Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 9a1ab081607984bf3bfd2a7f8bf411ad0c19cd0f / . / include / proto / openssl-compat.h
blob: b6bf503c1c1934e976955cd2bc3933af4cfe50c5 [file] [log] [blame]
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]1#ifndef _PROTO_OPENSSL_COMPAT_H
2#define _PROTO_OPENSSL_COMPAT_H
3#include <openssl/crypto.h>
4#include <openssl/ssl.h>
5#include <openssl/x509.h>
6#include <openssl/x509v3.h>
7#include <openssl/x509.h>
8#include <openssl/err.h>
9#include <openssl/rand.h>
10#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
11#include <openssl/ocsp.h>
12#endif
13#ifndef OPENSSL_NO_DH
14#include <openssl/dh.h>
15#endif
16
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame^]17/* This is intended to reflect the ORIGINAL openssl version */
18#define HA_OPENSSL_VERSION_NUMBER OPENSSL_VERSION_NUMBER
19
20#if (HA_OPENSSL_VERSION_NUMBER < 0x0090800fL)
Willy Tarreau80ebacf2016-11-24 20:07:11 +0100[diff] [blame]21/* Functions present in OpenSSL 0.9.8, older not tested */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]22static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)
23{
24 *sid_length = sess->session_id_length;
25 return sess->session_id;
26}
27
28static inline X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
29{
30 return sk_X509_NAME_ENTRY_value(name->entries, loc);
31}
32
33static inline ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
34{
35 return ne->object;
36}
37
38static inline ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
39{
40 return ne->value;
41}
42
43static inline int ASN1_STRING_length(const ASN1_STRING *x)
44{
45 return x->length;
46}
47
48static inline int X509_NAME_entry_count(X509_NAME *name)
49{
50 return sk_X509_NAME_ENTRY_num(name->entries)
51}
52
Willy Tarreau80ebacf2016-11-24 20:07:11 +0100[diff] [blame]53static inline void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]54{
Willy Tarreau80ebacf2016-11-24 20:07:11 +0100[diff] [blame]55 *paobj = algor->algorithm;
56}
57
58#endif // OpenSSL < 0.9.8
59
60
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame^]61#if (HA_OPENSSL_VERSION_NUMBER < 0x1000000fL)
Willy Tarreau2b3205b2017-01-19 17:04:02 +0100[diff] [blame]62/* Functions introduced in OpenSSL 1.0.0 */
Willy Tarreau80ebacf2016-11-24 20:07:11 +0100[diff] [blame]63static inline int EVP_PKEY_base_id(const EVP_PKEY *pkey)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]64{
Willy Tarreau80ebacf2016-11-24 20:07:11 +0100[diff] [blame]65 return EVP_PKEY_type(pkey->type);
66}
67
68/* minimal implementation based on the fact that the only known call place
69 * doesn't make use of other arguments.
70 */
71static inline int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
72{
73 *ppkalg = pub->algor->algorithm;
74 return 1;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]75}
76
77#ifndef X509_get_X509_PUBKEY
78#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key
79#endif
80
81#endif
82
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame^]83#if (HA_OPENSSL_VERSION_NUMBER < 0x1000100fL)
Willy Tarreau2b3205b2017-01-19 17:04:02 +0100[diff] [blame]84/*
85 * Functions introduced in OpenSSL 1.0.1
86 */
87static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len)
88{
89 s->sid_ctx_length = sid_ctx_len;
90 memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
91 return 1;
92}
93#endif
94
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame^]95#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL))
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]96/*
Ilya Shipitsin54832b92019-05-05 23:27:54 +0500[diff] [blame]97 * Functions introduced in OpenSSL 1.1.0 and in LibreSSL 2.7.0
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]98 */
99
100static inline const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length)
101{
102 *sid_ctx_length = sess->sid_ctx_length;
103 return sess->sid_ctx;
104}
105
106static inline int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, unsigned int sid_len)
107{
108 s->session_id_length = sid_len;
109 memcpy(s->session_id, sid, sid_len);
110 return 1;
111}
112
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +0200[diff] [blame]113static inline X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
114{
115 return x->cert_info->signature;
116}
117
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100[diff] [blame]118#if (!defined OPENSSL_NO_OCSP)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]119static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
120{
121 return single->certId;
122}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100[diff] [blame]123#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]124
125static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
126{
127 return ctx->default_passwd_callback;
128}
129
130static inline void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
131{
132 return ctx->default_passwd_callback_userdata;
133}
134
135#ifndef OPENSSL_NO_DH
136static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
137{
138 /* Implements only the bare necessities for HAProxy */
139 dh->p = p;
140 dh->g = g;
141 return 1;
142}
143#endif
144
145static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
146{
147 return x->data;
148}
149
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]150#endif
151
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame^]152#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]153#define __OPENSSL_110_CONST__ const
154#else
155#define __OPENSSL_110_CONST__
156#endif
157
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100[diff] [blame]158#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100[diff] [blame]159
160static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
161{
162 return EVP_PKEY_type(pkey->type);
163}
164#endif
165
Willy Tarreaua4fb8ed2017-01-19 16:50:25 +0100[diff] [blame]166/* ERR_remove_state() was deprecated in 1.0.0 in favor of
167 * ERR_remove_thread_state(), which was in turn deprecated in
168 * 1.1.0 and does nothing anymore. Let's simply silently kill
169 * it.
170 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame^]171#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Willy Tarreaua4fb8ed2017-01-19 16:50:25 +0100[diff] [blame]172#undef ERR_remove_state
173#define ERR_remove_state(x)
174#endif
175
Willy Tarreau77d88da2017-01-19 17:10:54 +0100[diff] [blame]176
177/* RAND_pseudo_bytes() is deprecated in 1.1.0 in favor of RAND_bytes(). Note
178 * that the return codes differ, but it happens that the only use case (ticket
179 * key update) was already wrong, considering a non-cryptographic random as a
180 * failure.
181 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame^]182#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Willy Tarreau77d88da2017-01-19 17:10:54 +0100[diff] [blame]183#undef RAND_pseudo_bytes
184#define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
185#endif
186
Emmanuel Hocdet8c2ddc22017-07-19 16:04:05 +0200[diff] [blame]187
188/* Signature from RFC 5246, missing in openssl < 1.0.1 */
189#ifndef TLSEXT_signature_anonymous
190#define TLSEXT_signature_anonymous 0
191#define TLSEXT_signature_rsa 1
192#define TLSEXT_signature_dsa 2
193#define TLSEXT_signature_ecdsa 3
194#endif
195
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]196#endif /* _PROTO_OPENSSL_COMPAT_H */