Blame - include/proto/openssl-compat.h - haproxy

blob: 7261a7b7f9722bb478e25d050b9a84944057f085 [file] [log] [blame]

Dirkjan Bussink	1866d6d	2016-08-29 13:26:37 +0200	[diff] [blame]	1	#ifndef _PROTO_OPENSSL_COMPAT_H
				2	#define _PROTO_OPENSSL_COMPAT_H
				3	#include <openssl/crypto.h>
				4	#include <openssl/ssl.h>
				5	#include <openssl/x509.h>
				6	#include <openssl/x509v3.h>
				7	#include <openssl/x509.h>
				8	#include <openssl/err.h>
				9	#include <openssl/rand.h>
				10	#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
				11	#include <openssl/ocsp.h>
				12	#endif
				13	#ifndef OPENSSL_NO_DH
				14	#include <openssl/dh.h>
				15	#endif
				16
Willy Tarreau	80ebacf	2016-11-24 20:07:11 +0100	[diff] [blame]	17	#if (OPENSSL_VERSION_NUMBER < 0x0090800fL)
				18	/* Functions present in OpenSSL 0.9.8, older not tested */
Dirkjan Bussink	1866d6d	2016-08-29 13:26:37 +0200	[diff] [blame]	19	static inline const unsigned char SSL_SESSION_get_id(const SSL_SESSION sess, unsigned int *sid_length)
				20	{
				21	*sid_length = sess->session_id_length;
				22	return sess->session_id;
				23	}
				24
				25	static inline X509_NAME_ENTRY X509_NAME_get_entry(const X509_NAME name, int loc)
				26	{
				27	return sk_X509_NAME_ENTRY_value(name->entries, loc);
				28	}
				29
				30	static inline ASN1_OBJECT X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY ne)
				31	{
				32	return ne->object;
				33	}
				34
				35	static inline ASN1_STRING X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY ne)
				36	{
				37	return ne->value;
				38	}
				39
				40	static inline int ASN1_STRING_length(const ASN1_STRING *x)
				41	{
				42	return x->length;
				43	}
				44
				45	static inline int X509_NAME_entry_count(X509_NAME *name)
				46	{
				47	return sk_X509_NAME_ENTRY_num(name->entries)
				48	}
				49
Willy Tarreau	80ebacf	2016-11-24 20:07:11 +0100	[diff] [blame]	50	static inline void X509_ALGOR_get0(ASN1_OBJECT *paobj, int pptype, const void *ppval, const X509_ALGOR algor)
Dirkjan Bussink	1866d6d	2016-08-29 13:26:37 +0200	[diff] [blame]	51	{
Willy Tarreau	80ebacf	2016-11-24 20:07:11 +0100	[diff] [blame]	52	*paobj = algor->algorithm;
				53	}
				54
				55	#endif // OpenSSL < 0.9.8
				56
				57
				58	#if (OPENSSL_VERSION_NUMBER < 0x1000000fL)
Willy Tarreau	2b3205b	2017-01-19 17:04:02 +0100	[diff] [blame]	59	/* Functions introduced in OpenSSL 1.0.0 */
Willy Tarreau	80ebacf	2016-11-24 20:07:11 +0100	[diff] [blame]	60	static inline int EVP_PKEY_base_id(const EVP_PKEY *pkey)
Dirkjan Bussink	1866d6d	2016-08-29 13:26:37 +0200	[diff] [blame]	61	{
Willy Tarreau	80ebacf	2016-11-24 20:07:11 +0100	[diff] [blame]	62	return EVP_PKEY_type(pkey->type);
				63	}
				64
				65	/* minimal implementation based on the fact that the only known call place
				66	* doesn't make use of other arguments.
