]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include "e_os.h" | |
11 | ||
12 | #include "internal/err.h" | |
13 | #include <openssl/crypto.h> | |
14 | #include <openssl/evp.h> | |
15 | #include <openssl/trace.h> | |
16 | #include "ssl_local.h" | |
17 | #include "internal/thread_once.h" | |
18 | ||
19 | static int stopped; | |
20 | ||
21 | static void ssl_library_stop(void); | |
22 | ||
23 | static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; | |
24 | static int ssl_base_inited = 0; | |
25 | DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) | |
26 | { | |
27 | OSSL_TRACE(INIT, "ossl_init_ssl_base: adding SSL ciphers and digests\n"); | |
28 | #ifndef OPENSSL_NO_DES | |
29 | EVP_add_cipher(EVP_des_cbc()); | |
30 | EVP_add_cipher(EVP_des_ede3_cbc()); | |
31 | #endif | |
32 | #ifndef OPENSSL_NO_IDEA | |
33 | EVP_add_cipher(EVP_idea_cbc()); | |
34 | #endif | |
35 | #ifndef OPENSSL_NO_RC4 | |
36 | EVP_add_cipher(EVP_rc4()); | |
37 | # ifndef OPENSSL_NO_MD5 | |
38 | EVP_add_cipher(EVP_rc4_hmac_md5()); | |
39 | # endif | |
40 | #endif | |
41 | #ifndef OPENSSL_NO_RC2 | |
42 | EVP_add_cipher(EVP_rc2_cbc()); | |
43 | /* | |
44 | * Not actually used for SSL/TLS but this makes PKCS#12 work if an | |
45 | * application only calls SSL_library_init(). | |
46 | */ | |
47 | EVP_add_cipher(EVP_rc2_40_cbc()); | |
48 | #endif | |
49 | EVP_add_cipher(EVP_aes_128_cbc()); | |
50 | EVP_add_cipher(EVP_aes_192_cbc()); | |
51 | EVP_add_cipher(EVP_aes_256_cbc()); | |
52 | EVP_add_cipher(EVP_aes_128_gcm()); | |
53 | EVP_add_cipher(EVP_aes_256_gcm()); | |
54 | EVP_add_cipher(EVP_aes_128_ccm()); | |
55 | EVP_add_cipher(EVP_aes_256_ccm()); | |
56 | EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); | |
57 | EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); | |
58 | EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); | |
59 | EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); | |
60 | #ifndef OPENSSL_NO_ARIA | |
61 | EVP_add_cipher(EVP_aria_128_gcm()); | |
62 | EVP_add_cipher(EVP_aria_256_gcm()); | |
63 | #endif | |
64 | #ifndef OPENSSL_NO_CAMELLIA | |
65 | EVP_add_cipher(EVP_camellia_128_cbc()); | |
66 | EVP_add_cipher(EVP_camellia_256_cbc()); | |
67 | #endif | |
68 | #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) | |
69 | EVP_add_cipher(EVP_chacha20_poly1305()); | |
70 | #endif | |
71 | ||
72 | #ifndef OPENSSL_NO_SEED | |
73 | EVP_add_cipher(EVP_seed_cbc()); | |
74 | #endif | |
75 | ||
76 | #ifndef OPENSSL_NO_MD5 | |
77 | EVP_add_digest(EVP_md5()); | |
78 | EVP_add_digest_alias(SN_md5, "ssl3-md5"); | |
79 | EVP_add_digest(EVP_md5_sha1()); | |
80 | #endif | |
81 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | |
82 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); | |
83 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); | |
84 | EVP_add_digest(EVP_sha224()); | |
85 | EVP_add_digest(EVP_sha256()); | |
86 | EVP_add_digest(EVP_sha384()); | |
87 | EVP_add_digest(EVP_sha512()); | |
88 | #ifndef OPENSSL_NO_COMP | |
89 | OSSL_TRACE(INIT, "ossl_init_ssl_base: " | |
90 | "SSL_COMP_get_compression_methods()\n"); | |
91 | /* | |
92 | * This will initialise the built-in compression algorithms. The value | |
93 | * returned is a STACK_OF(SSL_COMP), but that can be discarded safely | |
94 | */ | |
95 | SSL_COMP_get_compression_methods(); | |
96 | #endif | |
97 | /* initialize cipher/digest methods table */ | |
98 | if (!ssl_load_ciphers()) | |
99 | return 0; | |
100 | ||
101 | OSSL_TRACE(INIT,"ossl_init_ssl_base: SSL_add_ssl_module()\n"); | |
102 | /* | |
103 | * We ignore an error return here. Not much we can do - but not that bad | |
