Welcome! Log In Create A New Profile

Advanced

[njs] Fixed build with OpenSSL 3.0 built with no-deprecated.

Sergey Kandaurov
November 18, 2021 04:10AM
details: https://hg.nginx.org/njs/rev/315969946708
branches:
changeset: 1748:315969946708
user: Sergey Kandaurov <pluknet@nginx.com>
date: Wed Nov 17 19:14:19 2021 +0300
description:
Fixed build with OpenSSL 3.0 built with no-deprecated.

This covers deprecated OpenSSL_add_all_algorithms() and RSA/EC_KEY types.

diffstat:

auto/openssl | 2 +-
external/njs_webcrypto.c | 37 +++++++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+), 1 deletions(-)

diffs (104 lines):

diff -r a2d200d79c58 -r 315969946708 auto/openssl
--- a/auto/openssl Wed Nov 17 17:01:07 2021 +0000
+++ b/auto/openssl Wed Nov 17 19:14:19 2021 +0300
@@ -18,7 +18,7 @@ njs_feature_libs="-lcrypto"
njs_feature_test="#include <openssl/evp.h>

int main() {
- OpenSSL_add_all_algorithms();
+ EVP_CIPHER_CTX_new();
return 0;
}"
. auto/feature
diff -r a2d200d79c58 -r 315969946708 external/njs_webcrypto.c
--- a/external/njs_webcrypto.c Wed Nov 17 17:01:07 2021 +0000
+++ b/external/njs_webcrypto.c Wed Nov 17 19:14:19 2021 +0300
@@ -1653,15 +1653,21 @@ njs_ext_import_key(njs_vm_t *vm, njs_val
{
int nid;
BIO *bio;
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
RSA *rsa;
EC_KEY *ec;
+#else
+ char gname[80];
+#endif
unsigned usage;
EVP_PKEY *pkey;
njs_int_t ret;
njs_str_t key_data, format;
njs_value_t value, *options;
const u_char *start;
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
const EC_GROUP *group;
+#endif
njs_mp_cleanup_t *cln;
njs_webcrypto_key_t *key;
PKCS8_PRIV_KEY_INFO *pkcs8;
@@ -1770,6 +1776,9 @@ njs_ext_import_key(njs_vm_t *vm, njs_val
case NJS_ALGORITHM_RSA_OAEP:
case NJS_ALGORITHM_RSA_PSS:
case NJS_ALGORITHM_RSASSA_PKCS1_v1_5:
+
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
+
rsa = EVP_PKEY_get1_RSA(pkey);
if (njs_slow_path(rsa == NULL)) {
njs_webcrypto_error(vm, "RSA key is not found");
@@ -1778,6 +1787,13 @@ njs_ext_import_key(njs_vm_t *vm, njs_val

RSA_free(rsa);

+#else
+ if (!EVP_PKEY_is_a(pkey, "RSA")) {
+ njs_webcrypto_error(vm, "RSA key is not found");
+ goto fail;
+ }
+#endif
+
ret = njs_algorithm_hash(vm, options, &key->hash);
if (njs_slow_path(ret == NJS_ERROR)) {
goto fail;
@@ -1789,6 +1805,9 @@ njs_ext_import_key(njs_vm_t *vm, njs_val

case NJS_ALGORITHM_ECDSA:
case NJS_ALGORITHM_ECDH:
+
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
+
ec = EVP_PKEY_get1_EC_KEY(pkey);
if (njs_slow_path(ec == NULL)) {
njs_webcrypto_error(vm, "EC key is not found");
@@ -1799,6 +1818,22 @@ njs_ext_import_key(njs_vm_t *vm, njs_val
nid = EC_GROUP_get_curve_name(group);
EC_KEY_free(ec);

+#else
+
+ if (!EVP_PKEY_is_a(pkey, "EC")) {
+ njs_webcrypto_error(vm, "EC key is not found");
+ goto fail;
+ }
+
+ if (EVP_PKEY_get_group_name(pkey, gname, sizeof(gname), NULL) != 1) {
+ njs_webcrypto_error(vm, "EVP_PKEY_get_group_name() failed");
+ goto fail;
+ }
+
+ nid = OBJ_txt2nid(gname);
+
+#endif
+
ret = njs_algorithm_curve(vm, options, &key->curve);
if (njs_slow_path(ret == NJS_ERROR)) {
goto fail;
@@ -2624,7 +2659,9 @@ njs_external_webcrypto_init(njs_vm_t *vm
njs_str_t name;
njs_opaque_value_t value;

+#if (OPENSSL_VERSION_NUMBER < 0x10100003L)
OpenSSL_add_all_algorithms();
+#endif

njs_webcrypto_crypto_key_proto_id =
njs_vm_external_prototype(vm, njs_ext_webcrypto_crypto_key,
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[njs] Fixed build with OpenSSL 3.0 built with no-deprecated.

Sergey Kandaurov 89 November 18, 2021 04:10AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 65
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready