2 * Copyright 2017 Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 // This must come before the OpenSSL includes.
20 #include <folly/portability/Windows.h>
22 #include <folly/Portability.h>
24 #include <openssl/dh.h>
25 #include <openssl/evp.h>
26 #include <openssl/ssl.h>
27 #include <openssl/x509.h>
29 // BoringSSL doesn't have notion of versioning although it defines
30 // OPENSSL_VERSION_NUMBER to maintain compatibility. The following variables are
31 // intended to be specific to OpenSSL.
32 #if !defined(OPENSSL_IS_BORINGSSL)
33 # define FOLLY_OPENSSL_IS_100 \
34 (OPENSSL_VERSION_NUMBER >= 0x10000003L && \
35 OPENSSL_VERSION_NUMBER < 0x1000105fL)
36 # define FOLLY_OPENSSL_IS_101 \
37 (OPENSSL_VERSION_NUMBER >= 0x1000105fL && \
38 OPENSSL_VERSION_NUMBER < 0x1000200fL)
39 # define FOLLY_OPENSSL_IS_102 \
40 (OPENSSL_VERSION_NUMBER >= 0x1000200fL && \
41 OPENSSL_VERSION_NUMBER < 0x10100000L)
42 # define FOLLY_OPENSSL_IS_110 (OPENSSL_VERSION_NUMBER >= 0x10100000L)
45 #if !OPENSSL_IS_BORINGSSL && !FOLLY_OPENSSL_IS_100 && !FOLLY_OPENSSL_IS_101 \
46 && !FOLLY_OPENSSL_IS_102 && !FOLLY_OPENSSL_IS_110
47 # warning Compiling with unsupported OpenSSL version
50 // BoringSSL and OpenSSL 0.9.8f later with TLS extension support SNI.
51 #if OPENSSL_IS_BORINGSSL || \
52 (OPENSSL_VERSION_NUMBER >= 0x00908070L && !defined(OPENSSL_NO_TLSEXT))
53 # define FOLLY_OPENSSL_HAS_SNI 1
55 # define FOLLY_OPENSSL_HAS_SNI 0
58 // BoringSSL and OpenSSL 1.0.2 later with TLS extension support ALPN.
59 #if OPENSSL_IS_BORINGSSL || \
60 (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_TLSEXT))
61 # define FOLLY_OPENSSL_HAS_ALPN 1
63 # define FOLLY_OPENSSL_HAS_ALPN 0
66 // This attempts to "unify" the OpenSSL libcrypto/libssl APIs between
67 // OpenSSL 1.0.2, 1.1.0 (and some earlier versions) and BoringSSL. The general
68 // idea is to provide namespaced wrapper methods for versions which do not
69 // which already exist in BoringSSL and 1.1.0, but there are few APIs such as
70 // SSL_CTX_set1_sigalgs_list and so on which exist in 1.0.2 but were removed
73 namespace portability {
76 #if OPENSSL_IS_BORINGSSL
77 int SSL_CTX_set1_sigalgs_list(SSL_CTX* ctx, const char* sigalgs_list);
78 int TLS1_get_client_version(SSL* s);
81 #if FOLLY_OPENSSL_IS_100
82 uint32_t SSL_CIPHER_get_id(const SSL_CIPHER*);
83 int TLS1_get_client_version(const SSL*);
86 #if FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101
87 int X509_get_signature_nid(X509* cert);
90 #if FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101 || FOLLY_OPENSSL_IS_102
91 int SSL_CTX_up_ref(SSL_CTX* session);
92 int SSL_SESSION_up_ref(SSL_SESSION* session);
93 int X509_up_ref(X509* x);
96 #if !FOLLY_OPENSSL_IS_110
97 void BIO_meth_free(BIO_METHOD* biom);
98 int BIO_meth_set_read(BIO_METHOD* biom, int (*read)(BIO*, char*, int));
99 int BIO_meth_set_write(BIO_METHOD* biom, int (*write)(BIO*, const char*, int));
101 const char* SSL_SESSION_get0_hostname(const SSL_SESSION* s);
103 EVP_MD_CTX* EVP_MD_CTX_new();
104 void EVP_MD_CTX_free(EVP_MD_CTX* ctx);
106 HMAC_CTX* HMAC_CTX_new();
107 void HMAC_CTX_free(HMAC_CTX* ctx);
109 unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s);
110 int SSL_SESSION_has_ticket(const SSL_SESSION* s);
111 int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g);
119 #if __CLANG_PREREQ(3, 0)
120 FOLLY_GCC_DISABLE_WARNING(header-hygiene)
122 /* using override */ using namespace folly::portability::ssl;