/* * Copyright (c) Meta Platforms, Inc. and affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <folly/io/async/SSLContext.h> #include <folly/Format.h> #include <folly/Memory.h> #include <folly/Random.h> #include <folly/SharedMutex.h> #include <folly/SpinLock.h> #include <folly/ssl/OpenSSLTicketHandler.h> #include <folly/ssl/PasswordCollector.h> #include <folly/ssl/SSLSessionManager.h> #include <folly/system/ThreadId.h> // --------------------------------------------------------------------- // SSLContext implementation // --------------------------------------------------------------------- namespace folly { namespace { int getExDataIndex() { … } /** * Configure the given SSL context to use the given version. */ void configureProtocolVersion(SSL_CTX* ctx, SSLContext::SSLVersion version) { … } static int dispatchTicketCrypto( SSL* ssl, unsigned char* keyName, unsigned char* iv, EVP_CIPHER_CTX* cipherCtx, HMAC_CTX* hmacCtx, int encrypt) { … } } // namespace // // For OpenSSL portability API // SSLContext implementation SSLContext::SSLContext(SSLVersion version) { … } SSLContext::~SSLContext() { … } void SSLContext::ciphers(const std::string& ciphers) { … } void SSLContext::setClientECCurvesList( const std::vector<std::string>& ecCurves) { … } void SSLContext::setSupportedGroups(const std::vector<std::string>& groups) { … } void SSLContext::setServerECCurve(const std::string& curveName) { … } SSLContext::SSLContext(SSL_CTX* ctx) : … { … } void SSLContext::setX509VerifyParam( const ssl::X509VerifyParam& x509VerifyParam) { … } void SSLContext::setCiphersOrThrow(const std::string& ciphers) { … } void SSLContext::setSigAlgsOrThrow(const std::string& sigalgs) { … } void SSLContext::setVerificationOption( const SSLContext::SSLVerifyPeerEnum& verifyPeer) { … } void SSLContext::setVerificationOption( const SSLContext::VerifyClientCertificate& verifyClient) { … } void SSLContext::setVerificationOption( const SSLContext::VerifyServerCertificate& verifyServer) { … } int SSLContext::getVerificationMode( const SSLContext::VerifyClientCertificate& verifyClient) { … } int SSLContext::getVerificationMode( const SSLContext::VerifyServerCertificate& verifyServer) { … } int SSLContext::getVerificationMode( const SSLContext::SSLVerifyPeerEnum& verifyPeer) { … } int SSLContext::getVerificationMode() const { … } void SSLContext::authenticate( bool checkPeerCert, bool checkPeerName, const std::string& peerName) { … } void SSLContext::loadCertificate(const char* path, const char* format) { … } void SSLContext::loadCertificateFromBufferPEM(folly::StringPiece cert) { … } void SSLContext::loadPrivateKey(const char* path, const char* format) { … } void SSLContext::loadPrivateKeyFromBufferPEM(folly::StringPiece pkey) { … } void SSLContext::loadCertKeyPairFromBufferPEM( folly::StringPiece cert, folly::StringPiece pkey) { … } void SSLContext::loadCertKeyPairFromFiles( const char* certPath, const char* keyPath, const char* certFormat, const char* keyFormat) { … } void SSLContext::setCertChainKeyPair( std::vector<ssl::X509UniquePtr>&& certChain, ssl::EvpPkeyUniquePtr&& key) { … } bool SSLContext::isCertKeyPairValid() const { … } void SSLContext::loadTrustedCertificates(const char* path) { … } void SSLContext::loadTrustedCertificates(X509_STORE* store) { … } void SSLContext::setSupportedClientCertificateAuthorityNames( std::vector<ssl::X509NameUniquePtr> names) { … } void SSLContext::passwordCollector( std::shared_ptr<ssl::PasswordCollector> collector) { … } void SSLContext::setServerNameCallback(const ServerNameCallback& cb) { … } void SSLContext::addClientHelloCallback(const ClientHelloCallback& cb) { … } int SSLContext::baseServerNameOpenSSLCallback(SSL* ssl, int* al, void* data) { … } int SSLContext::alpnSelectCallback( SSL* /* ssl */, const unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen, void* data) { … } std::string SSLContext::getAdvertisedNextProtocols() const { … } bool SSLContext::setAdvertisedNextProtocols( const std::list<std::string>& protocols) { … } bool SSLContext::setRandomizedAdvertisedNextProtocols( const std::list<NextProtocolsItem>& items) { … } void SSLContext::deleteNextProtocolsStrings() { … } void SSLContext::unsetNextProtocols() { … } size_t SSLContext::pickNextProtocols() { … } SSL* SSLContext::createSSL() const { … } void SSLContext::setSessionCacheContext(const std::string& context) { … } /** * Match a name with a pattern. The pattern may include wildcard. A single * wildcard "*" can match up to one component in the domain name. * * @param host Host name, typically the name of the remote host * @param pattern Name retrieved from certificate * @param size Size of "pattern" * @return True, if "host" matches "pattern". False otherwise. */ bool SSLContext::matchName(const char* host, const char* pattern, int size) { … } int SSLContext::passwordCallback(char* password, int size, int, void* data) { … } #if defined(SSL_MODE_HANDSHAKE_CUTTHROUGH) void SSLContext::enableFalseStart() { SSL_CTX_set_mode(ctx_, SSL_MODE_HANDSHAKE_CUTTHROUGH); } #endif void SSLContext::setOptions(long options) { … } std::string SSLContext::getErrors(int errnoCopy) { … } void SSLContext::disableTLS13() { … } void SSLContext::setupCtx(SSL_CTX* ctx) { … } SSLContext* SSLContext::getFromSSLCtx(const SSL_CTX* ctx) { … } int SSLContext::newSessionCallback(SSL* ssl, SSL_SESSION* session) { … } void SSLContext::setSessionLifecycleCallbacks( std::unique_ptr<SessionLifecycleCallbacks> cb) { … } void SSLContext::setCiphersuitesOrThrow(const std::string& ciphersuites) { … } void SSLContext::setAllowNoDheKex(bool flag) { … } void SSLContext::setTicketHandler( std::unique_ptr<OpenSSLTicketHandler> handler) { … } } // namespace folly
Codebase Browser
folly