]>
Commit | Line | Data |
---|---|---|
b184e3ef | 1 | /* |
28428130 | 2 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. |
b184e3ef | 3 | * |
2c18d164 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
b184e3ef MC |
8 | */ |
9 | ||
35d8fa56 | 10 | #include "e_os.h" |
b184e3ef | 11 | |
6827cb36 | 12 | #include "internal/err.h" |
b184e3ef MC |
13 | #include <openssl/crypto.h> |
14 | #include <openssl/evp.h> | |
5c641735 | 15 | #include <openssl/trace.h> |
b184e3ef | 16 | #include "ssl_locl.h" |
c2e4e5d2 | 17 | #include "internal/thread_once.h" |
b184e3ef | 18 | |
dd27f16e RS |
19 | static int stopped; |
20 | ||
b184e3ef MC |
21 | static void ssl_library_stop(void); |
22 | ||
b1f1e7ae | 23 | static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; |
b184e3ef | 24 | static int ssl_base_inited = 0; |
c2e4e5d2 | 25 | DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) |
b184e3ef | 26 | { |
5c641735 | 27 | OSSL_TRACE(INIT, "ossl_init_ssl_base: adding SSL ciphers and digests\n"); |
b184e3ef MC |
28 | #ifndef OPENSSL_NO_DES |
29 | EVP_add_cipher(EVP_des_cbc()); | |
30 | EVP_add_cipher(EVP_des_ede3_cbc()); | |
31 | #endif | |
32 | #ifndef OPENSSL_NO_IDEA | |
33 | EVP_add_cipher(EVP_idea_cbc()); | |
34 | #endif | |
35 | #ifndef OPENSSL_NO_RC4 | |
36 | EVP_add_cipher(EVP_rc4()); | |
37 | # ifndef OPENSSL_NO_MD5 | |
38 | EVP_add_cipher(EVP_rc4_hmac_md5()); | |
39 | # endif | |
40 | #endif | |
41 | #ifndef OPENSSL_NO_RC2 | |
42 | EVP_add_cipher(EVP_rc2_cbc()); | |
43 | /* | |
44 | * Not actually used for SSL/TLS but this makes PKCS#12 work if an | |
45 | * application only calls SSL_library_init(). | |
46 | */ | |
47 | EVP_add_cipher(EVP_rc2_40_cbc()); | |
48 | #endif | |
b184e3ef MC |
49 | EVP_add_cipher(EVP_aes_128_cbc()); |
50 | EVP_add_cipher(EVP_aes_192_cbc()); | |
51 | EVP_add_cipher(EVP_aes_256_cbc()); | |
52 | EVP_add_cipher(EVP_aes_128_gcm()); | |
53 | EVP_add_cipher(EVP_aes_256_gcm()); | |
54 | EVP_add_cipher(EVP_aes_128_ccm()); | |
55 | EVP_add_cipher(EVP_aes_256_ccm()); | |
56 | EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); | |
57 | EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); | |
58 | EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); | |
59 | EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); | |
bc326738 JS |
60 | #ifndef OPENSSL_NO_ARIA |
61 | EVP_add_cipher(EVP_aria_128_gcm()); | |
62 | EVP_add_cipher(EVP_aria_256_gcm()); | |
63 | #endif | |
b184e3ef MC |
64 | #ifndef OPENSSL_NO_CAMELLIA |
65 | EVP_add_cipher(EVP_camellia_128_cbc()); | |
66 | EVP_add_cipher(EVP_camellia_256_cbc()); | |
67 | #endif | |
68 | #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) | |
69 | EVP_add_cipher(EVP_chacha20_poly1305()); | |
70 | #endif | |
71 | ||
72 | #ifndef OPENSSL_NO_SEED | |
73 | EVP_add_cipher(EVP_seed_cbc()); | |
74 | #endif | |
75 | ||
76 | #ifndef OPENSSL_NO_MD5 | |
77 | EVP_add_digest(EVP_md5()); | |
78 | EVP_add_digest_alias(SN_md5, "ssl3-md5"); | |
b184e3ef | 79 | EVP_add_digest(EVP_md5_sha1()); |
b184e3ef MC |
80 | #endif |
81 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | |
82 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); | |
83 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); | |
84 | EVP_add_digest(EVP_sha224()); | |
85 | EVP_add_digest(EVP_sha256()); | |
86 | EVP_add_digest(EVP_sha384()); | |
87 | EVP_add_digest(EVP_sha512()); | |
88 | #ifndef OPENSSL_NO_COMP | |
5c641735 RL |
89 | OSSL_TRACE(INIT, "ossl_init_ssl_base: " |
90 | "SSL_COMP_get_compression_methods()\n"); | |
b184e3ef MC |
91 | /* |
92 | * This will initialise the built-in compression algorithms. The value | |
93 | * returned is a STACK_OF(SSL_COMP), but that can be discarded safely | |
94 | */ | |
95 | SSL_COMP_get_compression_methods(); | |
96 | #endif | |
97 | /* initialize cipher/digest methods table */ | |
380a522f MC |
98 | if (!ssl_load_ciphers()) |
99 | return 0; | |
b184e3ef | 100 | |
5c641735 | 101 | OSSL_TRACE(INIT,"ossl_init_ssl_base: SSL_add_ssl_module()\n"); |
b184e3ef MC |
102 | /* |
103 | * We ignore an error return here. Not much we can do - but not that bad | |
104 | * either. We can still safely continue. | |
105 | */ | |
