Fix compilation without deprecated OpenSSL APIs

Summary: Pull Request resolved: https://github.com/facebook/folly/pull/1127 Reviewed By: reanimus Differential Revision: D15329439 Pulled By: yfeldblum fbshipit-source-id: 6c639ef367be6adede2e6a1c487a8d89a146779d

Fix compilation without deprecated OpenSSL APIs
Summary: Pull Request resolved: https://github.com/facebook/folly/pull/1127 Reviewed By: reanimus Differential Revision: D15329439 Pulled By: yfeldblum fbshipit-source-id: 6c639ef367be6adede2e6a1c487a8d89a146779d
5b35fe63 · Rosen Penev · Facebook Github Bot · 78ee6b85 · 5b35fe63 · 5b35fe63
Commit 5b35fe63 authored May 23, 2019 by Rosen Penev Committed by Facebook Github Bot May 23, 2019
5 changed files
--- a/folly/io/async/ssl/OpenSSLUtils.cpp
+++ b/folly/io/async/ssl/OpenSSLUtils.cpp
@@ -155,8 +155,10 @@ static std::unordered_map<uint16_t, std::string> getOpenSSLCipherNames() {
  SSL_CTX* ctx = nullptr;
  SSL* ssl = nullptr;

-  const SSL_METHOD* meth = SSLv23_server_method();
+  const SSL_METHOD* meth = TLS_server_method();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
  OpenSSL_add_ssl_algorithms();
+#endif

  if ((ctx = SSL_CTX_new(meth)) == nullptr) {
    return ret;

--- a/folly/portability/OpenSSL.h
+++ b/folly/portability/OpenSSL.h
@@ -27,6 +27,7 @@

 #include <openssl/asn1.h>
 #include <openssl/bio.h>
+#include <openssl/bn.h>
 #include <openssl/crypto.h>
 #include <openssl/dh.h>
 #include <openssl/err.h>
@@ -89,6 +90,17 @@
 #define FOLLY_OPENSSL_HAS_TLS13 0
 #endif

+#if !FOLLY_OPENSSL_IS_110
+#define OPENSSL_VERSION SSLEAY_VERSION
+#define OpenSSL_version SSLeay_version
+#define OpenSSL_version_num SSLeay
+#endif
+
+#if !FOLLY_OPENSSL_IS_110
+#define X509_get0_notAfter X509_get_notAfter
+#define X509_get0_notBefore X509_get_notBefore
+#endif
+
 // This attempts to "unify" the OpenSSL libcrypto/libssl APIs between
 // OpenSSL 1.0.2, 1.1.0 (and some earlier versions) and BoringSSL. The general
 // idea is to provide namespaced wrapper methods for versions which do not

--- a/folly/ssl/OpenSSLCertUtils.cpp
+++ b/folly/ssl/OpenSSLCertUtils.cpp
@@ -156,11 +156,11 @@ folly::Optional<std::string> OpenSSLCertUtils::toString(X509& x509) {
 }

 std::string OpenSSLCertUtils::getNotAfterTime(X509& x509) {
-  return getDateTimeStr(X509_get_notAfter(&x509));
+  return getDateTimeStr(X509_get0_notAfter(&x509));
 }

 std::string OpenSSLCertUtils::getNotBeforeTime(X509& x509) {
-  return getDateTimeStr(X509_get_notBefore(&x509));
+  return getDateTimeStr(X509_get0_notBefore(&x509));
 }

 std::string OpenSSLCertUtils::getDateTimeStr(const ASN1_TIME* time) {

--- a/folly/ssl/OpenSSLVersionFinder.h
+++ b/folly/ssl/OpenSSLVersionFinder.h
@@ -25,7 +25,7 @@ namespace folly {
 namespace ssl {
 inline std::string getOpenSSLLongVersion() {
 #ifdef OPENSSL_VERSION_TEXT
-  return SSLeay_version(SSLEAY_VERSION);
+  return OpenSSL_version(OPENSSL_VERSION);
 #elif defined(OPENSSL_VERSION_NUMBER)
  return folly::format("0x{:x}", OPENSSL_VERSION_NUMBER).str();
 #else
@@ -35,7 +35,7 @@ inline std::string getOpenSSLLongVersion() {

 inline uint64_t getOpenSSLNumericVersion() {
 #ifdef OPENSSL_VERSION_NUMBER
-  return SSLeay();
+  return OpenSSL_version_num();
 #else
  return 0;
 #endif

--- a/folly/ssl/detail/OpenSSLThreading.cpp
+++ b/folly/ssl/detail/OpenSSLThreading.cpp
@@ -115,6 +115,7 @@ struct SSLLock {
 // SSLContext runs in such environments.
 // Instead of declaring a static member we "new" the static
 // member so that it won't be destructed on exit().
+#if !FOLLY_SSL_DETAIL_OPENSSL_IS_110
 static std::unique_ptr<SSLLock[]>& locks() {
  static auto locksInst = new std::unique_ptr<SSLLock[]>();
  return *locksInst;
@@ -128,8 +129,8 @@ static void callbackLocking(int mode, int n, const char*, int) {
  }
 }

-static unsigned long callbackThreadID() {
-  return static_cast<unsigned long>(folly::getCurrentThreadID());
+static void callbackThreadID(CRYPTO_THREADID* id) {
+  return CRYPTO_THREADID_set_numeric(id, folly::getCurrentThreadID());
 }

 static CRYPTO_dynlock_value* dyn_create(const char*, int) {
@@ -150,28 +151,33 @@ dyn_lock(int mode, struct CRYPTO_dynlock_value* lock, const char*, int) {
 static void dyn_destroy(struct CRYPTO_dynlock_value* lock, const char*, int) {
  delete lock;
 }
+#endif

 void installThreadingLocks() {
+#if !FOLLY_SSL_DETAIL_OPENSSL_IS_110
  // static locking
  locks() = std::make_unique<SSLLock[]>(size_t(CRYPTO_num_locks()));
  for (auto it : lockTypes()) {
    locks()[size_t(it.first)].lockType = it.second;
  }
-  CRYPTO_set_id_callback(callbackThreadID);
+  CRYPTO_THREADID_set_callback(callbackThreadID);
  CRYPTO_set_locking_callback(callbackLocking);
  // dynamic locking
  CRYPTO_set_dynlock_create_callback(dyn_create);
  CRYPTO_set_dynlock_lock_callback(dyn_lock);
  CRYPTO_set_dynlock_destroy_callback(dyn_destroy);
+#endif
 }

 void cleanupThreadingLocks() {
-  CRYPTO_set_id_callback(nullptr);
+#if !FOLLY_SSL_DETAIL_OPENSSL_IS_110
+  CRYPTO_THREADID_set_callback(nullptr);
  CRYPTO_set_locking_callback(nullptr);
  CRYPTO_set_dynlock_create_callback(nullptr);
  CRYPTO_set_dynlock_lock_callback(nullptr);
  CRYPTO_set_dynlock_destroy_callback(nullptr);
  locks().reset();
+#endif
 }

 } // namespace detail