From c5b9338ec192ed46907905d173b65d158a038842 Mon Sep 17 00:00:00 2001
From: Christopher Dykes <cdykes@fb.com>
Date: Tue, 11 Apr 2017 14:17:10 -0700
Subject: [PATCH] Treat OpenSSL as a non-portable include

Summary: On Windows, the OpenSSL headers have to be included in a specific order relative to WinSock. Fixing the issues ad-hock is not a viable way to continue, so treat it as completely non-portable and require all includes of it in Folly to go through the portability header.

Reviewed By: yfeldblum

Differential Revision: D4856858

fbshipit-source-id: 56aca1fb0fe095f41a8af12488c6c2080344603d
---
 folly/io/async/AsyncSSLSocket.cpp               |  3 ---
 folly/io/async/AsyncTransport.h                 |  3 +--
 folly/io/async/SSLContext.cpp                   |  5 -----
 folly/io/async/SSLContext.h                     |  8 +-------
 folly/io/async/ssl/OpenSSLPtrTypes.h            | 17 +----------------
 folly/io/async/ssl/OpenSSLUtils.cpp             | 14 ++++++--------
 folly/io/async/ssl/OpenSSLUtils.h               |  4 +---
 folly/io/async/ssl/test/SSLErrorsTest.cpp       |  4 +---
 folly/io/async/test/AsyncSSLSocketTest.cpp      |  7 +++----
 .../io/async/test/AsyncSocketExceptionTest.cpp  |  4 ++--
 folly/portability/OpenSSL.h                     | 17 +++++++++++++++++
 folly/ssl/OpenSSLCertUtils.cpp                  |  7 ++-----
 folly/ssl/OpenSSLCertUtils.h                    |  3 +--
 folly/ssl/OpenSSLHash.h                         |  8 ++------
 folly/ssl/OpenSSLVersionFinder.h                |  3 ---
 folly/ssl/test/OpenSSLCertUtilsTest.cpp         |  3 ---
 16 files changed, 38 insertions(+), 72 deletions(-)

diff --git a/folly/io/async/AsyncSSLSocket.cpp b/folly/io/async/AsyncSSLSocket.cpp
index f8e315fb..8c7ab10c 100644
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -22,9 +22,6 @@
 #include <boost/noncopyable.hpp>
 #include <errno.h>
 #include <fcntl.h>
-#include <openssl/err.h>
-#include <openssl/asn1.h>
-#include <openssl/ssl.h>
 #include <sys/types.h>
 #include <chrono>
 
diff --git a/folly/io/async/AsyncTransport.h b/folly/io/async/AsyncTransport.h
index 6505c287..d20831f8 100644
--- a/folly/io/async/AsyncTransport.h
+++ b/folly/io/async/AsyncTransport.h
@@ -23,10 +23,9 @@
 #include <folly/io/async/DelayedDestruction.h>
 #include <folly/io/async/EventBase.h>
 #include <folly/io/async/ssl/OpenSSLPtrTypes.h>
+#include <folly/portability/OpenSSL.h>
 #include <folly/portability/SysUio.h>
 
-#include <openssl/ssl.h>
-
 constexpr bool kOpenSslModeMoveBufferOwnership =
 #ifdef SSL_MODE_MOVE_BUFFER_OWNERSHIP
   true
diff --git a/folly/io/async/SSLContext.cpp b/folly/io/async/SSLContext.cpp
index f3ca89f5..76bb4aa6 100644
--- a/folly/io/async/SSLContext.cpp
+++ b/folly/io/async/SSLContext.cpp
@@ -16,11 +16,6 @@
 
 #include "SSLContext.h"
 
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/ssl.h>
-#include <openssl/x509v3.h>
-
 #include <folly/Format.h>
 #include <folly/Memory.h>
 #include <folly/Random.h>
diff --git a/folly/io/async/SSLContext.h b/folly/io/async/SSLContext.h
index 07fec1cc..f4a638ef 100644
--- a/folly/io/async/SSLContext.h
+++ b/folly/io/async/SSLContext.h
@@ -24,13 +24,6 @@
 #include <string>
 #include <random>
 
-// This has to come before SSL.
-#include <folly/portability/OpenSSL.h>
-#include <folly/portability/Sockets.h>
-
-#include <openssl/ssl.h>
-#include <openssl/tls1.h>
-
 #include <glog/logging.h>
 
