From 79cb7776b1727ff98e5e53b049acc608c2cdda05 Mon Sep 17 00:00:00 2001 From: Anirudh Ramachandran Date: Mon, 1 May 2017 14:48:15 -0700 Subject: [PATCH] More OpenSSL 1.1.0 compatibility fixes Summary: A bunch of changes to make fbcode targets build with OpenSSL 1.1.0 Reviewed By: ivmaykov Differential Revision: D4949822 fbshipit-source-id: 35eda632d8335c4194352196264afeff69d87519 --- folly/io/async/AsyncSSLSocket.cpp | 4 +- folly/io/async/ssl/OpenSSLUtils.cpp | 3 + .../async/test/AsyncSocketExceptionTest.cpp | 3 + folly/portability/OpenSSL.cpp | 74 +++++++++++-------- folly/portability/OpenSSL.h | 10 +++ 5 files changed, 63 insertions(+), 31 deletions(-) diff --git a/folly/io/async/AsyncSSLSocket.cpp b/folly/io/async/AsyncSSLSocket.cpp index 8c7ab10c..c7c1c357 100644 --- a/folly/io/async/AsyncSSLSocket.cpp +++ b/folly/io/async/AsyncSSLSocket.cpp @@ -976,14 +976,14 @@ bool AsyncSSLSocket::willBlock(int ret, // The timeout (if set) keeps running here return true; #endif - } else if (0 + } else if ((0 #ifdef SSL_ERROR_WANT_RSA_ASYNC_PENDING || error == SSL_ERROR_WANT_RSA_ASYNC_PENDING #endif #ifdef SSL_ERROR_WANT_ECDSA_ASYNC_PENDING || error == SSL_ERROR_WANT_ECDSA_ASYNC_PENDING #endif - ) { + )) { // Our custom openssl function has kicked off an async request to do // rsa/ecdsa private key operation. When that call returns, a callback will // be invoked that will re-call handleAccept. diff --git a/folly/io/async/ssl/OpenSSLUtils.cpp b/folly/io/async/ssl/OpenSSLUtils.cpp index 67cc1197..72285ac9 100644 --- a/folly/io/async/ssl/OpenSSLUtils.cpp +++ b/folly/io/async/ssl/OpenSSLUtils.cpp @@ -195,6 +195,8 @@ const std::string& OpenSSLUtils::getCipherName(uint16_t cipherCode) { } void OpenSSLUtils::setSSLInitialCtx(SSL* ssl, SSL_CTX* ctx) { + (void)ssl; + (void)ctx; #if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT) if (ssl) { ssl->initial_ctx = ctx; @@ -203,6 +205,7 @@ void OpenSSLUtils::setSSLInitialCtx(SSL* ssl, SSL_CTX* ctx) { } SSL_CTX* OpenSSLUtils::getSSLInitialCtx(SSL* ssl) { + (void)ssl; #if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT) if (ssl) { return ssl->initial_ctx; diff --git a/folly/io/async/test/AsyncSocketExceptionTest.cpp b/folly/io/async/test/AsyncSocketExceptionTest.cpp index 277fd799..7e73df05 100644 --- a/folly/io/async/test/AsyncSocketExceptionTest.cpp +++ b/folly/io/async/test/AsyncSocketExceptionTest.cpp @@ -16,6 +16,7 @@ #include #include +#include #include #include @@ -52,6 +53,8 @@ TEST(AsyncSocketException, SimpleTest) { TEST(AsyncSocketException, SSLExceptionType) { { + // Initiailzes OpenSSL everything. Else some of the calls will block + folly::SSLContext::initializeOpenSSL(); SSLException eof(SSL_ERROR_ZERO_RETURN, 0, 0, 0); EXPECT_EQ(eof.getType(), AsyncSocketException::END_OF_FILE); diff --git a/folly/portability/OpenSSL.cpp b/folly/portability/OpenSSL.cpp index b5a638d2..53b020c7 100644 --- a/folly/portability/OpenSSL.cpp +++ b/folly/portability/OpenSSL.cpp @@ -87,35 +87,6 @@ unsigned char* ASN1_STRING_get0_data(const ASN1_STRING* x) { return ASN1_STRING_data((ASN1_STRING*)x); } -EVP_MD_CTX* EVP_MD_CTX_new(void) { - EVP_MD_CTX* ctx = (EVP_MD_CTX*)OPENSSL_malloc(sizeof(EVP_MD_CTX)); - if (!ctx) { - throw std::runtime_error("Cannot allocate EVP_MD_CTX"); - } - EVP_MD_CTX_init(ctx); - return ctx; -} - -void EVP_MD_CTX_free(EVP_MD_CTX* ctx) { - EVP_MD_CTX_destroy(ctx); -} - -HMAC_CTX* HMAC_CTX_new() { - HMAC_CTX* ctx = (HMAC_CTX*)OPENSSL_malloc(sizeof(HMAC_CTX)); - if (!ctx) { - throw std::runtime_error("Cannot allocate HMAC_CTX"); - } - HMAC_CTX_init(ctx); - return ctx; -} - -void HMAC_CTX_free(HMAC_CTX* ctx) { - if (ctx) { - HMAC_CTX_cleanup(ctx); - OPENSSL_free(ctx); - } -} - int SSL_SESSION_has_ticket(const SSL_SESSION* s) { return (s->tlsext_ticklen > 0) ? 1 : 0; } @@ -157,6 +128,51 @@ int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) { return 1; } + +X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx) { + return ctx->cert; +} + +STACK_OF(X509) * X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx) { + return X509_STORE_CTX_get_chain(ctx); +} + +STACK_OF(X509) * X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx) { + return ctx->untrusted; +} + +EVP_MD_CTX* EVP_MD_CTX_new() { + EVP_MD_CTX* ctx = (EVP_MD_CTX*)OPENSSL_malloc(sizeof(EVP_MD_CTX)); + if (!ctx) { + throw std::runtime_error("Cannot allocate EVP_MD_CTX"); + } + EVP_MD_CTX_init(ctx); + return ctx; +} + +void EVP_MD_CTX_free(EVP_MD_CTX* ctx) { + if (ctx) { + EVP_MD_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } +} + +HMAC_CTX* HMAC_CTX_new() { + HMAC_CTX* ctx = (HMAC_CTX*)OPENSSL_malloc(sizeof(HMAC_CTX)); + if (!ctx) { + throw std::runtime_error("Cannot allocate HMAC_CTX"); + } + HMAC_CTX_init(ctx); + return ctx; +} + +void HMAC_CTX_free(HMAC_CTX* ctx) { + if (ctx) { + HMAC_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } +} + #endif } diff --git a/folly/portability/OpenSSL.h b/folly/portability/OpenSSL.h index fdcec290..a75b015b 100644 --- a/folly/portability/OpenSSL.h +++ b/folly/portability/OpenSSL.h @@ -127,6 +127,16 @@ void HMAC_CTX_free(HMAC_CTX* ctx); unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s); int SSL_SESSION_has_ticket(const SSL_SESSION* s); int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g); + +X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx); +STACK_OF(X509) * X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx); +STACK_OF(X509) * X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx); +#endif + +#if FOLLY_OPENSSL_IS_110 +// Note: this was a type and has been fixed upstream, so the next 1.1.0 +// minor version upgrade will need to remove this +#define OPENSSL_lh_new OPENSSL_LH_new #endif } -- 2.34.1