Rocket.Chat.ReactNative/ios/Pods/Flipper-Folly/folly/portability/OpenSSL.h

/*
 * Copyright (c) Facebook, Inc. and its affiliates.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#pragma once

#include <cstdint>

// This must come before the OpenSSL includes.
#include <folly/portability/Windows.h>

#include <folly/Portability.h>

#include <openssl/opensslv.h>

#include <openssl/asn1.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/dh.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/rand.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
#include <openssl/ssl.h>
#include <openssl/tls1.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>

#ifndef OPENSSL_NO_EC
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#endif

// BoringSSL doesn't have notion of versioning although it defines
// OPENSSL_VERSION_NUMBER to maintain compatibility. The following variables are
// intended to be specific to OpenSSL.
#if !defined(OPENSSL_IS_BORINGSSL)
#define FOLLY_OPENSSL_IS_100                \
  (OPENSSL_VERSION_NUMBER >= 0x10000003L && \
   OPENSSL_VERSION_NUMBER < 0x1000105fL)
#define FOLLY_OPENSSL_IS_101                \
  (OPENSSL_VERSION_NUMBER >= 0x1000105fL && \
   OPENSSL_VERSION_NUMBER < 0x1000200fL)
#define FOLLY_OPENSSL_IS_102                \
  (OPENSSL_VERSION_NUMBER >= 0x1000200fL && \
   OPENSSL_VERSION_NUMBER < 0x10100000L)
#define FOLLY_OPENSSL_IS_110 (OPENSSL_VERSION_NUMBER >= 0x10100000L)
#endif

#if !defined(OPENSSL_IS_BORINGSSL) && !FOLLY_OPENSSL_IS_100 && \
    !FOLLY_OPENSSL_IS_101 && !FOLLY_OPENSSL_IS_102 && !FOLLY_OPENSSL_IS_110
#warning Compiling with unsupported OpenSSL version
#endif

// BoringSSL and OpenSSL 0.9.8f later with TLS extension support SNI.
#if defined(OPENSSL_IS_BORINGSSL) || \
    (OPENSSL_VERSION_NUMBER >= 0x00908070L && !defined(OPENSSL_NO_TLSEXT))
#define FOLLY_OPENSSL_HAS_SNI 1
#else
#define FOLLY_OPENSSL_HAS_SNI 0
#endif

// BoringSSL and OpenSSL 1.0.2 later with TLS extension support ALPN.
#if defined(OPENSSL_IS_BORINGSSL) || \
    (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_TLSEXT))
#define FOLLY_OPENSSL_HAS_ALPN 1
#else
#define FOLLY_OPENSSL_HAS_ALPN 0
#endif

// OpenSSL 1.1.1 and above have TLS 1.3 support
#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
#define FOLLY_OPENSSL_HAS_TLS13 1
#else
#define FOLLY_OPENSSL_HAS_TLS13 0
#endif

#if FOLLY_OPENSSL_IS_110 && \
    (!defined(OPENSSL_NO_CHACHA) || !defined(OPENSSL_NO_POLY1305))
#define FOLLY_OPENSSL_HAS_CHACHA 1
#else
#define FOLLY_OPENSSL_HAS_CHACHA 0
#endif

#if !FOLLY_OPENSSL_IS_110
#define OPENSSL_VERSION SSLEAY_VERSION
#define OpenSSL_version SSLeay_version
#define OpenSSL_version_num SSLeay
#endif

#if !FOLLY_OPENSSL_IS_110
#define X509_get0_notAfter X509_get_notAfter
#define X509_get0_notBefore X509_get_notBefore
#endif

// This attempts to "unify" the OpenSSL libcrypto/libssl APIs between
// OpenSSL 1.0.2, 1.1.0 (and some earlier versions) and BoringSSL. The general
// idea is to provide namespaced wrapper methods for versions which do not
// which already exist in BoringSSL and 1.1.0, but there are few APIs such as
// SSL_CTX_set1_sigalgs_list and so on which exist in 1.0.2 but were removed
// in BoringSSL
namespace folly {
namespace portability {
namespace ssl {

