1*e71b7053SJung-uk Kim /* 2*e71b7053SJung-uk Kim * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. 3*e71b7053SJung-uk Kim * 4*e71b7053SJung-uk Kim * Licensed under the OpenSSL license (the "License"). You may not use 5*e71b7053SJung-uk Kim * this file except in compliance with the License. You can obtain a copy 6*e71b7053SJung-uk Kim * in the file LICENSE in the source distribution or at 7*e71b7053SJung-uk Kim * https://www.openssl.org/source/license.html 8*e71b7053SJung-uk Kim */ 9*e71b7053SJung-uk Kim 10*e71b7053SJung-uk Kim #include "e_os.h" 11*e71b7053SJung-uk Kim 12*e71b7053SJung-uk Kim #include "internal/err.h" 13*e71b7053SJung-uk Kim #include <openssl/crypto.h> 14*e71b7053SJung-uk Kim #include <openssl/evp.h> 15*e71b7053SJung-uk Kim #include "ssl_locl.h" 16*e71b7053SJung-uk Kim #include "internal/thread_once.h" 17*e71b7053SJung-uk Kim 18*e71b7053SJung-uk Kim static int stopped; 19*e71b7053SJung-uk Kim 20*e71b7053SJung-uk Kim static void ssl_library_stop(void); 21*e71b7053SJung-uk Kim 22*e71b7053SJung-uk Kim static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; 23*e71b7053SJung-uk Kim static int ssl_base_inited = 0; 24*e71b7053SJung-uk Kim DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) 25*e71b7053SJung-uk Kim { 26*e71b7053SJung-uk Kim #ifdef OPENSSL_INIT_DEBUG 27*e71b7053SJung-uk Kim fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 28*e71b7053SJung-uk Kim "Adding SSL ciphers and digests\n"); 29*e71b7053SJung-uk Kim #endif 30*e71b7053SJung-uk Kim #ifndef OPENSSL_NO_DES 31*e71b7053SJung-uk Kim EVP_add_cipher(EVP_des_cbc()); 32*e71b7053SJung-uk Kim EVP_add_cipher(EVP_des_ede3_cbc()); 33*e71b7053SJung-uk Kim #endif 34*e71b7053SJung-uk Kim #ifndef OPENSSL_NO_IDEA 35*e71b7053SJung-uk Kim EVP_add_cipher(EVP_idea_cbc()); 36*e71b7053SJung-uk Kim #endif 37*e71b7053SJung-uk Kim #ifndef OPENSSL_NO_RC4 38*e71b7053SJung-uk Kim EVP_add_cipher(EVP_rc4()); 39*e71b7053SJung-uk Kim # ifndef OPENSSL_NO_MD5 40*e71b7053SJung-uk Kim EVP_add_cipher(EVP_rc4_hmac_md5()); 41*e71b7053SJung-uk Kim # endif 42*e71b7053SJung-uk Kim #endif 43*e71b7053SJung-uk Kim #ifndef OPENSSL_NO_RC2 44*e71b7053SJung-uk Kim EVP_add_cipher(EVP_rc2_cbc()); 45*e71b7053SJung-uk Kim /* 46*e71b7053SJung-uk Kim * Not actually used for SSL/TLS but this makes PKCS#12 work if an 47*e71b7053SJung-uk Kim * application only calls SSL_library_init(). 48*e71b7053SJung-uk Kim */ 49*e71b7053SJung-uk Kim EVP_add_cipher(EVP_rc2_40_cbc()); 50*e71b7053SJung-uk Kim #endif 51*e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_128_cbc()); 52*e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_192_cbc()); 53*e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_256_cbc()); 54*e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_128_gcm()); 55*e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_256_gcm()); 56*e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_128_ccm()); 57*e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_256_ccm()); 58*e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); 59*e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); 60*e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); 61*e71b7053SJung-uk Kim EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); 62*e71b7053SJung-uk Kim #ifndef OPENSSL_NO_ARIA 63*e71b7053SJung-uk Kim EVP_add_cipher(EVP_aria_128_gcm()); 64*e71b7053SJung-uk Kim EVP_add_cipher(EVP_aria_256_gcm()); 65*e71b7053SJung-uk Kim #endif 66*e71b7053SJung-uk Kim #ifndef OPENSSL_NO_CAMELLIA 67*e71b7053SJung-uk Kim EVP_add_cipher(EVP_camellia_128_cbc()); 68*e71b7053SJung-uk Kim EVP_add_cipher(EVP_camellia_256_cbc()); 69*e71b7053SJung-uk Kim #endif 70*e71b7053SJung-uk Kim #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 