From: Remi Tricot-Le Breton Date: Fri, 11 Feb 2022 11:04:47 +0000 (+0100) Subject: MINOR: ssl: Create HASSL_DH wrapper structure X-Git-Tag: v2.6-dev2~179 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=956f3aea0387ebc2d7281ed792d44150897c348f;p=thirdparty%2Fhaproxy.git MINOR: ssl: Create HASSL_DH wrapper structure The DH mechanism relies on DH objects that are low-level structures that should not be used anymore starting from OpenSSLv3. With the newer OpenSSL version, we should only use higher level EVP_PKEY objects. Since enforcing this new logic to older versions of OpenSSL could be dangerous (or plain impossible), we will keeptwo versions of the code when required. The HASSL_DH define will allow to unify some of the functions that were created for DH use without having to add too many duplicated blocks of code depending on the OpenSSL version. --- diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index 890e086c85..12a8711bff 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -26,6 +26,8 @@ #if (OPENSSL_VERSION_NUMBER >= 0x3000000fL) #include +#include +#include #endif #if defined(LIBRESSL_VERSION_NUMBER) @@ -87,8 +89,14 @@ #if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL) #define HAVE_OSSL_PARAM #define MAC_CTX EVP_MAC_CTX -#else +#define HASSL_DH EVP_PKEY +#define HASSL_DH_free EVP_PKEY_free +#define HASSL_DH_up_ref EVP_PKEY_up_ref +#else /* HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL */ #define MAC_CTX HMAC_CTX +#define HASSL_DH DH +#define HASSL_DH_free DH_free +#define HASSL_DH_up_ref DH_up_ref #endif #if (HA_OPENSSL_VERSION_NUMBER < 0x0090800fL)