RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-06 12:20:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
305c6079d4
haproxy/include/proto/openssl-compat.h
Willy Tarreau e3e326d9f0 BUILD: ssl: kill a build warning introduced by BoringSSL compatibility 
A recent patch to support BoringSSL caused this warning to appear on
OpenSSL 1.1.0 :
   src/ssl_sock.c:3062:4: warning: statement with no effect [-Wunused-value]

It's caused by SSL_CTX_set_ecdh_auto() which is now only a macro testing
that the last argument is zero, and the result is not used here. Let's
just kill it for both versions.

Tested with 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0. This fix may be backported
to 1.7 if the boringssl fix is as well.
2017-01-19 17:56:20 +01:00

192 lines
4.8 KiB
C
Raw Blame History

#ifndef _PROTO_OPENSSL_COMPAT_H
#define _PROTO_OPENSSL_COMPAT_H
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
#include <openssl/ocsp.h>
#endif
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
#if (OPENSSL_VERSION_NUMBER < 0x0090800fL)
/* Functions present in OpenSSL 0.9.8, older not tested */
static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)
{
*sid_length = sess->session_id_length;
return sess->session_id;
}
static inline X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
{
return sk_X509_NAME_ENTRY_value(name->entries, loc);
}
static inline ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
{
return ne->object;
}
static inline ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
{
return ne->value;
}
static inline int ASN1_STRING_length(const ASN1_STRING *x)
{
return x->length;
}
static inline int X509_NAME_entry_count(X509_NAME *name)
{
return sk_X509_NAME_ENTRY_num(name->entries)
}
static inline void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor)
{
*paobj = algor->algorithm;
}
#endif // OpenSSL < 0.9.8
#if (OPENSSL_VERSION_NUMBER < 0x1000000fL)
/* Functions introduced in OpenSSL 1.0.0 */
static inline int EVP_PKEY_base_id(const EVP_PKEY *pkey)
{
return EVP_PKEY_type(pkey->type);
}
/* minimal implementation based on the fact that the only known call place
* doesn't make use of other arguments.
*/
static inline int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
{
*ppkalg = pub->algor->algorithm;
return 1;
}
#ifndef X509_get_X509_PUBKEY
#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key
#endif
#endif
#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
/*
* Functions introduced in OpenSSL 1.0.1
*/
static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len)
{
s->sid_ctx_length = sid_ctx_len;
memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
return 1;
}
#endif
#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
/*
* Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
*/
static inline const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length)
{
*sid_ctx_length = sess->sid_ctx_length;
return sess->sid_ctx;
}
static inline int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, unsigned int sid_len)
{
s->session_id_length = sid_len;
memcpy(s->session_id, sid, sid_len);
return 1;
}
#if (!defined OPENSSL_NO_OCSP)
static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
{
return single->certId;
}
#endif
static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
{
return ctx->default_passwd_callback;
}
static inline void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
{
return ctx->default_passwd_callback_userdata;
}
#ifndef OPENSSL_NO_DH
static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
{
/* Implements only the bare necessities for HAProxy */
dh->p = p;
dh->g = g;
return 1;
}
#endif
static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
{
return x->data;
}
static inline X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
{
return x->cert_info->signature;
}
#endif
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
#define __OPENSSL_110_CONST__ const
#else
#define __OPENSSL_110_CONST__
#endif
#ifdef OPENSSL_IS_BORINGSSL
#define SSL_NO_GENERATE_CERTIFICATES
static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
{
return EVP_PKEY_type(pkey->type);
}
#endif
/* ERR_remove_state() was deprecated in 1.0.0 in favor of
* ERR_remove_thread_state(), which was in turn deprecated in
* 1.1.0 and does nothing anymore. Let's simply silently kill
* it.
*/
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
#undef ERR_remove_state
#define ERR_remove_state(x)
#endif
/* RAND_pseudo_bytes() is deprecated in 1.1.0 in favor of RAND_bytes(). Note
* that the return codes differ, but it happens that the only use case (ticket
* key update) was already wrong, considering a non-cryptographic random as a
* failure.
*/
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
#undef RAND_pseudo_bytes
#define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
#endif
/* This function does nothing in 1.1.0 and doesn't exist in boringssl */
#if defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
#undef SSL_CTX_set_ecdh_auto
#define SSL_CTX_set_ecdh_auto(ctx, onoff)
#endif
#endif /* _PROTO_OPENSSL_COMPAT_H */
Reference in New Issue View Git Blame Copy Permalink