Support building with OpenSSL 1.1.0 and BoringSSL

author Anirudh Ramachandran <avr@fb.com>

Tue, 4 Apr 2017 06:30:01 +0000 (23:30 -0700)

committer Facebook Github Bot <facebook-github-bot@users.noreply.github.com>

Tue, 4 Apr 2017 06:41:02 +0000 (23:41 -0700)
author Anirudh Ramachandran <avr@fb.com>
Tue, 4 Apr 2017 06:30:01 +0000 (23:30 -0700)
committer Facebook Github Bot <facebook-github-bot@users.noreply.github.com>
Tue, 4 Apr 2017 06:41:02 +0000 (23:41 -0700)
diff --git a/folly/portability/OpenSSL.cpp b/folly/portability/OpenSSL.cpp

index 04512f648db6933b076c5b6323bd38e87906f004..6c1f66dc7b7a7ffc57b3d6703b002f1b60762d3f 100644 (file)
--- a/folly/portability/OpenSSL.cpp
+++ b/folly/portability/OpenSSL.cpp
@@ -26,7 +26,7 @@ namespace ssl {
  
  #else
  ////////////////////////////////////////////////////////////////////////////////
-// APIs needed in BoringSSL and OpenSSL != 1.1.0 (1.0.2, 1.0.1, 1.0.0...)
+// APIs needed in BoringSSL and OpenSSL < 1.1.0 (i.e., 1.0.2, 1.0.1, 1.0.0, etc)
  ////////////////////////////////////////////////////////////////////////////////
  void BIO_meth_free(BIO_METHOD* biom) {
    OPENSSL_free((void*)biom);
@@ -74,6 +74,48 @@ void HMAC_CTX_free(HMAC_CTX* ctx) {
    }
  }
  
+int SSL_SESSION_has_ticket(const SSL_SESSION* s) {
+  return (s->tlsext_ticklen > 0) ? 1 : 0;
+}
+
+unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s) {
+  return s->tlsext_tick_lifetime_hint;
+}
+
+// This is taken from OpenSSL 1.1.0
+int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) {
+  /* If the fields p and g in d are NULL, the corresponding input
+   * parameters MUST be non-NULL.  q may remain NULL.
+   */
+  if (dh == nullptr || (dh->p == nullptr && p == nullptr) ||
+      (dh->g == nullptr && g == nullptr)) {
+    return 0;
+  }
+
+  if (p != nullptr) {
+    BN_free(dh->p);
+    dh->p = p;
+  }
+  if (q != nullptr) {
+    BN_free(dh->q);
+    dh->q = q;
+  }
+  if (g != nullptr) {
+    BN_free(dh->g);
+    dh->g = g;
+  }
+
+  // In OpenSSL 1.1.0, DH_set0_pqg also sets
+  //   dh->length = BN_num_bits(q)
+  // With OpenSSL 1.0.2, the output of openssl dhparam -C 2048 doesn't set
+  // the length field. So as far as the compat lib is concerned, this wrapper
+  // mimics the functionality of OpenSSL 1.0.2
+  // Note: BoringSSL doesn't even have a length field anymore, just something
+  // called 'priv_length'. Let's not mess with that for now.
+
+  return 1;
+}
+
  #ifdef OPENSSL_IS_BORINGSSL
  ////////////////////////////////////////////////////////////////////////////////
  // APIs needed in BoringSSL only
diff --git a/folly/portability/OpenSSL.h b/folly/portability/OpenSSL.h

index dc6ac483a23bb3fc797e3285d688b37057066174..d105dc47f4b57261d53a1a038e708688e8bbf292 100644 (file)
--- a/folly/portability/OpenSSL.h
+++ b/folly/portability/OpenSSL.h
@@ -28,6 +28,7 @@
  // This must come before the OpenSSL includes.
  #include <folly/portability/Windows.h>
  
+#include <openssl/dh.h>
  #include <openssl/evp.h>
  #include <openssl/ssl.h>
  #include <openssl/x509.h>
@@ -91,6 +92,10 @@ void EVP_MD_CTX_free(EVP_MD_CTX* ctx);
  HMAC_CTX* HMAC_CTX_new(void);
  void HMAC_CTX_free(HMAC_CTX* ctx);
  
+unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s);
+int SSL_SESSION_has_ticket(const SSL_SESSION*);
+int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g);
+
  #ifdef OPENSSL_IS_BORINGSSL
  ////////////////////////////////////////////////////////////////////////////////
  // APIs needed in BoringSSL only
author	Anirudh Ramachandran <avr@fb.com>
	Tue, 4 Apr 2017 06:30:01 +0000 (23:30 -0700)
committer	Facebook Github Bot <facebook-github-bot@users.noreply.github.com>
	Tue, 4 Apr 2017 06:41:02 +0000 (23:41 -0700)
folly/portability/OpenSSL.cpp		patch \| blob \| history
folly/portability/OpenSSL.h		patch \| blob \| history