1e71b7053SJung-uk Kim /* 2*6935a639SJung-uk Kim * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. 3e71b7053SJung-uk Kim * 4e71b7053SJung-uk Kim * Licensed under the OpenSSL license (the "License"). You may not use 5e71b7053SJung-uk Kim * this file except in compliance with the License. You can obtain a copy 6e71b7053SJung-uk Kim * in the file LICENSE in the source distribution or at 7e71b7053SJung-uk Kim * https://www.openssl.org/source/license.html 8e71b7053SJung-uk Kim */ 9e71b7053SJung-uk Kim 10e71b7053SJung-uk Kim #include "e_os.h" 11e71b7053SJung-uk Kim 12e71b7053SJung-uk Kim #include "internal/err.h" 13e71b7053SJung-uk Kim #include <openssl/crypto.h> 14e71b7053SJung-uk Kim #include <openssl/evp.h> 15e71b7053SJung-uk Kim #include "ssl_locl.h" 16e71b7053SJung-uk Kim #include "internal/thread_once.h" 17e71b7053SJung-uk Kim 18e71b7053SJung-uk Kim static int stopped; 19e71b7053SJung-uk Kim 20e71b7053SJung-uk Kim static void ssl_library_stop(void); 21e71b7053SJung-uk Kim 22e71b7053SJung-uk Kim static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; 23e71b7053SJung-uk Kim static int ssl_base_inited = 0; 24e71b7053SJung-uk Kim DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) 25e71b7053SJung-uk Kim { 26e71b7053SJung-uk Kim #ifdef OPENSSL_INIT_DEBUG 27e71b7053SJung-uk Kim fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 28e71b7053SJung-uk Kim "Adding SSL ciphers and digests\n"); 29e71b7053SJung-uk Kim #endif 30e71b7053SJung-uk Kim #ifndef OPENSSL_NO_DES 31e71b7053SJung-uk Kim EVP_add_cipher(EVP_des_cbc()); 32e71b7053SJung-uk Kim EVP_add_cipher(EVP_des_ede3_cbc()); 33e71b7053SJung-uk Kim #endif 34e71b7053SJung-uk Kim #ifndef OPENSSL_NO_IDEA 35e71b7053SJung-uk Kim EVP_add_cipher(EVP_idea_cbc()); 36e71b7053SJung-uk Kim #endif 37e71b7053SJung-uk Kim #ifndef OPENSSL_NO_RC4 38e71b7053SJung-uk Kim EVP_add_cipher(EVP_rc4()); 39e71b7053SJung-uk Kim # ifndef OPENSSL_NO_MD5 40e71b7053SJung-uk Kim EVP_add_cipher(EVP_rc4_hmac_md5()); 41e71b7053SJung-uk Kim # endif 42e71b7053SJung-uk Kim #endif 43e71b7053SJung-uk Kim #ifndef OPENSSL_NO_RC2 44e71b7053SJung-uk Kim EVP_add_cipher(EVP_rc2_cbc()); 45e71b7053SJung-uk Kim /* 46e71b7053SJung-uk Kim * Not actually used for SSL/TLS but this makes PKCS#12 work if an 47e71b7053SJung-uk Kim * application only calls SSL_library_init(). 48e71b7053SJung-uk Kim */ 49e71b7053SJung-uk Kim EVP_add_cipher(EVP_rc2_40_cbc()); 50e71b7053SJung-uk Kim #endif 51e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_128_cbc()); 52e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_192_cbc()); 53e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_256_cbc()); 54e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_128_gcm()); 55e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_256_gcm()); 56e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_128_ccm()); 57e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_256_ccm()); 58e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); 59e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); 60e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); 61e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); 62e71b7053SJung-uk Kim #ifndef OPENSSL_NO_ARIA 63e71b7053SJung-uk Kim EVP_add_cipher(EVP_aria_128_gcm()); 64e71b7053SJung-uk Kim EVP_add_cipher(EVP_aria_256_gcm()); 65e71b7053SJung-uk Kim #endif 66e71b7053SJung-uk Kim #ifndef OPENSSL_NO_CAMELLIA 67e71b7053SJung-uk Kim EVP_add_cipher(EVP_camellia_128_cbc()); 68e71b7053SJung-uk Kim EVP_add_cipher(EVP_camellia_256_cbc()); 69e71b7053SJung-uk Kim #endif 70e71b7053SJung-uk Kim #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 71e71b7053SJung-uk Kim EVP_add_cipher(EVP_chacha20_poly1305()); 72e71b7053SJung-uk Kim #endif 73e71b7053SJung-uk Kim 74e71b7053SJung-uk Kim #ifndef OPENSSL_NO_SEED 75e71b7053SJung-uk Kim EVP_add_cipher(EVP_seed_cbc()); 76e71b7053SJung-uk Kim #endif 77e71b7053SJung-uk Kim 78e71b7053SJung-uk Kim #ifndef OPENSSL_NO_MD5 79e71b7053SJung-uk Kim EVP_add_digest(EVP_md5()); 80e71b7053SJung-uk Kim EVP_add_digest_alias(SN_md5, "ssl3-md5"); 81e71b7053SJung-uk Kim EVP_add_digest(EVP_md5_sha1()); 82e71b7053SJung-uk Kim #endif 83e71b7053SJung-uk Kim EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ 84e71b7053SJung-uk Kim EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); 85e71b7053SJung-uk Kim EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); 86e71b7053SJung-uk Kim EVP_add_digest(EVP_sha224()); 87e71b7053SJung-uk Kim EVP_add_digest(EVP_sha256()); 88e71b7053SJung-uk Kim EVP_add_digest(EVP_sha384()); 89e71b7053SJung-uk Kim EVP_add_digest(EVP_sha512()); 90e71b7053SJung-uk Kim #ifndef OPENSSL_NO_COMP 91e71b7053SJung-uk Kim # ifdef OPENSSL_INIT_DEBUG 92e71b7053SJung-uk Kim fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 93e71b7053SJung-uk Kim "SSL_COMP_get_compression_methods()\n"); 94e71b7053SJung-uk Kim # endif 95e71b7053SJung-uk Kim /* 96e71b7053SJung-uk Kim * This will initialise the built-in compression algorithms. The value 97e71b7053SJung-uk Kim * returned is a STACK_OF(SSL_COMP), but that can be discarded safely 98e71b7053SJung-uk Kim */ 99e71b7053SJung-uk Kim SSL_COMP_get_compression_methods(); 100e71b7053SJung-uk Kim #endif 101e71b7053SJung-uk Kim /* initialize cipher/digest methods table */ 102e71b7053SJung-uk Kim if (!ssl_load_ciphers()) 103e71b7053SJung-uk Kim return 0; 104e71b7053SJung-uk Kim 105e71b7053SJung-uk Kim #ifdef OPENSSL_INIT_DEBUG 106e71b7053SJung-uk Kim fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 107e71b7053SJung-uk Kim "SSL_add_ssl_module()\n"); 108e71b7053SJung-uk Kim #endif 109e71b7053SJung-uk Kim /* 110e71b7053SJung-uk Kim * We ignore an error return here. Not much we can do - but not that bad 111e71b7053SJung-uk Kim * either. We can still safely continue. 112e71b7053SJung-uk Kim */ 113e71b7053SJung-uk Kim OPENSSL_atexit(ssl_library_stop); 114e71b7053SJung-uk Kim ssl_base_inited = 1; 115e71b7053SJung-uk Kim return 1; 116e71b7053SJung-uk Kim } 117e71b7053SJung-uk Kim 118e71b7053SJung-uk Kim static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT; 119e71b7053SJung-uk Kim static int ssl_strings_inited = 0; 120e71b7053SJung-uk Kim DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) 121e71b7053SJung-uk Kim { 122e71b7053SJung-uk Kim /* 123e71b7053SJung-uk Kim * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time 124e71b7053SJung-uk Kim * pulling in all the error strings during static linking 125e71b7053SJung-uk Kim */ 126e71b7053SJung-uk Kim #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) 127e71b7053SJung-uk Kim # ifdef OPENSSL_INIT_DEBUG 128e71b7053SJung-uk Kim fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: " 129e71b7053SJung-uk Kim "ERR_load_SSL_strings()\n"); 130e71b7053SJung-uk Kim # endif 131e71b7053SJung-uk Kim ERR_load_SSL_strings(); 132e71b7053SJung-uk Kim ssl_strings_inited = 1; 133e71b7053SJung-uk Kim #endif 134e71b7053SJung-uk Kim return 1; 135e71b7053SJung-uk Kim } 136e71b7053SJung-uk Kim 137*6935a639SJung-uk Kim DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, 138*6935a639SJung-uk Kim ossl_init_load_ssl_strings) 139e71b7053SJung-uk Kim { 140e71b7053SJung-uk Kim /* Do nothing in this case */ 141e71b7053SJung-uk Kim return 1; 142e71b7053SJung-uk Kim } 143e71b7053SJung-uk Kim 144e71b7053SJung-uk Kim static void ssl_library_stop(void) 145e71b7053SJung-uk Kim { 146e71b7053SJung-uk Kim /* Might be explicitly called and also by atexit */ 147e71b7053SJung-uk