Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 8d164dc5684a9ccf7afa4cf0ef0bbcad290c3222 / . / include / common / openssl-compat.h
blob: 0ceca08376366b40a0c16fb36423cd1fc98e975c [file] [log] [blame]
Willy Tarreau55994562019-05-09 14:52:44 +0200[diff] [blame]1#ifndef _COMMON_OPENSSL_COMPAT_H
2#define _COMMON_OPENSSL_COMPAT_H
Willy Tarreau8d164dc2019-05-10 09:35:00 +0200[diff] [blame^]3
4#include <openssl/bn.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]5#include <openssl/crypto.h>
6#include <openssl/ssl.h>
7#include <openssl/x509.h>
8#include <openssl/x509v3.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]9#include <openssl/err.h>
10#include <openssl/rand.h>
Willy Tarreau8d164dc2019-05-10 09:35:00 +0200[diff] [blame^]11#include <openssl/hmac.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]12#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
13#include <openssl/ocsp.h>
14#endif
15#ifndef OPENSSL_NO_DH
16#include <openssl/dh.h>
17#endif
Willy Tarreau8d164dc2019-05-10 09:35:00 +0200[diff] [blame^]18#ifndef OPENSSL_NO_ENGINE
19#include <openssl/engine.h>
20#endif
21
22#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
23#include <openssl/async.h>
24#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]25
Willy Tarreau1d158ab2019-05-09 13:41:45 +0200[diff] [blame]26#if defined(LIBRESSL_VERSION_NUMBER)
27/* LibreSSL is a fork of OpenSSL 1.0.1g but pretends to be 2.0.0, thus
28 * systematically breaking when some code is written for a specific version
29 * of OpenSSL. Let's make it appear like what it really is and deal with
30 * extra features with ORs and not with AND NOT.
31 */
32#define HA_OPENSSL_VERSION_NUMBER 0x1000107fL
33#else /* this is for a real OpenSSL or a truly compatible derivative */
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame]34#define HA_OPENSSL_VERSION_NUMBER OPENSSL_VERSION_NUMBER
Willy Tarreau1d158ab2019-05-09 13:41:45 +0200[diff] [blame]35#endif
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame]36
Willy Tarreau9356dac2019-05-10 09:22:53 +0200[diff] [blame]37#ifndef OPENSSL_VERSION
38#define OPENSSL_VERSION SSLEAY_VERSION
39#define OpenSSL_version(x) SSLeay_version(x)
40#define OpenSSL_version_num SSLeay
41#endif
42
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame]43#if (HA_OPENSSL_VERSION_NUMBER < 0x0090800fL)
Willy Tarreau80ebacf2016-11-24 20:07:11 +0100[diff] [blame]44/* Functions present in OpenSSL 0.9.8, older not tested */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]45static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)
46{
47 *sid_length = sess->session_id_length;
48 return sess->session_id;
49}
50
51static inline X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
52{
53 return sk_X509_NAME_ENTRY_value(name->entries, loc);
54}
55
56static inline ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
57{
58 return ne->object;
59}
60
61static inline ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
62{
63 return ne->value;
64}
65
66static inline int ASN1_STRING_length(const ASN1_STRING *x)
67{
68 return x->length;
69}
70
71static inline int X509_NAME_entry_count(X509_NAME *name)
72{
73 return sk_X509_NAME_ENTRY_num(name->entries)
74}
75
Willy Tarreau80ebacf2016-11-24 20:07:11 +0100[diff] [blame]76static inline void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]77{
Willy Tarreau80ebacf2016-11-24 20:07:11 +0100[diff] [blame]78 *paobj = algor->algorithm;
79}
80
81#endif // OpenSSL < 0.9.8
82
83
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame]84#if (HA_OPENSSL_VERSION_NUMBER < 0x1000000fL)
Willy Tarreau2b3205b2017-01-19 17:04:02 +0100[diff] [blame]85/* Functions introduced in OpenSSL 1.0.0 */
Willy Tarreau80ebacf2016-11-24 20:07:11 +0100[diff] [blame]86static inline int EVP_PKEY_base_id(const EVP_PKEY *pkey)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]87{
Willy Tarreau80ebacf2016-11-24 20:07:11 +0100[diff] [blame]88 return EVP_PKEY_type(pkey->type);
89}
90
91/* minimal implementation based on the fact that the only known call place
92 * doesn't make use of other arguments.
