BUG/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0)

This function was introduced in OpenSSL 1.1.0. Prior to that, the
ECDSA_SIG structure was public.
This function was used in commit 5a8f02ae "BUG/MEDIUM: jwt: Properly
process ecdsa signatures (concatenated R and S params)".

This patch needs to be backported up to branch 2.5 alongside commit
5a8f02ae.

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index f52079034dc17b23f6873967ca9adcf181576a10..2f6b7c20cd99f1082ab9d12dd6f57e18f21e9298 100644 (file)
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -325,6 +325,19 @@ static inline X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
 {
     return ctx->cert;
 }
+
+static inline int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+       if (r == NULL || s == NULL)
+               return 0;
+       BN_clear_free(sig->r);
+       BN_clear_free(sig->s);
+
+       sig->r = r;
+       sig->s = s;
+       return 1;
+}
+
 #endif
 
 #if (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)