1 | /* |
2 | * Copyright 2016-present Facebook, Inc. |
3 | * |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
5 | * you may not use this file except in compliance with the License. |
6 | * You may obtain a copy of the License at |
7 | * |
8 | * http://www.apache.org/licenses/LICENSE-2.0 |
9 | * |
10 | * Unless required by applicable law or agreed to in writing, software |
11 | * distributed under the License is distributed on an "AS IS" BASIS, |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | * See the License for the specific language governing permissions and |
14 | * limitations under the License. |
15 | */ |
16 | |
17 | #pragma once |
18 | |
19 | #include <cstdint> |
20 | |
21 | // This must come before the OpenSSL includes. |
22 | #include <folly/portability/Windows.h> |
23 | |
24 | #include <folly/Portability.h> |
25 | |
26 | #include <openssl/opensslv.h> |
27 | |
28 | #include <openssl/asn1.h> |
29 | #include <openssl/bio.h> |
30 | #include <openssl/crypto.h> |
31 | #include <openssl/dh.h> |
32 | #include <openssl/err.h> |
33 | #include <openssl/evp.h> |
34 | #include <openssl/hmac.h> |
35 | #include <openssl/rand.h> |
36 | #include <openssl/rsa.h> |
37 | #include <openssl/sha.h> |
38 | #include <openssl/ssl.h> |
39 | #include <openssl/tls1.h> |
40 | #include <openssl/x509.h> |
41 | #include <openssl/x509v3.h> |
42 | |
43 | #ifndef OPENSSL_NO_EC |
44 | #include <openssl/ec.h> |
45 | #include <openssl/ecdsa.h> |
46 | #endif |
47 | |
48 | // BoringSSL doesn't have notion of versioning although it defines |
49 | // OPENSSL_VERSION_NUMBER to maintain compatibility. The following variables are |
50 | // intended to be specific to OpenSSL. |
51 | #if !defined(OPENSSL_IS_BORINGSSL) |
52 | #define FOLLY_OPENSSL_IS_100 \ |
53 | (OPENSSL_VERSION_NUMBER >= 0x10000003L && \ |
54 | OPENSSL_VERSION_NUMBER < 0x1000105fL) |
55 | #define FOLLY_OPENSSL_IS_101 \ |
56 | (OPENSSL_VERSION_NUMBER >= 0x1000105fL && \ |
57 | OPENSSL_VERSION_NUMBER < 0x1000200fL) |
58 | #define FOLLY_OPENSSL_IS_102 \ |
59 | (OPENSSL_VERSION_NUMBER >= 0x1000200fL && \ |
60 | OPENSSL_VERSION_NUMBER < 0x10100000L) |
61 | #define FOLLY_OPENSSL_IS_110 (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
62 | #endif |
63 | |
64 | #if !defined(OPENSSL_IS_BORINGSSL) && !FOLLY_OPENSSL_IS_100 && \ |
65 | !FOLLY_OPENSSL_IS_101 && !FOLLY_OPENSSL_IS_102 && !FOLLY_OPENSSL_IS_110 |
66 | #warning Compiling with unsupported OpenSSL version |
67 | #endif |
68 | |
69 | // BoringSSL and OpenSSL 0.9.8f later with TLS extension support SNI. |
70 | #if defined(OPENSSL_IS_BORINGSSL) || \ |
71 | (OPENSSL_VERSION_NUMBER >= 0x00908070L && !defined(OPENSSL_NO_TLSEXT)) |
72 | #define FOLLY_OPENSSL_HAS_SNI 1 |
73 | #else |
74 | #define FOLLY_OPENSSL_HAS_SNI 0 |
75 | #endif |
76 | |
77 | // BoringSSL and OpenSSL 1.0.2 later with TLS extension support ALPN. |
78 | #if defined(OPENSSL_IS_BORINGSSL) || \ |
79 | (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_TLSEXT)) |
80 | #define FOLLY_OPENSSL_HAS_ALPN 1 |
81 | #else |
