[njs] SSL: fixed compatibility with OpenSSL 3.0.
Dmitry Volyntsev
xeioex at nginx.com
Tue Oct 12 17:24:50 UTC 2021
details: https://hg.nginx.org/njs/rev/8e335c2ac447
branches:
changeset: 1721:8e335c2ac447
user: Dmitry Volyntsev <xeioex at nginx.com>
date: Tue Oct 12 17:24:31 2021 +0000
description:
SSL: fixed compatibility with OpenSSL 3.0.
diffstat:
auto/openssl | 26 +----------------------
external/njs_openssl.h | 53 ++++++++++++++++++++++++++++++++++++++++++++++++
external/njs_webcrypto.c | 28 ++----------------------
3 files changed, 57 insertions(+), 50 deletions(-)
diffs (145 lines):
diff -r a4c3c333c05d -r 8e335c2ac447 auto/openssl
--- a/auto/openssl Mon Oct 11 15:06:15 2021 +0000
+++ b/auto/openssl Tue Oct 12 17:24:31 2021 +0000
@@ -25,31 +25,7 @@ njs_feature_test="#include <openssl/evp.
if [ $njs_found = yes ]; then
- njs_feature="OpenSSL HKDF"
- njs_feature_name=NJS_HAVE_OPENSSL_HKDF
- njs_feature_test="#include <openssl/evp.h>
- #include <openssl/kdf.h>
-
- int main(void) {
- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
-
- EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256());
- EVP_PKEY_CTX_free(pctx);
-
- return 0;
- }"
- . auto/feature
-
- njs_feature="OpenSSL EVP_MD_CTX_new()"
- njs_feature_name=NJS_HAVE_OPENSSL_EVP_MD_CTX_NEW
- njs_feature_test="#include <openssl/evp.h>
-
- int main(void) {
- EVP_MD_CTX *ctx = EVP_MD_CTX_new();
- EVP_MD_CTX_free(ctx);
- return 0;
- }"
- . auto/feature
+ echo " + OpenSSL version: `openssl version`"
NJS_HAVE_OPENSSL=YES
NJS_OPENSSL_LIB="$njs_feature_libs"
diff -r a4c3c333c05d -r 8e335c2ac447 external/njs_openssl.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/njs_openssl.h Tue Oct 12 17:24:31 2021 +0000
@@ -0,0 +1,53 @@
+
+/*
+ * Copyright (C) Dmitry Volyntsev
+ * Copyright (C) NGINX, Inc.
+ */
+
+
+#ifndef _NJS_EXTERNAL_OPENSSL_H_INCLUDED_
+#define _NJS_EXTERNAL_OPENSSL_H_INCLUDED_
+
+
+#define OPENSSL_SUPPRESS_DEPRECATED
+
+#include <openssl/bn.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+#include <openssl/rsa.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/crypto.h>
+
+#if EVP_PKEY_HKDF
+#include <openssl/kdf.h>
+#endif
+
+
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
+#undef OPENSSL_VERSION_NUMBER
+#if (LIBRESSL_VERSION_NUMBER >= 0x2080000fL)
+#define OPENSSL_VERSION_NUMBER 0x1010000fL
+#else
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
+#endif
+#endif
+
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#define njs_evp_md_ctx_new() EVP_MD_CTX_new()
+#define njs_evp_md_ctx_free(_ctx) EVP_MD_CTX_free(_ctx)
+#else
+#define njs_evp_md_ctx_new() EVP_MD_CTX_create()
+#define njs_evp_md_ctx_free(_ctx) EVP_MD_CTX_destroy(_ctx)
+#endif
+
+
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L && !defined ERR_peek_error_data)
+#define ERR_peek_error_data(d, f) ERR_peek_error_line_data(NULL, NULL, d, f)
+#endif
+
+
+#endif /* _NJS_EXTERNAL_OPENSSL_H_INCLUDED_ */
diff -r a4c3c333c05d -r 8e335c2ac447 external/njs_webcrypto.c
--- a/external/njs_webcrypto.c Mon Oct 11 15:06:15 2021 +0000
+++ b/external/njs_webcrypto.c Tue Oct 12 17:24:31 2021 +0000
@@ -7,29 +7,7 @@
#include <njs_main.h>
#include "njs_webcrypto.h"
-
-#include <openssl/bn.h>
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/evp.h>
-#include <openssl/aes.h>
-#include <openssl/rsa.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/crypto.h>
-
-#if NJS_HAVE_OPENSSL_HKDF
-#include <openssl/kdf.h>
-#endif
-
-#if NJS_HAVE_OPENSSL_EVP_MD_CTX_NEW
-#define njs_evp_md_ctx_new() EVP_MD_CTX_new();
-#define njs_evp_md_ctx_free(_ctx) EVP_MD_CTX_free(_ctx);
-#else
-#define njs_evp_md_ctx_new() EVP_MD_CTX_create();
-#define njs_evp_md_ctx_free(_ctx) EVP_MD_CTX_destroy(_ctx);
-#endif
-
+#include "njs_openssl.h"
typedef enum {
NJS_KEY_FORMAT_RAW = 1 << 1,
@@ -1449,7 +1427,7 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
break;
case NJS_ALGORITHM_HKDF:
-#ifdef NJS_HAVE_OPENSSL_HKDF
+#ifdef EVP_PKEY_HKDF
ret = njs_algorithm_hash(vm, aobject, &hash);
if (njs_slow_path(ret == NJS_ERROR)) {
goto fail;
@@ -2588,7 +2566,7 @@ njs_webcrypto_error(njs_vm_t *vm, const
for ( ;; ) {
- n = ERR_peek_error_line_data(NULL, NULL, &data, &flags);
+ n = ERR_peek_error_data(&data, &flags);
if (n == 0) {
break;
More information about the nginx-devel
mailing list