fix(*) rename some EVP_ API to use get in openssl3.0

fffonion · Aug 27, 2021 · 8fbdb39 · 8fbdb39
1 parent 984cdde
commit 8fbdb39
Show file tree

Hide file tree

Showing 9 changed files with 46 additions and 19 deletions.
diff --git a/lib/resty/openssl.lua b/lib/resty/openssl.lua
@@ -224,7 +224,9 @@ end
 function _M.list_cipher_algorithms()
   local ret = {}
   local fn = ffi_cast("fake_openssl_cipher_list_fn*",
-                      get_list_func(C.EVP_CIPHER_nid, ret))
+                      get_list_func(
+                        OPENSSL_30 and C.EVP_CIPHER_get_nid or C.EVP_CIPHER_nid,
+                        ret))
 
   C.EVP_CIPHER_do_all_sorted(fn, nil)
 
@@ -236,7 +238,9 @@ end
 function _M.list_digest_algorithms()
   local ret = {}
   local fn = ffi_cast("fake_openssl_md_list_fn*",
-                      get_list_func(C.EVP_MD_type, ret))
+                      get_list_func(
+                        OPENSSL_30 and C.EVP_MD_get_type or C.EVP_MD_type,
+                        ret))
 
   C.EVP_MD_do_all_sorted(fn, nil)
 

diff --git a/lib/resty/openssl/cipher.lua b/lib/resty/openssl/cipher.lua
@@ -9,6 +9,7 @@ local ctypes = require "resty.openssl.auxiliary.ctypes"
 local format_error = require("resty.openssl.err").format_error
 local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
 local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
+local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30
 
 local uchar_array = ctypes.uchar_array
 local void_ptr = ctypes.void_ptr
@@ -51,9 +52,12 @@ function _M.new(typ)
     ctx = ctx,
     cipher_type = dtyp,
     initialized = false,
-    block_size = tonumber(C.EVP_CIPHER_CTX_block_size(ctx)),
-    key_size = tonumber(C.EVP_CIPHER_CTX_key_length(ctx)),
-    iv_size = tonumber(C.EVP_CIPHER_CTX_iv_length(ctx)),
+    block_size = tonumber(OPENSSL_30 and C.EVP_CIPHER_CTX_get_block_size(ctx)
+                                    or C.EVP_CIPHER_CTX_block_size(ctx)),
+    key_size = tonumber(OPENSSL_30 and C.EVP_CIPHER_CTX_get_key_length(ctx)
+                                    or C.EVP_CIPHER_CTX_key_length(ctx)),
+    iv_size = tonumber(OPENSSL_30 and C.EVP_CIPHER_CTX_get_iv_length(ctx)
+                                    or C.EVP_CIPHER_CTX_iv_length(ctx)),
   }, mt), nil
 end
 

diff --git a/lib/resty/openssl/digest.lua b/lib/resty/openssl/digest.lua
@@ -8,6 +8,7 @@ local ctypes = require "resty.openssl.auxiliary.ctypes"
 local format_error = require("resty.openssl.err").format_error
 local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
 local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
+local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30
 
 local _M = {}
 local mt = {__index = _M}
@@ -45,7 +46,7 @@ function _M.new(typ)
   return setmetatable({
     ctx = ctx,
     dtyp = dtyp,
-    buf = ctypes.uchar_array(C.EVP_MD_size(dtyp)),
+    buf = ctypes.uchar_array(OPENSSL_30 and C.EVP_MD_get_size(dtyp) or C.EVP_MD_size(dtyp)),
   }, mt), nil
 end
 

diff --git a/lib/resty/openssl/hmac.lua b/lib/resty/openssl/hmac.lua
@@ -8,6 +8,7 @@ local ctypes = require "resty.openssl.auxiliary.ctypes"
 local format_error = require("resty.openssl.err").format_error
 local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
 local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
+local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30
 
 local _M = {}
 local mt = {__index = _M}
@@ -44,7 +45,7 @@ function _M.new(key, typ)
   return setmetatable({
     ctx = ctx,
     dtyp = dtyp,
-    buf = ctypes.uchar_array(C.EVP_MD_size(dtyp)),
+    buf = ctypes.uchar_array(OPENSSL_30 and C.EVP_MD_get_size(dtyp) or C.EVP_MD_size(dtyp)),
   }, mt), nil
 end
 

diff --git a/lib/resty/openssl/include/evp.lua b/lib/resty/openssl/include/evp.lua
@@ -18,6 +18,7 @@ ffi.cdef [[
   DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
 
   int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
+  // openssl < 3.0
   int EVP_PKEY_base_id(const EVP_PKEY *pkey);
   int EVP_PKEY_size(const EVP_PKEY *pkey);
 
@@ -84,8 +85,14 @@ ffi.cdef [[
   int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                       size_t siglen, const unsigned char *tbs, size_t tbslen);
 
