Willy Tarreau | 5599456 | 2019-05-09 14:52:44 +0200 | [diff] [blame] | 1 | #ifndef _COMMON_OPENSSL_COMPAT_H |
| 2 | #define _COMMON_OPENSSL_COMPAT_H |
Willy Tarreau | c125cef | 2019-05-10 09:58:43 +0200 | [diff] [blame] | 3 | #ifdef USE_OPENSSL |
Willy Tarreau | 8d164dc | 2019-05-10 09:35:00 +0200 | [diff] [blame] | 4 | |
| 5 | #include <openssl/bn.h> |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 6 | #include <openssl/crypto.h> |
| 7 | #include <openssl/ssl.h> |
| 8 | #include <openssl/x509.h> |
| 9 | #include <openssl/x509v3.h> |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 10 | #include <openssl/err.h> |
| 11 | #include <openssl/rand.h> |
Willy Tarreau | 8d164dc | 2019-05-10 09:35:00 +0200 | [diff] [blame] | 12 | #include <openssl/hmac.h> |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 13 | #if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) |
| 14 | #include <openssl/ocsp.h> |
| 15 | #endif |
| 16 | #ifndef OPENSSL_NO_DH |
| 17 | #include <openssl/dh.h> |
| 18 | #endif |
Willy Tarreau | 8d164dc | 2019-05-10 09:35:00 +0200 | [diff] [blame] | 19 | #ifndef OPENSSL_NO_ENGINE |
| 20 | #include <openssl/engine.h> |
| 21 | #endif |
| 22 | |
| 23 | #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER) |
| 24 | #include <openssl/async.h> |
| 25 | #endif |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 26 | |
Willy Tarreau | 1d158ab | 2019-05-09 13:41:45 +0200 | [diff] [blame] | 27 | #if defined(LIBRESSL_VERSION_NUMBER) |
| 28 | /* LibreSSL is a fork of OpenSSL 1.0.1g but pretends to be 2.0.0, thus |
| 29 | * systematically breaking when some code is written for a specific version |
| 30 | * of OpenSSL. Let's make it appear like what it really is and deal with |
| 31 | * extra features with ORs and not with AND NOT. |
| 32 | */ |
| 33 | #define HA_OPENSSL_VERSION_NUMBER 0x1000107fL |
| 34 | #else /* this is for a real OpenSSL or a truly compatible derivative */ |
Willy Tarreau | 9a1ab08 | 2019-05-09 13:26:41 +0200 | [diff] [blame] | 35 | #define HA_OPENSSL_VERSION_NUMBER OPENSSL_VERSION_NUMBER |
Willy Tarreau | 1d158ab | 2019-05-09 13:41:45 +0200 | [diff] [blame] | 36 | #endif |
Willy Tarreau | 9a1ab08 | 2019-05-09 13:26:41 +0200 | [diff] [blame] | 37 | |
Willy Tarreau | 9356dac | 2019-05-10 09:22:53 +0200 | [diff] [blame] | 38 | #ifndef OPENSSL_VERSION |
| 39 | #define OPENSSL_VERSION SSLEAY_VERSION |
| 40 | #define OpenSSL_version(x) SSLeay_version(x) |
| 41 | #define OpenSSL_version_num SSLeay |
| 42 | #endif |
| 43 | |
Willy Tarreau | 9a1ab08 | 2019-05-09 13:26:41 +0200 | [diff] [blame] | 44 | #if (HA_OPENSSL_VERSION_NUMBER < 0x0090800fL) |
Willy Tarreau | 80ebacf | 2016-11-24 20:07:11 +0100 | [diff] [blame] | 45 | /* Functions present in OpenSSL 0.9.8, older not tested */ |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 46 | static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length) |
| 47 | { |
| 48 | *sid_length = sess->session_id_length; |
| 49 | return sess->session_id; |
| 50 | } |
| 51 | |
| 52 | static inline X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc) |
| 53 | { |
| 54 | return sk_X509_NAME_ENTRY_value(name->entries, loc); |
| 55 | } |
| 56 | |
| 57 | static inline ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne) |
| 58 | { |
| 59 | return ne->object; |
| 60 | } |
| 61 | |
| 62 | static inline ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne) |
| 63 | { |
| 64 | return ne->value; |
| 65 | } |
| 66 | |
| 67 | static inline int ASN1_STRING_length(const ASN1_STRING *x) |
| 68 | { |
| 69 | return x->length; |
