From d65791e26c12b57723f2feb7eacdbbd99601371b Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Thu, 19 Jan 2023 10:50:13 +0100
Subject: [PATCH] BUILD: ssl: add ECDSA_SIG_set0() for openssl < 1.1 or
 libressl < 2.7

Commit 5a8f02ae6 ("BUG/MEDIUM: jwt: Properly process ecdsa signatures
(concatenated R and S params)") makes use of ECDSA_SIG_set0() which only
appeared in openssl-1.1.0 and libressl 2.7, and breaks the build before.
Let's just do what it minimally does (only assigns the two fields to the
destination).

This will need to be backported where the commit above is, likely 2.5.
---
 include/haproxy/openssl-compat.h |    7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index f520790..afb29d3 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -325,6 +325,13 @@ static inline X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
 {
     return ctx->cert;
 }
+
+/* note: no error checking, simplified version only */
+static inline void ECDSA_SIG_set0(ECDSA_SIG *ecdsa_sig, BIGNUM *ec_R, BIGNUM *ec_S)
+{
+	ecdsa_sig->r = ec_R;
+	ecdsa_sig->s = ec_S;
+}
 #endif
 
 #if (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)
-- 
1.7.10.4