104 | * either. We can still safely continue. | |
105 | */ | |
106 | OPENSSL_atexit(ssl_library_stop); | |
107 | ssl_base_inited = 1; | |
108 | return 1; | |
109 | } | |
110 | ||
111 | static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT; | |
112 | static int ssl_strings_inited = 0; | |
113 | DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) | |
114 | { | |
115 | /* | |
116 | * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time | |
117 | * pulling in all the error strings during static linking | |
118 | */ | |
119 | #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) | |
120 | OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: ERR_load_SSL_strings()\n"); | |
121 | ERR_load_SSL_strings(); | |
122 | ssl_strings_inited = 1; | |
123 | #endif | |
124 | return 1; | |
125 | } | |
126 | ||
127 | DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, | |
128 | ossl_init_load_ssl_strings) | |
129 | { | |
130 | /* Do nothing in this case */ | |
131 | return 1; | |
132 | } | |
133 | ||
134 | static void ssl_library_stop(void) | |
135 | { | |
136 | /* Might be explicitly called and also by atexit */ | |
137 | if (stopped) | |
138 | return; | |
139 | stopped = 1; | |
140 | ||
141 | if (ssl_base_inited) { | |
142 | #ifndef OPENSSL_NO_COMP | |
143 | OSSL_TRACE(INIT, "ssl_library_stop: " | |
144 | "ssl_comp_free_compression_methods_int()\n"); | |
145 | ssl_comp_free_compression_methods_int(); | |
146 | #endif | |
147 | } | |
148 | ||
149 | if (ssl_strings_inited) { | |
150 | OSSL_TRACE(INIT, "ssl_library_stop: err_free_strings_int()\n"); | |
151 | /* | |
152 | * If both crypto and ssl error strings are inited we will end up | |
153 | * calling err_free_strings_int() twice - but that's ok. The second | |
154 | * time will be a no-op. It's easier to do that than to try and track | |
155 | * between the two libraries whether they have both been inited. | |
156 | */ | |
157 | err_free_strings_int(); | |
158 | } | |
159 | } | |
160 | ||
161 | /* | |
162 | * If this function is called with a non NULL settings value then it must be | |
163 | * called prior to any threads making calls to any OpenSSL functions, | |
164 | * i.e. passing a non-null settings value is assumed to be single-threaded. | |
165 | */ | |
166 | int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) | |
167 | { | |
168 | static int stoperrset = 0; | |
169 | ||
170 | if (stopped) { | |
171 | if (!stoperrset) { | |
172 | /* | |
173 | * We only ever set this once to avoid getting into an infinite | |
174 | * loop where the error system keeps trying to init and fails so | |
175 | * sets an error etc | |
176 | */ | |
177 | stoperrset = 1; | |
178 | SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL); | |
179 | } | |
180 | return 0; | |
181 | } | |
182 | ||
183 | opts |= OPENSSL_INIT_ADD_ALL_CIPHERS | |
184 | | OPENSSL_INIT_ADD_ALL_DIGESTS; | |
185 | #ifndef OPENSSL_NO_AUTOLOAD_CONFIG | |
186 | if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0) | |
187 | opts |= OPENSSL_INIT_LOAD_CONFIG; | |
188 | #endif | |
189 | ||
190 | if (!OPENSSL_init_crypto(opts, settings)) | |
191 | return 0; | |
192 | ||
193 | if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) | |
194 | return 0; | |
195 | ||
196 | if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) | |
197 | && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings, | |
198 | ossl_init_load_ssl_strings)) | |
199 | return 0; | |
200 | ||
201 | if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) | |
202 | && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings)) | |
203 | return 0; | |
204 | ||
205 | return 1; | |
206 | } |