| 70 | } |
| 71 | |
| 72 | static inline int X509_NAME_entry_count(X509_NAME *name) |
| 73 | { |
| 74 | return sk_X509_NAME_ENTRY_num(name->entries) |
| 75 | } |
| 76 | |
Willy Tarreau | 80ebacf | 2016-11-24 20:07:11 +0100 | [diff] [blame] | 77 | static inline void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor) |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 78 | { |
Willy Tarreau | 80ebacf | 2016-11-24 20:07:11 +0100 | [diff] [blame] | 79 | *paobj = algor->algorithm; |
| 80 | } |
| 81 | |
| 82 | #endif // OpenSSL < 0.9.8 |
| 83 | |
| 84 | |
Willy Tarreau | 9a1ab08 | 2019-05-09 13:26:41 +0200 | [diff] [blame] | 85 | #if (HA_OPENSSL_VERSION_NUMBER < 0x1000000fL) |
Willy Tarreau | 2b3205b | 2017-01-19 17:04:02 +0100 | [diff] [blame] | 86 | /* Functions introduced in OpenSSL 1.0.0 */ |
Willy Tarreau | 80ebacf | 2016-11-24 20:07:11 +0100 | [diff] [blame] | 87 | static inline int EVP_PKEY_base_id(const EVP_PKEY *pkey) |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 88 | { |
Willy Tarreau | 80ebacf | 2016-11-24 20:07:11 +0100 | [diff] [blame] | 89 | return EVP_PKEY_type(pkey->type); |
| 90 | } |
| 91 | |
| 92 | /* minimal implementation based on the fact that the only known call place |
| 93 | * doesn't make use of other arguments. |
| 94 | */ |
| 95 | static inline int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub) |
| 96 | { |
| 97 | *ppkalg = pub->algor->algorithm; |
| 98 | return 1; |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 99 | } |
| 100 | |
| 101 | #ifndef X509_get_X509_PUBKEY |
| 102 | #define X509_get_X509_PUBKEY(x) ((x)->cert_info->key |
| 103 | #endif |
| 104 | |
| 105 | #endif |
| 106 | |
Willy Tarreau | 9a1ab08 | 2019-05-09 13:26:41 +0200 | [diff] [blame] | 107 | #if (HA_OPENSSL_VERSION_NUMBER < 0x1000100fL) |
Willy Tarreau | 2b3205b | 2017-01-19 17:04:02 +0100 | [diff] [blame] | 108 | /* |
| 109 | * Functions introduced in OpenSSL 1.0.1 |
| 110 | */ |
| 111 | static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len) |
| 112 | { |
| 113 | s->sid_ctx_length = sid_ctx_len; |
| 114 | memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); |
| 115 | return 1; |
| 116 | } |
| 117 | #endif |
| 118 | |
William Lallemand | 89f5807 | 2019-10-23 19:40:28 +0200 | [diff] [blame] | 119 | |
William Lallemand | 705e088 | 2019-10-23 23:15:46 +0200 | [diff] [blame] | 120 | #if (HA_OPENSSL_VERSION_NUMBER < 0x1000200fL) && (LIBRESSL_VERSION_NUMBER < 0x2070500fL) |
William Lallemand | 89f5807 | 2019-10-23 19:40:28 +0200 | [diff] [blame] | 121 | /* introduced in openssl 1.0.2 */ |
| 122 | |
| 123 | static inline STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain) |
| 124 | { |
| 125 | STACK_OF(X509) *ret; |
| 126 | int i; |
| 127 | |
| 128 | if ((ret = sk_X509_dup(chain)) == NULL) |
| 129 | return NULL; |
| 130 | for (i = 0; i < sk_X509_num(ret); i++) { |
| 131 | X509 *x = sk_X509_value(ret, i); |
| 132 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); |
| 133 | } |
| 134 | return ret; |
| 135 | } |
| 136 | |
| 137 | #endif |
| 138 | |
Emmanuel Hocdet | d4f9a60 | 2019-10-24 11:32:47 +0200 | [diff] [blame] | 139 | #ifdef OPENSSL_IS_BORINGSSL |
| 140 | /* |
| 141 | * Functions missing in BoringSSL |
| 142 | */ |
| 143 | |
| 144 | static inline X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a) |
| 145 | { |
| 146 | if (a == NULL || a->type != X509_LU_CRL) { |
| 147 | return NULL; |
| 148 | } |
| 149 | return a->data.crl; |
| 150 | } |
| 151 | #endif |
| 152 | |