 #ifndef FOLLY_NO_CONFIG
@@ -40,6 +33,7 @@
 #include <folly/Range.h>
 #include <folly/io/async/ssl/OpenSSLPtrTypes.h>
 #include <folly/io/async/ssl/OpenSSLUtils.h>
+#include <folly/portability/OpenSSL.h>
 
 namespace folly {
 
diff --git a/folly/io/async/ssl/OpenSSLPtrTypes.h b/folly/io/async/ssl/OpenSSLPtrTypes.h
index ee0bf13f..c465fc13 100644
--- a/folly/io/async/ssl/OpenSSLPtrTypes.h
+++ b/folly/io/async/ssl/OpenSSLPtrTypes.h
@@ -18,23 +18,8 @@
 
 #include <glog/logging.h>
 
-// This needs to be before any OpenSSL includes.
-#include <folly/portability/OpenSSL.h>
-
-#include <openssl/asn1.h>
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#include <openssl/ecdsa.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/rsa.h>
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-
 #include <folly/Memory.h>
+#include <folly/portability/OpenSSL.h>
 
 namespace folly {
 namespace ssl {
diff --git a/folly/io/async/ssl/OpenSSLUtils.cpp b/folly/io/async/ssl/OpenSSLUtils.cpp
index db25b8bd..67cc1197 100644
--- a/folly/io/async/ssl/OpenSSLUtils.cpp
+++ b/folly/io/async/ssl/OpenSSLUtils.cpp
@@ -13,18 +13,16 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 #include <folly/io/async/ssl/OpenSSLUtils.h>
-#include <folly/ScopeGuard.h>
-#include <folly/portability/OpenSSL.h>
-#include <folly/portability/Sockets.h>
+
 #include <glog/logging.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/ssl.h>
-#include <openssl/x509v3.h>
+
 #include <unordered_map>
 
+#include <folly/ScopeGuard.h>
+#include <folly/portability/Sockets.h>
+
 namespace {
 #ifdef OPENSSL_IS_BORINGSSL
 // BoringSSL doesn't (as of May 2016) export the equivalent
diff --git a/folly/io/async/ssl/OpenSSLUtils.h b/folly/io/async/ssl/OpenSSLUtils.h
index 877df156..90135928 100644
--- a/folly/io/async/ssl/OpenSSLUtils.h
+++ b/folly/io/async/ssl/OpenSSLUtils.h
@@ -17,11 +17,9 @@
 
 #include <folly/Range.h>
 #include <folly/io/async/ssl/OpenSSLPtrTypes.h>
+#include <folly/portability/OpenSSL.h>
 #include <folly/portability/Sockets.h>
 
-#include <openssl/ssl.h>
-#include <openssl/x509v3.h>
-
 namespace folly {
 namespace ssl {
 
diff --git a/folly/io/async/ssl/test/SSLErrorsTest.cpp b/folly/io/async/ssl/test/SSLErrorsTest.cpp
index 14dacbe3..e07b552f 100644
--- a/folly/io/async/ssl/test/SSLErrorsTest.cpp
+++ b/folly/io/async/ssl/test/SSLErrorsTest.cpp
@@ -17,9 +17,7 @@
 #include <folly/io/async/ssl/SSLErrors.h>
 
 #include <folly/portability/GTest.h>
-
-#include <openssl/err.h>
-#include <openssl/x509.h>
+#include <folly/portability/OpenSSL.h>
 
 using namespace testing;
 using namespace folly;
diff --git a/folly/io/async/test/AsyncSSLSocketTest.cpp b/folly/io/async/test/AsyncSSLSocketTest.cpp
index 72359925..bc42103d 100644
--- a/folly/io/async/test/AsyncSSLSocketTest.cpp
+++ b/folly/io/async/test/AsyncSSLSocketTest.cpp
@@ -15,9 +15,8 @@
  */
 #include <folly/io/async/test/AsyncSSLSocketTest.h>
 
-#include <signal.h>
-
 #include <folly/SocketAddress.h>
+#include <folly/io/Cursor.h>
 #include <folly/io/async/AsyncSSLSocket.h>
 #include <folly/io/async/EventBase.h>
 #include <folly/portability/GMock.h>
@@ -29,10 +28,10 @@
 #include <folly/io/async/test/BlockingSocket.h>
 
 #include <fcntl.h>
-#include <folly/io/Cursor.h>
-#include <openssl/bio.h>
+#include <signal.h>
 #include <sys/types.h>
 #include <sys/utsname.h>
+
 #include <fstream>
 #include <iostream>
 #include <list>
diff --git a/folly/io/async/test/AsyncSocketExceptionTest.cpp b/folly/io/async/test/AsyncSocketExceptionTest.cpp
index 87ad6af9..277fd799 100644
--- a/folly/io/async/test/AsyncSocketExceptionTest.cpp
+++ b/folly/io/async/test/AsyncSocketExceptionTest.cpp
@@ -17,9 +17,9 @@
 
