint64_t opts, | |
307 | const OPENSSL_INIT_SETTINGS *settings) | |
308 | { | |
309 | OPENSSL_INIT_crypto_library_start(opts | OPENSSL_INIT_ADD_ALL_CIPHERS | |
310 | | OPENSSL_INIT_ADD_ALL_DIGESTS, settings); | |
311 | ||
312 | ossl_init_once_run(&ssl_base, ossl_init_ssl_base); | |
313 | ||
314 | if (opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) | |
315 | ossl_init_once_run(&ssl_strings, ossl_init_no_load_ssl_strings); | |
316 | ||
317 | if (opts & OPENSSL_INIT_LOAD_SSL_STRINGS) | |
318 | ossl_init_once_run(&ssl_strings, ossl_init_load_ssl_strings); | |
319 | } | |
320 |