From: Sergey Kandaurov <pluknet@nginx.com>
Date: Wed, 17 Nov 2021 16:14:19 +0000 (+0300)
Subject: Fixed build with OpenSSL 3.0 built with no-deprecated.
X-Git-Tag: 0.7.1~42
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=05263ace0b4af7194497967b6aed359ebb7b7475;p=njs.git

Fixed build with OpenSSL 3.0 built with no-deprecated.

This covers deprecated OpenSSL_add_all_algorithms() and RSA/EC_KEY types.
---

diff --git a/auto/openssl b/auto/openssl
index a494ea8a..2898a91e 100644
--- a/auto/openssl
+++ b/auto/openssl
@@ -18,7 +18,7 @@ njs_feature_libs="-lcrypto"
 njs_feature_test="#include <openssl/evp.h>
 
                   int main() {
-                      OpenSSL_add_all_algorithms();
+                      EVP_CIPHER_CTX_new();
                       return 0;
                  }"
 . auto/feature
diff --git a/external/njs_webcrypto.c b/external/njs_webcrypto.c
index 184ab57a..7ac7ed75 100644
--- a/external/njs_webcrypto.c
+++ b/external/njs_webcrypto.c
@@ -1653,15 +1653,21 @@ njs_ext_import_key(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
 {
     int                         nid;
     BIO                         *bio;
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
     RSA                         *rsa;
     EC_KEY                      *ec;
+#else
+    char                        gname[80];
+#endif
     unsigned                    usage;
     EVP_PKEY                    *pkey;
     njs_int_t                   ret;
     njs_str_t                   key_data, format;
     njs_value_t                 value, *options;
     const u_char                *start;
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
     const EC_GROUP              *group;
+#endif
     njs_mp_cleanup_t            *cln;
     njs_webcrypto_key_t         *key;
     PKCS8_PRIV_KEY_INFO         *pkcs8;
@@ -1770,6 +1776,9 @@ njs_ext_import_key(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
     case NJS_ALGORITHM_RSA_OAEP:
     case NJS_ALGORITHM_RSA_PSS:
     case NJS_ALGORITHM_RSASSA_PKCS1_v1_5:
+
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
+
         rsa = EVP_PKEY_get1_RSA(pkey);
         if (njs_slow_path(rsa == NULL)) {
             njs_webcrypto_error(vm, "RSA key is not found");
@@ -1778,6 +1787,13 @@ njs_ext_import_key(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
 
         RSA_free(rsa);
 
+#else
+        if (!EVP_PKEY_is_a(pkey, "RSA")) {
+            njs_webcrypto_error(vm, "RSA key is not found");
+            goto fail;
+        }
+#endif
+
         ret = njs_algorithm_hash(vm, options, &key->hash);
         if (njs_slow_path(ret == NJS_ERROR)) {
             goto fail;
@@ -1789,6 +1805,9 @@ njs_ext_import_key(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
 
     case NJS_ALGORITHM_ECDSA:
     case NJS_ALGORITHM_ECDH:
+
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
+
         ec = EVP_PKEY_get1_EC_KEY(pkey);
         if (njs_slow_path(ec == NULL)) {
             njs_webcrypto_error(vm, "EC key is not found");
@@ -1799,6 +1818,22 @@ njs_ext_import_key(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
         nid = EC_GROUP_get_curve_name(group);
         EC_KEY_free(ec);
 
+#else
+
+        if (!EVP_PKEY_is_a(pkey, "EC")) {
+            njs_webcrypto_error(vm, "EC key is not found");
+            goto fail;
+        }
+
+        if (EVP_PKEY_get_group_name(pkey, gname, sizeof(gname), NULL) != 1) {
+            njs_webcrypto_error(vm, "EVP_PKEY_get_group_name() failed");
+            goto fail;
+        }
+
+        nid = OBJ_txt2nid(gname);
+
+#endif
+
         ret = njs_algorithm_curve(vm, options, &key->curve);
         if (njs_slow_path(ret == NJS_ERROR)) {
             goto fail;
@@ -2624,7 +2659,9 @@ njs_external_webcrypto_init(njs_vm_t *vm)
     njs_str_t           name;
     njs_opaque_value_t  value;
 
+#if (OPENSSL_VERSION_NUMBER < 0x10100003L)
     OpenSSL_add_all_algorithms();
+#endif
 
     njs_webcrypto_crypto_key_proto_id =
         njs_vm_external_prototype(vm, njs_ext_webcrypto_crypto_key,