 #include <folly/io/async/AsyncSocketException.h>
 #include <folly/io/async/ssl/SSLErrors.h>
-#include <folly/portability/GTest.h>
 
-#include <openssl/ssl.h>
+#include <folly/portability/GTest.h>
+#include <folly/portability/OpenSSL.h>
 
 using namespace testing;
 
diff --git a/folly/portability/OpenSSL.h b/folly/portability/OpenSSL.h
index d392578c..d5d0b0f6 100644
--- a/folly/portability/OpenSSL.h
+++ b/folly/portability/OpenSSL.h
@@ -21,10 +21,27 @@
 
 #include <folly/Portability.h>
 
+#include <openssl/opensslv.h>
+
+#include <openssl/asn1.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
 #include <openssl/dh.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/sha.h>
 #include <openssl/ssl.h>
+#include <openssl/tls1.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#endif
 
 // BoringSSL doesn't have notion of versioning although it defines
 // OPENSSL_VERSION_NUMBER to maintain compatibility. The following variables are
diff --git a/folly/ssl/OpenSSLCertUtils.cpp b/folly/ssl/OpenSSLCertUtils.cpp
index 238fa689..79800df8 100644
--- a/folly/ssl/OpenSSLCertUtils.cpp
+++ b/folly/ssl/OpenSSLCertUtils.cpp
@@ -14,13 +14,10 @@
  * limitations under the License.
  */
 #include <folly/ssl/OpenSSLCertUtils.h>
-#include <folly/String.h>
-#include <folly/io/async/ssl/OpenSSLPtrTypes.h>
-
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
 
 #include <folly/ScopeGuard.h>
+#include <folly/String.h>
+#include <folly/io/async/ssl/OpenSSLPtrTypes.h>
 
 namespace folly {
 namespace ssl {
diff --git a/folly/ssl/OpenSSLCertUtils.h b/folly/ssl/OpenSSLCertUtils.h
index c6c3803b..be8fbec9 100644
--- a/folly/ssl/OpenSSLCertUtils.h
+++ b/folly/ssl/OpenSSLCertUtils.h
@@ -18,9 +18,8 @@
 #include <string>
 #include <vector>
 
-#include <openssl/x509.h>
-
 #include <folly/Optional.h>
+#include <folly/portability/OpenSSL.h>
 
 namespace folly {
 namespace ssl {
diff --git a/folly/ssl/OpenSSLHash.h b/folly/ssl/OpenSSLHash.h
index 5d11e3b7..baf9ec7f 100644
--- a/folly/ssl/OpenSSLHash.h
+++ b/folly/ssl/OpenSSLHash.h
@@ -16,14 +16,10 @@
 
 #pragma once
 
-#include <folly/io/async/ssl/OpenSSLPtrTypes.h>
-#include <folly/portability/OpenSSL.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/sha.h>
-
 #include <folly/Range.h>
 #include <folly/io/IOBuf.h>
+#include <folly/io/async/ssl/OpenSSLPtrTypes.h>
+#include <folly/portability/OpenSSL.h>
 
 namespace folly {
 namespace ssl {
diff --git a/folly/ssl/OpenSSLVersionFinder.h b/folly/ssl/OpenSSLVersionFinder.h
index d826e706..19914f97 100644
--- a/folly/ssl/OpenSSLVersionFinder.h
+++ b/folly/ssl/OpenSSLVersionFinder.h
@@ -18,9 +18,6 @@
 #include <folly/Conv.h>
 #include <folly/portability/OpenSSL.h>
 
-#include <openssl/crypto.h>
-#include <openssl/opensslv.h>
-
 // This is used to find the OpenSSL version at runtime. Just returning
 // OPENSSL_VERSION_NUMBER is insufficient as runtime version may be different
 // from the compile-time version
diff --git a/folly/ssl/test/OpenSSLCertUtilsTest.cpp b/folly/ssl/test/OpenSSLCertUtilsTest.cpp
index 629c15a2..874edb60 100644
--- a/folly/ssl/test/OpenSSLCertUtilsTest.cpp
+++ b/folly/ssl/test/OpenSSLCertUtilsTest.cpp
@@ -16,9 +16,6 @@
 
 #include <folly/ssl/OpenSSLCertUtils.h>
 
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-
 #include <folly/Range.h>
 #include <folly/String.h>
 #include <folly/io/async/ssl/OpenSSLPtrTypes.h>
-- 
2.34.1