X-Git-Url: http://plrg.eecs.uci.edu/git/?a=blobdiff_plain;f=folly%2Fportability%2FOpenSSL.h;h=eceb91d6c4f02c61a0700522d39e0b8e2f1bae85;hb=a123a11e30026dd9883f16fa3ad1baa2d9ecfeec;hp=dc6ac483a23bb3fc797e3285d688b37057066174;hpb=95c8e0726ef79fd286e11e02d7a6c279be8fceae;p=folly.git

diff --git a/folly/portability/OpenSSL.h b/folly/portability/OpenSSL.h
index dc6ac483..eceb91d6 100644
--- a/folly/portability/OpenSSL.h
+++ b/folly/portability/OpenSSL.h
@@ -14,27 +14,36 @@
  * limitations under the License.
  */
 
-//
-// This class attempts to "unify" the OpenSSL libcrypto/libssl APIs between
-// OpenSSL 1.0.2, 1.1.0 (and some earlier versions) and BoringSSL. The general
-// idea is to provide namespaced wrapper methods for versions which do not
-// which already exist in BoringSSL and 1.1.0, but there are few APIs such as
-// SSL_CTX_set1_sigalgs_list and so on which exist in 1.0.2 but were removed
-// in BoringSSL
-//
-
 #pragma once
 
+#include <cstdint>
+
 // This must come before the OpenSSL includes.
 #include <folly/portability/Windows.h>
 
+#include <folly/Portability.h>
+
+#include <openssl/opensslv.h>
+
+#include <openssl/asn1.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/dh.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/sha.h>
 #include <openssl/ssl.h>
+#include <openssl/tls1.h>
 #include <openssl/x509.h>
-#include <cstdint>
+#include <openssl/x509v3.h>
 
-namespace folly {
-namespace ssl {
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#endif
 
 // BoringSSL doesn't have notion of versioning although it defines
 // OPENSSL_VERSION_NUMBER to maintain compatibility. The following variables are
@@ -50,88 +59,141 @@ namespace ssl {
   (OPENSSL_VERSION_NUMBER >= 0x1000200fL && \
    OPENSSL_VERSION_NUMBER < 0x10100000L)
 #define FOLLY_OPENSSL_IS_110 (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-#endif // !defined(OPENSSL_IS_BORINGSSL)
+#endif
 
-// BoringSSL and OpenSSL 1.0.2 later with TLS extension support ALPN.
-#if defined(OPENSSL_IS_BORINGSSL) ||          \
-    (OPENSSL_VERSION_NUMBER >= 0x1000200fL && \
-     !defined(OPENSSL_NO_TLSEXT))
-#define FOLLY_OPENSSL_HAS_ALPN 1
-#else
-#define FOLLY_OPENSSL_HAS_ALPN 0
+#if !OPENSSL_IS_BORINGSSL && !FOLLY_OPENSSL_IS_100 && !FOLLY_OPENSSL_IS_101 && \
+    !FOLLY_OPENSSL_IS_102 && !FOLLY_OPENSSL_IS_110
+#warning Compiling with unsupported OpenSSL version
 #endif
 
 // BoringSSL and OpenSSL 0.9.8f later with TLS extension support SNI.
-#if defined(OPENSSL_IS_BORINGSSL) ||          \
-    (OPENSSL_VERSION_NUMBER >= 0x00908070L && \
-     !defined(OPENSSL_NO_TLSEXT))
+#if OPENSSL_IS_BORINGSSL || \
+    (OPENSSL_VERSION_NUMBER >= 0x00908070L && !defined(OPENSSL_NO_TLSEXT))
 #define FOLLY_OPENSSL_HAS_SNI 1
 #else
 #define FOLLY_OPENSSL_HAS_SNI 0
 #endif
 
