Line | Count | Source |
1 | | /* |
2 | | * Copyright (C) 2001-2016 Free Software Foundation, Inc. |
3 | | * Copyright (C) 2015-2016 Red Hat, Inc. |
4 | | * |
5 | | * Author: Nikos Mavrogiannopoulos |
6 | | * |
7 | | * This file is part of GnuTLS. |
8 | | * |
9 | | * The GnuTLS is free software; you can redistribute it and/or |
10 | | * modify it under the terms of the GNU Lesser General Public License |
11 | | * as published by the Free Software Foundation; either version 2.1 of |
12 | | * the License, or (at your option) any later version. |
13 | | * |
14 | | * This library is distributed in the hope that it will be useful, but |
15 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | | * Lesser General Public License for more details. |
18 | | * |
19 | | * You should have received a copy of the GNU Lesser General Public License |
20 | | * along with this program. If not, see <https://www.gnu.org/licenses/>. |
21 | | * |
22 | | */ |
23 | | |
24 | | #include "gnutls_int.h" |
25 | | #include "errors.h" |
26 | | #include <libtasn1.h> |
27 | | #include "dh.h" |
28 | | #include "compress.h" |
29 | | #include "random.h" |
30 | | #include <gnutls/pkcs11.h> |
31 | | |
32 | | #include "hello_ext.h" /* for _gnutls_hello_ext_init */ |
33 | | #include "supplemental.h" /* for _gnutls_supplemental_deinit */ |
34 | | #include "locks.h" |
35 | | #include "system.h" |
36 | | #include "accelerated/cryptodev.h" |
37 | | #include "accelerated/afalg.h" |
38 | | #include "accelerated/accelerated.h" |
39 | | #include "fips.h" |
40 | | #include "atfork.h" |
41 | | #include "system-keys.h" |
42 | | #include "str.h" |
43 | | #include "global.h" |
44 | | #ifdef HAVE_LEANCRYPTO |
45 | | #include <leancrypto.h> |
46 | | #endif |
47 | | |
48 | | #ifdef ENABLE_PKCS11 |
49 | | #include "pkcs11/p11_provider.h" |
50 | | #endif |
51 | | |
52 | | #include "audit.h" |
53 | | |
54 | | /* Minimum library versions we accept. */ |
55 | 4 | #define GNUTLS_MIN_LIBTASN1_VERSION "0.3.4" |
56 | | |
57 | | #ifdef __sun |
58 | | #pragma fini(lib_deinit) |
59 | | #pragma init(lib_init) |
60 | | #define _CONSTRUCTOR |
61 | | #define _DESTRUCTOR |
62 | | #else |
63 | | #define _CONSTRUCTOR __attribute__((constructor)) |
64 | | #define _DESTRUCTOR __attribute__((destructor)) |
65 | | #endif |
66 | | |
67 | | #ifndef _WIN32 |
68 | | int __attribute__((weak)) _gnutls_global_init_skip(void); |
69 | | int _gnutls_global_init_skip(void) |
70 | 4 | { |
71 | 4 | return 0; |
72 | 4 | } |
73 | | #else |
74 | | inline static int _gnutls_global_init_skip(void) |
75 | | { |
76 | | return 0; |
77 | | } |
78 | | #endif |
79 | | |
80 | | /* created by asn1c */ |
81 | | extern const asn1_static_node gnutls_asn1_tab[]; |
82 | | extern const asn1_static_node pkix_asn1_tab[]; |
83 | | |
84 | | asn1_node _gnutls_pkix1_asn = NULL; |
85 | | asn1_node _gnutls_gnutls_asn = NULL; |
86 | | |
87 | | gnutls_log_func _gnutls_log_func = NULL; |
88 | | gnutls_audit_log_func _gnutls_audit_log_func = NULL; |
89 | | int _gnutls_log_level = 0; /* default log level */ |
90 | | |
91 | | unsigned int _gnutls_global_version = GNUTLS_VERSION_NUMBER; |
92 | | |
93 | | static int _gnutls_global_init(unsigned constructor); |
94 | | static void _gnutls_global_deinit(unsigned destructor); |
95 | | |
96 | | static void default_log_func(int level, const char *str) |
97 | 0 | { |
98 | 0 | fprintf(stderr, "gnutls[%d]: %s", level, str); |
