From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Wed, 18 Jan 2023 16:29:54 +0000 (+0100)
Subject: BUG/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0)
X-Git-Tag: v2.8-dev2~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb35e1f5aa69f55f588e060fee6098db37abe94c;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0)

This function was introduced in OpenSSL 1.1.0. Prior to that, the
ECDSA_SIG structure was public.
This function was used in commit 5a8f02ae "BUG/MEDIUM: jwt: Properly
process ecdsa signatures (concatenated R and S params)".

This patch needs to be backported up to branch 2.5 alongside commit
5a8f02ae.
---

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index f52079034d..2f6b7c20cd 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -325,6 +325,19 @@ static inline X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
 {
     return ctx->cert;
 }
+
+static inline int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+	if (r == NULL || s == NULL)
+		return 0;
+	BN_clear_free(sig->r);
+	BN_clear_free(sig->s);
+
+	sig->r = r;
+	sig->s = s;
+	return 1;
+}
+
 #endif
 
 #if (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)