				67	*/
				68	static inline int X509_PUBKEY_get0_param(ASN1_OBJECT ppkalg, const unsigned char pk, int ppklen, X509_ALGOR pa, X509_PUBKEY pub)
				69	{
				70	*ppkalg = pub->algor->algorithm;
				71	return 1;
Dirkjan Bussink	1866d6d	2016-08-29 13:26:37 +0200	[diff] [blame]	72	}
				73
				74	#ifndef X509_get_X509_PUBKEY
				75	#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key
				76	#endif
				77
				78	#endif
				79
Willy Tarreau	2b3205b	2017-01-19 17:04:02 +0100	[diff] [blame]	80	#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
				81	/*
				82	* Functions introduced in OpenSSL 1.0.1
				83	*/
				84	static inline int SSL_SESSION_set1_id_context(SSL_SESSION s, const unsigned char sid_ctx, unsigned int sid_ctx_len)
				85	{
				86	s->sid_ctx_length = sid_ctx_len;
				87	memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
				88	return 1;
				89	}
				90	#endif
				91
Luca Pizzamiglio	578b169	2016-12-12 10:56:56 +0100	[diff] [blame]	92	#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) \|\| defined(LIBRESSL_VERSION_NUMBER)
Dirkjan Bussink	1866d6d	2016-08-29 13:26:37 +0200	[diff] [blame]	93	/*
Luca Pizzamiglio	578b169	2016-12-12 10:56:56 +0100	[diff] [blame]	94	* Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
Dirkjan Bussink	1866d6d	2016-08-29 13:26:37 +0200	[diff] [blame]	95	*/
				96
				97	static inline const unsigned char SSL_SESSION_get0_id_context(const SSL_SESSION sess, unsigned int *sid_ctx_length)
				98	{
				99	*sid_ctx_length = sess->sid_ctx_length;
				100	return sess->sid_ctx;
				101	}
				102
				103	static inline int SSL_SESSION_set1_id(SSL_SESSION s, const unsigned char sid, unsigned int sid_len)
				104	{
				105	s->session_id_length = sid_len;
				106	memcpy(s->session_id, sid, sid_len);
				107	return 1;
				108	}
				109
Emmanuel Hocdet	fdec789	2017-01-13 17:48:18 +0100	[diff] [blame]	110	#if (!defined OPENSSL_NO_OCSP)
Dirkjan Bussink	1866d6d	2016-08-29 13:26:37 +0200	[diff] [blame]	111	static inline const OCSP_CERTID OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP single)
				112	{
				113	return single->certId;
				114	}
Emmanuel Hocdet	fdec789	2017-01-13 17:48:18 +0100	[diff] [blame]	115	#endif
Dirkjan Bussink	1866d6d	2016-08-29 13:26:37 +0200	[diff] [blame]	116
				117	static inline pem_password_cb SSL_CTX_get_default_passwd_cb(SSL_CTX ctx)
				118	{
				119	return ctx->default_passwd_callback;
				120	}
				121
				122	static inline void SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX ctx)
				123	{
				124	return ctx->default_passwd_callback_userdata;
				125	}
				126
				127	#ifndef OPENSSL_NO_DH
				128	static inline int DH_set0_pqg(DH dh, BIGNUM p, BIGNUM q, BIGNUM g)
				129	{
				130	/* Implements only the bare necessities for HAProxy */
				131	dh->p = p;
				132	dh->g = g;
				133	return 1;
				134	}
				135	#endif
				136
				137	static inline const unsigned char ASN1_STRING_get0_data(const ASN1_STRING x)
				138	{
				139	return x->data;
				140	}
				141
				142	static inline X509_ALGOR X509_get0_tbs_sigalg(const X509 x)
				143	{
				144	return x->cert_info->signature;
				145	}
				146
				147	#endif
				148
				149	#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
				150	#define __OPENSSL_110_CONST__ const
				151	#else
				152	#define __OPENSSL_110_CONST__
				153	#endif
				154
Emmanuel Hocdet	9490ced	2017-03-20 11:39:57 +0100	[diff] [blame]	155	#if defined(OPENSSL_IS_BORINGSSL) \|\| defined(LIBRESSL_VERSION_NUMBER)
				156	#undef OPENSSL_NO_SSL_TRACE
				157	#define OPENSSL_NO_SSL_TRACE
				158	#endif
				159
Emmanuel Hocdet	fdec789	2017-01-13 17:48:18 +0100	[diff] [blame]	160	#ifdef OPENSSL_IS_BORINGSSL
				161	#define SSL_NO_GENERATE_CERTIFICATES
				162
				163	static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
				164	{
				165	return EVP_PKEY_type(pkey->type);
				166	}
				167	#endif
				168
Willy Tarreau	a4fb8ed	2017-01-19 16:50:25 +0100	[diff] [blame]	169	/* ERR_remove_state() was deprecated in 1.0.0 in favor of
				170	* ERR_remove_thread_state(), which was in turn deprecated in
				171	* 1.1.0 and does nothing anymore. Let's simply silently kill
				172	* it.
				173	*/
				174	#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
				175	#undef ERR_remove_state
				176	#define ERR_remove_state(x)
				177	#endif
				178
Willy Tarreau	77d88da	2017-01-19 17:10:54 +0100	[diff] [blame]	179
				180	/* RAND_pseudo_bytes() is deprecated in 1.1.0 in favor of RAND_bytes(). Note
				181	* that the return codes differ, but it happens that the only use case (ticket
				182	* key update) was already wrong, considering a non-cryptographic random as a
				183	* failure.
				184	*/
				185	#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
				186	#undef RAND_pseudo_bytes
				187	#define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
				188	#endif
				189
Dirkjan Bussink	1866d6d	2016-08-29 13:26:37 +0200	[diff] [blame]	190	#endif /* _PROTO_OPENSSL_COMPAT_H */