mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-12-02 16:21:27 +01:00
Code Issues Projects Releases Wiki Activity

MINOR: cfgcond: add "awslc_api_atleast" and "awslc_api_before"

Browse Source 
AWS-LC features are not easily tested with just the openssl version
constant. AWS-LC uses its own API versioning stored in the
AWSLC_API_VERSION constant.

This patch add the two awslc_api_atleast and awslc_api_before predicates
that help to check the AWS-LC API.
This commit is contained in:
William Lallemand 2025-11-14 10:23:45 +01:00
parent b07f1242a7
commit 69c50764b4
5 changed files with 65 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/configuration.txt
View File

@ -1178,6 +1178,14 @@ operator, so that "A && B || C && D" evalues as "(A && B) || (C && D)".
The list of currently supported predicates is the following: The list of currently supported predicates is the following:
- awslc_api_atleast(<ver>): returns true if the current awslc API number
is at least as recent as <ver> otherwise false.
Example: awslc_api_atleast(35)
- awslc_api_before(<ver>): returns true if the current awslc API number
is strictly older than <ver> otherwise false.
Example: awslc_api_before(26)
- defined(<name>) : returns true if an environment variable <name> - defined(<name>) : returns true if an environment variable <name>
exists, regardless of its contents exists, regardless of its contents

2
include/haproxy/cfgcond-t.h
View File

@ -54,6 +54,8 @@ enum cond_predicate {
CFG_PRED_OSSL_VERSION_ATLEAST, // "openssl_version_atleast" CFG_PRED_OSSL_VERSION_ATLEAST, // "openssl_version_atleast"
CFG_PRED_OSSL_VERSION_BEFORE, // "openssl_version_before" CFG_PRED_OSSL_VERSION_BEFORE, // "openssl_version_before"
CFG_PRED_SSLLIB_NAME_STARTSWITH, // "ssllib_name_startswith" CFG_PRED_SSLLIB_NAME_STARTSWITH, // "ssllib_name_startswith"
CFG_PRED_AWSLC_API_ATLEAST, // "awslc_api_atleast"
CFG_PRED_AWSLC_API_BEFORE, // "awslc_api_before"
CFG_PRED_ENABLED, // "enabled" CFG_PRED_ENABLED, // "enabled"
}; };

3
include/haproxy/tools.h
View File

@ -1413,7 +1413,8 @@ static inline int warn_if_lower(const char *text, long min)
value = atol(text); value = atol(text);
return value && value < min; return value && value < min;
} }
/* compare the current AWS-LC API number to a string */
int awslc_compare_current_api(const char *version);
/* compare the current OpenSSL version to a string */ /* compare the current OpenSSL version to a string */
int openssl_compare_current_version(const char *version); int openssl_compare_current_version(const char *version);
/* compare the current OpenSSL name to a string */ /* compare the current OpenSSL name to a string */

20
src/cfgcond.c
View File

@ -29,6 +29,8 @@ const struct cond_pred_kw cond_predicates[] = {
{ "openssl_version_atleast", CFG_PRED_OSSL_VERSION_ATLEAST, ARG1(1, STR) }, { "openssl_version_atleast", CFG_PRED_OSSL_VERSION_ATLEAST, ARG1(1, STR) },
{ "openssl_version_before", CFG_PRED_OSSL_VERSION_BEFORE, ARG1(1, STR) }, { "openssl_version_before", CFG_PRED_OSSL_VERSION_BEFORE, ARG1(1, STR) },
{ "ssllib_name_startswith", CFG_PRED_SSLLIB_NAME_STARTSWITH, ARG1(1, STR) }, { "ssllib_name_startswith", CFG_PRED_SSLLIB_NAME_STARTSWITH, ARG1(1, STR) },
{ "awslc_api_atleast", CFG_PRED_AWSLC_API_ATLEAST, ARG1(1, STR) },
{ "awslc_api_before", CFG_PRED_AWSLC_API_BEFORE, ARG1(1, STR) },
{ "enabled", CFG_PRED_ENABLED, ARG1(1, STR) }, { "enabled", CFG_PRED_ENABLED, ARG1(1, STR) },
{ NULL, CFG_PRED_NONE, 0 } { NULL, CFG_PRED_NONE, 0 }
}; };
@ -285,6 +287,24 @@ int cfg_eval_cond_term(const struct cfg_cond_term *term, char **err)
ret = opensslret > 0; ret = opensslret > 0;
break; break;
} }
case CFG_PRED_AWSLC_API_ATLEAST: { // checks if the current AWSLC API is at least this one
int awslcret = awslc_compare_current_api(term->args[0].data.str.area);
if (awslcret < -1) /* can't parse the string or no AWS-LC available */
ret = -1;
else
ret = awslcret <= 0;
break;
}
case CFG_PRED_AWSLC_API_BEFORE: { // checks if the current AWSLC API is older than this one
int awslcret = awslc_compare_current_api(term->args[0].data.str.area);
if (awslcret < -1) /* can't parse the string or no AWS-LC available */
ret = -1;
else
ret = awslcret > 0;
break;
}
case CFG_PRED_SSLLIB_NAME_STARTSWITH: { // checks if the current SSL library's name starts with a specified string (can be used to distinguish OpenSSL from LibreSSL or BoringSSL) case CFG_PRED_SSLLIB_NAME_STARTSWITH: { // checks if the current SSL library's name starts with a specified string (can be used to distinguish OpenSSL from LibreSSL or BoringSSL)
ret = openssl_compare_current_name(term->args[0].data.str.area) == 0; ret = openssl_compare_current_name(term->args[0].data.str.area) == 0;
break; break;

33
src/tools.c
View File

@ -6865,6 +6865,39 @@ int word_fingerprint_distance(const uint8_t *fp1, const uint8_t *fp2)
return dist; return dist;
} }
/*
* This function compares the loaded AWS-LC API number with a string <version>
* This function use the same return code as compare_current_version:
*
* -1 : the version in argument is older than the current AWS-LC API
* 0 : the version in argument is the same as the current AWS-LC API
* 1 : the version in argument is newer than the current AWS-LC API
*
* Or some errors:
* -2 : AWS-LC is not available on this process
* -3 : the version in argument is not parsable
*/
int awslc_compare_current_api(const char *version)
{
#if defined(OPENSSL_IS_AWSLC) && defined(AWSLC_API_VERSION)
int numapi;
char *endptr;
numapi = strtol(version, &endptr, 10);
if (endptr == version || *endptr != '\0')
return -3;
if (numapi < AWSLC_API_VERSION)
return -1;
else if (numapi > AWSLC_API_VERSION)
return 1;
else
return 0;
#else
return -2;
#endif
}
/* /*
* This function compares the loaded openssl version with a string <version> * This function compares the loaded openssl version with a string <version>
* This function use the same return code as compare_current_version: * This function use the same return code as compare_current_version: