More OpenSSL 1.1.0 compatibility fixes

Summary: A bunch of changes to make fbcode targets build with OpenSSL 1.1.0

Reviewed By: ivmaykov

Differential Revision: D4949822

fbshipit-source-id: 35eda632d8335c4194352196264afeff69d87519

diff --git a/folly/io/async/AsyncSSLSocket.cpp b/folly/io/async/AsyncSSLSocket.cpp
index 8c7ab10c3076d9104768936cf93aa5e2f36fb49f..c7c1c357a9518ed6c84cc21789fd7828a55f036f 100644 (file)
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -976,14 +976,14 @@ bool AsyncSSLSocket::willBlock(int ret,
     // The timeout (if set) keeps running here
     return true;
 #endif
     // The timeout (if set) keeps running here
     return true;
 #endif

-  } else if (0
+  } else if ((0

 #ifdef SSL_ERROR_WANT_RSA_ASYNC_PENDING
       || error == SSL_ERROR_WANT_RSA_ASYNC_PENDING
 #endif
 #ifdef SSL_ERROR_WANT_ECDSA_ASYNC_PENDING
       || error == SSL_ERROR_WANT_ECDSA_ASYNC_PENDING
 #endif
 #ifdef SSL_ERROR_WANT_RSA_ASYNC_PENDING
       || error == SSL_ERROR_WANT_RSA_ASYNC_PENDING
 #endif
 #ifdef SSL_ERROR_WANT_ECDSA_ASYNC_PENDING
       || error == SSL_ERROR_WANT_ECDSA_ASYNC_PENDING
 #endif

-      ) {
+      )) {

     // Our custom openssl function has kicked off an async request to do
     // rsa/ecdsa private key operation.  When that call returns, a callback will
     // be invoked that will re-call handleAccept.
     // Our custom openssl function has kicked off an async request to do
     // rsa/ecdsa private key operation.  When that call returns, a callback will
     // be invoked that will re-call handleAccept.

diff --git a/folly/io/async/ssl/OpenSSLUtils.cpp b/folly/io/async/ssl/OpenSSLUtils.cpp
index 67cc119727519271c6938159081b7db24b7e8ced..72285ac9259e6e87f84aeaec6fa67b63bb21875c 100644 (file)
--- a/folly/io/async/ssl/OpenSSLUtils.cpp
+++ b/folly/io/async/ssl/OpenSSLUtils.cpp
@@ -195,6 +195,8 @@ const std::string& OpenSSLUtils::getCipherName(uint16_t cipherCode) {
 }
 
 void OpenSSLUtils::setSSLInitialCtx(SSL* ssl, SSL_CTX* ctx) {
 }
 
 void OpenSSLUtils::setSSLInitialCtx(SSL* ssl, SSL_CTX* ctx) {

+  (void)ssl;
+  (void)ctx;

 #if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT)
   if (ssl) {
     ssl->initial_ctx = ctx;
 #if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT)
   if (ssl) {
     ssl->initial_ctx = ctx;


@@ -203,6 +205,7 @@ void OpenSSLUtils::setSSLInitialCtx(SSL* ssl, SSL_CTX* ctx) {
 }
 
 SSL_CTX* OpenSSLUtils::getSSLInitialCtx(SSL* ssl) {
 }
 
 SSL_CTX* OpenSSLUtils::getSSLInitialCtx(SSL* ssl) {

+  (void)ssl;

 #if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT)
   if (ssl) {
     return ssl->initial_ctx;
 #if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT)
   if (ssl) {
     return ssl->initial_ctx;

diff --git a/folly/io/async/test/AsyncSocketExceptionTest.cpp b/folly/io/async/test/AsyncSocketExceptionTest.cpp
index 277fd799283fdc324e73baf3da41fd2ea5ad75a3..7e73df05d6cefbb933427dd7b94e7daf87d7e18c 100644 (file)
--- a/folly/io/async/test/AsyncSocketExceptionTest.cpp
+++ b/folly/io/async/test/AsyncSocketExceptionTest.cpp
@@ -16,6 +16,7 @@
 #include <array>
 
 #include <folly/io/async/AsyncSocketException.h>
 #include <array>
 
 #include <folly/io/async/AsyncSocketException.h>

+#include <folly/io/async/SSLContext.h>

 #include <folly/io/async/ssl/SSLErrors.h>
 
 #include <folly/portability/GTest.h>
 #include <folly/io/async/ssl/SSLErrors.h>
 
 #include <folly/portability/GTest.h>


@@ -52,6 +53,8 @@ TEST(AsyncSocketException, SimpleTest) {
 
 TEST(AsyncSocketException, SSLExceptionType) {
   {
 
 TEST(AsyncSocketException, SSLExceptionType) {
   {

+    // Initiailzes OpenSSL everything. Else some of the calls will block
+    folly::SSLContext::initializeOpenSSL();

     SSLException eof(SSL_ERROR_ZERO_RETURN, 0, 0, 0);
     EXPECT_EQ(eof.getType(), AsyncSocketException::END_OF_FILE);
 
     SSLException eof(SSL_ERROR_ZERO_RETURN, 0, 0, 0);
     EXPECT_EQ(eof.getType(), AsyncSocketException::END_OF_FILE);
 

diff --git a/folly/portability/OpenSSL.cpp b/folly/portability/OpenSSL.cpp
index b5a638d28e62d29eb8f12a405b0b04133f79d369..53b020c73d0069dcbf4816c30d49a932c81e3f8f 100644 (file)
--- a/folly/portability/OpenSSL.cpp
+++ b/folly/portability/OpenSSL.cpp
@@ -87,35 +87,6 @@ unsigned char* ASN1_STRING_get0_data(const ASN1_STRING* x) {
   return ASN1_STRING_data((ASN1_STRING*)x);
 }
 
   return ASN1_STRING_data((ASN1_STRING*)x);
 }
 

-EVP_MD_CTX* EVP_MD_CTX_new(void) {
-  EVP_MD_CTX* ctx = (EVP_MD_CTX*)OPENSSL_malloc(sizeof(EVP_MD_CTX));
-  if (!ctx) {
-    throw std::runtime_error("Cannot allocate EVP_MD_CTX");
-  }
-  EVP_MD_CTX_init(ctx);
-  return ctx;
-}
-
-void EVP_MD_CTX_free(EVP_MD_CTX* ctx) {
-  EVP_MD_CTX_destroy(ctx);
-}
-
-HMAC_CTX* HMAC_CTX_new() {
-  HMAC_CTX* ctx = (HMAC_CTX*)OPENSSL_malloc(sizeof(HMAC_CTX));
-  if (!ctx) {
-    throw std::runtime_error("Cannot allocate HMAC_CTX");
-  }
-  HMAC_CTX_init(ctx);
-  return ctx;
-}
-
-void HMAC_CTX_free(HMAC_CTX* ctx) {
-  if (ctx) {
-    HMAC_CTX_cleanup(ctx);
-    OPENSSL_free(ctx);
-  }
-}
-

 int SSL_SESSION_has_ticket(const SSL_SESSION* s) {
   return (s->tlsext_ticklen > 0) ? 1 : 0;
 }
 int SSL_SESSION_has_ticket(const SSL_SESSION* s) {
   return (s->tlsext_ticklen > 0) ? 1 : 0;
 }


@@ -157,6 +128,51 @@ int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) {
 
   return 1;
 }
 
   return 1;
 }

+
+X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx) {
+  return ctx->cert;
+}
+
+STACK_OF(X509) * X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx) {
+  return X509_STORE_CTX_get_chain(ctx);
+}
+
+STACK_OF(X509) * X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx) {
+  return ctx->untrusted;
+}
+
+EVP_MD_CTX* EVP_MD_CTX_new() {
+  EVP_MD_CTX* ctx = (EVP_MD_CTX*)OPENSSL_malloc(sizeof(EVP_MD_CTX));
+  if (!ctx) {
+    throw std::runtime_error("Cannot allocate EVP_MD_CTX");
+  }
+  EVP_MD_CTX_init(ctx);
+  return ctx;
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX* ctx) {
+  if (ctx) {
+    EVP_MD_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+  }
+}
+
+HMAC_CTX* HMAC_CTX_new() {
+  HMAC_CTX* ctx = (HMAC_CTX*)OPENSSL_malloc(sizeof(HMAC_CTX));
+  if (!ctx) {
+    throw std::runtime_error("Cannot allocate HMAC_CTX");
+  }
+  HMAC_CTX_init(ctx);
+  return ctx;
+}
+
+void HMAC_CTX_free(HMAC_CTX* ctx) {
+  if (ctx) {
+    HMAC_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+  }
+}
+

 #endif
 
 }
 #endif
 
 }

diff --git a/folly/portability/OpenSSL.h b/folly/portability/OpenSSL.h
index fdcec290eb12041c58459ebfa8d06818d5df55d5..a75b015bb55f9d2e6bcb03c2c6fc9ce77e963c2b 100644 (file)
--- a/folly/portability/OpenSSL.h
+++ b/folly/portability/OpenSSL.h
@@ -127,6 +127,16 @@ void HMAC_CTX_free(HMAC_CTX* ctx);
 unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s);
 int SSL_SESSION_has_ticket(const SSL_SESSION* s);
 int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g);
 unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s);
 int SSL_SESSION_has_ticket(const SSL_SESSION* s);
 int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g);

+
+X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx);
+STACK_OF(X509) * X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx);
+STACK_OF(X509) * X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx);
+#endif
+
+#if FOLLY_OPENSSL_IS_110
+// Note: this was a type and has been fixed upstream, so the next 1.1.0
+// minor version upgrade will need to remove this
+#define OPENSSL_lh_new OPENSSL_LH_new

 #endif
 
 }
 #endif
 
 }