More OpenSSL 1.1.0 compatibility fixes

Summary: A bunch of changes to make fbcode targets build with OpenSSL 1.1.0 Reviewed By: ivmaykov Differential Revision: D4949822 fbshipit-source-id: 35eda632d8335c4194352196264afeff69d87519

More OpenSSL 1.1.0 compatibility fixes
Summary: A bunch of changes to make fbcode targets build with OpenSSL 1.1.0 Reviewed By: ivmaykov Differential Revision: D4949822 fbshipit-source-id: 35eda632d8335c4194352196264afeff69d87519
79cb7776 · Anirudh Ramachandran · Facebook Github Bot · 22011b7f · 79cb7776 · 79cb7776
Commit 79cb7776 authored May 01, 2017 by Anirudh Ramachandran Committed by Facebook Github Bot May 01, 2017
5 changed files
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -976,14 +976,14 @@ bool AsyncSSLSocket::willBlock(int ret,
    // The timeout (if set) keeps running here
    return true;
 #endif
-  } else if (0
+  } else if ((0
 #ifdef SSL_ERROR_WANT_RSA_ASYNC_PENDING
      || error == SSL_ERROR_WANT_RSA_ASYNC_PENDING
 #endif
 #ifdef SSL_ERROR_WANT_ECDSA_ASYNC_PENDING
      || error == SSL_ERROR_WANT_ECDSA_ASYNC_PENDING
 #endif
-      ) {
+      )) {
    // Our custom openssl function has kicked off an async request to do
    // rsa/ecdsa private key operation.  When that call returns, a callback will
    // be invoked that will re-call handleAccept.

--- a/folly/io/async/ssl/OpenSSLUtils.cpp
+++ b/folly/io/async/ssl/OpenSSLUtils.cpp
@@ -195,6 +195,8 @@ const std::string& OpenSSLUtils::getCipherName(uint16_t cipherCode) {
 }

 void OpenSSLUtils::setSSLInitialCtx(SSL* ssl, SSL_CTX* ctx) {
+  (void)ssl;
+  (void)ctx;
 #if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT)
  if (ssl) {
    ssl->initial_ctx = ctx;
@@ -203,6 +205,7 @@ void OpenSSLUtils::setSSLInitialCtx(SSL* ssl, SSL_CTX* ctx) {
 }

 SSL_CTX* OpenSSLUtils::getSSLInitialCtx(SSL* ssl) {
+  (void)ssl;
 #if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT)
  if (ssl) {
    return ssl->initial_ctx;

--- a/folly/io/async/test/AsyncSocketExceptionTest.cpp
+++ b/folly/io/async/test/AsyncSocketExceptionTest.cpp
@@ -16,6 +16,7 @@
 #include <array>

 #include <folly/io/async/AsyncSocketException.h>
+#include <folly/io/async/SSLContext.h>
 #include <folly/io/async/ssl/SSLErrors.h>

 #include <folly/portability/GTest.h>
@@ -52,6 +53,8 @@ TEST(AsyncSocketException, SimpleTest) {

 TEST(AsyncSocketException, SSLExceptionType) {
  {
+    // Initiailzes OpenSSL everything. Else some of the calls will block
+    folly::SSLContext::initializeOpenSSL();
    SSLException eof(SSL_ERROR_ZERO_RETURN, 0, 0, 0);
    EXPECT_EQ(eof.getType(), AsyncSocketException::END_OF_FILE);


--- a/folly/portability/OpenSSL.cpp
+++ b/folly/portability/OpenSSL.cpp
@@ -87,35 +87,6 @@ unsigned char* ASN1_STRING_get0_data(const ASN1_STRING* x) {
  return ASN1_STRING_data((ASN1_STRING*)x);
 }

-EVP_MD_CTX* EVP_MD_CTX_new(void) {
-  EVP_MD_CTX* ctx = (EVP_MD_CTX*)OPENSSL_malloc(sizeof(EVP_MD_CTX));
-  if (!ctx) {
-    throw std::runtime_error("Cannot allocate EVP_MD_CTX");
-  }
-  EVP_MD_CTX_init(ctx);
-  return ctx;
-}
-
-void EVP_MD_CTX_free(EVP_MD_CTX* ctx) {
-  EVP_MD_CTX_destroy(ctx);
-}
-
-HMAC_CTX* HMAC_CTX_new() {
-  HMAC_CTX* ctx = (HMAC_CTX*)OPENSSL_malloc(sizeof(HMAC_CTX));
-  if (!ctx) {
-    throw std::runtime_error("Cannot allocate HMAC_CTX");
-  }
-  HMAC_CTX_init(ctx);
-  return ctx;
-}
-
-void HMAC_CTX_free(HMAC_CTX* ctx) {
-  if (ctx) {
-    HMAC_CTX_cleanup(ctx);
-    OPENSSL_free(ctx);
-  }
-}
-
 int SSL_SESSION_has_ticket(const SSL_SESSION* s) {
  return (s->tlsext_ticklen > 0) ? 1 : 0;
 }
@@ -157,6 +128,51 @@ int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) {

  return 1;
 }
+
+X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx) {
+  return ctx->cert;
+}
+
+STACK_OF(X509) * X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx) {
+  return X509_STORE_CTX_get_chain(ctx);
+}
+
+STACK_OF(X509) * X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx) {
+  return ctx->untrusted;
+}
+
+EVP_MD_CTX* EVP_MD_CTX_new() {
+  EVP_MD_CTX* ctx = (EVP_MD_CTX*)OPENSSL_malloc(sizeof(EVP_MD_CTX));
+  if (!ctx) {
+    throw std::runtime_error("Cannot allocate EVP_MD_CTX");
+  }
+  EVP_MD_CTX_init(ctx);
+  return ctx;
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX* ctx) {
+  if (ctx) {
+    EVP_MD_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+  }
+}
+
+HMAC_CTX* HMAC_CTX_new() {
+  HMAC_CTX* ctx = (HMAC_CTX*)OPENSSL_malloc(sizeof(HMAC_CTX));
+  if (!ctx) {
+    throw std::runtime_error("Cannot allocate HMAC_CTX");
+  }
+  HMAC_CTX_init(ctx);
+  return ctx;
+}
+
+void HMAC_CTX_free(HMAC_CTX* ctx) {
+  if (ctx) {
+    HMAC_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+  }
+}
+
 #endif

 }

--- a/folly/portability/OpenSSL.h
+++ b/folly/portability/OpenSSL.h
@@ -127,6 +127,16 @@ void HMAC_CTX_free(HMAC_CTX* ctx);
 unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s);
 int SSL_SESSION_has_ticket(const SSL_SESSION* s);
 int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g);
+
+X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx);
+STACK_OF(X509) * X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx);
+STACK_OF(X509) * X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx);
+#endif
+
+#if FOLLY_OPENSSL_IS_110
+// Note: this was a type and has been fixed upstream, so the next 1.1.0
+// minor version upgrade will need to remove this
+#define OPENSSL_lh_new OPENSSL_LH_new
 #endif

 }