82 | #define FOLLY_OPENSSL_HAS_ALPN 0 |
83 | #endif |
84 | |
85 | // This attempts to "unify" the OpenSSL libcrypto/libssl APIs between |
86 | // OpenSSL 1.0.2, 1.1.0 (and some earlier versions) and BoringSSL. The general |
87 | // idea is to provide namespaced wrapper methods for versions which do not |
88 | // which already exist in BoringSSL and 1.1.0, but there are few APIs such as |
89 | // SSL_CTX_set1_sigalgs_list and so on which exist in 1.0.2 but were removed |
90 | // in BoringSSL |
91 | namespace folly { |
92 | namespace portability { |
93 | namespace ssl { |
94 | |
95 | #ifdef OPENSSL_IS_BORINGSSL |
96 | int SSL_CTX_set1_sigalgs_list(SSL_CTX* ctx, const char* sigalgs_list); |
97 | int TLS1_get_client_version(SSL* s); |
98 | #endif |
99 | |
100 | #if FOLLY_OPENSSL_IS_100 |
101 | uint32_t SSL_CIPHER_get_id(const SSL_CIPHER*); |
102 | int TLS1_get_client_version(const SSL*); |
103 | #endif |
104 | |
105 | #if FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101 |
106 | int X509_get_signature_nid(X509* cert); |
107 | #endif |
108 | |
109 | #if FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101 || FOLLY_OPENSSL_IS_102 |
110 | int SSL_CTX_up_ref(SSL_CTX* session); |
111 | int SSL_SESSION_up_ref(SSL_SESSION* session); |
112 | int X509_up_ref(X509* x); |
113 | int X509_STORE_up_ref(X509_STORE* v); |
114 | int EVP_PKEY_up_ref(EVP_PKEY* evp); |
115 | void RSA_get0_key( |
116 | const RSA* r, |
117 | const BIGNUM** n, |
118 | const BIGNUM** e, |
119 | const BIGNUM** d); |
120 | RSA* EVP_PKEY_get0_RSA(EVP_PKEY* pkey); |
121 | DSA* EVP_PKEY_get0_DSA(EVP_PKEY* pkey); |
122 | DH* EVP_PKEY_get0_DH(EVP_PKEY* pkey); |
123 | EC_KEY* EVP_PKEY_get0_EC_KEY(EVP_PKEY* pkey); |
124 | #endif |
125 | |
126 | #if !FOLLY_OPENSSL_IS_110 |
127 | BIO_METHOD* BIO_meth_new(int type, const char* name); |
128 | void BIO_meth_free(BIO_METHOD* biom); |
129 | int BIO_meth_set_read(BIO_METHOD* biom, int (*read)(BIO*, char*, int)); |
130 | int BIO_meth_set_write(BIO_METHOD* biom, int (*write)(BIO*, const char*, int)); |
131 | int BIO_meth_set_puts(BIO_METHOD* biom, int (*bputs)(BIO*, const char*)); |
132 | int BIO_meth_set_gets(BIO_METHOD* biom, int (*bgets)(BIO*, char*, int)); |
133 | int BIO_meth_set_ctrl(BIO_METHOD* biom, long (*ctrl)(BIO*, int, long, void*)); |
134 | int BIO_meth_set_create(BIO_METHOD* biom, int (*create)(BIO*)); |
135 | int BIO_meth_set_destroy(BIO_METHOD* biom, int (*destroy)(BIO*)); |
136 | |
137 | void BIO_set_data(BIO* bio, void* ptr); |
138 | void* BIO_get_data(BIO* bio); |
139 | void BIO_set_init(BIO* bio, int init); |
140 | void BIO_set_shutdown(BIO* bio, int shutdown); |
141 | |
142 | const SSL_METHOD* TLS_server_method(void); |
143 | const SSL_METHOD* TLS_client_method(void); |
144 | |
145 | const char* SSL_SESSION_get0_hostname(const SSL_SESSION* s); |
146 | unsigned char* ASN1_STRING_get0_data(const ASN1_STRING* x); |
147 | |
148 | EVP_MD_CTX* EVP_MD_CTX_new(); |
149 | void EVP_MD_CTX_free(EVP_MD_CTX* ctx); |
150 | |
151 | HMAC_CTX* HMAC_CTX_new(); |