-  int EVP_MD_size(const EVP_MD *md);
   const EVP_MD *EVP_md_null(void);
+  // openssl < 3.0
+  int EVP_MD_size(const EVP_MD *md);
+  int EVP_MD_type(const EVP_MD *md);
+
+  typedef void* fake_openssl_md_list_fn(const EVP_MD *ciph, const char *from,
+                                              const char *to, void *x);
+  void EVP_MD_do_all_sorted(fake_openssl_md_list_fn*, void *arg);
 
   int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
   const EVP_MD *EVP_get_digestbyname(const char *name);
@@ -104,7 +111,7 @@ ffi.cdef [[
   int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
   // openssl >= 1.1.0
   int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
-
+  // openssl < 3.0
   int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
   int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
   int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
@@ -147,16 +154,23 @@ ffi.cdef [[
                                                 const char *to, void *x);
   void EVP_CIPHER_do_all_sorted(fake_openssl_cipher_list_fn*, void *arg);
   int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
-
-  typedef void* fake_openssl_md_list_fn(const EVP_MD *ciph, const char *from,
-                                                const char *to, void *x);
-  void EVP_MD_do_all_sorted(fake_openssl_md_list_fn*, void *arg);
-  int EVP_MD_type(const EVP_MD *md);
 ]]
 
 if OPENSSL_30 then
   ffi.cdef [[
     int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode);
+
+    int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx);
+    int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx);
+    int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx);
+
+    int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher);
+
+    int EVP_MD_get_size(const EVP_MD *md);
+    int EVP_MD_get_type(const EVP_MD *md);
+
+    int EVP_PKEY_get_base_id(const EVP_PKEY *pkey);
+    int EVP_PKEY_get_size(const EVP_PKEY *pkey);
   ]]
 end
 

diff --git a/lib/resty/openssl/kdf.lua b/lib/resty/openssl/kdf.lua
@@ -10,6 +10,7 @@ local format_error = require("resty.openssl.err").format_error
 local version_num = require("resty.openssl.version").version_num
 local version_text = require("resty.openssl.version").version_text
 local BORINGSSL = require("resty.openssl.version").BORINGSSL
+local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30
 local ctypes = require "resty.openssl.auxiliary.ctypes"
 local EVP_PKEY_OP_DERIVE = require("resty.openssl.include.evp").EVP_PKEY_OP_DERIVE
 
@@ -267,7 +268,7 @@ function _M.derive(options)
           return nil, format_error("kdf.derive: EVP_PKEY_CTRL_HKDF_MODE")
         end
         if options.hkdf_mode == _M.HKDEF_MODE_EXTRACT_ONLY then
-          local md_size = C.EVP_MD_size(md)
+          local md_size = OPENSSL_30 and C.EVP_MD_get_size(md) or C.EVP_MD_size(md)
           if options.outlen ~= md_size then
             options.outlen = md_size
             ngx.log(ngx.WARN, "hkdf_mode EXTRACT_ONLY outputs fixed length of ", md_size,

diff --git a/lib/resty/openssl/pkey.lua b/lib/resty/openssl/pkey.lua
@@ -26,6 +26,7 @@ local format_error = require("resty.openssl.err").format_error
 
 local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
 local OPENSSL_111_OR_LATER = require("resty.openssl.version").OPENSSL_111_OR_LATER
+local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30
 local BORINGSSL = require("resty.openssl.version").BORINGSSL
 
 local ptr_of_uint = ctypes.ptr_of_uint
@@ -427,7 +428,7 @@ function _M.new(s, opts)
 
   ffi_gc(ctx, C.EVP_PKEY_free)
 
-  local key_type = C.EVP_PKEY_base_id(ctx)
+  local key_type = OPENSSL_30 and C.EVP_PKEY_get_base_id(ctx) or C.EVP_PKEY_base_id(ctx)
   if key_type == 0 then
     return nil, "pkey.new: cannot get key_type"
   end
@@ -438,7 +439,7 @@ function _M.new(s, opts)
 
   -- although OpenSSL discourages to use this size for digest/verify
   -- but this is good enough for now
-  local buf_size = C.EVP_PKEY_size(ctx)
+  local buf_size = OPENSSL_30 and C.EVP_PKEY_get_size(ctx) or C.EVP_PKEY_size(ctx)
 
   local self = setmetatable({
     ctx = ctx,

diff --git a/lib/resty/openssl/x509/init.lua b/lib/resty/openssl/x509/init.lua
@@ -20,6 +20,7 @@ local ctypes = require "resty.openssl.auxiliary.ctypes"
 local format_error = require("resty.openssl.err").format_error
 local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
 local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
+local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30
 
 -- accessors provides an openssl version neutral interface to lua layer
 -- it doesn't handle any error, expect that to be implemented in
@@ -316,7 +317,7 @@ local function digest(self, cfunc, typ)
     return nil, string.format("x509:digest: invalid digest type \"%s\"", typ)
   end
 
-  local md_size = C.EVP_MD_size(dtyp)
+  local md_size = OPENSSL_30 and C.EVP_MD_get_size(dtyp) or C.EVP_MD_size(dtyp)
   local buf = ctypes.uchar_array(md_size)
   local length = ctypes.ptr_of_uint()
 

diff --git a/t/openssl/pkey.t b/t/openssl/pkey.t
@@ -1107,7 +1107,7 @@ true
     GET /t
 --- response_body_like eval
 "errored out with too many callbacks
-pkey.new.+(?:bad decrypt|failed|BAD_DECRYPT|no start line)
+pkey.new.+(?:bad decrypt|failed|BAD_DECRYPT|no start line|DECODER routines::unsupported)
 ok
 ok
 "