99 | 0 | } |
100 | | |
101 | | /** |
102 | | * gnutls_global_set_log_function: |
103 | | * @log_func: it's a log function |
104 | | * |
105 | | * This is the function where you set the logging function gnutls is |
106 | | * going to use. This function only accepts a character array. |
107 | | * Normally you may not use this function since it is only used for |
108 | | * debugging purposes. |
109 | | * |
110 | | * @gnutls_log_func is of the form, |
111 | | * void (*gnutls_log_func)( int level, const char*); |
112 | | **/ |
113 | | void gnutls_global_set_log_function(gnutls_log_func log_func) |
114 | 0 | { |
115 | 0 | _gnutls_log_func = log_func; |
116 | 0 | } |
117 | | |
118 | | /** |
119 | | * gnutls_global_set_audit_log_function: |
120 | | * @log_func: it is the audit log function |
121 | | * |
122 | | * This is the function to set the audit logging function. This |
123 | | * is a function to report important issues, such as possible |
124 | | * attacks in the protocol. This is different from gnutls_global_set_log_function() |
125 | | * because it will report also session-specific events. The session |
126 | | * parameter will be null if there is no corresponding TLS session. |
127 | | * |
128 | | * @gnutls_audit_log_func is of the form, |
129 | | * void (*gnutls_audit_log_func)( gnutls_session_t, const char*); |
130 | | * |
131 | | * Since: 3.0 |
132 | | **/ |
133 | | void gnutls_global_set_audit_log_function(gnutls_audit_log_func log_func) |
134 | 0 | { |
135 | 0 | _gnutls_audit_log_func = log_func; |
136 | 0 | } |
137 | | |
138 | | static void gettime_from_time(struct timespec *t) |
139 | 0 | { |
140 | 0 | t->tv_sec = gnutls_time(NULL); |
141 | 0 | t->tv_nsec = 0; |
142 | 0 | } |
143 | | |
144 | | /** |
145 | | * gnutls_global_set_time_function: |
146 | | * @time_func: it's the system time function, a gnutls_time_func() callback. |
147 | | * |
148 | | * This is the function where you can override the default system time |
149 | | * function. The application provided function should behave the same |
150 | | * as the standard function. |
151 | | * |
152 | | * Since: 2.12.0 |
153 | | **/ |
154 | | void gnutls_global_set_time_function(gnutls_time_func time_func) |
155 | 0 | { |
156 | 0 | gnutls_time = time_func; |
157 | | |
158 | | /* When the time function is overridden, also override the |
159 | | * gettime function to use the derived value, even if its |
160 | | * resolution is lower. |
161 | | */ |
162 | 0 | _gnutls_global_set_gettime_function(gettime_from_time); |
163 | 0 | } |
164 | | |
165 | | /** |
166 | | * gnutls_global_set_log_level: |
167 | | * @level: it's an integer from 0 to 99. |
168 | | * |
169 | | * This is the function that allows you to set the log level. The |
170 | | * level is an integer between 0 and 9. Higher values mean more |
171 | | * verbosity. The default value is 0. Larger values should only be |
172 | | * used with care, since they may reveal sensitive information. |
173 | | * |
174 | | * Use a log level over 10 to enable all debugging options. |
175 | | **/ |
176 | | void gnutls_global_set_log_level(int level) |
177 | 0 | { |
178 | 0 | _gnutls_log_level = level; |
179 | 0 | } |
180 | | |
181 | | /** |
182 | | * gnutls_global_set_mem_functions: |
183 | | * @alloc_func: it's the default memory allocation function. Like malloc(). |
184 | | * @secure_alloc_func: This is the memory allocation function that will be used for sensitive data. |