Kim if (stopped) 148e71b7053SJung-uk Kim return; 149e71b7053SJung-uk Kim stopped = 1; 150e71b7053SJung-uk Kim 151e71b7053SJung-uk Kim if (ssl_base_inited) { 152e71b7053SJung-uk Kim #ifndef OPENSSL_NO_COMP 153e71b7053SJung-uk Kim # ifdef OPENSSL_INIT_DEBUG 154e71b7053SJung-uk Kim fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " 155e71b7053SJung-uk Kim "ssl_comp_free_compression_methods_int()\n"); 156e71b7053SJung-uk Kim # endif 157e71b7053SJung-uk Kim ssl_comp_free_compression_methods_int(); 158e71b7053SJung-uk Kim #endif 159e71b7053SJung-uk Kim } 160e71b7053SJung-uk Kim 161e71b7053SJung-uk Kim if (ssl_strings_inited) { 162e71b7053SJung-uk Kim #ifdef OPENSSL_INIT_DEBUG 163e71b7053SJung-uk Kim fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " 164e71b7053SJung-uk Kim "err_free_strings_int()\n"); 165e71b7053SJung-uk Kim #endif 166e71b7053SJung-uk Kim /* 167e71b7053SJung-uk Kim * If both crypto and ssl error strings are inited we will end up 168e71b7053SJung-uk Kim * calling err_free_strings_int() twice - but that's ok. The second 169e71b7053SJung-uk Kim * time will be a no-op. It's easier to do that than to try and track 170e71b7053SJung-uk Kim * between the two libraries whether they have both been inited. 171e71b7053SJung-uk Kim */ 172e71b7053SJung-uk Kim err_free_strings_int(); 173e71b7053SJung-uk Kim } 174e71b7053SJung-uk Kim } 175e71b7053SJung-uk Kim 176e71b7053SJung-uk Kim /* 177e71b7053SJung-uk Kim * If this function is called with a non NULL settings value then it must be 178e71b7053SJung-uk Kim * called prior to any threads making calls to any OpenSSL functions, 179e71b7053SJung-uk Kim * i.e. passing a non-null settings value is assumed to be single-threaded. 180e71b7053SJung-uk Kim */ 181e71b7053SJung-uk Kim int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) 182e71b7053SJung-uk Kim { 183e71b7053SJung-uk Kim static int stoperrset = 0; 184e71b7053SJung-uk Kim 185e71b7053SJung-uk Kim if (stopped) { 186e71b7053SJung-uk Kim if (!stoperrset) { 187e71b7053SJung-uk Kim /* 188e71b7053SJung-uk Kim * We only ever set this once to avoid getting into an infinite 189e71b7053SJung-uk Kim * loop where the error system keeps trying to init and fails so 190e71b7053SJung-uk Kim * sets an error etc 191e71b7053SJung-uk Kim */ 192e71b7053SJung-uk Kim stoperrset = 1; 193e71b7053SJung-uk Kim SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL); 194e71b7053SJung-uk Kim } 195e71b7053SJung-uk Kim return 0; 196e71b7053SJung-uk Kim } 197e71b7053SJung-uk Kim 198*6935a639SJung-uk Kim opts |= OPENSSL_INIT_ADD_ALL_CIPHERS 199*6935a639SJung-uk Kim | OPENSSL_INIT_ADD_ALL_DIGESTS; 200e71b7053SJung-uk Kim #ifndef OPENSSL_NO_AUTOLOAD_CONFIG 201*6935a639SJung-uk Kim if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0) 202*6935a639SJung-uk Kim opts |= OPENSSL_INIT_LOAD_CONFIG; 203e71b7053SJung-uk Kim #endif 204*6935a639SJung-uk Kim 205*6935a639SJung-uk Kim if (!OPENSSL_init_crypto(opts, settings)) 206e71b7053SJung-uk Kim return 0; 207e71b7053SJung-uk Kim 208e71b7053SJung-uk Kim if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) 209e71b7053SJung-uk Kim return 0; 210e71b7053SJung-uk Kim 211e71b7053SJung-uk Kim if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) 212*6935a639SJung-uk Kim && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings, 213*6935a639SJung-uk Kim ossl_init_load_ssl_strings)) 214e71b7053SJung-uk Kim return 0; 215e71b7053SJung-uk Kim 216e71b7053SJung-uk Kim if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) 217e71b7053SJung-uk Kim && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings)) 218e71b7053SJung-uk Kim return 0; 219e71b7053SJung-uk Kim 220e71b7053SJung-uk Kim return 1; 221e71b7053SJung-uk Kim } 222