| 1 | /* |
|---|---|
| 2 | * Copyright 2016-present Facebook, Inc. |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #pragma once |
| 18 | |
| 19 | #include <cstdint> |
| 20 | |
| 21 | // This must come before the OpenSSL includes. |
| 22 | #include <folly/portability/Windows.h> |
| 23 | |
| 24 | #include <folly/Portability.h> |
| 25 | |
| 26 | #include <openssl/opensslv.h> |
| 27 | |
| 28 | #include <openssl/asn1.h> |
| 29 | #include <openssl/bio.h> |
| 30 | #include <openssl/crypto.h> |
| 31 | #include <openssl/dh.h> |
| 32 | #include <openssl/err.h> |
| 33 | #include <openssl/evp.h> |
| 34 | #include <openssl/hmac.h> |
| 35 | #include <openssl/rand.h> |
| 36 | #include <openssl/rsa.h> |
| 37 | #include <openssl/sha.h> |
| 38 | #include <openssl/ssl.h> |
| 39 | #include <openssl/tls1.h> |
| 40 | #include <openssl/x509.h> |
| 41 | #include <openssl/x509v3.h> |
| 42 | |
| 43 | #ifndef OPENSSL_NO_EC |
| 44 | #include <openssl/ec.h> |
| 45 | #include <openssl/ecdsa.h> |
| 46 | #endif |
| 47 | |
| 48 | // BoringSSL doesn't have notion of versioning although it defines |
| 49 | // OPENSSL_VERSION_NUMBER to maintain compatibility. The following variables are |
| 50 | // intended to be specific to OpenSSL. |
| 51 | #if !defined(OPENSSL_IS_BORINGSSL) |
| 52 | #define FOLLY_OPENSSL_IS_100 \ |
| 53 | (OPENSSL_VERSION_NUMBER >= 0x10000003L && \ |
| 54 | OPENSSL_VERSION_NUMBER < 0x1000105fL) |
| 55 | #define FOLLY_OPENSSL_IS_101 \ |
| 56 | (OPENSSL_VERSION_NUMBER >= 0x1000105fL && \ |
| 57 | OPENSSL_VERSION_NUMBER < 0x1000200fL) |
| 58 | #define FOLLY_OPENSSL_IS_102 \ |
| 59 | (OPENSSL_VERSION_NUMBER >= 0x1000200fL && \ |
| 60 | OPENSSL_VERSION_NUMBER < 0x10100000L) |
| 61 | #define FOLLY_OPENSSL_IS_110 (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
| 62 | #endif |
| 63 | |
| 64 | #if !defined(OPENSSL_IS_BORINGSSL) && !FOLLY_OPENSSL_IS_100 && \ |
| 65 | !FOLLY_OPENSSL_IS_101 && !FOLLY_OPENSSL_IS_102 && !FOLLY_OPENSSL_IS_110 |
| 66 | #warning Compiling with unsupported OpenSSL version |
| 67 | #endif |
| 68 | |
| 69 | // BoringSSL and OpenSSL 0.9.8f later with TLS extension support SNI. |
| 70 | #if defined(OPENSSL_IS_BORINGSSL) || \ |
| 71 | (OPENSSL_VERSION_NUMBER >= 0x00908070L && !defined(OPENSSL_NO_TLSEXT)) |
| 72 | #define FOLLY_OPENSSL_HAS_SNI 1 |
| 73 | #else |
| 74 | #define FOLLY_OPENSSL_HAS_SNI 0 |
| 75 | #endif |
| 76 | |
| 77 | // BoringSSL and OpenSSL 1.0.2 later with TLS extension support ALPN. |
| 78 | #if defined(OPENSSL_IS_BORINGSSL) || \ |
| 79 | (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_TLSEXT)) |
| 80 | #define FOLLY_OPENSSL_HAS_ALPN 1 |
| 81 | #else |
| 82 | #define FOLLY_OPENSSL_HAS_ALPN 0 |
| 83 | #endif |
| 84 | |
| 85 | // This attempts to "unify" the OpenSSL libcrypto/libssl APIs between |
| 86 | // OpenSSL 1.0.2, 1.1.0 (and some earlier versions) and BoringSSL. The general |
| 87 | // idea is to provide namespaced wrapper methods for versions which do not |
| 88 | // which already exist in BoringSSL and 1.1.0, but there are few APIs such as |