185 | | * @is_secure_func: a function that returns 0 if the memory given is not secure. May be NULL. |
186 | | * @realloc_func: A realloc function |
187 | | * @free_func: The function that frees allocated data. Must accept a NULL pointer. |
188 | | * |
189 | | * Deprecated: since 3.3.0 it is no longer possible to replace the internally used |
190 | | * memory allocation functions |
191 | | * |
192 | | * This is the function where you set the memory allocation functions |
193 | | * gnutls is going to use. By default the libc's allocation functions |
194 | | * (malloc(), free()), are used by gnutls, to allocate both sensitive |
195 | | * and not sensitive data. This function is provided to set the |
196 | | * memory allocation functions to something other than the defaults |
197 | | * |
198 | | * This function must be called before gnutls_global_init() is called. |
199 | | * This function is not thread safe. |
200 | | **/ |
201 | | void gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func, |
202 | | gnutls_alloc_function secure_alloc_func, |
203 | | gnutls_is_secure_function is_secure_func, |
204 | | gnutls_realloc_function realloc_func, |
205 | | gnutls_free_function free_func) |
206 | 0 | { |
207 | 0 | _gnutls_debug_log( |
208 | 0 | "called the deprecated gnutls_global_set_mem_functions()\n"); |
209 | 0 | } |
210 | | |
211 | | GNUTLS_STATIC_MUTEX(global_init_mutex); |
212 | | static int _gnutls_init = 0; |
213 | | |
214 | | /* cache the return code */ |
215 | | static int _gnutls_init_ret = 0; |
216 | | |
217 | | /** |
218 | | * gnutls_global_init: |
219 | | * |
220 | | * Since GnuTLS 3.3.0 this function is no longer necessary to be explicitly |
221 | | * called. To disable the implicit call (in a library constructor) of this |
222 | | * function set the environment variable %GNUTLS_NO_IMPLICIT_INIT to 1. |
223 | | * |
224 | | * This function performs any required precalculations, detects |
225 | | * the supported CPU capabilities and initializes the underlying |
226 | | * cryptographic backend. In order to free any resources |
227 | | * taken by this call you should gnutls_global_deinit() |
228 | | * when gnutls usage is no longer needed. |
229 | | * |
230 | | * This function increments a global counter, so that |
231 | | * gnutls_global_deinit() only releases resources when it has been |
232 | | * called as many times as gnutls_global_init(). This is useful when |
233 | | * GnuTLS is used by more than one library in an application. This |
234 | | * function can be called many times, but will only do something the |
235 | | * first time. It is thread safe since GnuTLS 3.3.0. |
236 | | * |
237 | | * A subsequent call of this function if the initial has failed will |
238 | | * return the same error code. |
239 | | * |
240 | | * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, |
241 | | * otherwise a negative error code is returned. |
242 | | **/ |
243 | | int gnutls_global_init(void) |
244 | 0 | { |
245 | 0 | return _gnutls_global_init(0); |
246 | 0 | } |
247 | | |
248 | | static int _gnutls_global_init(unsigned constructor) |
249 | 4 | { |
250 | 4 | int ret = 0, res; |
251 | 4 | int level; |
252 | 4 | const char *e; |
253 | | #if defined(ENABLE_PKCS11) && defined(ENABLE_FIPS140) |
254 | | const char *p11_provider_url = NULL; |
255 | | const char *p11_provider_pin = NULL; |
256 | | #endif |
257 | | |
