1/* 2 * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10#include "e_os.h" 11 12#include "internal/err.h" 13#include <openssl/crypto.h> 14#include <openssl/evp.h> 15#include "ssl_local.h" 16#include "internal/thread_once.h" 17 18static int stopped; 19 20static void ssl_library_stop(void); 21 22static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; 23static int ssl_base_inited = 0; 24DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) 25{ 26#ifdef OPENSSL_INIT_DEBUG 27 fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 28 "Adding SSL ciphers and digests\n"); 29#endif 30#ifndef OPENSSL_NO_DES 31 EVP_add_cipher(EVP_des_cbc()); 32 EVP_add_cipher(EVP_des_ede3_cbc()); 33#endif 34#ifndef OPENSSL_NO_IDEA 35 EVP_add_cipher(EVP_idea_cbc()); 36#endif 37#ifndef OPENSSL_NO_RC4 38 EVP_add_cipher(EVP_rc4()); 39# ifndef OPENSSL_NO_MD5 40 EVP_add_cipher(EVP_rc4_hmac_md5()); 41# endif 42#endif 43#ifndef OPENSSL_NO_RC2 44 EVP_add_cipher(EVP_rc2_cbc()); 45 /* 46 * Not actually used for SSL/TLS but this makes PKCS#12 work if an 47 * application only calls SSL_library_init(). 48 */ 49 EVP_add_cipher(EVP_rc2_40_cbc()); 50#endif 51 EVP_add_cipher(EVP_aes_128_cbc()); 52 EVP_add_cipher(EVP_aes_192_cbc()); 53 EVP_add_cipher(EVP_aes_256_cbc()); 54 EVP_add_cipher(EVP_aes_128_gcm()); 55 EVP_add_cipher(EVP_aes_256_gcm()); 56 EVP_add_cipher(EVP_aes_128_ccm()); 57 EVP_add_cipher(EVP_aes_256_ccm()); 58 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); 59 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); 60 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); 61 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); 62#ifndef OPENSSL_NO_ARIA 63 EVP_add_cipher(EVP_aria_128_gcm()); 64 EVP_add_cipher(EVP_aria_256_gcm()); 65#endif 66#ifndef OPENSSL_NO_CAMELLIA 67 EVP_add_cipher(EVP_camellia_128_cbc()); 68 EVP_add_cipher(EVP_camellia_256_cbc()); 69#endif 70#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 71 EVP_add_cipher(EVP_chacha20_poly1305()); 72#endif 73 74#ifndef OPENSSL_NO_SEED 75 EVP_add_cipher(EVP_seed_cbc()); 76#endif 77 78#ifndef OPENSSL_NO_MD5 79 EVP_add_digest(EVP_md5()); 80 EVP_add_digest_alias(SN_md5, "ssl3-md5"); 81 EVP_add_digest(EVP_md5_sha1()); 82#endif 83 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ 84 EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); 85 EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); 86 EVP_add_digest(EVP_sha224()); 87 EVP_add_digest(EVP_sha256()); 88 EVP_add_digest(EVP_sha384()); 89 EVP_add_digest(EVP_sha512()); 90#ifndef OPENSSL_NO_COMP 91# ifdef OPENSSL_INIT_DEBUG 92 fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 93 "SSL_COMP_get_compression_methods()\n"); 94# endif 95 /* 96 * This will initialise the built-in compression algorithms. The value 97 * returned is a STACK_OF(SSL_COMP), but that can be discarded safely 98 */ 99 SSL_COMP_get_compression_methods(); 100#endif 101 /* initialize cipher/digest methods table */ 102 if (!ssl_load_ciphers()) 103 return 0; 104 105#ifdef OPENSSL_INIT_DEBUG 106 fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 107 "SSL_add_ssl_module()\n"); 108#endif 109 /* 110 * We ignore an error return here. Not much we can do - but not that bad 111 * either. We can still safely continue. 112 */ 113 OPENSSL_atexit(ssl_library_stop); 114 ssl_base_inited = 1; 115 return 1; 116} 117 118static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT; 119static int ssl_strings_inited = 0; 120DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) 121{ 122 /* 123 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time 124 * pulling in all the error strings during static linking 125 */ 126#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) 127# ifdef OPENSSL_INIT_DEBUG 128 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: " 129 "ERR_load_SSL_strings()\n"); 130# endif 131 ERR_load_SSL_strings(); 132 ssl_strings_inited = 1; 133#endif 134 return 1; 135} 136 137DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, 138 ossl_init_load_ssl_strings) 139{ 140 /* Do nothing in this case */ 141 return 1; 142} 143 144static void ssl_library_stop(void) 145{ 146 /* Might be explicitly called and also by atexit */ 147 if (stopped) 148 return; 149 stopped = 1; 150 151 if (ssl_base_inited) { 152#ifndef OPENSSL_NO_COMP 153# ifdef OPENSSL_INIT_DEBUG 154 fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " 155 "ssl_comp_free_compression_methods_int()\n"); 156# endif 157 ssl_comp_free_compression_methods_int(); 158#endif 159 } 160 161 if (ssl_strings_inited) { 162#ifdef OPENSSL_INIT_DEBUG 163 fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " 164 "err_free_strings_int()\n"); 165#endif 166 /* 167 * If both crypto and ssl error strings are inited we will end up 168 * calling err_free_strings_int() twice - but that's ok. The second 169 * time will be a no-op. It's easier to do that than to try and track 170 * between the two libraries whether they have both been inited. 171 */ 172 err_free_strings_int(); 173 } 174} 175 176/* 177 * If this function is called with a non NULL settings value then it must be 178 * called prior to any threads making calls to any OpenSSL functions, 179 * i.e. passing a non-null settings value is assumed to be single-threaded. 180 */ 181int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) 182{ 183 static int stoperrset = 0; 184 185 if (stopped) { 186 if (!stoperrset) { 187 /* 188 * We only ever set this once to avoid getting into an infinite 189 * loop where the error system keeps trying to init and fails so 190 * sets an error etc 191 */ 192 stoperrset = 1; 193 SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL); 194 } 195 return 0; 196 } 197 198 opts |= OPENSSL_INIT_ADD_ALL_CIPHERS 199 | OPENSSL_INIT_ADD_ALL_DIGESTS; 200#ifndef OPENSSL_NO_AUTOLOAD_CONFIG 201 if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0) 202 opts |= OPENSSL_INIT_LOAD_CONFIG; 203#endif 204 205 if (!OPENSSL_init_crypto(opts, settings)) 206 return 0; 207 208 if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) 209 return 0; 210 211 if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) 212 && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings, 213 ossl_init_load_ssl_strings)) 214 return 0; 215 216 if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) 217 && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings)) 218 return 0; 219 220 return 1; 221} 222