Use new API to fetch algorithms on OpenSSL3 (#123)

jeroen · May 16, 2024 · e21504c · e21504c
1 parent 947cfdb
commit e21504c
Show file tree

Hide file tree

Showing 8 changed files with 33 additions and 5 deletions.
diff --git a/DESCRIPTION b/DESCRIPTION
@@ -1,7 +1,7 @@
 Package: openssl
 Type: Package
 Title: Toolkit for Encryption, Signatures and Certificates Based on OpenSSL
-Version: 2.1.2
+Version: 2.2.0
 Authors@R: c(person("Jeroen", "Ooms", role = c("aut", "cre"), email = "jeroen@berkeley.edu",
     comment = c(ORCID = "0000-0002-4035-0289")),
     person("Oliver", "Keyes", role = "ctb"))

diff --git a/NEWS b/NEWS
@@ -1,3 +1,6 @@
+2.2.0
+ - Use new EVP_MD_fetch() api on libssl 3 to find non-default algorithms.
+
 2.1.2
  - MacOS: avoid linking against legacy versions of openssl
 

diff --git a/R/hash.R b/R/hash.R
@@ -97,6 +97,12 @@ sha512 <- function(x, key = NULL){
   rawstringhash(x, "sha512", key)
 }
 
+#' @rdname hash
+#' @export
+keccak256 <- function(x, key = NULL){
+  rawstringhash(x, "keccak-256", key)
+}
+
 #' @rdname hash
 #' @export
 sha2 <- function(x, size = 256, key = NULL){

diff --git a/man/hash.Rd b/man/hash.Rd
diff --git a/src/compatibility.h b/src/compatibility.h
@@ -6,6 +6,10 @@
 #define HAS_OPENSSL11_API 1
 #endif
 
+#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
+#define HAS_OPENSSL3_API 1
+#endif
+
 #ifdef HAS_OPENSSL11_API
 #define MY_EVP_PKEY_get0_RSA EVP_PKEY_get0_RSA
 #define MY_EVP_PKEY_get0_DSA EVP_PKEY_get0_DSA

diff --git a/src/hash.c b/src/hash.c
@@ -3,7 +3,9 @@
 #include <string.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
+#include <openssl/pem.h>
 #include "utils.h"
+#include "compatibility.h"
 
 /*
  * Adapted from example at: https://www.openssl.org/docs/crypto/EVP_DigestInit.html
@@ -13,7 +15,12 @@ unsigned int digest_string(unsigned char *x, int len, SEXP key, const char *algo
 
   /* init openssl stuff */
   unsigned int md_len;
+#ifdef HAS_OPENSSL3_API
+  EVP_MD *md = EVP_MD_fetch(NULL, algo, NULL);
+#else
   const EVP_MD *md = EVP_get_digestbyname(algo);
+#endif
+
   if(!md)
     error("Unknown cryptographic algorithm %s\n", algo);
 

diff --git a/src/onload.c b/src/onload.c
@@ -4,10 +4,7 @@
 #include <openssl/ssl.h>
 #include <openssl/engine.h>
 #include <openssl/hmac.h>
-
-#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
-#define HAS_OPENSSL3_API 1
-#endif
+#include "compatibility.h"
 
 #ifdef HAS_OPENSSL3_API
 #include <openssl/provider.h>

diff --git a/src/stream.c b/src/stream.c
@@ -14,7 +14,11 @@ void fin_md(SEXP ptr){
 }
 
 SEXP R_md_init(SEXP algo){
+#ifdef HAS_OPENSSL3_API
+  EVP_MD *md = EVP_MD_fetch(NULL, CHAR(asChar(algo)), NULL);
+#else
   const EVP_MD *md = EVP_get_digestbyname(CHAR(asChar(algo)));
+#endif
   if(!md)
     error("Unknown cryptographic algorithm %s\n", CHAR(asChar(algo)));
   EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
@@ -61,7 +65,11 @@ void fin_hmac(SEXP ptr){
 }
 
 SEXP R_hmac_init(SEXP algo, SEXP key){
+#ifdef HAS_OPENSSL3_API
+  EVP_MD *md = EVP_MD_fetch(NULL, CHAR(asChar(algo)), NULL);
+#else
   const EVP_MD *md = EVP_get_digestbyname(CHAR(asChar(algo)));
+#endif
   if(!md)
     error("Unknown cryptographic algorithm %s\n", CHAR(asChar(algo)));
 #ifdef HAS_OPENSSL11_API