blob: b6fe1d2c1ded4f64bb41bcc3854b7a25b1b0df24 [file] [log] [blame]
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001#ifndef _PROTO_OPENSSL_COMPAT_H
2#define _PROTO_OPENSSL_COMPAT_H
3#include <openssl/crypto.h>
4#include <openssl/ssl.h>
5#include <openssl/x509.h>
6#include <openssl/x509v3.h>
7#include <openssl/x509.h>
8#include <openssl/err.h>
9#include <openssl/rand.h>
10#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
11#include <openssl/ocsp.h>
12#endif
13#ifndef OPENSSL_NO_DH
14#include <openssl/dh.h>
15#endif
16
Willy Tarreau80ebacf2016-11-24 20:07:11 +010017#if (OPENSSL_VERSION_NUMBER < 0x0090800fL)
18/* Functions present in OpenSSL 0.9.8, older not tested */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020019static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)
20{
21 *sid_length = sess->session_id_length;
22 return sess->session_id;
23}
24
25static inline X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
26{
27 return sk_X509_NAME_ENTRY_value(name->entries, loc);
28}
29
30static inline ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
31{
32 return ne->object;
33}
34
35static inline ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
36{
37 return ne->value;
38}
39
40static inline int ASN1_STRING_length(const ASN1_STRING *x)
41{
42 return x->length;
43}
44
45static inline int X509_NAME_entry_count(X509_NAME *name)
46{
47 return sk_X509_NAME_ENTRY_num(name->entries)
48}
49
Willy Tarreau80ebacf2016-11-24 20:07:11 +010050static inline void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020051{
Willy Tarreau80ebacf2016-11-24 20:07:11 +010052 *paobj = algor->algorithm;
53}
54
55#endif // OpenSSL < 0.9.8
56
57
58#if (OPENSSL_VERSION_NUMBER < 0x1000000fL)
Willy Tarreau2b3205b2017-01-19 17:04:02 +010059/* Functions introduced in OpenSSL 1.0.0 */
Willy Tarreau80ebacf2016-11-24 20:07:11 +010060static inline int EVP_PKEY_base_id(const EVP_PKEY *pkey)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020061{
Willy Tarreau80ebacf2016-11-24 20:07:11 +010062 return EVP_PKEY_type(pkey->type);
63}
64
65/* minimal implementation based on the fact that the only known call place
66 * doesn't make use of other arguments.
67 */
68static inline int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
69{
70 *ppkalg = pub->algor->algorithm;
71 return 1;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020072}
73
74#ifndef X509_get_X509_PUBKEY
75#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key
76#endif
77
78#endif
79
Willy Tarreau2b3205b2017-01-19 17:04:02 +010080#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
81/*
82 * Functions introduced in OpenSSL 1.0.1
83 */
84static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len)
85{
86 s->sid_ctx_length = sid_ctx_len;
87 memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
88 return 1;
89}
90#endif
91
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +020092#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020093/*
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +020094 * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL / BoringSSL
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020095 */
96
97static inline const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length)
98{
99 *sid_ctx_length = sess->sid_ctx_length;
100 return sess->sid_ctx;
101}
102
103static inline int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, unsigned int sid_len)
104{
105 s->session_id_length = sid_len;
106 memcpy(s->session_id, sid, sid_len);
107 return 1;
108}
109
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +0200110static inline X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
111{
112 return x->cert_info->signature;
113}
114
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100115#if (!defined OPENSSL_NO_OCSP)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200116static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
117{
118 return single->certId;
119}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100120#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200121
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +0200122#endif
123
124#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
125/*
126 * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
127 */
128
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200129static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
130{
131 return ctx->default_passwd_callback;
132}
133
134static inline void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
135{
136 return ctx->default_passwd_callback_userdata;
137}
138
139#ifndef OPENSSL_NO_DH
140static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
141{
142 /* Implements only the bare necessities for HAProxy */
143 dh->p = p;
144 dh->g = g;
145 return 1;
146}
147#endif
148
149static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
150{
151 return x->data;
152}
153
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200154#endif
155
156#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
157#define __OPENSSL_110_CONST__ const
158#else
159#define __OPENSSL_110_CONST__
160#endif
161
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100162#ifdef OPENSSL_IS_BORINGSSL
163#define SSL_NO_GENERATE_CERTIFICATES
164
165static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
166{
167 return EVP_PKEY_type(pkey->type);
168}
169#endif
170
Willy Tarreaua4fb8ed2017-01-19 16:50:25 +0100171/* ERR_remove_state() was deprecated in 1.0.0 in favor of
172 * ERR_remove_thread_state(), which was in turn deprecated in
173 * 1.1.0 and does nothing anymore. Let's simply silently kill
174 * it.
175 */
176#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
177#undef ERR_remove_state
178#define ERR_remove_state(x)
179#endif
180
Willy Tarreau77d88da2017-01-19 17:10:54 +0100181
182/* RAND_pseudo_bytes() is deprecated in 1.1.0 in favor of RAND_bytes(). Note
183 * that the return codes differ, but it happens that the only use case (ticket
184 * key update) was already wrong, considering a non-cryptographic random as a
185 * failure.
186 */
187#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
188#undef RAND_pseudo_bytes
189#define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
190#endif
191
Emmanuel Hocdet8c2ddc22017-07-19 16:04:05 +0200192
193/* Signature from RFC 5246, missing in openssl < 1.0.1 */
194#ifndef TLSEXT_signature_anonymous
195#define TLSEXT_signature_anonymous 0
196#define TLSEXT_signature_rsa 1
197#define TLSEXT_signature_dsa 2
198#define TLSEXT_signature_ecdsa 3
199#endif
200
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200201#endif /* _PROTO_OPENSSL_COMPAT_H */