258 | 4 | if (!constructor) { |
259 | 0 | ret = gnutls_static_mutex_lock(&global_init_mutex); |
260 | 0 | if (ret < 0) { |
261 | 0 | return gnutls_assert_val(ret); |
262 | 0 | } |
263 | 0 | } |
264 | | |
265 | 4 | _gnutls_init++; |
266 | 4 | if (_gnutls_init > 1) { |
267 | 0 | ret = _gnutls_init_ret; |
268 | 0 | goto out; |
269 | 0 | } |
270 | | |
271 | 4 | _gnutls_switch_lib_state(LIB_STATE_INIT); |
272 | | |
273 | 4 | e = secure_getenv("GNUTLS_DEBUG_LEVEL"); |
274 | 4 | if (e != NULL) { |
275 | 0 | level = atoi(e); |
276 | 0 | gnutls_global_set_log_level(level); |
277 | 0 | if (_gnutls_log_func == NULL) |
278 | 0 | gnutls_global_set_log_function(default_log_func); |
279 | 0 | _gnutls_debug_log("Enabled GnuTLS " VERSION " logging...\n"); |
280 | 0 | } |
281 | | |
282 | 4 | #ifdef HAVE_DCGETTEXT |
283 | 4 | bindtextdomain(PACKAGE, LOCALEDIR); |
284 | 4 | #endif |
285 | | |
286 | 4 | e = secure_getenv("GNUTLS_BUFFER_RECLAIM"); |
287 | 4 | if (e != NULL) { |
288 | 0 | bool reclaiming = e[0] == '1' && e[1] == '\0'; |
289 | 0 | _gnutls_debug_log("Using %s buffer allocator...\n", |
290 | 0 | reclaiming ? "reclaiming" : "non-reclaiming"); |
291 | 0 | _gnutls_buffer_set_reclaiming(reclaiming); |
292 | 0 | } |
293 | | |
294 | 4 | res = gnutls_crypto_init(); |
295 | 4 | if (res != 0) { |
296 | 0 | gnutls_assert(); |
297 | 0 | ret = GNUTLS_E_CRYPTO_INIT_FAILED; |
298 | 0 | goto out; |
299 | 0 | } |
300 | | |
301 | 4 | ret = _gnutls_system_key_init(); |
302 | 4 | if (ret != 0) { |
303 | 0 | gnutls_assert(); |
304 | 0 | } |
305 | | |
306 | | /* initialize ASN.1 parser |
307 | | */ |
308 | 4 | if (asn1_check_version(GNUTLS_MIN_LIBTASN1_VERSION) == NULL) { |
309 | 0 | gnutls_assert(); |
310 | 0 | _gnutls_debug_log("Checking for libtasn1 failed: %s < %s\n", |
311 | 0 | asn1_check_version(NULL), |
312 | 0 | GNUTLS_MIN_LIBTASN1_VERSION); |
313 | 0 | ret = GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY; |
314 | 0 | goto out; |
315 | 0 | } |
316 | | |
317 | 4 | _gnutls_pkix1_asn = NULL; |
318 | 4 | res = asn1_array2tree(pkix_asn1_tab, &_gnutls_pkix1_asn, NULL); |
319 | 4 | if (res != ASN1_SUCCESS) { |
320 | 0 | gnutls_assert(); |
321 | 0 | ret = _gnutls_asn2err(res); |
322 | 0 | goto out; |
323 | 0 | } |
324 | | |
325 | 4 | res = asn1_array2tree(gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL); |
326 | 4 | if (res != ASN1_SUCCESS) { |
327 | 0 | gnutls_assert(); |
328 | 0 | ret = _gnutls_asn2err(res); |
329 | 0 | goto out; |
330 | 0 | } |
331 | | |
332 | | /* Initialize the random generator */ |
333 | 4 | ret = _gnutls_rnd_preinit(); |
334 | 4 | if (ret < 0) { |
335 | 0 | gnutls_assert(); |
336 | 0 | goto out; |
337 | 0 | } |
338 | | |
339 | | /* Initialize the default TLS extensions */ |
340 | 4 | ret = _gnutls_hello_ext_init(); |
341 | 4 | if (ret < 0) { |
342 | 0 | gnutls_assert(); |
343 | 0 | goto out; |
344 | 0 | } |
345 | | |
346 | 4 | ret = gnutls_system_global_init(); |
347 | 4 | if (ret < 0) { |
348 | 0 | gnutls_assert(); |
349 | 0 | goto out; |
350 | 0 | } |
351 | | |
352 | 4 | #ifndef _WIN32 |
353 | 4 | ret = _gnutls_register_fork_handler(); |
354 | 4 | if (ret < 0) { |
355 | 0 | gnutls_assert(); |
356 | 0 | goto out; |
357 | 0 | } |
358 | 4 | #endif |
359 | | |
360 | | #ifdef ENABLE_FIPS140 |
361 | | res = _gnutls_fips_mode_enabled(); |
362 | | /* res == 1 -> fips140-2 mode enabled |
363 | | * res == 2 -> only self checks performed - but no failure |
