1 #ifndef _PROTO_OPENSSL_COMPAT_H
2 #define _PROTO_OPENSSL_COMPAT_H
3 #include <openssl/crypto.h>
4 #include <openssl/ssl.h>
5 #include <openssl/x509.h>
6 #include <openssl/x509v3.h>
7 #include <openssl/x509.h>
8 #include <openssl/err.h>
9 #include <openssl/rand.h>
10 #if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
11 #include <openssl/ocsp.h>
12 #endif
13 #ifndef OPENSSL_NO_DH
14 #include <openssl/dh.h>
15 #endif
16
17 #if (OPENSSL_VERSION_NUMBER < 0x0090800fL)
18 /* Functions present in OpenSSL 0.9.8, older not tested */
SSL_SESSION_get_id(const SSL_SESSION * sess,unsigned int * sid_length)19 static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)
20 {
21 *sid_length = sess->session_id_length;
22 return sess->session_id;
23 }
24
X509_NAME_get_entry(const X509_NAME * name,int loc)25 static inline X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
26 {
27 return sk_X509_NAME_ENTRY_value(name->entries, loc);
28 }
29
X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY * ne)30 static inline ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
31 {
32 return ne->object;
33 }
34
X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY * ne)35 static inline ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
36 {
37 return ne->value;
38 }
39
ASN1_STRING_length(const ASN1_STRING * x)40 static inline int ASN1_STRING_length(const ASN1_STRING *x)
41 {
42 return x->length;
43 }
44
X509_NAME_entry_count(X509_NAME * name)45 static inline int X509_NAME_entry_count(X509_NAME *name)
46 {
47 return sk_X509_NAME_ENTRY_num(name->entries)
48 }
49
50 static inline void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor)
51 {
52 *paobj = algor->algorithm;
53 }
54
55 #endif // OpenSSL < 0.9.8
56
57
58 #if (OPENSSL_VERSION_NUMBER < 0x1000000fL)
59 /* Functions introduced in OpenSSL 1.0.0 */
60 static inline int EVP_PKEY_base_id(const EVP_PKEY *pkey)
61 {
62 return EVP_PKEY_type(pkey->type);
63 }
64
65 /* minimal implementation based on the fact that the only known call place
66 * doesn't make use of other arguments.
67 */
68 static inline int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
69 {
70 *ppkalg = pub->algor->algorithm;
71 return 1;
72 }
73
74 #ifndef X509_get_X509_PUBKEY
75 #define X509_get_X509_PUBKEY(x) ((x)->cert_info->key
76 #endif
77
78 #endif
79
80 #if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
81 /*
82 * Functions introduced in OpenSSL 1.0.1
83 */
84 static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len)
85 {
86 s->sid_ctx_length = sid_ctx_len;
87 memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
88 return 1;
89 }
90 #endif
91
92 #if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
93
94 static inline const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length)
95 {
96 *sid_ctx_length = sess->sid_ctx_length;
97 return sess->sid_ctx;
98 }
99
100 static inline int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, unsigned int sid_len)
101 {
102 s->session_id_length = sid_len;
103 memcpy(s->session_id, sid, sid_len);
104 return 1;
105 }
106
107 static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
108 {
109 return single->certId;
110 }
111
112 static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
113 {
114 return ctx->default_passwd_callback;
115 }
116
117 static inline void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
118 {
119 return ctx->default_passwd_callback_userdata;
120 }
121
122 #ifndef OPENSSL_NO_DH
123 static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
124 {
125 /* Implements only the bare necessities for HAProxy */
126 dh->p = p;
127 dh->g = g;
128 return 1;
129 }
130 #endif
131
132 static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
133 {
134 return x->data;
135 }
136
137 static inline X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
138 {
139 return x->cert_info->signature;
140 }
141
142 #endif
143
144 #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
145 #define __OPENSSL_110_CONST__ const
146 #else
147 #define __OPENSSL_110_CONST__
148 #endif
149
150 /* ERR_remove_state() was deprecated in 1.0.0 in favor of
151 * ERR_remove_thread_state(), which was in turn deprecated in
152 * 1.1.0 and does nothing anymore. Let's simply silently kill
153 * it.
154 */
155 #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
156 #undef ERR_remove_state
157 #define ERR_remove_state(x)
158 #endif
159
160
161 /* RAND_pseudo_bytes() is deprecated in 1.1.0 in favor of RAND_bytes(). Note
162 * that the return codes differ, but it happens that the only use case (ticket
163 * key update) was already wrong, considering a non-cryptographic random as a
164 * failure.
165 */
166 #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
167 #undef RAND_pseudo_bytes
168 #define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
169 #endif
170
171 #endif /* _PROTO_OPENSSL_COMPAT_H */
172