Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 80ebacfc820814c1670d0e657e9839f1babd35c0^! / . / include / proto / openssl-compat.h
commit80ebacfc820814c1670d0e657e9839f1babd35c0[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Thu Nov 24 20:07:11 2016 +0100
committerWilly Tarreau <w@1wt.eu>Thu Nov 24 20:18:21 2016 +0100
tree6acb9a6f1a7fc16b79fcc3d9d686c983553c4ec7
parent59fd51155595d6e3c37db8e4ee4bc5b2569a821d [diff] [blame]
BUILD: ssl: make the SSL layer build again with openssl 0.9.8

Commit 1866d6d ("MEDIUM: ssl: Add support for OpenSSL 1.1.0")
introduced support for openssl 1.1.0 and temporarily broke 0.9.8.
In the end the port was not very hard given that the only cause of
build failures were functions supposedly absent from 0.9.8 that in
fact did exist.

Thus, adding a new #if to move these functions for versions older
than 0.9.8 was enough to fix the trouble. It received very light
testing, basically only an SSL bridge decrypting and re-encrypting
traffic, and checking that everything looks right. That said, the
functions specific to 0.9.8 here compared to 1.0.x are only
SSL_SESSION_set1_id_context(), EVP_PKEY_base_id(), and
X509_PUBKEY_get0_param().

diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h
index 17b491f..b137e7a 100644
--- a/include/proto/openssl-compat.h
+++ b/include/proto/openssl-compat.h

@@ -14,22 +14,8 @@
 #include <openssl/dh.h>
 #endif
 
-#if (OPENSSL_VERSION_NUMBER < 0x1000000fL)
-/*
- * Functions introduced in OpenSSL 1.0.1
- */
-static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len)
-{
-	s->sid_ctx_length = sid_ctx_len;
-	memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
-	return 1;
-}
-
-static inline int EVP_PKEY_base_id(const EVP_PKEY *pkey)
-{
-	return EVP_PKEY_type(pkey->type);
-}
-
+#if (OPENSSL_VERSION_NUMBER < 0x0090800fL)
+/* Functions present in OpenSSL 0.9.8, older not tested */
 static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)
 {
 	*sid_length = sess->session_id_length;
@@ -61,15 +47,37 @@
 	return sk_X509_NAME_ENTRY_num(name->entries)
 }
 
-int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
+static inline void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor)
 {
-	*ppkalg = pub->algor->algorithm;
+	*paobj = algor->algorithm;
+}
+
+#endif // OpenSSL < 0.9.8
+
+
+#if (OPENSSL_VERSION_NUMBER < 0x1000000fL)
+/*
+ * Functions introduced in OpenSSL 1.0.1
+ */
+static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len)
+{
+	s->sid_ctx_length = sid_ctx_len;
+	memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
 	return 1;
 }
 
-static inline void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor)
+static inline int EVP_PKEY_base_id(const EVP_PKEY *pkey)
 {
-	*paobj = algor->algorithm;
+	return EVP_PKEY_type(pkey->type);
+}
+
+/* minimal implementation based on the fact that the only known call place
+ * doesn't make use of other arguments.
+ */
+static inline int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
+{
+	*ppkalg = pub->algor->algorithm;
+	return 1;
 }
 
 #ifndef X509_get_X509_PUBKEY