| 89 | // SSL_CTX_set1_sigalgs_list and so on which exist in 1.0.2 but were removed |
| 90 | // in BoringSSL |
| 91 | namespace folly { |
| 92 | namespace portability { |
| 93 | namespace ssl { |
| 94 | |
| 95 | #ifdef OPENSSL_IS_BORINGSSL |
| 96 | int SSL_CTX_set1_sigalgs_list(SSL_CTX* ctx, const char* sigalgs_list); |
| 97 | int TLS1_get_client_version(SSL* s); |
| 98 | #endif |
| 99 | |
| 100 | #if FOLLY_OPENSSL_IS_100 |
| 101 | uint32_t SSL_CIPHER_get_id(const SSL_CIPHER*); |
| 102 | int TLS1_get_client_version(const SSL*); |
| 103 | #endif |
| 104 | |
| 105 | #if FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101 |
| 106 | int X509_get_signature_nid(X509* cert); |
| 107 | #endif |
| 108 | |
| 109 | #if FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101 || FOLLY_OPENSSL_IS_102 |
| 110 | int SSL_CTX_up_ref(SSL_CTX* session); |
| 111 | int SSL_SESSION_up_ref(SSL_SESSION* session); |
| 112 | int X509_up_ref(X509* x); |
| 113 | int X509_STORE_up_ref(X509_STORE* v); |
| 114 | int EVP_PKEY_up_ref(EVP_PKEY* evp); |
| 115 | void RSA_get0_key( |
| 116 | const RSA* r, |
| 117 | const BIGNUM** n, |
| 118 | const BIGNUM** e, |
| 119 | const BIGNUM** d); |
| 120 | RSA* EVP_PKEY_get0_RSA(EVP_PKEY* pkey); |
| 121 | DSA* EVP_PKEY_get0_DSA(EVP_PKEY* pkey); |
| 122 | DH* EVP_PKEY_get0_DH(EVP_PKEY* pkey); |
| 123 | EC_KEY* EVP_PKEY_get0_EC_KEY(EVP_PKEY* pkey); |
| 124 | #endif |
| 125 | |
| 126 | #if !FOLLY_OPENSSL_IS_110 |
| 127 | BIO_METHOD* BIO_meth_new(int type, const char* name); |
| 128 | void BIO_meth_free(BIO_METHOD* biom); |
| 129 | int BIO_meth_set_read(BIO_METHOD* biom, int (*read)(BIO*, char*, int)); |
| 130 | int BIO_meth_set_write(BIO_METHOD* biom, int (*write)(BIO*, const char*, int)); |
| 131 | int BIO_meth_set_puts(BIO_METHOD* biom, int (*bputs)(BIO*, const char*)); |
| 132 | int BIO_meth_set_gets(BIO_METHOD* biom, int (*bgets)(BIO*, char*, int)); |
| 133 | int BIO_meth_set_ctrl(BIO_METHOD* biom, long (*ctrl)(BIO*, int, long, void*)); |
| 134 | int BIO_meth_set_create(BIO_METHOD* biom, int (*create)(BIO*)); |
| 135 | int BIO_meth_set_destroy(BIO_METHOD* biom, int (*destroy)(BIO*)); |
| 136 | |
| 137 | void BIO_set_data(BIO* bio, void* ptr); |
| 138 | void* BIO_get_data(BIO* bio); |
| 139 | void BIO_set_init(BIO* bio, int init); |
| 140 | void BIO_set_shutdown(BIO* bio, int shutdown); |
| 141 | |
| 142 | const SSL_METHOD* TLS_server_method(void); |
| 143 | const SSL_METHOD* TLS_client_method(void); |
| 144 | |
| 145 | const char* SSL_SESSION_get0_hostname(const SSL_SESSION* s); |
| 146 | unsigned char* ASN1_STRING_get0_data(const ASN1_STRING* x); |
| 147 | |
| 148 | EVP_MD_CTX* EVP_MD_CTX_new(); |
| 149 | void EVP_MD_CTX_free(EVP_MD_CTX* ctx); |
| 150 | |
| 151 | HMAC_CTX* HMAC_CTX_new(); |
| 152 | void HMAC_CTX_free(HMAC_CTX* ctx); |
| 153 | |
| 154 | unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s); |
| 155 | int SSL_SESSION_has_ticket(const SSL_SESSION* s); |
| 156 | int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g); |
| 157 | void DH_get0_pqg( |
| 158 | const DH* dh, |
| 159 | const BIGNUM** p, |