Willy Tarreau | 1d158ab | 2019-05-09 13:41:45 +0200 | [diff] [blame] | 153 | #if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL) |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 154 | /* |
Ilya Shipitsin | 54832b9 | 2019-05-05 23:27:54 +0500 | [diff] [blame] | 155 | * Functions introduced in OpenSSL 1.1.0 and in LibreSSL 2.7.0 |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 156 | */ |
| 157 | |
Emmanuel Hocdet | e9a100e | 2019-12-02 11:41:23 +0100 | [diff] [blame] | 158 | static inline STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *st) |
| 159 | { |
| 160 | return st->objs; |
| 161 | } |
| 162 | |
| 163 | static inline int X509_OBJECT_get_type(const X509_OBJECT *a) |
| 164 | { |
| 165 | return a->type; |
| 166 | } |
| 167 | |
| 168 | static inline X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a) |
| 169 | { |
| 170 | if (a == NULL || a->type != X509_LU_X509) { |
| 171 | return NULL; |
| 172 | } |
| 173 | return a->data.x509; |
| 174 | } |
| 175 | |
| 176 | static inline X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a) |
| 177 | { |
| 178 | if (a == NULL || a->type != X509_LU_CRL) { |
| 179 | return NULL; |
| 180 | } |
| 181 | return a->data.crl; |
| 182 | } |
| 183 | |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 184 | static inline const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length) |
| 185 | { |
| 186 | *sid_ctx_length = sess->sid_ctx_length; |
| 187 | return sess->sid_ctx; |
| 188 | } |
| 189 | |
| 190 | static inline int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, unsigned int sid_len) |
| 191 | { |
| 192 | s->session_id_length = sid_len; |
| 193 | memcpy(s->session_id, sid, sid_len); |
| 194 | return 1; |
| 195 | } |
| 196 | |
Emmanuel Hocdet | 019f9b1 | 2017-10-02 17:12:06 +0200 | [diff] [blame] | 197 | static inline X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) |
| 198 | { |
| 199 | return x->cert_info->signature; |
| 200 | } |
| 201 | |
Emmanuel Hocdet | fdec789 | 2017-01-13 17:48:18 +0100 | [diff] [blame] | 202 | #if (!defined OPENSSL_NO_OCSP) |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 203 | static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) |
| 204 | { |
| 205 | return single->certId; |
| 206 | } |
Emmanuel Hocdet | fdec789 | 2017-01-13 17:48:18 +0100 | [diff] [blame] | 207 | #endif |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 208 | |
| 209 | static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) |
| 210 | { |
| 211 | return ctx->default_passwd_callback; |
| 212 | } |
| 213 | |
| 214 | static inline void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) |
| 215 | { |
| 216 | return ctx->default_passwd_callback_userdata; |
| 217 | } |
| 218 | |
| 219 | #ifndef OPENSSL_NO_DH |
| 220 | static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) |
| 221 | { |
| 222 | /* Implements only the bare necessities for HAProxy */ |
| 223 | dh->p = p; |
| 224 | dh->g = g; |
| 225 | return 1; |
| 226 | } |
| 227 | #endif |
| 228 | |
| 229 | static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) |
| 230 | { |
| 231 | return x->data; |
| 232 | } |
| 233 | |
William Lallemand | 89f5807 | 2019-10-23 19:40:28 +0200 | [diff] [blame] | 234 | static inline void X509_up_ref(X509 *x) |
| 235 | { |
| 236 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); |
| 237 | } |
| 238 | |
| 239 | static inline void EVP_PKEY_up_ref(EVP_PKEY *pkey) |
| 240 | { |
| 241 | CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); |
| 242 | } |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 243 | #endif |
| 244 | |
