MINOR: ssl: Create HASSL_DH wrapper structure

The DH mechanism relies on DH objects that are low-level structures that should not be used anymore starting from OpenSSLv3. With the newer OpenSSL version, we should only use higher level EVP_PKEY objects. Since enforcing this new logic to older versions of OpenSSL could be dangerous (or plain impossible), we will keeptwo versions of the code when required. The HASSL_DH define will allow to unify some of the functions that were created for DH use without having to add too many duplicated blocks of code depending on the OpenSSL version.
2025-11-28 14:21:00 +01:00 · 2022-02-11 12:04:47 +01:00 · 2022-02-11 12:04:47 +01:00 · 956f3aea03
commit 956f3aea03
parent 17b7384f82
1 changed files with 9 additions and 1 deletions
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@ -26,6 +26,8 @@

 #if (OPENSSL_VERSION_NUMBER >= 0x3000000fL)
 #include <openssl/core_names.h>
+#include <openssl/decoder.h>
+#include <openssl/param_build.h>
 #endif

 #if defined(LIBRESSL_VERSION_NUMBER)
@ -87,8 +89,14 @@
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
 #define HAVE_OSSL_PARAM
 #define MAC_CTX EVP_MAC_CTX
-#else
+#define HASSL_DH EVP_PKEY
+#define HASSL_DH_free EVP_PKEY_free
+#define HASSL_DH_up_ref EVP_PKEY_up_ref
+#else /* HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL */
 #define MAC_CTX HMAC_CTX
+#define HASSL_DH DH
+#define HASSL_DH_free DH_free
+#define HASSL_DH_up_ref DH_up_ref
 #endif

 #if (HA_OPENSSL_VERSION_NUMBER < 0x0090800fL)