-#if FOLLY_OPENSSL_IS_110
-////////////////////////////////////////////////////////////////////////////////
-// APIs needed in 1.1.0 only
-////////////////////////////////////////////////////////////////////////////////
-
+// BoringSSL and OpenSSL 1.0.2 later with TLS extension support ALPN.
+#if OPENSSL_IS_BORINGSSL || \
+    (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_TLSEXT))
+#define FOLLY_OPENSSL_HAS_ALPN 1
 #else
-////////////////////////////////////////////////////////////////////////////////
-// APIs needed in BoringSSL and OpenSSL != 1.1.0 (1.0.2, 1.0.1, 1.0.0...)
-////////////////////////////////////////////////////////////////////////////////
-void BIO_meth_free(BIO_METHOD* biom);
-int BIO_meth_set_read(BIO_METHOD* biom, int (*read)(BIO*, char*, int));
-int BIO_meth_set_write(BIO_METHOD* biom, int (*write)(BIO*, const char*, int));
-void EVP_MD_CTX_free(EVP_MD_CTX* ctx);
-const char* SSL_SESSION_get0_hostname(const SSL_SESSION* s);
-
-EVP_MD_CTX* EVP_MD_CTX_new(void);
-void EVP_MD_CTX_free(EVP_MD_CTX* ctx);
-
-HMAC_CTX* HMAC_CTX_new(void);
-void HMAC_CTX_free(HMAC_CTX* ctx);
+#define FOLLY_OPENSSL_HAS_ALPN 0
+#endif
 
-#ifdef OPENSSL_IS_BORINGSSL
-////////////////////////////////////////////////////////////////////////////////
-// APIs needed in BoringSSL only
-////////////////////////////////////////////////////////////////////////////////
+// This attempts to "unify" the OpenSSL libcrypto/libssl APIs between
+// OpenSSL 1.0.2, 1.1.0 (and some earlier versions) and BoringSSL. The general
+// idea is to provide namespaced wrapper methods for versions which do not
+// which already exist in BoringSSL and 1.1.0, but there are few APIs such as
+// SSL_CTX_set1_sigalgs_list and so on which exist in 1.0.2 but were removed
+// in BoringSSL
+namespace folly {
+namespace portability {
+namespace ssl {
 
+#if OPENSSL_IS_BORINGSSL
 int SSL_CTX_set1_sigalgs_list(SSL_CTX* ctx, const char* sigalgs_list);
 int TLS1_get_client_version(SSL* s);
+#endif
 
-#elif FOLLY_OPENSSL_IS_102 || FOLLY_OPENSSL_IS_101 || FOLLY_OPENSSL_IS_100
-////////////////////////////////////////////////////////////////////////////////
-// APIs needed in 1.0.2 and 1.0.1/1.0.0 (both deprecated)
-////////////////////////////////////////////////////////////////////////////////
+#if FOLLY_OPENSSL_IS_100
+uint32_t SSL_CIPHER_get_id(const SSL_CIPHER*);
+int TLS1_get_client_version(const SSL*);
+#endif
 
+#if FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101
+int X509_get_signature_nid(X509* cert);
+#endif
+
+#if FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101 || FOLLY_OPENSSL_IS_102
 int SSL_CTX_up_ref(SSL_CTX* session);
 int SSL_SESSION_up_ref(SSL_SESSION* session);
 int X509_up_ref(X509* x);
+int EVP_PKEY_up_ref(EVP_PKEY* evp);
+void RSA_get0_key(
+    const RSA* r,
+    const BIGNUM** n,
+    const BIGNUM** e,
+    const BIGNUM** d);
+RSA* EVP_PKEY_get0_RSA(EVP_PKEY* pkey);
+DSA* EVP_PKEY_get0_DSA(EVP_PKEY* pkey);
+DH* EVP_PKEY_get0_DH(EVP_PKEY* pkey);
+EC_KEY* EVP_PKEY_get0_EC_KEY(EVP_PKEY* pkey);
+#endif
 
-#if FOLLY_OPENSSL_IS_101 || FOLLY_OPENSSL_IS_100
-////////////////////////////////////////////////////////////////////////////////
-// APIs needed in 1.0.1/1.0.0 (both deprecated)
-////////////////////////////////////////////////////////////////////////////////
-int X509_get_signature_nid(X509* cert);
+#if !FOLLY_OPENSSL_IS_110
+void BIO_meth_free(BIO_METHOD* biom);
+int BIO_meth_set_read(BIO_METHOD* biom, int (*read)(BIO*, char*, int));
+int BIO_meth_set_write(BIO_METHOD* biom, int (*write)(BIO*, const char*, int));
 