Willy Tarreau | 1d158ab | 2019-05-09 13:41:45 +0200 | [diff] [blame] | 245 | #if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) || (LIBRESSL_VERSION_NUMBER >= 0x2070200fL) |
Dirkjan Bussink | 1866d6d | 2016-08-29 13:26:37 +0200 | [diff] [blame] | 246 | #define __OPENSSL_110_CONST__ const |
| 247 | #else |
| 248 | #define __OPENSSL_110_CONST__ |
| 249 | #endif |
| 250 | |
Willy Tarreau | a4fb8ed | 2017-01-19 16:50:25 +0100 | [diff] [blame] | 251 | /* ERR_remove_state() was deprecated in 1.0.0 in favor of |
| 252 | * ERR_remove_thread_state(), which was in turn deprecated in |
| 253 | * 1.1.0 and does nothing anymore. Let's simply silently kill |
| 254 | * it. |
| 255 | */ |
Willy Tarreau | 9a1ab08 | 2019-05-09 13:26:41 +0200 | [diff] [blame] | 256 | #if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) |
Willy Tarreau | a4fb8ed | 2017-01-19 16:50:25 +0100 | [diff] [blame] | 257 | #undef ERR_remove_state |
| 258 | #define ERR_remove_state(x) |
| 259 | #endif |
| 260 | |
Willy Tarreau | 77d88da | 2017-01-19 17:10:54 +0100 | [diff] [blame] | 261 | |
| 262 | /* RAND_pseudo_bytes() is deprecated in 1.1.0 in favor of RAND_bytes(). Note |
| 263 | * that the return codes differ, but it happens that the only use case (ticket |
| 264 | * key update) was already wrong, considering a non-cryptographic random as a |
| 265 | * failure. |
| 266 | */ |
Willy Tarreau | 9a1ab08 | 2019-05-09 13:26:41 +0200 | [diff] [blame] | 267 | #if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) |
Willy Tarreau | 77d88da | 2017-01-19 17:10:54 +0100 | [diff] [blame] | 268 | #undef RAND_pseudo_bytes |
| 269 | #define RAND_pseudo_bytes(x,y) RAND_bytes(x,y) |
| 270 | #endif |
| 271 | |
Emmanuel Hocdet | 8c2ddc2 | 2017-07-19 16:04:05 +0200 | [diff] [blame] | 272 | |
| 273 | /* Signature from RFC 5246, missing in openssl < 1.0.1 */ |
| 274 | #ifndef TLSEXT_signature_anonymous |
| 275 | #define TLSEXT_signature_anonymous 0 |
| 276 | #define TLSEXT_signature_rsa 1 |
| 277 | #define TLSEXT_signature_dsa 2 |
| 278 | #define TLSEXT_signature_ecdsa 3 |
| 279 | #endif |
| 280 | |
Rosen Penev | b3814c2 | 2019-12-19 12:54:13 -0800 | [diff] [blame] | 281 | #if ((HA_OPENSSL_VERSION_NUMBER < 0x1010000fL) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL)) ||\ |
| 282 | defined(OPENSSL_IS_BORINGSSL) |
Willy Tarreau | 9356dac | 2019-05-10 09:22:53 +0200 | [diff] [blame] | 283 | #define X509_getm_notBefore X509_get_notBefore |
| 284 | #define X509_getm_notAfter X509_get_notAfter |
| 285 | #endif |
| 286 | |
Ilya Shipitsin | 056c629 | 2020-01-18 18:42:45 +0500 | [diff] [blame] | 287 | #if !defined(EVP_CTRL_AEAD_SET_IVLEN) |
Willy Tarreau | 9356dac | 2019-05-10 09:22:53 +0200 | [diff] [blame] | 288 | #define EVP_CTRL_AEAD_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN |
Ilya Shipitsin | 056c629 | 2020-01-18 18:42:45 +0500 | [diff] [blame] | 289 | #endif |
| 290 | |
| 291 | #if !defined(EVP_CTRL_AEAD_SET_TAG) |
Willy Tarreau | 9356dac | 2019-05-10 09:22:53 +0200 | [diff] [blame] | 292 | #define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG |
| 293 | #endif |
| 294 | |
| 295 | /* Supported hash function for TLS tickets */ |
| 296 | #ifdef OPENSSL_NO_SHA256 |
| 297 | #define TLS_TICKET_HASH_FUNCT EVP_sha1 |
| 298 | #else |
| 299 | #define TLS_TICKET_HASH_FUNCT EVP_sha256 |
| 300 | #endif /* OPENSSL_NO_SHA256 */ |
| 301 | |
Willy Tarreau | 366a698 | 2019-05-11 17:09:44 +0200 | [diff] [blame] | 302 | #ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */ |
| 303 | #define SSL_OP_CIPHER_SERVER_PREFERENCE 0 |
| 304 | #endif |
| 305 | |