93 */
94static inline int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
95{
96 *ppkalg = pub->algor->algorithm;
97 return 1;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]98}
99
100#ifndef X509_get_X509_PUBKEY
101#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key
102#endif
103
104#endif
105
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame]106#if (HA_OPENSSL_VERSION_NUMBER < 0x1000100fL)
Willy Tarreau2b3205b2017-01-19 17:04:02 +0100[diff] [blame]107/*
108 * Functions introduced in OpenSSL 1.0.1
109 */
110static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len)
111{
112 s->sid_ctx_length = sid_ctx_len;
113 memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
114 return 1;
115}
116#endif
117
Willy Tarreau1d158ab2019-05-09 13:41:45 +0200[diff] [blame]118#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]119/*
Ilya Shipitsin54832b92019-05-05 23:27:54 +0500[diff] [blame]120 * Functions introduced in OpenSSL 1.1.0 and in LibreSSL 2.7.0
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]121 */
122
123static inline const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length)
124{
125 *sid_ctx_length = sess->sid_ctx_length;
126 return sess->sid_ctx;
127}
128
129static inline int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, unsigned int sid_len)
130{
131 s->session_id_length = sid_len;
132 memcpy(s->session_id, sid, sid_len);
133 return 1;
134}
135
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +0200[diff] [blame]136static inline X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
137{
138 return x->cert_info->signature;
139}
140
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100[diff] [blame]141#if (!defined OPENSSL_NO_OCSP)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]142static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
143{
144 return single->certId;
145}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100[diff] [blame]146#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]147
148static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
149{
150 return ctx->default_passwd_callback;
151}
152
153static inline void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
154{
155 return ctx->default_passwd_callback_userdata;
156}
157
158#ifndef OPENSSL_NO_DH
159static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
160{
161 /* Implements only the bare necessities for HAProxy */
162 dh->p = p;
163 dh->g = g;
164 return 1;
165}
166#endif
167
168static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
169{
170 return x->data;
171}
172
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]173#endif
174
Willy Tarreau1d158ab2019-05-09 13:41:45 +0200[diff] [blame]175#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) || (LIBRESSL_VERSION_NUMBER >= 0x2070200fL)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200[diff] [blame]176#define __OPENSSL_110_CONST__ const
177#else
178#define __OPENSSL_110_CONST__
179#endif
180
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100[diff] [blame]181#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100[diff] [blame]182
183static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
184{
185 return EVP_PKEY_type(pkey->type);
186}
187#endif
188
Willy Tarreaua4fb8ed2017-01-19 16:50:25 +0100[diff] [blame]189/* ERR_remove_state() was deprecated in 1.0.0 in favor of
190 * ERR_remove_thread_state(), which was in turn deprecated in
191 * 1.1.0 and does nothing anymore. Let's simply silently kill
192 * it.
193 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame]194#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Willy Tarreaua4fb8ed2017-01-19 16:50:25 +0100[diff] [blame]195#undef ERR_remove_state
196#define ERR_remove_state(x)
197#endif
198
Willy Tarreau77d88da2017-01-19 17:10:54 +0100[diff] [blame]199
200/* RAND_pseudo_bytes() is deprecated in 1.1.0 in favor of RAND_bytes(). Note
201 * that the return codes differ, but it happens that the only use case (ticket
202 * key update) was already wrong, considering a non-cryptographic random as a
203 * failure.
204 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200[diff] [blame]205#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Willy Tarreau77d88da2017-01-19 17:10:54 +0100[diff] [blame]206#undef RAND_pseudo_bytes
207#define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
208#endif
209
Emmanuel Hocdet8c2ddc22017-07-19 16:04:05 +0200[diff] [blame]210
211/* Signature from RFC 5246, missing in openssl < 1.0.1 */
212#ifndef TLSEXT_signature_anonymous
213#define TLSEXT_signature_anonymous 0
214#define TLSEXT_signature_rsa 1
215#define TLSEXT_signature_dsa 2
216#define TLSEXT_signature_ecdsa 3
217#endif
218
Willy Tarreau9356dac2019-05-10 09:22:53 +0200[diff] [blame]219#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (LIBRESSL_VERSION_NUMBER < 0x20700000L)
220#define X509_getm_notBefore X509_get_notBefore
221#define X509_getm_notAfter X509_get_notAfter
222#endif
223
224#if (OPENSSL_VERSION_NUMBER < 0x1010000fL || defined LIBRESSL_VERSION_NUMBER)
225#define EVP_CTRL_AEAD_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN
226#define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG
227#endif
228
229/* Supported hash function for TLS tickets */
230#ifdef OPENSSL_NO_SHA256
231#define TLS_TICKET_HASH_FUNCT EVP_sha1
232#else
233#define TLS_TICKET_HASH_FUNCT EVP_sha256
234#endif /* OPENSSL_NO_SHA256 */
235
Willy Tarreau55994562019-05-09 14:52:44 +0200[diff] [blame]236#endif /* _COMMON_OPENSSL_COMPAT_H */