in tls/s2n_cipher_suites.c [992:1047]
int s2n_cipher_suites_init(void)
{
const int num_cipher_suites = s2n_array_len(s2n_all_cipher_suites);
for (int i = 0; i < num_cipher_suites; i++) {
struct s2n_cipher_suite *cur_suite = s2n_all_cipher_suites[i];
cur_suite->available = 0;
cur_suite->record_alg = NULL;
/* Find the highest priority supported record algorithm */
for (int j = 0; j < cur_suite->num_record_algs; j++) {
/* Can we use the record algorithm's cipher? Won't be available if the system CPU architecture
* doesn't support it or if the libcrypto lacks the feature. All hmac_algs are supported.
*/
if (cur_suite->all_record_algs[j]->cipher->is_available()) {
/* Found a supported record algorithm. Use it. */
cur_suite->available = 1;
cur_suite->record_alg = cur_suite->all_record_algs[j];
break;
}
}
/* Mark PQ cipher suites as unavailable if PQ is disabled */
if (s2n_kex_includes(cur_suite->key_exchange_alg, &s2n_kem) && !s2n_pq_is_enabled()) {
cur_suite->available = 0;
cur_suite->record_alg = NULL;
}
/* Initialize SSLv3 cipher suite if SSLv3 utilizes a different record algorithm */
if (cur_suite->sslv3_record_alg && cur_suite->sslv3_record_alg->cipher->is_available()) {
struct s2n_blob cur_suite_mem = { 0 };
POSIX_GUARD(s2n_blob_init(&cur_suite_mem, (uint8_t *) cur_suite, sizeof(struct s2n_cipher_suite)));
struct s2n_blob new_suite_mem = { 0 };
POSIX_GUARD(s2n_dup(&cur_suite_mem, &new_suite_mem));
struct s2n_cipher_suite *new_suite = (struct s2n_cipher_suite *) (void *) new_suite_mem.data;
new_suite->available = 1;
new_suite->record_alg = cur_suite->sslv3_record_alg;
cur_suite->sslv3_cipher_suite = new_suite;
} else {
cur_suite->sslv3_cipher_suite = cur_suite;
}
}
if (should_init_crypto) {
#if !S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)
/*https://wiki.openssl.org/index.php/Manual:OpenSSL_add_all_algorithms(3)*/
OpenSSL_add_all_algorithms();
#else
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
#endif
}
crypto_initialized = true;
return S2N_SUCCESS;
}