| 306 | #ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */ |
| 307 | #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0 |
| 308 | #define SSL_renegotiate_pending(arg) 0 |
| 309 | #endif |
| 310 | |
| 311 | #ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */ |
| 312 | #define SSL_OP_SINGLE_ECDH_USE 0 |
| 313 | #endif |
| 314 | |
| 315 | #ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */ |
| 316 | #define SSL_OP_NO_TICKET 0 |
| 317 | #endif |
| 318 | |
| 319 | #ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */ |
| 320 | #define SSL_OP_NO_COMPRESSION 0 |
| 321 | #endif |
| 322 | |
| 323 | #ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */ |
| 324 | #undef SSL_OP_NO_SSLv3 |
| 325 | #define SSL_OP_NO_SSLv3 0 |
| 326 | #endif |
| 327 | |
| 328 | #ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */ |
| 329 | #define SSL_OP_NO_TLSv1_1 0 |
| 330 | #endif |
| 331 | |
| 332 | #ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */ |
| 333 | #define SSL_OP_NO_TLSv1_2 0 |
| 334 | #endif |
| 335 | |
| 336 | #ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */ |
| 337 | #define SSL_OP_NO_TLSv1_3 0 |
| 338 | #endif |
| 339 | |
| 340 | #ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */ |
| 341 | #define SSL_OP_SINGLE_DH_USE 0 |
| 342 | #endif |
| 343 | |
| 344 | #ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */ |
| 345 | #define SSL_OP_SINGLE_ECDH_USE 0 |
| 346 | #endif |
| 347 | |
| 348 | #ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */ |
| 349 | #define SSL_MODE_RELEASE_BUFFERS 0 |
| 350 | #endif |
| 351 | |
| 352 | #ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */ |
| 353 | #define SSL_MODE_SMALL_BUFFERS 0 |
| 354 | #endif |
| 355 | |
| 356 | #ifndef SSL_OP_PRIORITIZE_CHACHA /* needs OpenSSL >= 1.1.1 */ |
| 357 | #define SSL_OP_PRIORITIZE_CHACHA 0 |
| 358 | #endif |
| 359 | |
Willy Tarreau | 11b1671 | 2019-05-11 17:02:04 +0200 | [diff] [blame] | 360 | #ifndef SSL_CTRL_GET_EXTRA_CHAIN_CERTS |
| 361 | #define SSL_CTX_get_extra_chain_certs(ctx, chain) do { *(chain) = (ctx)->extra_certs; } while (0) |
| 362 | #endif |
| 363 | |
Willy Tarreau | 295d614 | 2019-05-11 17:34:03 +0200 | [diff] [blame] | 364 | #if HA_OPENSSL_VERSION_NUMBER < 0x10100000L |
| 365 | #define BIO_get_data(b) (b)->ptr |
| 366 | #define BIO_set_data(b, v) do { (b)->ptr = (v); } while (0) |
| 367 | #define BIO_set_init(b, v) do { (b)->init = (v); } while (0) |
| 368 | |
| 369 | #define BIO_meth_free(m) free(m) |
| 370 | #define BIO_meth_new(type, name) calloc(1, sizeof(BIO_METHOD)) |
| 371 | #define BIO_meth_set_gets(m, f) do { (m)->bgets = (f); } while (0) |
| 372 | #define BIO_meth_set_puts(m, f) do { (m)->bputs = (f); } while (0) |
| 373 | #define BIO_meth_set_read(m, f) do { (m)->bread = (f); } while (0) |
| 374 | #define BIO_meth_set_write(m, f) do { (m)->bwrite = (f); } while (0) |
| 375 | #define BIO_meth_set_create(m, f) do { (m)->create = (f); } while (0) |
| 376 | #define BIO_meth_set_ctrl(m, f) do { (m)->ctrl = (f); } while (0) |
| 377 | #define BIO_meth_set_destroy(m, f) do { (m)->destroy = (f); } while (0) |
| 378 | #endif |
| 379 | |
Lukas Tribus | a26d1e1 | 2019-12-20 18:47:18 +0100 | [diff] [blame] | 380 | #ifndef SSL_CTX_set_ecdh_auto |
| 381 | #define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) |
| 382 | #endif |
| 383 | |
Willy Tarreau | c125cef | 2019-05-10 09:58:43 +0200 | [diff] [blame] | 384 | #endif /* USE_OPENSSL */ |
Willy Tarreau | 5599456 | 2019-05-09 14:52:44 +0200 | [diff] [blame] | 385 | #endif /* _COMMON_OPENSSL_COMPAT_H */ |