71*e71b7053SJung-uk Kim EVP_add_cipher(EVP_chacha20_poly1305()); 72*e71b7053SJung-uk Kim #endif 73*e71b7053SJung-uk Kim 74*e71b7053SJung-uk Kim #ifndef OPENSSL_NO_SEED 75*e71b7053SJung-uk Kim EVP_add_cipher(EVP_seed_cbc()); 76*e71b7053SJung-uk Kim #endif 77*e71b7053SJung-uk Kim 78*e71b7053SJung-uk Kim #ifndef OPENSSL_NO_MD5 79*e71b7053SJung-uk Kim EVP_add_digest(EVP_md5()); 80*e71b7053SJung-uk Kim EVP_add_digest_alias(SN_md5, "ssl3-md5"); 81*e71b7053SJung-uk Kim EVP_add_digest(EVP_md5_sha1()); 82*e71b7053SJung-uk Kim #endif 83*e71b7053SJung-uk Kim EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ 84*e71b7053SJung-uk Kim EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); 85*e71b7053SJung-uk Kim EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); 86*e71b7053SJung-uk Kim EVP_add_digest(EVP_sha224()); 87*e71b7053SJung-uk Kim EVP_add_digest(EVP_sha256()); 88*e71b7053SJung-uk Kim EVP_add_digest(EVP_sha384()); 89*e71b7053SJung-uk Kim EVP_add_digest(EVP_sha512()); 90*e71b7053SJung-uk Kim #ifndef OPENSSL_NO_COMP 91*e71b7053SJung-uk Kim # ifdef OPENSSL_INIT_DEBUG 92*e71b7053SJung-uk Kim fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 93*e71b7053SJung-uk Kim "SSL_COMP_get_compression_methods()\n"); 94*e71b7053SJung-uk Kim # endif 95*e71b7053SJung-uk Kim /* 96*e71b7053SJung-uk Kim * This will initialise the built-in compression algorithms. The value 97*e71b7053SJung-uk Kim * returned is a STACK_OF(SSL_COMP), but that can be discarded safely 98*e71b7053SJung-uk Kim */ 99*e71b7053SJung-uk Kim SSL_COMP_get_compression_methods(); 100*e71b7053SJung-uk Kim #endif 101*e71b7053SJung-uk Kim /* initialize cipher/digest methods table */ 102*e71b7053SJung-uk Kim if (!ssl_load_ciphers()) 103*e71b7053SJung-uk Kim return 0; 104*e71b7053SJung-uk Kim 105*e71b7053SJung-uk Kim #ifdef OPENSSL_INIT_DEBUG 106*e71b7053SJung-uk Kim fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 107*e71b7053SJung-uk Kim "SSL_add_ssl_module()\n"); 108*e71b7053SJung-uk Kim #endif 109*e71b7053SJung-uk Kim /* 110*e71b7053SJung-uk Kim * We ignore an error return here. Not much we can do - but not that bad 111*e71b7053SJung-uk Kim * either. We can still safely continue. 112*e71b7053SJung-uk Kim */ 113*e71b7053SJung-uk Kim OPENSSL_atexit(ssl_library_stop); 114*e71b7053SJung-uk Kim ssl_base_inited = 1; 115*e71b7053SJung-uk Kim return 1; 116*e71b7053SJung-uk Kim } 117*e71b7053SJung-uk Kim 118*e71b7053SJung-uk Kim static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT; 119*e71b7053SJung-uk Kim static int ssl_strings_inited = 0; 120*e71b7053SJung-uk Kim DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) 121*e71b7053SJung-uk Kim { 122*e71b7053SJung-uk Kim /* 123*e71b7053SJung-uk Kim * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time 124*e71b7053SJung-uk Kim * pulling in all the error strings during static linking 125*e71b7053SJung-uk Kim */ 126*e71b7053SJung-uk Kim #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) 127*e71b7053SJung-uk Kim # ifdef OPENSSL_INIT_DEBUG 128*e71b7053SJung-uk Kim fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: " 129*e71b7053SJung-uk Kim "ERR_load_SSL_strings()\n"); 130*e71b7053SJung-uk Kim # endif 131*e71b7053SJung-uk Kim ERR_load_SSL_strings(); 132*e71b7053SJung-uk Kim ssl_strings_inited = 1; 133*e71b7053SJung-uk Kim #endif 134*e71b7053SJung-uk Kim return 1; 135*e71b7053SJung-uk Kim } 136*e71b7053SJung-uk Kim 137*e71b7053SJung-uk Kim DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_ssl_strings) 138*e71b7053SJung-uk Kim { 139*e71b7053SJung-uk Kim /* Do nothing in this case */ 140*e71b7053SJung-uk Kim return 1; 141*e71b7053SJung-uk Kim } 142*e71b7053SJung-uk Kim 143*e71b7053SJung-uk Kim static void ssl_library_stop(void) 144*e71b7053SJung-uk