1 /* 2 * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "e_os.h" 11 12 #include "internal/err.h" 13 #include <openssl/crypto.h> 14 #include <openssl/evp.h> 15 #include "ssl_locl.h" 16 #include "internal/thread_once.h" 17 18 static int stopped; 19 20 static void ssl_library_stop(void); 21 22 static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; 23 static int ssl_base_inited = 0; 24 DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) 25 { 26 #ifdef OPENSSL_INIT_DEBUG 27 fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 28 "Adding SSL ciphers and digests\n"); 29 #endif 30 #ifndef OPENSSL_NO_DES 31 EVP_add_cipher(EVP_des_cbc()); 32 EVP_add_cipher(EVP_des_ede3_cbc()); 33 #endif 34 #ifndef OPENSSL_NO_IDEA 35 EVP_add_cipher(EVP_idea_cbc()); 36 #endif 37 #ifndef OPENSSL_NO_RC4 38 EVP_add_cipher(EVP_rc4()); 39 # ifndef OPENSSL_NO_MD5 40 EVP_add_cipher(EVP_rc4_hmac_md5()); 41 # endif 42 #endif 43 #ifndef OPENSSL_NO_RC2 44 EVP_add_cipher(EVP_rc2_cbc()); 45 /* 46 * Not actually used for SSL/TLS but this makes PKCS#12 work if an 47 * application only calls SSL_library_init(). 48 */ 49 EVP_add_cipher(EVP_rc2_40_cbc()); 50 #endif 51 EVP_add_cipher(EVP_aes_128_cbc()); 52 EVP_add_cipher(EVP_aes_192_cbc()); 53 EVP_add_cipher(EVP_aes_256_cbc()); 54 EVP_add_cipher(EVP_aes_128_gcm()); 55 EVP_add_cipher(EVP_aes_256_gcm()); 56 EVP_add_cipher(EVP_aes_128_ccm()); 57 EVP_add_cipher(EVP_aes_256_ccm()); 58 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); 59 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); 60 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); 61 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); 62 #ifndef OPENSSL_NO_ARIA 63 EVP_add_cipher(EVP_aria_128_gcm()); 64 EVP_add_cipher(EVP_aria_256_gcm()); 65 #endif 66 #ifndef OPENSSL_NO_CAMELLIA 67 EVP_add_cipher(EVP_camellia_128_cbc()); 68 EVP_add_cipher(EVP_camellia_256_cbc()); 69 #endif 70 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 71 EVP_add_cipher(EVP_chacha20_poly1305()); 72 #endif 73 74 #ifndef OPENSSL_NO_SEED 75 EVP_add_cipher(EVP_seed_cbc()); 76 #endif 77 78 #ifndef OPENSSL_NO_MD5 79 EVP_add_digest(EVP_md5()); 80 EVP_add_digest_alias(SN_md5, "ssl3-md5"); 81 EVP_add_digest(EVP_md5_sha1()); 82 #endif 83 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ 84 EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); 85 EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); 86 EVP_add_digest(EVP_sha224()); 87 EVP_add_digest(EVP_sha256()); 88 EVP_add_digest(EVP_sha384()); 89 EVP_add_digest(EVP_sha512()); 90 #ifndef OPENSSL_NO_COMP 91 # ifdef OPENSSL_INIT_DEBUG 92 fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 93 "SSL_COMP_get_compression_methods()\n"); 94 # endif 95 /* 96 * This will initialise the built-in compression algorithms. The value 97 * returned is a STACK_OF(SSL_COMP), but that can be discarded safely 98 */ 99 SSL_COMP_get_compression_methods(); 100 #endif 101 /* initialize cipher/digest methods table */ 102 if (!ssl_load_ciphers()) 103 return 0; 104 105 #ifdef OPENSSL_INIT_DEBUG 106 fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " 107 "SSL_add_ssl_module()\n"); 108 #endif 109 /* 110 * We ignore an error return here. Not much we can do - but not that bad 111 * either. We can still safely continue. 112 */ 113 OPENSSL_atexit(ssl_library_stop); 114 ssl_base_inited = 1; 115 return 1; 116 } 117 118 static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT; 119 static int ssl_strings_inited = 0; 120 DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) 121 { 122 /* 123 * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time 124 * pulling in all the error strings during static linking 125 */ 126 #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) 127 # ifdef OPENSSL_INIT_DEBUG 128 fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: " 129 "ERR_load_SSL_strings()\n"); 130 # endif 131 ERR_load_SSL_strings(); 132 ssl_strings_inited = 1; 133 #endif 134 return 1; 135 } 136 137 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, 138 ossl_init_load_ssl_strings) 139 { 140 /* Do nothing in this case */ 141 return 1; 142 } 143 144 static void ssl_library_stop(void) 145 { 146 /* Might be explicitly called and also by atexit */ 147 if (stopped) 148 return; 149 stopped = 1; 150 151 if (ssl_base_inited) { 152 #ifndef OPENSSL_NO_COMP 153 # ifdef OPENSSL_INIT_DEBUG 154 fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " 155 "ssl_comp_free_compression_methods_int()\n"); 156 # endif 157 ssl_comp_free_compression_methods_int(); 158 #endif 159 } 160 161 if (ssl_strings_inited) { 162 #ifdef OPENSSL_INIT_DEBUG 163 fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " 164 "err_free_strings_int()\n"); 165 #endif 166 /* 167 * If both crypto and ssl error strings are inited we will end up 168 * calling err_free_strings_int() twice - but that's ok. The second 169 * time will be a no-op. It's easier to do that than to try and track 170 * between the two libraries whether they have both been inited. 171 */ 172 err_free_strings_int(); 173 } 174 } 175 176 /* 177 * If this function is called with a non NULL settings value then it must be 178 * called prior to any threads making calls to any OpenSSL functions, 179 * i.e. passing a non-null settings value is assumed to be single-threaded. 180 */ 181 int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) 182 { 183 static int stoperrset = 0; 184 185 if (stopped) { 186 if (!stoperrset) { 187 /* 188 * We only ever set this once to avoid getting into an infinite 189 * loop where the error system keeps trying to init and fails so 190 * sets an error etc 191 */ 192 stoperrset = 1; 193 SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL); 194 } 195 return 0; 196 } 197 198 opts |= OPENSSL_INIT_ADD_ALL_CIPHERS 199 | OPENSSL_INIT_ADD_ALL_DIGESTS; 200 #ifndef OPENSSL_NO_AUTOLOAD_CONFIG 201 if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0) 202 opts |= OPENSSL_INIT_LOAD_CONFIG; 203 #endif 204 205 if (!OPENSSL_init_crypto(opts, settings)) 206 return 0; 207 208 if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) 209 return 0; 210 211 if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) 212 && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings, 213 ossl_init_load_ssl_strings)) 214 return 0; 215 216 if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) 217 && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings)) 218 return 0; 219 220 return 1; 221 } 222