#ifdef OPENSSL_IS_BORINGSSL
int SSL_CTX_set1_sigalgs_list(SSL_CTX* ctx, const char* sigalgs_list);
int TLS1_get_client_version(SSL* s);
#endif

#if FOLLY_OPENSSL_IS_100
uint32_t SSL_CIPHER_get_id(const SSL_CIPHER*);
int TLS1_get_client_version(const SSL*);
#endif

#if FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101
int X509_get_signature_nid(X509* cert);
#endif

#if FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101 || FOLLY_OPENSSL_IS_102
int SSL_CTX_up_ref(SSL_CTX* session);
int SSL_SESSION_up_ref(SSL_SESSION* session);
int X509_up_ref(X509* x);
int X509_STORE_up_ref(X509_STORE* v);
void X509_STORE_CTX_set0_verified_chain(
    X509_STORE_CTX* ctx,
    STACK_OF(X509) * sk);
int EVP_PKEY_up_ref(EVP_PKEY* evp);
void RSA_get0_key(
    const RSA* r,
    const BIGNUM** n,
    const BIGNUM** e,
    const BIGNUM** d);
RSA* EVP_PKEY_get0_RSA(EVP_PKEY* pkey);
DSA* EVP_PKEY_get0_DSA(EVP_PKEY* pkey);
DH* EVP_PKEY_get0_DH(EVP_PKEY* pkey);
EC_KEY* EVP_PKEY_get0_EC_KEY(EVP_PKEY* pkey);
#endif

#if !FOLLY_OPENSSL_IS_110
BIO_METHOD* BIO_meth_new(int type, const char* name);
void BIO_meth_free(BIO_METHOD* biom);
int BIO_meth_set_read(BIO_METHOD* biom, int (*read)(BIO*, char*, int));
int BIO_meth_set_write(BIO_METHOD* biom, int (*write)(BIO*, const char*, int));
int BIO_meth_set_puts(BIO_METHOD* biom, int (*bputs)(BIO*, const char*));
int BIO_meth_set_gets(BIO_METHOD* biom, int (*bgets)(BIO*, char*, int));
int BIO_meth_set_ctrl(BIO_METHOD* biom, long (*ctrl)(BIO*, int, long, void*));
int BIO_meth_set_create(BIO_METHOD* biom, int (*create)(BIO*));
int BIO_meth_set_destroy(BIO_METHOD* biom, int (*destroy)(BIO*));

void BIO_set_data(BIO* bio, void* ptr);
void* BIO_get_data(BIO* bio);
void BIO_set_init(BIO* bio, int init);
void BIO_set_shutdown(BIO* bio, int shutdown);

const SSL_METHOD* TLS_server_method(void);
const SSL_METHOD* TLS_client_method(void);

const char* SSL_SESSION_get0_hostname(const SSL_SESSION* s);
unsigned char* ASN1_STRING_get0_data(const ASN1_STRING* x);

EVP_MD_CTX* EVP_MD_CTX_new();
void EVP_MD_CTX_free(EVP_MD_CTX* ctx);

HMAC_CTX* HMAC_CTX_new();
void HMAC_CTX_free(HMAC_CTX* ctx);

unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s);
int SSL_SESSION_has_ticket(const SSL_SESSION* s);
int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g);
void DH_get0_pqg(
    const DH* dh,
    const BIGNUM** p,
    const BIGNUM** q,
    const BIGNUM** g);
void DH_get0_key(const DH* dh, const BIGNUM** pub_key, const BIGNUM** priv_key);
long DH_get_length(const DH* dh);
int DH_set_length(DH* dh, long length);

void DSA_get0_pqg(
    const DSA* dsa,
    const BIGNUM** p,
    const BIGNUM** q,
    const BIGNUM** g);
void DSA_get0_key(
    const DSA* dsa,
    const BIGNUM** pub_key,
    const BIGNUM** priv_key);

