1 | /* |
2 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #include "e_os.h" |
11 | |
12 | #include "internal/err.h" |
13 | #include <openssl/crypto.h> |
14 | #include <openssl/evp.h> |
15 | #include <openssl/trace.h> |
16 | #include "ssl_local.h" |
17 | #include "internal/thread_once.h" |
18 | |
19 | static int stopped; |
20 | |
21 | static void ssl_library_stop(void); |
22 | |
23 | static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; |
24 | static int ssl_base_inited = 0; |
25 | DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) |
26 | { |
27 | OSSL_TRACE(INIT, "ossl_init_ssl_base: adding SSL ciphers and digests\n" ); |
28 | #ifndef OPENSSL_NO_DES |
29 | EVP_add_cipher(EVP_des_cbc()); |
30 | EVP_add_cipher(EVP_des_ede3_cbc()); |
31 | #endif |
32 | #ifndef OPENSSL_NO_IDEA |
33 | EVP_add_cipher(EVP_idea_cbc()); |
34 | #endif |
35 | #ifndef OPENSSL_NO_RC4 |
36 | EVP_add_cipher(EVP_rc4()); |
37 | # ifndef OPENSSL_NO_MD5 |
38 | EVP_add_cipher(EVP_rc4_hmac_md5()); |
39 | # endif |
40 | #endif |
41 | #ifndef OPENSSL_NO_RC2 |
42 | EVP_add_cipher(EVP_rc2_cbc()); |
43 | /* |
44 | * Not actually used for SSL/TLS but this makes PKCS#12 work if an |
45 | * application only calls SSL_library_init(). |
46 | */ |
47 | EVP_add_cipher(EVP_rc2_40_cbc()); |
48 | #endif |
49 | EVP_add_cipher(EVP_aes_128_cbc()); |
50 | EVP_add_cipher(EVP_aes_192_cbc()); |
51 | EVP_add_cipher(EVP_aes_256_cbc()); |
52 | EVP_add_cipher(EVP_aes_128_gcm()); |
53 | EVP_add_cipher(EVP_aes_256_gcm()); |
54 | EVP_add_cipher(EVP_aes_128_ccm()); |
55 | EVP_add_cipher(EVP_aes_256_ccm()); |
56 | EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); |
57 | EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); |
58 | EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); |
59 | EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); |
60 | #ifndef OPENSSL_NO_ARIA |
61 | EVP_add_cipher(EVP_aria_128_gcm()); |
62 | EVP_add_cipher(EVP_aria_256_gcm()); |
63 | #endif |
64 | #ifndef OPENSSL_NO_CAMELLIA |
65 | EVP_add_cipher(EVP_camellia_128_cbc()); |
66 | EVP_add_cipher(EVP_camellia_256_cbc()); |
67 | #endif |
68 | #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) |
69 | EVP_add_cipher(EVP_chacha20_poly1305()); |
70 | #endif |
71 | |
72 | #ifndef OPENSSL_NO_SEED |
73 | EVP_add_cipher(EVP_seed_cbc()); |
74 | #endif |
75 | |
76 | #ifndef OPENSSL_NO_MD5 |
77 | EVP_add_digest(EVP_md5()); |
78 | EVP_add_digest_alias(SN_md5, "ssl3-md5" ); |
79 | EVP_add_digest(EVP_md5_sha1()); |
80 | #endif |
81 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ |
82 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1" ); |
83 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); |
84 | EVP_add_digest(EVP_sha224()); |
85 | EVP_add_digest(EVP_sha256()); |
86 | EVP_add_digest(EVP_sha384()); |
87 | EVP_add_digest(EVP_sha512()); |
88 | #ifndef OPENSSL_NO_COMP |
89 | OSSL_TRACE(INIT, "ossl_init_ssl_base: " |
90 | "SSL_COMP_get_compression_methods()\n" ); |
91 | /* |
92 | * This will initialise the built-in compression algorithms. The value |
93 | * returned is a STACK_OF(SSL_COMP), but that can be discarded safely |
94 | */ |
95 | SSL_COMP_get_compression_methods(); |
96 | #endif |
97 | /* initialize cipher/digest methods table */ |
98 | if (!ssl_load_ciphers()) |
99 | return 0; |
100 | |
101 | OSSL_TRACE(INIT,"ossl_init_ssl_base: SSL_add_ssl_module()\n" ); |
102 | /* |
103 | * We ignore an error return here. Not much we can do - but not that bad |