364 | | * res == not in fips140 mode |
365 | | */ |
366 | | if (res != 0) { |
367 | | _gnutls_debug_log("FIPS140-2 mode: %d\n", res); |
368 | | _gnutls_priority_update_fips(); |
369 | | |
370 | | /* first round of self checks, these are done on the |
371 | | * nettle algorithms which are used internally */ |
372 | | _gnutls_switch_lib_state(LIB_STATE_SELFTEST); |
373 | | ret = _gnutls_fips_perform_self_checks1(); |
374 | | if (ret < 0) { |
375 | | _gnutls_switch_lib_state(LIB_STATE_ERROR); |
376 | | _gnutls_audit_log( |
377 | | NULL, "FIPS140-2 self testing part1 failed\n"); |
378 | | if (res != 2) { |
379 | | gnutls_assert(); |
380 | | goto out; |
381 | | } |
382 | | } |
383 | | } |
384 | | #endif |
385 | | |
386 | 4 | _gnutls_register_accel_crypto(); |
387 | 4 | _gnutls_cryptodev_init(); |
388 | 4 | _gnutls_afalg_init(); |
389 | | #ifdef HAVE_LEANCRYPTO |
390 | | lc_init(0); |
391 | | #endif |
392 | | |
393 | | #ifdef ENABLE_FIPS140 |
394 | | /* These self tests are performed on the overridden algorithms |
395 | | * (e.g., AESNI overridden AES). They are after _gnutls_register_accel_crypto() |
396 | | * intentionally */ |
397 | | if (res != 0) { |
398 | | _gnutls_switch_lib_state(LIB_STATE_SELFTEST); |
399 | | ret = _gnutls_fips_perform_self_checks2(); |
400 | | if (ret < 0) { |
401 | | _gnutls_switch_lib_state(LIB_STATE_ERROR); |
402 | | _gnutls_audit_log( |
403 | | NULL, "FIPS140-2 self testing part 2 failed\n"); |
404 | | if (res != 2) { |
405 | | gnutls_assert(); |
406 | | goto out; |
407 | | } |
408 | | } |
409 | | _gnutls_fips_mode_reset_zombie(); |
410 | | } |
411 | | #endif |
412 | | |
413 | 4 | _gnutls_prepare_to_load_system_priorities(); |
414 | | |
415 | | #if defined(ENABLE_PKCS11) && defined(ENABLE_FIPS140) |
416 | | p11_provider_url = _gnutls_config_get_p11_provider_url(); |
417 | | p11_provider_pin = _gnutls_config_get_p11_provider_pin(); |
418 | | |
419 | | if (res == 1 && p11_provider_url != NULL) { |
420 | | ret = _p11_provider_init(p11_provider_url, |
421 | | (const uint8_t *)p11_provider_pin, |
422 | | strlen(p11_provider_pin)); |
423 | | if (ret < 0) { |
424 | | gnutls_assert(); |
425 | | goto out; |
426 | | } |
427 | | } |
428 | | #endif |
429 | | |
430 | 4 | _gnutls_switch_lib_state(LIB_STATE_OPERATIONAL); |
431 | | |
432 | 4 | ret = 0; |
433 | | |
434 | 4 | out: |
435 | 4 | _gnutls_init_ret = ret; |
436 | 4 | if (!constructor) { |
437 | 0 | (void)gnutls_static_mutex_unlock(&global_init_mutex); |
438 | 0 | } |
439 | 4 | return ret; |
440 | 4 | } |
441 | | |
442 | | static void _gnutls_global_deinit(unsigned destructor) |
443 | 0 | { |
444 | 0 | if (!destructor) { |
445 | 0 | if (gnutls_static_mutex_lock(&global_init_mutex) < 0) { |
446 | 0 | return; |
447 | 0 | } |
448 | 0 | } |
449 | | |
450 | 0 | if (_gnutls_init == 1) { |
451 | 0 | _gnutls_init = 0; |
452 | 0 | if (_gnutls_init_ret < 0) { |
453 | | /* only deinitialize if gnutls_global_init() has |
454 | | * succeeded */ |
455 | 0 | gnutls_assert(); |
456 | 0 | goto fail; |
457 | 0 | } |
458 | | |
459 | 0 | _gnutls_system_key_deinit(); |
460 | 0 | gnutls_crypto_deinit(); |
461 | 0 | _gnutls_compression_deinit(); |
462 | 0 | _gnutls_rnd_deinit(); |
463 | 0 | _gnutls_hello_ext_deinit(); |
464 | 0 | asn1_delete_structure(&_gnutls_gnutls_asn); |
465 | 0 | asn1_delete_structure(&_gnutls_pkix1_asn); |
466 | |
|
467 | 0 | _gnutls_crypto_deregister(); |