| 160 | const BIGNUM** q, |
| 161 | const BIGNUM** g); |
| 162 | void DH_get0_key(const DH* dh, const BIGNUM** pub_key, const BIGNUM** priv_key); |
| 163 | |
| 164 | void DSA_get0_pqg( |
| 165 | const DSA* dsa, |
| 166 | const BIGNUM** p, |
| 167 | const BIGNUM** q, |
| 168 | const BIGNUM** g); |
| 169 | void DSA_get0_key( |
| 170 | const DSA* dsa, |
| 171 | const BIGNUM** pub_key, |
| 172 | const BIGNUM** priv_key); |
| 173 | |
| 174 | STACK_OF(X509_OBJECT) * X509_STORE_get0_objects(X509_STORE* store); |
| 175 | |
| 176 | X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx); |
| 177 | STACK_OF(X509) * X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx); |
| 178 | STACK_OF(X509) * X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx); |
| 179 | bool RSA_set0_key(RSA* r, BIGNUM* n, BIGNUM* e, BIGNUM* d); |
| 180 | void RSA_get0_factors(const RSA* r, const BIGNUM** p, const BIGNUM** q); |
| 181 | void RSA_get0_crt_params( |
| 182 | const RSA* r, |
| 183 | const BIGNUM** dmp1, |
| 184 | const BIGNUM** dmq1, |
| 185 | const BIGNUM** iqmp); |
| 186 | int ECDSA_SIG_set0(ECDSA_SIG* sig, BIGNUM* r, BIGNUM* s); |
| 187 | void ECDSA_SIG_get0(const ECDSA_SIG* sig, const BIGNUM** pr, const BIGNUM** ps); |
| 188 | |
| 189 | using OPENSSL_INIT_SETTINGS = void; |
| 190 | int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS* settings); |
| 191 | void OPENSSL_cleanup(); |
| 192 | |
| 193 | const ASN1_INTEGER* X509_REVOKED_get0_serialNumber(const X509_REVOKED* r); |
| 194 | const ASN1_TIME* X509_REVOKED_get0_revocationDate(const X509_REVOKED* r); |
| 195 | |
| 196 | uint32_t X509_get_extension_flags(X509* x); |
| 197 | uint32_t X509_get_key_usage(X509* x); |
| 198 | uint32_t X509_get_extended_key_usage(X509* x); |
| 199 | |
| 200 | int X509_OBJECT_get_type(const X509_OBJECT* obj); |
| 201 | X509* X509_OBJECT_get0_X509(const X509_OBJECT* obj); |
| 202 | |
| 203 | const ASN1_TIME* X509_CRL_get0_lastUpdate(const X509_CRL* crl); |
| 204 | const ASN1_TIME* X509_CRL_get0_nextUpdate(const X509_CRL* crl); |
| 205 | |
| 206 | const X509_ALGOR* X509_get0_tbs_sigalg(const X509* x); |
| 207 | |
| 208 | #endif |
| 209 | |
| 210 | #if FOLLY_OPENSSL_IS_110 |
| 211 | // Note: this was a type and has been fixed upstream, so the next 1.1.0 |
| 212 | // minor version upgrade will need to remove this |
| 213 | #define OPENSSL_lh_new OPENSSL_LH_new |
| 214 | |
| 215 | // OpenSSL v1.1.0 removed support for SSLv2, and also removed the define that |
| 216 | // indicates it isn't supported. |
| 217 | #define OPENSSL_NO_SSL2 |
| 218 | #endif |
| 219 | } // namespace ssl |
| 220 | } // namespace portability |
| 221 | } // namespace folly |
| 222 | |
| 223 | FOLLY_PUSH_WARNING |
| 224 | FOLLY_CLANG_DISABLE_WARNING("-Wheader-hygiene") |
| 225 | /* using override */ using namespace folly::portability::ssl; |
| 226 | FOLLY_POP_WARNING |
| 227 |
Generated while processing folly/io/async/AsyncPipe.cpp
Generated on 2019-Jan-17 from project folly revision 2019
Powered by 
Code Browser 2.1
Generator usage only permitted with license.