2 * Copyright 2017 Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 // This class attempts to "unify" the OpenSSL libcrypto/libssl APIs between
19 // OpenSSL 1.0.2, 1.1.0 (and some earlier versions) and BoringSSL. The general
20 // idea is to provide namespaced wrapper methods for versions which do not
21 // which already exist in BoringSSL and 1.1.0, but there are few APIs such as
22 // SSL_CTX_set1_sigalgs_list and so on which exist in 1.0.2 but were removed
28 // This must come before the OpenSSL includes.
29 #include <folly/portability/Windows.h>
31 #include <openssl/evp.h>
32 #include <openssl/ssl.h>
33 #include <openssl/x509.h>
39 // BoringSSL doesn't have notion of versioning although it defines
40 // OPENSSL_VERSION_NUMBER to maintain compatibility. The following variables are
41 // intended to be specific to OpenSSL.
42 #if !defined(OPENSSL_IS_BORINGSSL)
43 #define FOLLY_OPENSSL_IS_100 \
44 (OPENSSL_VERSION_NUMBER >= 0x10000003L && \
45 OPENSSL_VERSION_NUMBER < 0x1000105fL)
46 #define FOLLY_OPENSSL_IS_101 \
47 (OPENSSL_VERSION_NUMBER >= 0x1000105fL && \
48 OPENSSL_VERSION_NUMBER < 0x1000200fL)
49 #define FOLLY_OPENSSL_IS_102 \
50 (OPENSSL_VERSION_NUMBER >= 0x1000200fL && \
51 OPENSSL_VERSION_NUMBER < 0x10100000L)
52 #define FOLLY_OPENSSL_IS_110 (OPENSSL_VERSION_NUMBER >= 0x10100000L)
53 #endif // !defined(OPENSSL_IS_BORINGSSL)
55 // BoringSSL and OpenSSL 1.0.2 later with TLS extension support ALPN.
56 #if defined(OPENSSL_IS_BORINGSSL) || \
57 (OPENSSL_VERSION_NUMBER >= 0x1000200fL && \
58 !defined(OPENSSL_NO_TLSEXT))
59 #define FOLLY_OPENSSL_HAS_ALPN 1
61 #define FOLLY_OPENSSL_HAS_ALPN 0
64 // BoringSSL and OpenSSL 0.9.8f later with TLS extension support SNI.
65 #if defined(OPENSSL_IS_BORINGSSL) || \
66 (OPENSSL_VERSION_NUMBER >= 0x00908070L && \
67 !defined(OPENSSL_NO_TLSEXT))
68 #define FOLLY_OPENSSL_HAS_SNI 1
70 #define FOLLY_OPENSSL_HAS_SNI 0
73 #if FOLLY_OPENSSL_IS_110
74 ////////////////////////////////////////////////////////////////////////////////
75 // APIs needed in 1.1.0 only
76 ////////////////////////////////////////////////////////////////////////////////
79 ////////////////////////////////////////////////////////////////////////////////
80 // APIs needed in BoringSSL and OpenSSL != 1.1.0 (1.0.2, 1.0.1, 1.0.0...)
81 ////////////////////////////////////////////////////////////////////////////////
82 void BIO_meth_free(BIO_METHOD* biom);
83 int BIO_meth_set_read(BIO_METHOD* biom, int (*read)(BIO*, char*, int));
84 int BIO_meth_set_write(BIO_METHOD* biom, int (*write)(BIO*, const char*, int));
85 void EVP_MD_CTX_free(EVP_MD_CTX* ctx);
86 const char* SSL_SESSION_get0_hostname(const SSL_SESSION* s);
88 EVP_MD_CTX* EVP_MD_CTX_new(void);
89 void EVP_MD_CTX_free(EVP_MD_CTX* ctx);
91 HMAC_CTX* HMAC_CTX_new(void);
92 void HMAC_CTX_free(HMAC_CTX* ctx);
94 #ifdef OPENSSL_IS_BORINGSSL
95 ////////////////////////////////////////////////////////////////////////////////
96 // APIs needed in BoringSSL only
97 ////////////////////////////////////////////////////////////////////////////////
99 int SSL_CTX_set1_sigalgs_list(SSL_CTX* ctx, const char* sigalgs_list);
100 int TLS1_get_client_version(SSL* s);
102 #elif FOLLY_OPENSSL_IS_102 || FOLLY_OPENSSL_IS_101 || FOLLY_OPENSSL_IS_100
103 ////////////////////////////////////////////////////////////////////////////////
104 // APIs needed in 1.0.2 and 1.0.1/1.0.0 (both deprecated)
105 ////////////////////////////////////////////////////////////////////////////////
107 int SSL_CTX_up_ref(SSL_CTX* session);
108 int SSL_SESSION_up_ref(SSL_SESSION* session);
109 int X509_up_ref(X509* x);
111 #if FOLLY_OPENSSL_IS_101 || FOLLY_OPENSSL_IS_100
112 ////////////////////////////////////////////////////////////////////////////////
113 // APIs needed in 1.0.1/1.0.0 (both deprecated)
114 ////////////////////////////////////////////////////////////////////////////////
115 int X509_get_signature_nid(X509* cert);
119 #if FOLLY_OPENSSL_IS_100
120 ////////////////////////////////////////////////////////////////////////////////
121 // APIs needed only in 1.0.0 only (deprecated)
122 ////////////////////////////////////////////////////////////////////////////////
124 uint32_t SSL_CIPHER_get_id(const SSL_CIPHER*);
125 int TLS1_get_client_version(const SSL*);
129 #warning Compiling with unsupported OpenSSL version
131 #endif // !(OPENSSL_IS_BORINGSSL || FOLLY_OPENSSL_IS_101 ||
132 // FOLLY_OPENSSL_IS_102 || FOLLY_OPENSSL_IS_100)
134 #endif // !FOLLY_OPENSSL_IS_110