STACK_OF(X509_OBJECT) * X509_STORE_get0_objects(X509_STORE* store);

X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx);
STACK_OF(X509) * X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx);
STACK_OF(X509) * X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx);
bool RSA_set0_key(RSA* r, BIGNUM* n, BIGNUM* e, BIGNUM* d);
void RSA_get0_factors(const RSA* r, const BIGNUM** p, const BIGNUM** q);
void RSA_get0_crt_params(
    const RSA* r,
    const BIGNUM** dmp1,
    const BIGNUM** dmq1,
    const BIGNUM** iqmp);
int ECDSA_SIG_set0(ECDSA_SIG* sig, BIGNUM* r, BIGNUM* s);
void ECDSA_SIG_get0(const ECDSA_SIG* sig, const BIGNUM** pr, const BIGNUM** ps);

using OPENSSL_INIT_SETTINGS = void;
int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS* settings);
void OPENSSL_cleanup();

const ASN1_INTEGER* X509_REVOKED_get0_serialNumber(const X509_REVOKED* r);
const ASN1_TIME* X509_REVOKED_get0_revocationDate(const X509_REVOKED* r);

uint32_t X509_get_extension_flags(X509* x);
uint32_t X509_get_key_usage(X509* x);
uint32_t X509_get_extended_key_usage(X509* x);

int X509_OBJECT_get_type(const X509_OBJECT* obj);
X509* X509_OBJECT_get0_X509(const X509_OBJECT* obj);

const ASN1_TIME* X509_CRL_get0_lastUpdate(const X509_CRL* crl);
const ASN1_TIME* X509_CRL_get0_nextUpdate(const X509_CRL* crl);

const X509_ALGOR* X509_get0_tbs_sigalg(const X509* x);

#endif

#if FOLLY_OPENSSL_IS_110
// Note: this was a type and has been fixed upstream, so the next 1.1.0
// minor version upgrade will need to remove this
#define OPENSSL_lh_new OPENSSL_LH_new

// OpenSSL v1.1.0 removed support for SSLv2, and also removed the define that
// indicates it isn't supported.
#define OPENSSL_NO_SSL2
#endif
} // namespace ssl
} // namespace portability
} // namespace folly

FOLLY_PUSH_WARNING
FOLLY_CLANG_DISABLE_WARNING("-Wheader-hygiene")
/* using override */ using namespace folly::portability::ssl;
FOLLY_POP_WARNING
Update all dependencies (#2008) * Android RN 62 * First steps iOS * Second step iOS * iOS compiling * "New" build system * Finish iOS * Flipper * Update to RN 0.62.1 * expo libs * Hermes working * Fix lint * Fix android build * Patches * Dev patches * Patch WatermelonDB: https://github.com/Nozbe/WatermelonDB/pull/660 * Fix jitsi * Update several minors * Update dev minors and lint * react-native-keyboard-input * Few updates * device info * react-native-fast-image * Navigation bar color * react-native-picker-select * webview * reactotron-react-native * Watermelondb * RN 0.62.2 * Few updates * Fix selection * update gems * remove lib * finishing * tests * Use node 10 * Re-enable app bundle * iOS build * Update jitsi ios 2020-05-08 16:37:49 +00:00			`/*`
			`* Copyright (c) Facebook, Inc. and its affiliates.`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

			`#pragma once`

			`#include <cstdint>`

			`// This must come before the OpenSSL includes.`
			`#include <folly/portability/Windows.h>`

			`#include <folly/Portability.h>`

			`#include <openssl/opensslv.h>`

			`#include <openssl/asn1.h>`
			`#include <openssl/bio.h>`
			`#include <openssl/bn.h>`
			`#include <openssl/crypto.h>`
			`#include <openssl/dh.h>`
			`#include <openssl/err.h>`
			`#include <openssl/evp.h>`
			`#include <openssl/hmac.h>`
			`#include <openssl/rand.h>`
			`#include <openssl/rsa.h>`
			`#include <openssl/sha.h>`
			`#include <openssl/ssl.h>`
			`#include <openssl/tls1.h>`
			`#include <openssl/x509.h>`
			`#include <openssl/x509v3.h>`