468 | 0 | gnutls_system_global_deinit(); |
469 | 0 | _gnutls_cryptodev_deinit(); |
470 | |
|
471 | 0 | _gnutls_supplemental_deinit(); |
472 | 0 | _gnutls_unload_system_priorities(); |
473 | |
|
474 | | #if defined(ENABLE_PKCS11) && defined(ENABLE_FIPS140) |
475 | | _p11_provider_deinit(); |
476 | | #endif |
477 | |
|
478 | | #ifdef ENABLE_PKCS11 |
479 | | /* Do not try to deinitialize the PKCS #11 libraries |
480 | | * from the destructor. If we do and the PKCS #11 modules |
481 | | * are already being unloaded, we may crash. |
482 | | */ |
483 | | if (destructor == 0) { |
484 | | gnutls_pkcs11_deinit(); |
485 | | } |
486 | | #endif |
487 | | #ifdef HAVE_TROUSERS |
488 | | _gnutls_tpm_global_deinit(); |
489 | | #endif |
490 | | #ifdef HAVE_TPM2 |
491 | | _gnutls_tpm2_deinit(); |
492 | | #endif |
493 | |
|
494 | 0 | _gnutls_nss_keylog_deinit(); |
495 | 0 | } else { |
496 | 0 | if (_gnutls_init > 0) |
497 | 0 | _gnutls_init--; |
498 | 0 | } |
499 | | |
500 | 0 | fail: |
501 | 0 | if (!destructor) { |
502 | 0 | (void)gnutls_static_mutex_unlock(&global_init_mutex); |
503 | 0 | } |
504 | 0 | } |
505 | | |
506 | | /** |
507 | | * gnutls_global_deinit: |
508 | | * |
509 | | * This function deinitializes the global data, that were initialized |
510 | | * using gnutls_global_init(). |
511 | | * |
512 | | * Since GnuTLS 3.3.0 this function is no longer necessary to be explicitly |
513 | | * called. GnuTLS will automatically deinitialize on library destructor. See |
514 | | * gnutls_global_init() for disabling the implicit initialization/deinitialization. |
515 | | * |
516 | | **/ |
517 | | void gnutls_global_deinit(void) |
518 | 0 | { |
519 | 0 | _gnutls_global_deinit(0); |
520 | 0 | } |
521 | | |
522 | | /** |
523 | | * gnutls_check_version: |
524 | | * @req_version: version string to compare with, or %NULL. |
525 | | * |
526 | | * Check the GnuTLS Library version against the provided string. |
527 | | * See %GNUTLS_VERSION for a suitable @req_version string. |
528 | | * |
529 | | * See also gnutls_check_version_numeric(), which provides this |
530 | | * functionality as a macro. |
531 | | * |
532 | | * Returns: Check that the version of the library is at |
533 | | * minimum the one given as a string in @req_version and return the |
534 | | * actual version string of the library; return %NULL if the |
535 | | * condition is not met. If %NULL is passed to this function no |
536 | | * check is done and only the version string is returned. |
537 | | **/ |
538 | | const char *gnutls_check_version(const char *req_version) |
539 | 0 | { |
540 | 0 | if (!req_version || strverscmp(req_version, VERSION) <= 0) |
541 | 0 | return VERSION; |
542 | | |
543 | 0 | return NULL; |
544 | 0 | } |
545 | | |
546 | | static void _CONSTRUCTOR lib_init(void) |
547 | 4 | { |
548 | 4 | int ret; |
549 | 4 | const char *e; |
550 | | |
551 | 4 | if (_gnutls_global_init_skip() != 0) |
552 | 0 | return; |
553 | | |
554 | 4 | e = secure_getenv("GNUTLS_NO_IMPLICIT_INIT"); |
555 | 4 | if (e != NULL) { |
556 | 0 | ret = atoi(e); |
557 | 0 | if (ret == 1) |
558 | 0 | return; |
559 | 0 | } |
560 | | |
561 | 4 | e = secure_getenv("GNUTLS_NO_EXPLICIT_INIT"); |
562 | 4 | if (e != NULL) { |
563 | 0 | _gnutls_debug_log( |
564 | 0 | "GNUTLS_NO_EXPLICIT_INIT is deprecated; use GNUTLS_NO_IMPLICIT_INIT\n"); |
565 | 0 | ret = atoi(e); |
566 | 0 | if (ret == 1) |
567 | 0 | return; |
568 | 0 | } |
569 | | |
