1/* 2 * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10#include "e_os.h" 11 12#include "internal/err.h" 13#include <openssl/crypto.h> 14#include <openssl/evp.h> 15#include "ssl_local.h" 16#include "internal/thread_once.h" 17 18static int stopped; 19 20static void ssl_library_stop(void); 21 22static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; 23static int ssl_base_inited = 0; 24DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) 25{ 26#ifdef OPENSSL_INIT_DEBUG 27 fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 28 "Adding SSL ciphers and digests\n"); 29#endif 30#ifndef OPENSSL_NO_DES 31 EVP_add_cipher(EVP_des_cbc()); 32 EVP_add_cipher(EVP_des_ede3_cbc()); 33#endif 34#ifndef OPENSSL_NO_IDEA 35 EVP_add_cipher(EVP_idea_cbc()); 36#endif 37#ifndef OPENSSL_NO_RC4 38 EVP_add_cipher(EVP_rc4()); 39# ifndef OPENSSL_NO_MD5 40 EVP_add_cipher(EVP_rc4_hmac_md5()); 41# endif 42#endif 43#ifndef OPENSSL_NO_RC2 44 EVP_add_cipher(EVP_rc2_cbc()); 45 /* 46 * Not actually used for SSL/TLS but this makes PKCS#12 work if an 47 * application only calls SSL_library_init(). 48 */ 49 EVP_add_cipher(EVP_rc2_40_cbc()); 50#endif 51 EVP_add_cipher(EVP_aes_128_cbc()); 52 EVP_add_cipher(EVP_aes_192_cbc()); 53 EVP_add_cipher(EVP_aes_256_cbc()); 54 EVP_add_cipher(EVP_aes_128_gcm()); 55 EVP_add_cipher(EVP_aes_256_gcm()); 56 EVP_add_cipher(EVP_aes_128_ccm()); 57 EVP_add_cipher(EVP_aes_256_ccm()); 58 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); 59 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); 60 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); 61 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); 62#ifndef OPENSSL_NO_ARIA 63 EVP_add_cipher(EVP_aria_128_gcm()); 64 EVP_add_cipher(EVP_aria_256_gcm()); 65#endif 66#ifndef OPENSSL_NO_CAMELLIA 67 EVP_add_cipher(EVP_camellia_128_cbc()); 68 EVP_add_cipher(EVP_camellia_256_cbc()); 69#endif 70#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 71 EVP_add_cipher(EVP_chacha20_poly1305()); 72#endif 73 74#ifndef OPENSSL_NO_SEED 75 EVP_add_cipher(EVP_seed_cbc()); 76#endif 77 78#ifndef OPENSSL_NO_MD5 79 EVP_add_digest(EVP_md5()); 80 EVP_add_digest_alias(SN_md5, "ssl3-md5"); 81 EVP_add_digest(EVP_md5_sha1()); 82#endif 83 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ 84 EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); 85 EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); 86 EVP_add_digest(EVP_sha224()); 87 EVP_add_digest(EVP_sha256()); 88 EVP_add_digest(EVP_sha384()); 89 EVP_add_digest(EVP_sha512()); 90#ifndef OPENSSL_NO_COMP 91# ifdef OPENSSL_INIT_DEBUG 92 fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 93 "SSL_COMP_get_compression_methods()\n"); 94# endif 95 /* 96 * This will initialise the built-in compression algorithms. The value 97 * returned is a STACK_OF(SSL_COMP), but that can be discarded safely 98 */ 99 SSL_COMP_get_compression_methods(); 100#endif 101 /* initialize cipher/digest methods table */ 102 if (!ssl_load_ciphers()) 103 return 0; 104 105#ifdef OPENSSL_INIT_DEBUG 106 fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 107 "SSL_add_ssl_module()\n"); 108#endif 109 /* 110 * We ignore an error return here. Not much we can do - but not that bad 111 * either. We can still safely continue. 112 */ 113 OPENSSL_atexit(ssl_library_stop); 114 ssl_base_inited = 1; 115 return 1; 116} 117 118static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT; 119 120DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) 121{ 122 /* 123 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time 124 * pulling in all the error strings during static linking 125 */ 126#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) 127# ifdef OPENSSL_INIT_DEBUG 128 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: " 129 "ERR_load_SSL_strings()\n"); 130# endif 131 ERR_load_SSL_strings(); 132#endif 133 return 1; 134} 135 136DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, 137 ossl_init_load_ssl_strings) 138{ 139 /* Do nothing in this case */ 140 return 1; 141} 142 143static void ssl_library_stop(void) 144{ 145 /* Might be explicitly called and also by atexit */ 146 if (stopped) 147 return; 148 stopped = 1; 149 150 if (ssl_base_inited) { 151#ifndef OPENSSL_NO_COMP 152# ifdef OPENSSL_INIT_DEBUG 153 fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " 154 "ssl_comp_free_compression_methods_int()\n"); 155# endif 156 ssl_comp_free_compression_methods_int(); 157#endif 158 } 159} 160 161/* 162 * If this function is called with a non NULL settings value then it must be 163 * called prior to any threads making calls to any OpenSSL functions, 164 * i.e. passing a non-null settings value is assumed to be single-threaded. 165 */ 166int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) 167{ 168 static int stoperrset = 0; 169 170 if (stopped) { 171 if (!stoperrset) { 172 /* 173 * We only ever set this once to avoid getting into an infinite 174 * loop where the error system keeps trying to init and fails so 175 * sets an error etc 176 */ 177 stoperrset = 1; 178 SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL); 179 } 180 return 0; 181 } 182 183 opts |= OPENSSL_INIT_ADD_ALL_CIPHERS 184 | OPENSSL_INIT_ADD_ALL_DIGESTS; 185#ifndef OPENSSL_NO_AUTOLOAD_CONFIG 186 if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0) 187 opts |= OPENSSL_INIT_LOAD_CONFIG; 188#endif 189 190 if (!OPENSSL_init_crypto(opts, settings)) 191 return 0; 192 193 if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) 194 return 0; 195 196 if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) 197 && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings, 198 ossl_init_load_ssl_strings)) 199 return 0; 200 201 if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) 202 && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings)) 203 return 0; 204 205 return 1; 206} 207