			`#ifndef OPENSSL_NO_EC`
			`#include <openssl/ec.h>`
			`#include <openssl/ecdsa.h>`
			`#endif`

			`// BoringSSL doesn't have notion of versioning although it defines`
			`// OPENSSL_VERSION_NUMBER to maintain compatibility. The following variables are`
			`// intended to be specific to OpenSSL.`
			`#if !defined(OPENSSL_IS_BORINGSSL)`
			`#define FOLLY_OPENSSL_IS_100 \`
			`(OPENSSL_VERSION_NUMBER >= 0x10000003L && \`
			`OPENSSL_VERSION_NUMBER < 0x1000105fL)`
			`#define FOLLY_OPENSSL_IS_101 \`
			`(OPENSSL_VERSION_NUMBER >= 0x1000105fL && \`
			`OPENSSL_VERSION_NUMBER < 0x1000200fL)`
			`#define FOLLY_OPENSSL_IS_102 \`
			`(OPENSSL_VERSION_NUMBER >= 0x1000200fL && \`
			`OPENSSL_VERSION_NUMBER < 0x10100000L)`
			`#define FOLLY_OPENSSL_IS_110 (OPENSSL_VERSION_NUMBER >= 0x10100000L)`
			`#endif`

			`#if !defined(OPENSSL_IS_BORINGSSL) && !FOLLY_OPENSSL_IS_100 && \`
			`!FOLLY_OPENSSL_IS_101 && !FOLLY_OPENSSL_IS_102 && !FOLLY_OPENSSL_IS_110`
			`#warning Compiling with unsupported OpenSSL version`
			`#endif`

			`// BoringSSL and OpenSSL 0.9.8f later with TLS extension support SNI.`
			`#if defined(OPENSSL_IS_BORINGSSL) \|\| \`
			`(OPENSSL_VERSION_NUMBER >= 0x00908070L && !defined(OPENSSL_NO_TLSEXT))`
			`#define FOLLY_OPENSSL_HAS_SNI 1`
			`#else`
			`#define FOLLY_OPENSSL_HAS_SNI 0`
			`#endif`

			`// BoringSSL and OpenSSL 1.0.2 later with TLS extension support ALPN.`
			`#if defined(OPENSSL_IS_BORINGSSL) \|\| \`
			`(OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_TLSEXT))`
			`#define FOLLY_OPENSSL_HAS_ALPN 1`
			`#else`
			`#define FOLLY_OPENSSL_HAS_ALPN 0`
			`#endif`

			`// OpenSSL 1.1.1 and above have TLS 1.3 support`
			`#if OPENSSL_VERSION_NUMBER >= 0x1010100fL`
			`#define FOLLY_OPENSSL_HAS_TLS13 1`
			`#else`
			`#define FOLLY_OPENSSL_HAS_TLS13 0`
			`#endif`

			`#if FOLLY_OPENSSL_IS_110 && \`
			`(!defined(OPENSSL_NO_CHACHA) \|\| !defined(OPENSSL_NO_POLY1305))`
			`#define FOLLY_OPENSSL_HAS_CHACHA 1`
			`#else`
			`#define FOLLY_OPENSSL_HAS_CHACHA 0`
			`#endif`

			`#if !FOLLY_OPENSSL_IS_110`
			`#define OPENSSL_VERSION SSLEAY_VERSION`
			`#define OpenSSL_version SSLeay_version`
			`#define OpenSSL_version_num SSLeay`
			`#endif`

			`#if !FOLLY_OPENSSL_IS_110`
			`#define X509_get0_notAfter X509_get_notAfter`
			`#define X509_get0_notBefore X509_get_notBefore`
			`#endif`