570 | 4 | ret = _gnutls_global_init(1); |
571 | 4 | if (ret < 0) { |
572 | 0 | fprintf(stderr, "Error in GnuTLS initialization: %s\n", |
573 | 0 | gnutls_strerror(ret)); |
574 | 0 | _gnutls_switch_lib_state(LIB_STATE_ERROR); |
575 | 0 | } |
576 | 4 | } |
577 | | |
578 | | static void _DESTRUCTOR lib_deinit(void) |
579 | 0 | { |
580 | 0 | int ret; |
581 | 0 | const char *e; |
582 | |
|
583 | 0 | if (_gnutls_global_init_skip() != 0) |
584 | 0 | return; |
585 | | |
586 | 0 | e = secure_getenv("GNUTLS_NO_IMPLICIT_INIT"); |
587 | 0 | if (e != NULL) { |
588 | 0 | ret = atoi(e); |
589 | 0 | if (ret == 1) |
590 | 0 | return; |
591 | 0 | } |
592 | | |
593 | 0 | e = secure_getenv("GNUTLS_NO_EXPLICIT_INIT"); |
594 | 0 | if (e != NULL) { |
595 | 0 | _gnutls_debug_log( |
596 | 0 | "GNUTLS_NO_EXPLICIT_INIT is deprecated; use GNUTLS_NO_IMPLICIT_INIT\n"); |
597 | 0 | ret = atoi(e); |
598 | 0 | if (ret == 1) |
599 | 0 | return; |
600 | 0 | } |
601 | | |
602 | 0 | _gnutls_global_deinit(1); |
603 | 0 | } |
604 | | |
605 | | static const struct gnutls_library_config_st _gnutls_library_config[] = { |
606 | | #ifdef FIPS_MODULE_NAME |
607 | | { "fips-module-name", FIPS_MODULE_NAME }, |
608 | | #endif |
609 | | #ifdef FIPS_MODULE_VERSION |
610 | | { "fips-module-version", FIPS_MODULE_VERSION }, |
611 | | #endif |
612 | | #ifdef GNUTLS_LIBRARY_SONAME |
613 | | { "libgnutls-soname", GNUTLS_LIBRARY_SONAME }, |
614 | | #endif |
615 | | #ifdef NETTLE_LIBRARY_SONAME |
616 | | { "libnettle-soname", NETTLE_LIBRARY_SONAME }, |
617 | | #endif |
618 | | #ifdef HOGWEED_LIBRARY_SONAME |
619 | | { "libhogweed-soname", HOGWEED_LIBRARY_SONAME }, |
620 | | #endif |
621 | | #ifdef GMP_LIBRARY_SONAME |
622 | | { "libgmp-soname", GMP_LIBRARY_SONAME }, |
623 | | #endif |
624 | | { "hardware-features", HW_FEATURES }, |
625 | | { "tls-features", TLS_FEATURES }, |
626 | | #ifdef DEFAULT_TRUST_STORE_PKCS11 |
627 | | { "default-trust-store-pkcs11", DEFAULT_TRUST_STORE_PKCS11 }, |
628 | | #endif |
629 | | #ifdef DEFAULT_TRUST_STORE_DIR |
630 | | { "default-trust-store-dir", DEFAULT_TRUST_STORE_DIR }, |
631 | | #endif |
632 | | #ifdef DEFAULT_TRUST_STORE_FILE |
633 | | { "default-trust-store-file", DEFAULT_TRUST_STORE_FILE }, |
634 | | #endif |
635 | | { "default-system-config", SYSTEM_PRIORITY_FILE }, |
636 | | { NULL, NULL } |
637 | | }; |
638 | | |
639 | | /** |
640 | | * gnutls_get_library_config: |
641 | | * |
642 | | * Returns the library configuration as key value pairs. |
643 | | * Currently defined keys are: |
644 | | * |
645 | | * - fips-module-name: the name of the FIPS140 module |
646 | | * |
647 | | * - fips-module-version: the version of the FIPS140 module |
648 | | * |
649 | | * - libgnutls-soname: the SONAME of the library itself |
650 | | * |
651 | | * - libnettle-soname: the library SONAME of linked libnettle |
652 | | * |
653 | | * - libhogweed-soname: the library SONAME of linked libhogweed |
654 | | * |
655 | | * - libgmp-soname: the library SONAME of linked libgmp |
656 | | * |
657 | | * - hardware-features: enabled hardware support features |
658 | | * |
659 | | * - tls-features: enabled TLS protocol features |
660 | | * |
661 | | * Returns: a NUL-terminated %gnutls_library_config_st array |
662 | | * |
663 | | * Since: 3.7.3 |
664 | | */ |
665 | | const gnutls_library_config_st *gnutls_get_library_config(void) |
666 | 0 | { |
667 | 0 | return _gnutls_library_config; |
668 | 0 | } |