-#endif
+const char* SSL_SESSION_get0_hostname(const SSL_SESSION* s);
+unsigned char* ASN1_STRING_get0_data(const ASN1_STRING* x);
 
-#if FOLLY_OPENSSL_IS_100
-////////////////////////////////////////////////////////////////////////////////
-// APIs needed only in 1.0.0 only (deprecated)
-////////////////////////////////////////////////////////////////////////////////
+EVP_MD_CTX* EVP_MD_CTX_new();
+void EVP_MD_CTX_free(EVP_MD_CTX* ctx);
 
-uint32_t SSL_CIPHER_get_id(const SSL_CIPHER*);
-int TLS1_get_client_version(const SSL*);
+HMAC_CTX* HMAC_CTX_new();
+void HMAC_CTX_free(HMAC_CTX* ctx);
+
+unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s);
+int SSL_SESSION_has_ticket(const SSL_SESSION* s);
+int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g);
+void DH_get0_pqg(
+    const DH* dh,
+    const BIGNUM** p,
+    const BIGNUM** q,
+    const BIGNUM** g);
+void DH_get0_key(const DH* dh, const BIGNUM** pub_key, const BIGNUM** priv_key);
+
+void DSA_get0_pqg(
+    const DSA* dsa,
+    const BIGNUM** p,
+    const BIGNUM** q,
+    const BIGNUM** g);
+void DSA_get0_key(
+    const DSA* dsa,
+    const BIGNUM** pub_key,
+    const BIGNUM** priv_key);
+
+X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx);
+STACK_OF(X509) * X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx);
+STACK_OF(X509) * X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx);
+bool RSA_set0_key(RSA* r, BIGNUM* n, BIGNUM* e, BIGNUM* d);
+void RSA_get0_factors(const RSA* r, const BIGNUM** p, const BIGNUM** q);
+void RSA_get0_crt_params(
+    const RSA* r,
+    const BIGNUM** dmp1,
+    const BIGNUM** dmq1,
+    const BIGNUM** iqmp);
+int ECDSA_SIG_set0(ECDSA_SIG* sig, BIGNUM* r, BIGNUM* s);
+void ECDSA_SIG_get0(const ECDSA_SIG* sig, const BIGNUM** pr, const BIGNUM** ps);
+
+using OPENSSL_INIT_SETTINGS = void;
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS* settings);
+void OPENSSL_cleanup();
+
+const ASN1_INTEGER* X509_REVOKED_get0_serialNumber(const X509_REVOKED* r);
+const ASN1_TIME* X509_REVOKED_get0_revocationDate(const X509_REVOKED* r);
 
 #endif
-#else
-#warning Compiling with unsupported OpenSSL version
 
-#endif // !(OPENSSL_IS_BORINGSSL || FOLLY_OPENSSL_IS_101 ||
-// FOLLY_OPENSSL_IS_102 || FOLLY_OPENSSL_IS_100)
+#if FOLLY_OPENSSL_IS_110
+// Note: this was a type and has been fixed upstream, so the next 1.1.0
+// minor version upgrade will need to remove this
+#define OPENSSL_lh_new OPENSSL_LH_new
 
-#endif // !FOLLY_OPENSSL_IS_110
+// OpenSSL v1.1.0 removed support for SSLv2, and also removed the define that
+// indicates it isn't supported.
+#define OPENSSL_NO_SSL2
+#endif
+} // namespace ssl
+} // namespace portability
+} // namespace folly
 
-} // ssl
-} // folly
+FOLLY_PUSH_WARNING
+#if __CLANG_PREREQ(3, 0)
+FOLLY_GCC_DISABLE_WARNING("-Wheader-hygiene")
+#endif
+/* using override */ using namespace folly::portability::ssl;
+FOLLY_POP_WARNING