			`// This attempts to "unify" the OpenSSL libcrypto/libssl APIs between`
			`// OpenSSL 1.0.2, 1.1.0 (and some earlier versions) and BoringSSL. The general`
			`// idea is to provide namespaced wrapper methods for versions which do not`
			`// which already exist in BoringSSL and 1.1.0, but there are few APIs such as`
			`// SSL_CTX_set1_sigalgs_list and so on which exist in 1.0.2 but were removed`
			`// in BoringSSL`
			`namespace folly {`
			`namespace portability {`
			`namespace ssl {`

			`#ifdef OPENSSL_IS_BORINGSSL`
			`int SSL_CTX_set1_sigalgs_list(SSL_CTX* ctx, const char* sigalgs_list);`
			`int TLS1_get_client_version(SSL* s);`
			`#endif`

			`#if FOLLY_OPENSSL_IS_100`
			`uint32_t SSL_CIPHER_get_id(const SSL_CIPHER*);`
			`int TLS1_get_client_version(const SSL*);`
			`#endif`

			`#if FOLLY_OPENSSL_IS_100 \|\| FOLLY_OPENSSL_IS_101`
			`int X509_get_signature_nid(X509* cert);`
			`#endif`

			`#if FOLLY_OPENSSL_IS_100 \|\| FOLLY_OPENSSL_IS_101 \|\| FOLLY_OPENSSL_IS_102`
			`int SSL_CTX_up_ref(SSL_CTX* session);`
			`int SSL_SESSION_up_ref(SSL_SESSION* session);`
			`int X509_up_ref(X509* x);`
			`int X509_STORE_up_ref(X509_STORE* v);`
			`void X509_STORE_CTX_set0_verified_chain(`
			`X509_STORE_CTX* ctx,`
			`STACK_OF(X509) * sk);`
			`int EVP_PKEY_up_ref(EVP_PKEY* evp);`
			`void RSA_get0_key(`
			`const RSA* r,`
			`const BIGNUM** n,`
			`const BIGNUM** e,`
			`const BIGNUM** d);`
			`RSA* EVP_PKEY_get0_RSA(EVP_PKEY* pkey);`
			`DSA* EVP_PKEY_get0_DSA(EVP_PKEY* pkey);`
			`DH* EVP_PKEY_get0_DH(EVP_PKEY* pkey);`
			`EC_KEY* EVP_PKEY_get0_EC_KEY(EVP_PKEY* pkey);`
			`#endif`

			`#if !FOLLY_OPENSSL_IS_110`
			`BIO_METHOD* BIO_meth_new(int type, const char* name);`
			`void BIO_meth_free(BIO_METHOD* biom);`
			`int BIO_meth_set_read(BIO_METHOD* biom, int (read)(BIO, char*, int));`
			`int BIO_meth_set_write(BIO_METHOD* biom, int (write)(BIO, const char*, int));`
			`int BIO_meth_set_puts(BIO_METHOD* biom, int (bputs)(BIO, const char*));`
			`int BIO_meth_set_gets(BIO_METHOD* biom, int (bgets)(BIO, char*, int));`
			`int BIO_meth_set_ctrl(BIO_METHOD* biom, long (ctrl)(BIO, int, long, void*));`
			`int BIO_meth_set_create(BIO_METHOD* biom, int (create)(BIO));`
			`int BIO_meth_set_destroy(BIO_METHOD* biom, int (destroy)(BIO));`

			`void BIO_set_data(BIO* bio, void* ptr);`
			`void* BIO_get_data(BIO* bio);`
			`void BIO_set_init(BIO* bio, int init);`
			`void BIO_set_shutdown(BIO* bio, int shutdown);`

			`const SSL_METHOD* TLS_server_method(void);`
			`const SSL_METHOD* TLS_client_method(void);`

			`const char* SSL_SESSION_get0_hostname(const SSL_SESSION* s);`
			`unsigned char* ASN1_STRING_get0_data(const ASN1_STRING* x);`