152 | void HMAC_CTX_free(HMAC_CTX* ctx); |
153 | |
154 | unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s); |
155 | int SSL_SESSION_has_ticket(const SSL_SESSION* s); |
156 | int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g); |
157 | void DH_get0_pqg( |
158 | const DH* dh, |
159 | const BIGNUM** p, |
160 | const BIGNUM** q, |
161 | const BIGNUM** g); |
162 | void DH_get0_key(const DH* dh, const BIGNUM** pub_key, const BIGNUM** priv_key); |
163 | |
164 | void DSA_get0_pqg( |
165 | const DSA* dsa, |
166 | const BIGNUM** p, |
167 | const BIGNUM** q, |
168 | const BIGNUM** g); |
169 | void DSA_get0_key( |
170 | const DSA* dsa, |
171 | const BIGNUM** pub_key, |
172 | const BIGNUM** priv_key); |
173 | |
174 | STACK_OF(X509_OBJECT) * X509_STORE_get0_objects(X509_STORE* store); |
175 | |
176 | X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx); |
177 | STACK_OF(X509) * X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx); |
178 | STACK_OF(X509) * X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx); |
179 | bool RSA_set0_key(RSA* r, BIGNUM* n, BIGNUM* e, BIGNUM* d); |
180 | void RSA_get0_factors(const RSA* r, const BIGNUM** p, const BIGNUM** q); |
181 | void RSA_get0_crt_params( |
182 | const RSA* r, |
183 | const BIGNUM** dmp1, |
184 | const BIGNUM** dmq1, |
185 | const BIGNUM** iqmp); |
186 | int ECDSA_SIG_set0(ECDSA_SIG* sig, BIGNUM* r, BIGNUM* s); |
187 | void ECDSA_SIG_get0(const ECDSA_SIG* sig, const BIGNUM** pr, const BIGNUM** ps); |
188 | |
189 | using OPENSSL_INIT_SETTINGS = void; |
190 | int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS* settings); |
191 | void OPENSSL_cleanup(); |
192 | |
193 | const ASN1_INTEGER* X509_REVOKED_get0_serialNumber(const X509_REVOKED* r); |
194 | const ASN1_TIME* X509_REVOKED_get0_revocationDate(const X509_REVOKED* r); |
195 | |
196 | uint32_t X509_get_extension_flags(X509* x); |
197 | uint32_t X509_get_key_usage(X509* x); |
198 | uint32_t X509_get_extended_key_usage(X509* x); |
199 | |
200 | int X509_OBJECT_get_type(const X509_OBJECT* obj); |
201 | X509* X509_OBJECT_get0_X509(const X509_OBJECT* obj); |
202 | |
203 | const ASN1_TIME* X509_CRL_get0_lastUpdate(const X509_CRL* crl); |
204 | const ASN1_TIME* X509_CRL_get0_nextUpdate(const X509_CRL* crl); |
205 | |
206 | const X509_ALGOR* X509_get0_tbs_sigalg(const X509* x); |
207 | |
208 | #endif |
209 | |
210 | #if FOLLY_OPENSSL_IS_110 |
211 | // Note: this was a type and has been fixed upstream, so the next 1.1.0 |
212 | // minor version upgrade will need to remove this |
213 | #define OPENSSL_lh_new OPENSSL_LH_new |
214 | |
215 | // OpenSSL v1.1.0 removed support for SSLv2, and also removed the define that |
216 | // indicates it isn't supported. |
217 | #define OPENSSL_NO_SSL2 |
218 | #endif |
219 | } // namespace ssl |
220 | } // namespace portability |
221 | } // namespace folly |
222 | |
223 | FOLLY_PUSH_WARNING |
224 | FOLLY_CLANG_DISABLE_WARNING("-Wheader-hygiene" ) |
225 | /* using override */ using namespace folly::portability::ssl; |
226 | FOLLY_POP_WARNING |
227 | |