2 * Copyright 2017 Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 #include <folly/portability/OpenSSL.h>
21 namespace portability {
24 #if OPENSSL_IS_BORINGSSL
25 int SSL_CTX_set1_sigalgs_list(SSL_CTX*, const char*) {
26 return 1; // 0 implies error
29 int TLS1_get_client_version(SSL* s) {
30 // Note that this isn't the client version, and the API to
31 // get this has been hidden. It may be found by parsing the
32 // ClientHello (there is a callback via the SSL_HANDSHAKE struct)
37 #if FOLLY_OPENSSL_IS_100
38 uint32_t SSL_CIPHER_get_id(const SSL_CIPHER* c) {
42 int TLS1_get_client_version(const SSL* s) {
43 return (s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0;
47 #if FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101
48 int X509_get_signature_nid(X509* cert) {
49 return OBJ_obj2nid(cert->sig_alg->algorithm);
53 #if FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101 || FOLLY_OPENSSL_IS_102
54 int SSL_CTX_up_ref(SSL_CTX* ctx) {
55 return CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
58 int SSL_SESSION_up_ref(SSL_SESSION* session) {
59 return CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
62 int X509_up_ref(X509* x) {
63 return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
67 #if !FOLLY_OPENSSL_IS_110
68 void BIO_meth_free(BIO_METHOD* biom) {
69 OPENSSL_free((void*)biom);
72 int BIO_meth_set_read(BIO_METHOD* biom, int (*read)(BIO*, char*, int)) {
77 int BIO_meth_set_write(BIO_METHOD* biom, int (*write)(BIO*, const char*, int)) {
82 const char* SSL_SESSION_get0_hostname(const SSL_SESSION* s) {
83 return s->tlsext_hostname;
86 unsigned char* ASN1_STRING_get0_data(const ASN1_STRING* x) {
87 return ASN1_STRING_data((ASN1_STRING*)x);
90 int SSL_SESSION_has_ticket(const SSL_SESSION* s) {
91 return (s->tlsext_ticklen > 0) ? 1 : 0;
94 unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s) {
95 return s->tlsext_tick_lifetime_hint;
98 // This is taken from OpenSSL 1.1.0
99 int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) {
100 /* If the fields p and g in d are NULL, the corresponding input
101 * parameters MUST be non-NULL. q may remain NULL.
103 if (dh == nullptr || (dh->p == nullptr && p == nullptr) ||
104 (dh->g == nullptr && g == nullptr)) {
121 // In OpenSSL 1.1.0, DH_set0_pqg also sets
122 // dh->length = BN_num_bits(q)
123 // With OpenSSL 1.0.2, the output of openssl dhparam -C 2048 doesn't set
124 // the length field. So as far as the compat lib is concerned, this wrapper
125 // mimics the functionality of OpenSSL 1.0.2
126 // Note: BoringSSL doesn't even have a length field anymore, just something
127 // called 'priv_length'. Let's not mess with that for now.
132 X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx) {
136 STACK_OF(X509) * X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx) {
137 return X509_STORE_CTX_get_chain(ctx);
140 STACK_OF(X509) * X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx) {
141 return ctx->untrusted;
144 EVP_MD_CTX* EVP_MD_CTX_new() {
145 EVP_MD_CTX* ctx = (EVP_MD_CTX*)OPENSSL_malloc(sizeof(EVP_MD_CTX));
147 throw std::runtime_error("Cannot allocate EVP_MD_CTX");
149 EVP_MD_CTX_init(ctx);
153 void EVP_MD_CTX_free(EVP_MD_CTX* ctx) {
155 EVP_MD_CTX_cleanup(ctx);
160 HMAC_CTX* HMAC_CTX_new() {
161 HMAC_CTX* ctx = (HMAC_CTX*)OPENSSL_malloc(sizeof(HMAC_CTX));
163 throw std::runtime_error("Cannot allocate HMAC_CTX");
169 void HMAC_CTX_free(HMAC_CTX* ctx) {
171 HMAC_CTX_cleanup(ctx);