			`EVP_MD_CTX* EVP_MD_CTX_new();`
			`void EVP_MD_CTX_free(EVP_MD_CTX* ctx);`

			`HMAC_CTX* HMAC_CTX_new();`
			`void HMAC_CTX_free(HMAC_CTX* ctx);`

			`unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION* s);`
			`int SSL_SESSION_has_ticket(const SSL_SESSION* s);`
			`int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g);`
			`void DH_get0_pqg(`
			`const DH* dh,`
			`const BIGNUM** p,`
			`const BIGNUM** q,`
			`const BIGNUM** g);`
			`void DH_get0_key(const DH* dh, const BIGNUM pub_key, const BIGNUM priv_key);`
			`long DH_get_length(const DH* dh);`
			`int DH_set_length(DH* dh, long length);`

			`void DSA_get0_pqg(`
			`const DSA* dsa,`
			`const BIGNUM** p,`
			`const BIGNUM** q,`
			`const BIGNUM** g);`
			`void DSA_get0_key(`
			`const DSA* dsa,`
			`const BIGNUM** pub_key,`
			`const BIGNUM** priv_key);`

			`STACK_OF(X509_OBJECT) * X509_STORE_get0_objects(X509_STORE* store);`

			`X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx);`
			`STACK_OF(X509) * X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx);`
			`STACK_OF(X509) * X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx);`
			`bool RSA_set0_key(RSA* r, BIGNUM* n, BIGNUM* e, BIGNUM* d);`
			`void RSA_get0_factors(const RSA* r, const BIGNUM p, const BIGNUM q);`
			`void RSA_get0_crt_params(`
			`const RSA* r,`
			`const BIGNUM** dmp1,`
			`const BIGNUM** dmq1,`
			`const BIGNUM** iqmp);`
			`int ECDSA_SIG_set0(ECDSA_SIG* sig, BIGNUM* r, BIGNUM* s);`
			`void ECDSA_SIG_get0(const ECDSA_SIG* sig, const BIGNUM pr, const BIGNUM ps);`

			`using OPENSSL_INIT_SETTINGS = void;`
			`int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS* settings);`
			`void OPENSSL_cleanup();`

			`const ASN1_INTEGER* X509_REVOKED_get0_serialNumber(const X509_REVOKED* r);`
			`const ASN1_TIME* X509_REVOKED_get0_revocationDate(const X509_REVOKED* r);`

			`uint32_t X509_get_extension_flags(X509* x);`
			`uint32_t X509_get_key_usage(X509* x);`
			`uint32_t X509_get_extended_key_usage(X509* x);`

			`int X509_OBJECT_get_type(const X509_OBJECT* obj);`
			`X509* X509_OBJECT_get0_X509(const X509_OBJECT* obj);`

			`const ASN1_TIME* X509_CRL_get0_lastUpdate(const X509_CRL* crl);`
			`const ASN1_TIME* X509_CRL_get0_nextUpdate(const X509_CRL* crl);`

			`const X509_ALGOR* X509_get0_tbs_sigalg(const X509* x);`

			`#endif`

			`#if FOLLY_OPENSSL_IS_110`
			`// Note: this was a type and has been fixed upstream, so the next 1.1.0`
			`// minor version upgrade will need to remove this`
			`#define OPENSSL_lh_new OPENSSL_LH_new`

			`// OpenSSL v1.1.0 removed support for SSLv2, and also removed the define that`
			`// indicates it isn't supported.`
			`#define OPENSSL_NO_SSL2`
			`#endif`
			`} // namespace ssl`
			`} // namespace portability`
			`} // namespace folly`

			`FOLLY_PUSH_WARNING`
			`FOLLY_CLANG_DISABLE_WARNING("-Wheader-hygiene")`
			`/* using override */ using namespace folly::portability::ssl;`
			`FOLLY_POP_WARNING`