f672aee4 | 106 | OPENSSL_atexit(ssl_library_stop); |
b184e3ef | 107 | ssl_base_inited = 1; |
c2e4e5d2 | 108 | return 1; |
b184e3ef MC |
109 | } |
110 | ||
b1f1e7ae | 111 | static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT; |
b184e3ef | 112 | static int ssl_strings_inited = 0; |
c2e4e5d2 | 113 | DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) |
b184e3ef | 114 | { |
498abff0 MC |
115 | /* |
116 | * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time | |
117 | * pulling in all the error strings during static linking | |
118 | */ | |
119 | #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) | |
5c641735 | 120 | OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: ERR_load_SSL_strings()\n"); |
b184e3ef MC |
121 | ERR_load_SSL_strings(); |
122 | ssl_strings_inited = 1; | |
10281e83 | 123 | #endif |
c2e4e5d2 | 124 | return 1; |
b184e3ef MC |
125 | } |
126 | ||
660a1e04 MC |
127 | DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, |
128 | ossl_init_load_ssl_strings) | |
b184e3ef MC |
129 | { |
130 | /* Do nothing in this case */ | |
c2e4e5d2 | 131 | return 1; |
b184e3ef MC |
132 | } |
133 | ||
134 | static void ssl_library_stop(void) | |
135 | { | |
dd27f16e RS |
136 | /* Might be explicitly called and also by atexit */ |
137 | if (stopped) | |
138 | return; | |
139 | stopped = 1; | |
140 | ||
b184e3ef MC |
141 | if (ssl_base_inited) { |
142 | #ifndef OPENSSL_NO_COMP | |
5c641735 RL |
143 | OSSL_TRACE(INIT, "ssl_library_stop: " |
144 | "ssl_comp_free_compression_methods_int()\n"); | |
b3599dbb | 145 | ssl_comp_free_compression_methods_int(); |
b184e3ef MC |
146 | #endif |
147 | } | |
148 | ||
149 | if (ssl_strings_inited) { | |
5c641735 | 150 | OSSL_TRACE(INIT, "ssl_library_stop: err_free_strings_int()\n"); |
b184e3ef MC |
151 | /* |
152 | * If both crypto and ssl error strings are inited we will end up | |
b3599dbb | 153 | * calling err_free_strings_int() twice - but that's ok. The second |
6827cb36 | 154 | * time will be a no-op. It's easier to do that than to try and track |
b184e3ef MC |
155 | * between the two libraries whether they have both been inited. |
156 | */ | |
b3599dbb | 157 | err_free_strings_int(); |
b184e3ef MC |
158 | } |
159 | } | |
160 | ||
161 | /* | |
162 | * If this function is called with a non NULL settings value then it must be | |
163 | * called prior to any threads making calls to any OpenSSL functions, | |
164 | * i.e. passing a non-null settings value is assumed to be single-threaded. | |
165 | */ | |
a230b26e | 166 | int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) |
b184e3ef | 167 | { |
302f7588 MC |
168 | static int stoperrset = 0; |
169 | ||
170 | if (stopped) { | |
171 | if (!stoperrset) { | |
172 | /* | |
173 | * We only ever set this once to avoid getting into an infinite | |
174 | * loop where the error system keeps trying to init and fails so | |
175 | * sets an error etc | |
176 | */ | |
177 | stoperrset = 1; | |
a4625290 | 178 | SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL); |
302f7588 | 179 | } |
0fc32b07 | 180 | return 0; |
302f7588 | 181 | } |
dd27f16e | 182 | |
df1f538f VD |
183 | opts |= OPENSSL_INIT_ADD_ALL_CIPHERS |
184 | | OPENSSL_INIT_ADD_ALL_DIGESTS | |
185 | | OPENSSL_INIT_ADD_ALL_MACS; | |
dbabc862 | 186 | #ifndef OPENSSL_NO_AUTOLOAD_CONFIG |
df1f538f VD |
187 | if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0) |
188 | opts |= OPENSSL_INIT_LOAD_CONFIG; | |
dbabc862 | 189 | #endif |
df1f538f VD |
190 | |
191 | if (!OPENSSL_init_crypto(opts, settings)) | |
0fc32b07 | 192 | return 0; |
b184e3ef | 193 | |
d8f031e8 | 194 | if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) |
b1f1e7ae | 195 | return 0; |
b184e3ef | 196 | |
b1f1e7ae | 197 | if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) |
660a1e04 MC |
198 | && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings, |
199 | ossl_init_load_ssl_strings)) | |
b1f1e7ae | 200 | return 0; |
b184e3ef | 201 | |
b1f1e7ae | 202 | if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) |
a230b26e | 203 | && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings)) |
b1f1e7ae | 204 | return 0; |
0fc32b07 MC |
205 | |
206 | return 1; | |
b184e3ef | 207 | } |