From: Willy Tarreau <w@1wt.eu>
Date: Thu, 19 Jan 2023 09:50:13 +0000 (+0100)
Subject: BUILD: ssl: add ECDSA_SIG_set0() for openssl < 1.1 or libressl < 2.7
X-Git-Tag: v2.8-dev2~21
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d65791e26c12b57723f2feb7eacdbbd99601371b;p=thirdparty%2Fhaproxy.git

BUILD: ssl: add ECDSA_SIG_set0() for openssl < 1.1 or libressl < 2.7

Commit 5a8f02ae6 ("BUG/MEDIUM: jwt: Properly process ecdsa signatures
(concatenated R and S params)") makes use of ECDSA_SIG_set0() which only
appeared in openssl-1.1.0 and libressl 2.7, and breaks the build before.
Let's just do what it minimally does (only assigns the two fields to the
destination).

This will need to be backported where the commit above is, likely 2.5.
---

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index f52079034d..afb29d3780 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -325,6 +325,13 @@ static inline X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
 {
     return ctx->cert;
 }
+
+/* note: no error checking, simplified version only */
+static inline void ECDSA_SIG_set0(ECDSA_SIG *ecdsa_sig, BIGNUM *ec_R, BIGNUM *ec_S)
+{
+	ecdsa_sig->r = ec_R;
+	ecdsa_sig->s = ec_S;
+}
 #endif
 
 #if (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)