From 8fbdb396d0a4988a24ff2e0404c1866a416d9cff Mon Sep 17 00:00:00 2001 From: Wangchong Zhou Date: Sat, 28 Aug 2021 04:34:01 +0800 Subject: [PATCH] fix(*) rename some EVP_ API to use get in openssl3.0 --- lib/resty/openssl.lua | 8 ++++++-- lib/resty/openssl/cipher.lua | 10 +++++++--- lib/resty/openssl/digest.lua | 3 ++- lib/resty/openssl/hmac.lua | 3 ++- lib/resty/openssl/include/evp.lua | 28 +++++++++++++++++++++------- lib/resty/openssl/kdf.lua | 3 ++- lib/resty/openssl/pkey.lua | 5 +++-- lib/resty/openssl/x509/init.lua | 3 ++- t/openssl/pkey.t | 2 +- 9 files changed, 46 insertions(+), 19 deletions(-) diff --git a/lib/resty/openssl.lua b/lib/resty/openssl.lua index addc7770..3ba616f6 100644 --- a/lib/resty/openssl.lua +++ b/lib/resty/openssl.lua @@ -224,7 +224,9 @@ end function _M.list_cipher_algorithms() local ret = {} local fn = ffi_cast("fake_openssl_cipher_list_fn*", - get_list_func(C.EVP_CIPHER_nid, ret)) + get_list_func( + OPENSSL_30 and C.EVP_CIPHER_get_nid or C.EVP_CIPHER_nid, + ret)) C.EVP_CIPHER_do_all_sorted(fn, nil) @@ -236,7 +238,9 @@ end function _M.list_digest_algorithms() local ret = {} local fn = ffi_cast("fake_openssl_md_list_fn*", - get_list_func(C.EVP_MD_type, ret)) + get_list_func( + OPENSSL_30 and C.EVP_MD_get_type or C.EVP_MD_type, + ret)) C.EVP_MD_do_all_sorted(fn, nil) diff --git a/lib/resty/openssl/cipher.lua b/lib/resty/openssl/cipher.lua index 078d8bf6..9cb37bed 100644 --- a/lib/resty/openssl/cipher.lua +++ b/lib/resty/openssl/cipher.lua @@ -9,6 +9,7 @@ local ctypes = require "resty.openssl.auxiliary.ctypes" local format_error = require("resty.openssl.err").format_error local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10 local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER +local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30 local uchar_array = ctypes.uchar_array local void_ptr = ctypes.void_ptr @@ -51,9 +52,12 @@ function _M.new(typ) ctx = ctx, cipher_type = dtyp, initialized = false, - block_size = tonumber(C.EVP_CIPHER_CTX_block_size(ctx)), - key_size = tonumber(C.EVP_CIPHER_CTX_key_length(ctx)), - iv_size = tonumber(C.EVP_CIPHER_CTX_iv_length(ctx)), + block_size = tonumber(OPENSSL_30 and C.EVP_CIPHER_CTX_get_block_size(ctx) + or C.EVP_CIPHER_CTX_block_size(ctx)), + key_size = tonumber(OPENSSL_30 and C.EVP_CIPHER_CTX_get_key_length(ctx) + or C.EVP_CIPHER_CTX_key_length(ctx)), + iv_size = tonumber(OPENSSL_30 and C.EVP_CIPHER_CTX_get_iv_length(ctx) + or C.EVP_CIPHER_CTX_iv_length(ctx)), }, mt), nil end diff --git a/lib/resty/openssl/digest.lua b/lib/resty/openssl/digest.lua index 4c43f8c2..f65dac39 100644 --- a/lib/resty/openssl/digest.lua +++ b/lib/resty/openssl/digest.lua @@ -8,6 +8,7 @@ local ctypes = require "resty.openssl.auxiliary.ctypes" local format_error = require("resty.openssl.err").format_error local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10 local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER +local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30 local _M = {} local mt = {__index = _M} @@ -45,7 +46,7 @@ function _M.new(typ) return setmetatable({ ctx = ctx, dtyp = dtyp, - buf = ctypes.uchar_array(C.EVP_MD_size(dtyp)), + buf = ctypes.uchar_array(OPENSSL_30 and C.EVP_MD_get_size(dtyp) or C.EVP_MD_size(dtyp)), }, mt), nil end diff --git a/lib/resty/openssl/hmac.lua b/lib/resty/openssl/hmac.lua index 97ccaf35..c8f6c407 100644 --- a/lib/resty/openssl/hmac.lua +++ b/lib/resty/openssl/hmac.lua @@ -8,6 +8,7 @@ local ctypes = require "resty.openssl.auxiliary.ctypes" local format_error = require("resty.openssl.err").format_error local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10 local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER +local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30 local _M = {} local mt = {__index = _M} @@ -44,7 +45,7 @@ function _M.new(key, typ) return setmetatable({ ctx = ctx, dtyp = dtyp, - buf = ctypes.uchar_array(C.EVP_MD_size(dtyp)), + buf = ctypes.uchar_array(OPENSSL_30 and C.EVP_MD_get_size(dtyp) or C.EVP_MD_size(dtyp)), }, mt), nil end diff --git a/lib/resty/openssl/include/evp.lua b/lib/resty/openssl/include/evp.lua index 9c91ad9d..3c8cfc20 100644 --- a/lib/resty/openssl/include/evp.lua +++ b/lib/resty/openssl/include/evp.lua @@ -18,6 +18,7 @@ ffi.cdef [[ DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); + // openssl < 3.0 int EVP_PKEY_base_id(const EVP_PKEY *pkey); int EVP_PKEY_size(const EVP_PKEY *pkey); @@ -84,8 +85,14 @@ ffi.cdef [[ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen, const unsigned char *tbs, size_t tbslen); - int EVP_MD_size(const EVP_MD *md); const EVP_MD *EVP_md_null(void); + // openssl < 3.0 + int EVP_MD_size(const EVP_MD *md); + int EVP_MD_type(const EVP_MD *md); + + typedef void* fake_openssl_md_list_fn(const EVP_MD *ciph, const char *from, + const