1 /* 2 * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "e_os.h" 11 12 #include "internal/err.h" 13 #include <openssl/crypto.h> 14 #include <openssl/evp.h> 15 #include "ssl_local.h" 16 #include "internal/thread_once.h" 17 18 static int stopped; 19 20 static void ssl_library_stop(void); 21 22 static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; 23 static int ssl_base_inited = 0; 24 DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) 25 { 26 #ifdef OPENSSL_INIT_DEBUG 27 fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 28 "Adding SSL ciphers and digests\n"); 29 #endif 30 #ifndef OPENSSL_NO_DES 31 EVP_add_cipher(EVP_des_cbc()); 32 EVP_add_cipher(EVP_des_ede3_cbc()); 33 #endif 34 #ifndef OPENSSL_NO_IDEA 35 EVP_add_cipher(EVP_idea_cbc()); 36 #endif 37 #ifndef OPENSSL_NO_RC4 38 EVP_add_cipher(EVP_rc4()); 39 # ifndef OPENSSL_NO_MD5 40 EVP_add_cipher(EVP_rc4_hmac_md5()); 41 # endif 42 #endif 43 #ifndef OPENSSL_NO_RC2 44 EVP_add_cipher(EVP_rc2_cbc()); 45 /* 46 * Not actually used for SSL/TLS but this makes PKCS#12 work if an 47 * application only calls SSL_library_init(). 48 */ 49 EVP_add_cipher(EVP_rc2_40_cbc()); 50 #endif 51 EVP_add_cipher(EVP_aes_128_cbc()); 52 EVP_add_cipher(EVP_aes_192_cbc()); 53 EVP_add_cipher(EVP_aes_256_cbc()); 54 EVP_add_cipher(EVP_aes_128_gcm()); 55 EVP_add_cipher(EVP_aes_256_gcm()); 56 EVP_add_cipher(EVP_aes_128_ccm()); 57 EVP_add_cipher(EVP_aes_256_ccm()); 58 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); 59 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); 60 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); 61 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); 62 #ifndef OPENSSL_NO_ARIA 63 EVP_add_cipher(EVP_aria_128_gcm()); 64 EVP_add_cipher(EVP_aria_256_gcm()); 65 #endif 66 #ifndef OPENSSL_NO_CAMELLIA 67 EVP_add_cipher(EVP_camellia_128_cbc()); 68 EVP_add_cipher(EVP_camellia_256_cbc()); 69 #endif 70 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 71 EVP_add_cipher(EVP_chacha20_poly1305()); 72 #endif 73 74 #ifndef OPENSSL_NO_SEED 75 EVP_add_cipher(EVP_seed_cbc()); 76 #endif 77 78 #ifndef OPENSSL_NO_MD5 79 EVP_add_digest(EVP_md5()); 80 EVP_add_digest_alias(SN_md5, "ssl3-md5"); 81 EVP_add_digest(EVP_md5_sha1()); 82 #endif 83 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ 84 EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); 85 EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); 86 EVP_add_digest(EVP_sha224()); 87 EVP_add_digest(EVP_sha256()); 88 EVP_add_digest(EVP_sha384()); 89 EVP_add_digest(EVP_sha512()); 90 #ifndef OPENSSL_NO_COMP 91 # ifdef OPENSSL_INIT_DEBUG 92 fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 93 "SSL_COMP_get_compression_methods()\n"); 94 # endif 95 /* 96 * This will initialise the built-in compression algorithms. The value 97 * returned is a STACK_OF(SSL_COMP), but that can be discarded safely 98 */ 99 SSL_COMP_get_compression_methods(); 100 #endif 101 /* initialize cipher/digest methods table */ 102 if (!ssl_load_ciphers()) 103 return 0; 104 105 #ifdef OPENSSL_INIT_DEBUG 106 fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 107 "SSL_add_ssl_module()\n"); 108 #endif 109 /* 110 * We ignore an error return here. Not much we can do - but not that bad 111 * either. We can still safely continue. 112 */ 113 OPENSSL_atexit(ssl_library_stop); 114 ssl_base_inited = 1; 115 return 1; 116 } 117 118 static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT; 119 120 DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) 121 { 122 /* 123 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time 124 * pulling in all the error strings during static linking 125 */ 126 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) 127 # ifdef OPENSSL_INIT_DEBUG 128 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: " 129 "ERR_load_SSL_strings()\n"); 130 # endif 131 ERR_load_SSL_strings(); 132 #endif 133 return 1; 134 } 135 136 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, 137 ossl_init_load_ssl_strings) 138 { 139 /* Do nothing in this case */ 140 return 1; 141 } 142 143 static void ssl_library_stop(void) 144 { 145 /* Might be explicitly called and also by atexit */ 146 if (stopped) 147 return; 148 stopped = 1; 149 150 if (ssl_base_inited) { 151 #ifndef OPENSSL_NO_COMP 152 # ifdef OPENSSL_INIT_DEBUG 153 fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " 154 "ssl_comp_free_compression_methods_int()\n"); 155 # endif 156 ssl_comp_free_compression_methods_int(); 157 #endif 158 } 159 } 160 161 /* 162 * If this function is called with a non NULL settings value then it must be 163 * called prior to any threads making calls to any OpenSSL functions, 164 * i.e. passing a non-null settings value is assumed to be single-threaded. 165 */ 166 int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) 167 { 168 static int stoperrset = 0; 169 170 if (stopped) { 171 if (!stoperrset) { 172 /* 173 * We only ever set this once to avoid getting into an infinite 174 * loop where the error system keeps trying to init and fails so 175 * sets an error etc 176 */ 177 stoperrset = 1; 178 SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL); 179 } 180 return 0; 181 } 182 183 opts |= OPENSSL_INIT_ADD_ALL_CIPHERS 184 | OPENSSL_INIT_ADD_ALL_DIGESTS; 185 #ifndef OPENSSL_NO_AUTOLOAD_CONFIG 186 if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0) 187 opts |= OPENSSL_INIT_LOAD_CONFIG; 188 #endif 189 190 if (!OPENSSL_init_crypto(opts, settings)) 191 return 0; 192 193 if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) 194 return 0; 195 196 if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) 197 && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings, 198 ossl_init_load_ssl_strings)) 199 return 0; 200 201 if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) 202 && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings)) 203 return 0; 204 205 return 1; 206 } 207