104 | * either. We can still safely continue. |
105 | */ |
106 | OPENSSL_atexit(ssl_library_stop); |
107 | ssl_base_inited = 1; |
108 | return 1; |
109 | } |
110 | |
111 | static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT; |
112 | static int ssl_strings_inited = 0; |
113 | DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) |
114 | { |
115 | /* |
116 | * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time |
117 | * pulling in all the error strings during static linking |
118 | */ |
119 | #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) |
120 | OSSL_TRACE(INIT, "ossl_init_load_ssl_strings: ERR_load_SSL_strings()\n" ); |
121 | ERR_load_SSL_strings(); |
122 | ssl_strings_inited = 1; |
123 | #endif |
124 | return 1; |
125 | } |
126 | |
127 | DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, |
128 | ossl_init_load_ssl_strings) |
129 | { |
130 | /* Do nothing in this case */ |
131 | return 1; |
132 | } |
133 | |
134 | static void ssl_library_stop(void) |
135 | { |
136 | /* Might be explicitly called and also by atexit */ |
137 | if (stopped) |
138 | return; |
139 | stopped = 1; |
140 | |
141 | if (ssl_base_inited) { |
142 | #ifndef OPENSSL_NO_COMP |
143 | OSSL_TRACE(INIT, "ssl_library_stop: " |
144 | "ssl_comp_free_compression_methods_int()\n" ); |
145 | ssl_comp_free_compression_methods_int(); |
146 | #endif |
147 | } |
148 | |
149 | if (ssl_strings_inited) { |
150 | OSSL_TRACE(INIT, "ssl_library_stop: err_free_strings_int()\n" ); |
151 | /* |
152 | * If both crypto and ssl error strings are inited we will end up |
153 | * calling err_free_strings_int() twice - but that's ok. The second |
154 | * time will be a no-op. It's easier to do that than to try and track |
155 | * between the two libraries whether they have both been inited. |
156 | */ |
157 | err_free_strings_int(); |
158 | } |
159 | } |
160 | |
161 | /* |
162 | * If this function is called with a non NULL settings value then it must be |
163 | * called prior to any threads making calls to any OpenSSL functions, |
164 | * i.e. passing a non-null settings value is assumed to be single-threaded. |
165 | */ |
166 | int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) |
167 | { |
168 | static int stoperrset = 0; |
169 | |
170 | if (stopped) { |
171 | if (!stoperrset) { |
172 | /* |
173 | * We only ever set this once to avoid getting into an infinite |
174 | * loop where the error system keeps trying to init and fails so |
175 | * sets an error etc |
176 | */ |
177 | stoperrset = 1; |
178 | SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL); |
179 | } |
180 | return 0; |
181 | } |
182 | |
183 | opts |= OPENSSL_INIT_ADD_ALL_CIPHERS |
184 | | OPENSSL_INIT_ADD_ALL_DIGESTS; |
185 | #ifndef OPENSSL_NO_AUTOLOAD_CONFIG |
186 | if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0) |
187 | opts |= OPENSSL_INIT_LOAD_CONFIG; |
188 | #endif |
189 | |
190 | if (!OPENSSL_init_crypto(opts, settings)) |
191 | return 0; |
192 | |
193 | if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) |
194 | return 0; |
195 | |
196 | if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) |
197 | && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings, |
198 | ossl_init_load_ssl_strings)) |
199 | return 0; |
200 | |
201 | if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) |
202 | && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings)) |
203 | return 0; |
204 | |
205 | return 1; |
206 | } |
207 | |