Kim { 145*e71b7053SJung-uk Kim /* Might be explicitly called and also by atexit */ 146*e71b7053SJung-uk Kim if (stopped) 147*e71b7053SJung-uk Kim return; 148*e71b7053SJung-uk Kim stopped = 1; 149*e71b7053SJung-uk Kim 150*e71b7053SJung-uk Kim if (ssl_base_inited) { 151*e71b7053SJung-uk Kim #ifndef OPENSSL_NO_COMP 152*e71b7053SJung-uk Kim # ifdef OPENSSL_INIT_DEBUG 153*e71b7053SJung-uk Kim fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " 154*e71b7053SJung-uk Kim "ssl_comp_free_compression_methods_int()\n"); 155*e71b7053SJung-uk Kim # endif 156*e71b7053SJung-uk Kim ssl_comp_free_compression_methods_int(); 157*e71b7053SJung-uk Kim #endif 158*e71b7053SJung-uk Kim } 159*e71b7053SJung-uk Kim 160*e71b7053SJung-uk Kim if (ssl_strings_inited) { 161*e71b7053SJung-uk Kim #ifdef OPENSSL_INIT_DEBUG 162*e71b7053SJung-uk Kim fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " 163*e71b7053SJung-uk Kim "err_free_strings_int()\n"); 164*e71b7053SJung-uk Kim #endif 165*e71b7053SJung-uk Kim /* 166*e71b7053SJung-uk Kim * If both crypto and ssl error strings are inited we will end up 167*e71b7053SJung-uk Kim * calling err_free_strings_int() twice - but that's ok. The second 168*e71b7053SJung-uk Kim * time will be a no-op. It's easier to do that than to try and track 169*e71b7053SJung-uk Kim * between the two libraries whether they have both been inited. 170*e71b7053SJung-uk Kim */ 171*e71b7053SJung-uk Kim err_free_strings_int(); 172*e71b7053SJung-uk Kim } 173*e71b7053SJung-uk Kim } 174*e71b7053SJung-uk Kim 175*e71b7053SJung-uk Kim /* 176*e71b7053SJung-uk Kim * If this function is called with a non NULL settings value then it must be 177*e71b7053SJung-uk Kim * called prior to any threads making calls to any OpenSSL functions, 178*e71b7053SJung-uk Kim * i.e. passing a non-null settings value is assumed to be single-threaded. 179*e71b7053SJung-uk Kim */ 180*e71b7053SJung-uk Kim int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) 181*e71b7053SJung-uk Kim { 182*e71b7053SJung-uk Kim static int stoperrset = 0; 183*e71b7053SJung-uk Kim 184*e71b7053SJung-uk Kim if (stopped) { 185*e71b7053SJung-uk Kim if (!stoperrset) { 186*e71b7053SJung-uk Kim /* 187*e71b7053SJung-uk Kim * We only ever set this once to avoid getting into an infinite 188*e71b7053SJung-uk Kim * loop where the error system keeps trying to init and fails so 189*e71b7053SJung-uk Kim * sets an error etc 190*e71b7053SJung-uk Kim */ 191*e71b7053SJung-uk Kim stoperrset = 1; 192*e71b7053SJung-uk Kim SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL); 193*e71b7053SJung-uk Kim } 194*e71b7053SJung-uk Kim return 0; 195*e71b7053SJung-uk Kim } 196*e71b7053SJung-uk Kim 197*e71b7053SJung-uk Kim if (!OPENSSL_init_crypto(opts 198*e71b7053SJung-uk Kim #ifndef OPENSSL_NO_AUTOLOAD_CONFIG 199*e71b7053SJung-uk Kim | OPENSSL_INIT_LOAD_CONFIG 200*e71b7053SJung-uk Kim #endif 201*e71b7053SJung-uk Kim | OPENSSL_INIT_ADD_ALL_CIPHERS 202*e71b7053SJung-uk Kim | OPENSSL_INIT_ADD_ALL_DIGESTS, 203*e71b7053SJung-uk Kim settings)) 204*e71b7053SJung-uk Kim return 0; 205*e71b7053SJung-uk Kim 206*e71b7053SJung-uk Kim if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) 207*e71b7053SJung-uk Kim return 0; 208*e71b7053SJung-uk Kim 209*e71b7053SJung-uk Kim if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) 210*e71b7053SJung-uk Kim && !RUN_ONCE(&ssl_strings, ossl_init_no_load_ssl_strings)) 211*e71b7053SJung-uk Kim return 0; 212*e71b7053SJung-uk Kim 213*e71b7053SJung-uk Kim if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) 214*e71b7053SJung-uk Kim && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings)) 215*e71b7053SJung-uk Kim return 0; 216*e71b7053SJung-uk Kim 217*e71b7053SJung-uk Kim return 1; 218*e71b7053SJung-uk Kim } 219