[njs] SSL: fixed compatibility with OpenSSL 3.0.

Tue Oct 12 17:24:50 UTC 2021

details:   https://hg.nginx.org/njs/rev/8e335c2ac447
branches:  
changeset: 1721:8e335c2ac447
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Tue Oct 12 17:24:31 2021 +0000
description:
SSL: fixed compatibility with OpenSSL 3.0.

diffstat:

 auto/openssl             |  26 +----------------------
 external/njs_openssl.h   |  53 ++++++++++++++++++++++++++++++++++++++++++++++++
 external/njs_webcrypto.c |  28 ++----------------------
 3 files changed, 57 insertions(+), 50 deletions(-)

diffs (145 lines):

diff -r a4c3c333c05d -r 8e335c2ac447 auto/openssl

--- a/auto/openssl	Mon Oct 11 15:06:15 2021 +0000
+++ b/auto/openssl	Tue Oct 12 17:24:31 2021 +0000
@@ -25,31 +25,7 @@ njs_feature_test="#include <openssl/evp.
 
 
 if [ $njs_found = yes ]; then
-    njs_feature="OpenSSL HKDF"
-    njs_feature_name=NJS_HAVE_OPENSSL_HKDF
-    njs_feature_test="#include <openssl/evp.h>
-                      #include <openssl/kdf.h>
-
-                      int main(void) {
-                          EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
-
-                          EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256());
-                          EVP_PKEY_CTX_free(pctx);
-
-                          return 0;
-                      }"
-    . auto/feature
-
-    njs_feature="OpenSSL EVP_MD_CTX_new()"
-    njs_feature_name=NJS_HAVE_OPENSSL_EVP_MD_CTX_NEW
-    njs_feature_test="#include <openssl/evp.h>
-
-                      int main(void) {
-                          EVP_MD_CTX *ctx = EVP_MD_CTX_new();
-                          EVP_MD_CTX_free(ctx);
-                          return 0;
-                      }"
-    . auto/feature
+    echo " + OpenSSL version: `openssl version`"
 
     NJS_HAVE_OPENSSL=YES
     NJS_OPENSSL_LIB="$njs_feature_libs"
diff -r a4c3c333c05d -r 8e335c2ac447 external/njs_openssl.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/external/njs_openssl.h	Tue Oct 12 17:24:31 2021 +0000
@@ -0,0 +1,53 @@
+
+/*
+ * Copyright (C) Dmitry Volyntsev
+ * Copyright (C) NGINX, Inc.
+ */
+
+
+#ifndef _NJS_EXTERNAL_OPENSSL_H_INCLUDED_
+#define _NJS_EXTERNAL_OPENSSL_H_INCLUDED_
+
+
+#define OPENSSL_SUPPRESS_DEPRECATED
+
+#include <openssl/bn.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+#include <openssl/rsa.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/crypto.h>
+
+#if EVP_PKEY_HKDF
+#include <openssl/kdf.h>
+#endif
+
+
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
+#undef OPENSSL_VERSION_NUMBER
+#if (LIBRESSL_VERSION_NUMBER >= 0x2080000fL)
+#define OPENSSL_VERSION_NUMBER  0x1010000fL
+#else
+#define OPENSSL_VERSION_NUMBER  0x1000107fL
+#endif
+#endif
+
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#define njs_evp_md_ctx_new()  EVP_MD_CTX_new()
+#define njs_evp_md_ctx_free(_ctx)  EVP_MD_CTX_free(_ctx)
+#else
+#define njs_evp_md_ctx_new()  EVP_MD_CTX_create()
+#define njs_evp_md_ctx_free(_ctx)  EVP_MD_CTX_destroy(_ctx)
+#endif
+
+
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L && !defined ERR_peek_error_data)
+#define ERR_peek_error_data(d, f)    ERR_peek_error_line_data(NULL, NULL, d, f)
+#endif
+
+
+#endif /* _NJS_EXTERNAL_OPENSSL_H_INCLUDED_ */
diff -r a4c3c333c05d -r 8e335c2ac447 external/njs_webcrypto.c
--- a/external/njs_webcrypto.c	Mon Oct 11 15:06:15 2021 +0000
+++ b/external/njs_webcrypto.c	Tue Oct 12 17:24:31 2021 +0000
@@ -7,29 +7,7 @@
 
 #include <njs_main.h>
 #include "njs_webcrypto.h"
-
-#include <openssl/bn.h>
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/evp.h>
-#include <openssl/aes.h>
-#include <openssl/rsa.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/crypto.h>
-
-#if NJS_HAVE_OPENSSL_HKDF
-#include <openssl/kdf.h>
-#endif
-
-#if NJS_HAVE_OPENSSL_EVP_MD_CTX_NEW
-#define njs_evp_md_ctx_new()  EVP_MD_CTX_new();
-#define njs_evp_md_ctx_free(_ctx)  EVP_MD_CTX_free(_ctx);
-#else
-#define njs_evp_md_ctx_new()  EVP_MD_CTX_create();
-#define njs_evp_md_ctx_free(_ctx)  EVP_MD_CTX_destroy(_ctx);
-#endif
-
+#include "njs_openssl.h"
 
 typedef enum {
     NJS_KEY_FORMAT_RAW          = 1 << 1,
@@ -1449,7 +1427,7 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
         break;
 
     case NJS_ALGORITHM_HKDF:
-#ifdef NJS_HAVE_OPENSSL_HKDF
+#ifdef EVP_PKEY_HKDF
         ret = njs_algorithm_hash(vm, aobject, &hash);
         if (njs_slow_path(ret == NJS_ERROR)) {
             goto fail;
@@ -2588,7 +2566,7 @@ njs_webcrypto_error(njs_vm_t *vm, const 
 
         for ( ;; ) {
 
-            n = ERR_peek_error_line_data(NULL, NULL, &data, &flags);
+            n = ERR_peek_error_data(&data, &flags);
 
             if (n == 0) {
                 break;
