[njs] Fixed build with OpenSSL 3.0 built with no-deprecated.
Sergey Kandaurov
pluknet at nginx.com
Thu Nov 18 09:08:57 UTC 2021
details: https://hg.nginx.org/njs/rev/315969946708
branches:
changeset: 1748:315969946708
user: Sergey Kandaurov <pluknet at nginx.com>
date: Wed Nov 17 19:14:19 2021 +0300
description:
Fixed build with OpenSSL 3.0 built with no-deprecated.
This covers deprecated OpenSSL_add_all_algorithms() and RSA/EC_KEY types.
diffstat:
auto/openssl | 2 +-
external/njs_webcrypto.c | 37 +++++++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+), 1 deletions(-)
diffs (104 lines):
diff -r a2d200d79c58 -r 315969946708 auto/openssl
--- a/auto/openssl Wed Nov 17 17:01:07 2021 +0000
+++ b/auto/openssl Wed Nov 17 19:14:19 2021 +0300
@@ -18,7 +18,7 @@ njs_feature_libs="-lcrypto"
njs_feature_test="#include <openssl/evp.h>
int main() {
- OpenSSL_add_all_algorithms();
+ EVP_CIPHER_CTX_new();
return 0;
}"
. auto/feature
diff -r a2d200d79c58 -r 315969946708 external/njs_webcrypto.c
--- a/external/njs_webcrypto.c Wed Nov 17 17:01:07 2021 +0000
+++ b/external/njs_webcrypto.c Wed Nov 17 19:14:19 2021 +0300
@@ -1653,15 +1653,21 @@ njs_ext_import_key(njs_vm_t *vm, njs_val
{
int nid;
BIO *bio;
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
RSA *rsa;
EC_KEY *ec;
+#else
+ char gname[80];
+#endif
unsigned usage;
EVP_PKEY *pkey;
njs_int_t ret;
njs_str_t key_data, format;
njs_value_t value, *options;
const u_char *start;
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
const EC_GROUP *group;
+#endif
njs_mp_cleanup_t *cln;
njs_webcrypto_key_t *key;
PKCS8_PRIV_KEY_INFO *pkcs8;
@@ -1770,6 +1776,9 @@ njs_ext_import_key(njs_vm_t *vm, njs_val
case NJS_ALGORITHM_RSA_OAEP:
case NJS_ALGORITHM_RSA_PSS:
case NJS_ALGORITHM_RSASSA_PKCS1_v1_5:
+
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
+
rsa = EVP_PKEY_get1_RSA(pkey);
if (njs_slow_path(rsa == NULL)) {
njs_webcrypto_error(vm, "RSA key is not found");
@@ -1778,6 +1787,13 @@ njs_ext_import_key(njs_vm_t *vm, njs_val
RSA_free(rsa);
+#else
+ if (!EVP_PKEY_is_a(pkey, "RSA")) {
+ njs_webcrypto_error(vm, "RSA key is not found");
+ goto fail;
+ }
+#endif
+
ret = njs_algorithm_hash(vm, options, &key->hash);
if (njs_slow_path(ret == NJS_ERROR)) {
goto fail;
@@ -1789,6 +1805,9 @@ njs_ext_import_key(njs_vm_t *vm, njs_val
case NJS_ALGORITHM_ECDSA:
case NJS_ALGORITHM_ECDH:
+
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
+
ec = EVP_PKEY_get1_EC_KEY(pkey);
if (njs_slow_path(ec == NULL)) {
njs_webcrypto_error(vm, "EC key is not found");
@@ -1799,6 +1818,22 @@ njs_ext_import_key(njs_vm_t *vm, njs_val
nid = EC_GROUP_get_curve_name(group);
EC_KEY_free(ec);
+#else
+
+ if (!EVP_PKEY_is_a(pkey, "EC")) {
+ njs_webcrypto_error(vm, "EC key is not found");
+ goto fail;
+ }
+
+ if (EVP_PKEY_get_group_name(pkey, gname, sizeof(gname), NULL) != 1) {
+ njs_webcrypto_error(vm, "EVP_PKEY_get_group_name() failed");
+ goto fail;
+ }
+
+ nid = OBJ_txt2nid(gname);
+
+#endif
+
ret = njs_algorithm_curve(vm, options, &key->curve);
if (njs_slow_path(ret == NJS_ERROR)) {
goto fail;
@@ -2624,7 +2659,9 @@ njs_external_webcrypto_init(njs_vm_t *vm
njs_str_t name;
njs_opaque_value_t value;
+#if (OPENSSL_VERSION_NUMBER < 0x10100003L)
OpenSSL_add_all_algorithms();
+#endif
njs_webcrypto_crypto_key_proto_id =
njs_vm_external_prototype(vm, njs_ext_webcrypto_crypto_key,
More information about the nginx-devel
mailing list