char *to, void *x); + void EVP_MD_do_all_sorted(fake_openssl_md_list_fn*, void *arg); int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); const EVP_MD *EVP_get_digestbyname(const char *name); @@ -104,7 +111,7 @@ ffi.cdef [[ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); // openssl >= 1.1.0 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); - + // openssl < 3.0 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); @@ -147,16 +154,23 @@ ffi.cdef [[ const char *to, void *x); void EVP_CIPHER_do_all_sorted(fake_openssl_cipher_list_fn*, void *arg); int EVP_CIPHER_nid(const EVP_CIPHER *cipher); - - typedef void* fake_openssl_md_list_fn(const EVP_MD *ciph, const char *from, - const char *to, void *x); - void EVP_MD_do_all_sorted(fake_openssl_md_list_fn*, void *arg); - int EVP_MD_type(const EVP_MD *md); ]] if OPENSSL_30 then ffi.cdef [[ int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode); + + int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx); + + int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher); + + int EVP_MD_get_size(const EVP_MD *md); + int EVP_MD_get_type(const EVP_MD *md); + + int EVP_PKEY_get_base_id(const EVP_PKEY *pkey); + int EVP_PKEY_get_size(const EVP_PKEY *pkey); ]] end diff --git a/lib/resty/openssl/kdf.lua b/lib/resty/openssl/kdf.lua index 2c3f0dcb..eff27f78 100644 --- a/lib/resty/openssl/kdf.lua +++ b/lib/resty/openssl/kdf.lua @@ -10,6 +10,7 @@ local format_error = require("resty.openssl.err").format_error local version_num = require("resty.openssl.version").version_num local version_text = require("resty.openssl.version").version_text local BORINGSSL = require("resty.openssl.version").BORINGSSL +local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30 local ctypes = require "resty.openssl.auxiliary.ctypes" local EVP_PKEY_OP_DERIVE = require("resty.openssl.include.evp").EVP_PKEY_OP_DERIVE @@ -267,7 +268,7 @@ function _M.derive(options) return nil, format_error("kdf.derive: EVP_PKEY_CTRL_HKDF_MODE") end if options.hkdf_mode == _M.HKDEF_MODE_EXTRACT_ONLY then - local md_size = C.EVP_MD_size(md) + local md_size = OPENSSL_30 and C.EVP_MD_get_size(md) or C.EVP_MD_size(md) if options.outlen ~= md_size then options.outlen = md_size ngx.log(ngx.WARN, "hkdf_mode EXTRACT_ONLY outputs fixed length of ", md_size, diff --git a/lib/resty/openssl/pkey.lua b/lib/resty/openssl/pkey.lua index 07422d5b..519b6e43 100644 --- a/lib/resty/openssl/pkey.lua +++ b/lib/resty/openssl/pkey.lua @@ -26,6 +26,7 @@ local format_error = require("resty.openssl.err").format_error local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER local OPENSSL_111_OR_LATER = require("resty.openssl.version").OPENSSL_111_OR_LATER +local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30 local BORINGSSL = require("resty.openssl.version").BORINGSSL local ptr_of_uint = ctypes.ptr_of_uint @@ -427,7 +428,7 @@ function _M.new(s, opts) ffi_gc(ctx, C.EVP_PKEY_free) - local key_type = C.EVP_PKEY_base_id(ctx) + local key_type = OPENSSL_30 and C.EVP_PKEY_get_base_id(ctx) or C.EVP_PKEY_base_id(ctx) if key_type == 0 then return nil, "pkey.new: cannot get key_type" end @@ -438,7 +439,7 @@ function _M.new(s, opts) -- although OpenSSL discourages to use this size for digest/verify -- but this is good enough for now - local buf_size = C.EVP_PKEY_size(ctx) + local buf_size = OPENSSL_30 and C.EVP_PKEY_get_size(ctx) or C.EVP_PKEY_size(ctx) local self = setmetatable({ ctx = ctx, diff --git a/lib/resty/openssl/x509/init.lua b/lib/resty/openssl/x509/init.lua index d6dda58a..3aa7491d 100644 --- a/lib/resty/openssl/x509/init.lua +++ b/lib/resty/openssl/x509/init.lua @@ -20,6 +20,7 @@ local ctypes = require "resty.openssl.auxiliary.ctypes" local format_error = require("resty.openssl.err").format_error local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10 local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER +local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30 -- accessors provides an openssl version neutral interface to lua layer -- it doesn't handle any error, expect that to be implemented in @@ -316,7 +317,7 @@ local function digest(self, cfunc, typ) return nil, string.format("x509:digest: invalid digest type \"%s\"", typ) end - local md_size = C.EVP_MD_size(dtyp) + local md_size = OPENSSL_30 and C.EVP_MD_get_size(dtyp) or C.EVP_MD_size(dtyp) local buf = ctypes.uchar_array(md_size) local length = ctypes.ptr_of_uint() diff --git a/t/openssl/pkey.t b/t/openssl/pkey.t index 44c711c4..eec0c16c 100644 --- a/t/openssl/pkey.t +++ b/t/openssl/pkey.t @@ -1107,7 +1107,7 @@ true GET /t --- response_body_like eval "errored out with too many callbacks -pkey.new.+(?:bad decrypt|failed|BAD_DECRYPT|no start line) +pkey.new.+(?:bad decrypt|failed|BAD_DECRYPT|no start line|DECODER routines::unsupported) ok ok "