X-Git-Url: http://plrg.eecs.uci.edu/git/?p=folly.git;a=blobdiff_plain;f=folly%2Fio%2Fasync%2Fssl%2FOpenSSLUtils.cpp;h=80d90ec04c92e409dbd618cf5618f0b4cf711bc0;hp=aa142f76fd6e2e67cf8d3e5f610dc182a7f79739;hb=1b0c0d91b2ab04619ff22e30d9758e286acf07fc;hpb=87659d07c32268836a18c5ccafb60612b8ffbdd4 diff --git a/folly/io/async/ssl/OpenSSLUtils.cpp b/folly/io/async/ssl/OpenSSLUtils.cpp index aa142f76..80d90ec0 100644 --- a/folly/io/async/ssl/OpenSSLUtils.cpp +++ b/folly/io/async/ssl/OpenSSLUtils.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2016 Facebook, Inc. + * Copyright 2017 Facebook, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -13,20 +13,19 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + #include -#include -#include -#include + #include -#include -#include -#include -#include -#include + #include +#include +#include +#include + namespace { -#if defined(OPENSSL_IS_BORINGSSL) +#ifdef OPENSSL_IS_BORINGSSL // BoringSSL doesn't (as of May 2016) export the equivalent // of BIO_sock_should_retry, so this is one way around it :( static int boringssl_bio_fd_should_retry(int err); @@ -122,12 +121,12 @@ bool OpenSSLUtils::validatePeerCertNames(X509* cert, } } - for (size_t i = 0; i < (size_t)sk_GENERAL_NAME_num(altNames); i++) { + for (int i = 0; i < sk_GENERAL_NAME_num(altNames); i++) { auto name = sk_GENERAL_NAME_value(altNames, i); if ((addr4 != nullptr || addr6 != nullptr) && name->type == GEN_IPADD) { // Extra const-ness for paranoia unsigned char const* const rawIpStr = name->d.iPAddress->data; - int const rawIpLen = name->d.iPAddress->length; + size_t const rawIpLen = size_t(name->d.iPAddress->length); if (rawIpLen == 4 && addr4 != nullptr) { if (::memcmp(rawIpStr, &addr4->sin_addr, rawIpLen) == 0) { @@ -196,6 +195,51 @@ const std::string& OpenSSLUtils::getCipherName(uint16_t cipherCode) { } } +void OpenSSLUtils::setSSLInitialCtx(SSL* ssl, SSL_CTX* ctx) { + (void)ssl; + (void)ctx; +#if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT) + if (ssl) { + ssl->initial_ctx = ctx; + } +#endif +} + +SSL_CTX* OpenSSLUtils::getSSLInitialCtx(SSL* ssl) { + (void)ssl; +#if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT) + if (ssl) { + return ssl->initial_ctx; + } +#endif + return nullptr; +} + +BioMethodUniquePtr OpenSSLUtils::newSocketBioMethod() { + BIO_METHOD* newmeth = nullptr; +#if FOLLY_OPENSSL_IS_110 + if (!(newmeth = BIO_meth_new(BIO_TYPE_SOCKET, "socket_bio_method"))) { + return nullptr; + } + auto meth = const_cast(BIO_s_socket()); + BIO_meth_set_create(newmeth, BIO_meth_get_create(meth)); + BIO_meth_set_destroy(newmeth, BIO_meth_get_destroy(meth)); + BIO_meth_set_ctrl(newmeth, BIO_meth_get_ctrl(meth)); + BIO_meth_set_callback_ctrl(newmeth, BIO_meth_get_callback_ctrl(meth)); + BIO_meth_set_read(newmeth, BIO_meth_get_read(meth)); + BIO_meth_set_write(newmeth, BIO_meth_get_write(meth)); + BIO_meth_set_gets(newmeth, BIO_meth_get_gets(meth)); + BIO_meth_set_puts(newmeth, BIO_meth_get_puts(meth)); +#else + if (!(newmeth = (BIO_METHOD*)OPENSSL_malloc(sizeof(BIO_METHOD)))) { + return nullptr; + } + memcpy(newmeth, BIO_s_socket(), sizeof(BIO_METHOD)); +#endif + + return BioMethodUniquePtr(newmeth); +} + bool OpenSSLUtils::setCustomBioReadMethod( BIO_METHOD* bioMeth, int (*meth)(BIO*, char*, int)) { @@ -214,7 +258,7 @@ bool OpenSSLUtils::setCustomBioWriteMethod( int OpenSSLUtils::getBioShouldRetryWrite(int r) { int ret = 0; -#if defined(OPENSSL_IS_BORINGSSL) +#ifdef OPENSSL_IS_BORINGSSL ret = boringssl_bio_fd_should_retry(r); #else ret = BIO_sock_should_retry(r); @@ -223,7 +267,7 @@ int OpenSSLUtils::getBioShouldRetryWrite(int r) { } void OpenSSLUtils::setBioAppData(BIO* b, void* ptr) { -#if defined(OPENSSL_IS_BORINGSSL) +#ifdef OPENSSL_IS_BORINGSSL BIO_set_callback_arg(b, static_cast(ptr)); #else BIO_set_app_data(b, ptr); @@ -231,21 +275,13 @@ void OpenSSLUtils::setBioAppData(BIO* b, void* ptr) { } void* OpenSSLUtils::getBioAppData(BIO* b) { -#if defined(OPENSSL_IS_BORINGSSL) +#ifdef OPENSSL_IS_BORINGSSL return BIO_get_callback_arg(b); #else return BIO_get_app_data(b); #endif } -void OpenSSLUtils::setCustomBioMethod(BIO* b, BIO_METHOD* meth) { -#if defined(OPENSSL_IS_BORINGSSL) - b->method = meth; -#else - BIO_set(b, meth); -#endif -} - int OpenSSLUtils::getBioFd(BIO* b, int* fd) { #ifdef _WIN32 int ret = portability::sockets::socket_to_fd((SOCKET)BIO_get_fd(b, fd)); @@ -260,7 +296,11 @@ int OpenSSLUtils::getBioFd(BIO* b, int* fd) { void OpenSSLUtils::setBioFd(BIO* b, int fd, int flags) { #ifdef _WIN32 - SOCKET sock = portability::sockets::fd_to_socket(fd); + SOCKET socket = portability::sockets::fd_to_socket(fd); + // Internally OpenSSL uses this as an int for reasons completely + // beyond any form of sanity, so we do the cast ourselves to avoid + // the warnings that would be generated. + int sock = int(socket); #else int sock = fd; #endif @@ -271,7 +311,7 @@ void OpenSSLUtils::setBioFd(BIO* b, int fd, int flags) { } // folly namespace { -#if defined(OPENSSL_IS_BORINGSSL) +#ifdef OPENSSL_IS_BORINGSSL static int boringssl_bio_fd_non_fatal_error(int err) { if ( @@ -307,11 +347,6 @@ static int boringssl_bio_fd_non_fatal_error(int err) { #if defined(OPENSSL_WINDOWS) -#include -#pragma warning(push, 3) -#include -#pragma warning(pop) - int boringssl_bio_fd_should_retry(int i) { if (i == -1) { return boringssl_bio_fd_non_fatal_error((int)GetLastError()); @@ -321,7 +356,6 @@ int boringssl_bio_fd_should_retry(int i) { #else // !OPENSSL_WINDOWS -#include int boringssl_bio_fd_should_retry(int i) { if (i == -1) { return boringssl_bio_fd_non_fatal_error(errno);