/* * Copyright (c) Meta Platforms, Inc. and affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <folly/io/async/AsyncSocketException.h> #include <folly/io/async/ssl/OpenSSLUtils.h> #include <unordered_map> #include <glog/logging.h> #include <folly/ScopeGuard.h> #include <folly/portability/Sockets.h> #include <folly/portability/Unistd.h> #include <folly/ssl/detail/OpenSSLSession.h> namespace { #ifdef OPENSSL_IS_BORINGSSL // BoringSSL doesn't (as of May 2016) export the equivalent // of BIO_sock_should_retry, so this is one way around it :( static int boringssl_bio_fd_should_retry(int err); #endif } // namespace namespace folly { namespace ssl { bool OpenSSLUtils::getTLSMasterKey( const SSL_SESSION* session, MutableByteRange keyOut) { … } bool OpenSSLUtils::getTLSMasterKey( const std::shared_ptr<SSLSession> session, MutableByteRange keyOut) { … } bool OpenSSLUtils::getTLSClientRandom( const SSL* ssl, MutableByteRange randomOut) { … } bool OpenSSLUtils::getPeerAddressFromX509StoreCtx( X509_STORE_CTX* ctx, sockaddr_storage* addrStorage, socklen_t* addrLen) { … } bool OpenSSLUtils::validatePeerCertNames( X509* cert, const sockaddr* addr, socklen_t /* addrLen */) { … } static std::unordered_map<uint16_t, std::string> getOpenSSLCipherNames() { … } const std::string& OpenSSLUtils::getCipherName(uint16_t cipherCode) { … } void OpenSSLUtils::setSSLInitialCtx(SSL* ssl, SSL_CTX* ctx) { … } SSL_CTX* OpenSSLUtils::getSSLInitialCtx(SSL* ssl) { … } BioMethodUniquePtr OpenSSLUtils::newSocketBioMethod() { … } bool OpenSSLUtils::setCustomBioReadMethod( BIO_METHOD* bioMeth, int (*meth)(BIO*, char*, int)) { … } bool OpenSSLUtils::setCustomBioWriteMethod( BIO_METHOD* bioMeth, int (*meth)(BIO*, const char*, int)) { … } int OpenSSLUtils::getBioShouldRetryWrite(int r) { … } void OpenSSLUtils::setBioAppData(BIO* b, void* ptr) { … } void* OpenSSLUtils::getBioAppData(BIO* b) { … } NetworkSocket OpenSSLUtils::getBioFd(BIO* b) { … } void OpenSSLUtils::setBioFd(BIO* b, NetworkSocket fd, int flags) { … } std::string OpenSSLUtils::getCommonName(X509* x509) { … } std::string OpenSSLUtils::encodeALPNString( const std::vector<std::string>& supportedProtocols) { … } /** * Deserializes PEM encoded X509 objects from the supplied source BIO, invoking * a callback for each X509, until the BIO is exhausted or until we were unable * to read an X509. */ template <class Callback> static void forEachX509(BIO* source, Callback cb) { … } static std::vector<X509NameUniquePtr> getSubjectNamesFromBIO(BIO* b) { … } std::vector<X509NameUniquePtr> OpenSSLUtils::subjectNamesInPEMFile( const char* filename) { … } std::vector<X509NameUniquePtr> OpenSSLUtils::subjectNamesInPEMBuffer( folly::ByteRange buffer) { … } } // namespace ssl } // namespace folly namespace { #ifdef OPENSSL_IS_BORINGSSL static int boringssl_bio_fd_non_fatal_error(int err) { if ( #ifdef EWOULDBLOCK err == EWOULDBLOCK || #endif #ifdef WSAEWOULDBLOCK err == WSAEWOULDBLOCK || #endif #ifdef ENOTCONN err == ENOTCONN || #endif #ifdef EINTR err == EINTR || #endif #ifdef EAGAIN err == EAGAIN || #endif #ifdef EPROTO err == EPROTO || #endif #ifdef EINPROGRESS err == EINPROGRESS || #endif #ifdef EALREADY err == EALREADY || #endif 0) { return 1; } return 0; } #if defined(OPENSSL_WINDOWS) int boringssl_bio_fd_should_retry(int i) { if (i == -1) { return boringssl_bio_fd_non_fatal_error((int)GetLastError()); } return 0; } #else // !OPENSSL_WINDOWS int boringssl_bio_fd_should_retry(int i) { if (i == -1) { return boringssl_bio_fd_non_fatal_error(errno); } return 0; } #endif // OPENSSL_WINDOWS #endif // OEPNSSL_IS_BORINGSSL } // namespace
Codebase Browser
folly