git.kaiwu.me - njs.git/commit

author	Dmitry Volyntsev <xeioex@nginx.com>
	Tue, 24 Mar 2026 01:46:02 +0000 (18:46 -0700)
committer	Dmitry Volyntsev <xeioexception@gmail.com>
	Tue, 31 Mar 2026 01:38:02 +0000 (18:38 -0700)
commit	3185ce819be0eadbaea1b602c6aa72108fdc32cd
tree	87221ea7d86618a3a11a07c4cef17f8980a6aee3	tree \| snapshot
parent	c3a4725a1f17c4dbedba6a8d2046322174bbcd80	commit \| diff

Crypto: switched to OpenSSL EVP for hashing.

Previously, the crypto module used built-in software implementations
for a limited set of hash algorithms (md5, sha1, sha256).  This
prevented users from using algorithms like sha384, sha512, and sha3
family, even when the underlying OpenSSL library supported them.

The change replaces built-in hash implementations with OpenSSL
EVP_MD_CTX for createHash() and HMAC_CTX for createHmac(), following
the webcrypto module.  Algorithm lookup now uses EVP_get_digestbyname(),
making any digest supported by the linked OpenSSL available to
JavaScript code.

The module now requires OpenSSL and is conditionally compiled, same as
the webcrypto module.  Builds without OpenSSL (--no-openssl) will no
longer have the crypto module available.

Tested with OpenSSL 3.0, OpenSSL 1.1.1w, LibreSSL 3.9.2, and
BoringSSL.  SHA-3 tests are skipped when the SSL library does not
support them (e.g. BoringSSL).

This closes #1037 feature request on Github.

auto/modules		diff \| blob \| history
auto/qjs_modules		diff \| blob \| history
external/njs_crypto_module.c		diff \| blob \| history
external/njs_hash.h	[deleted file]	blob \| history
external/njs_md5.c	[deleted file]	blob \| history
external/njs_openssl.h		diff \| blob \| history
external/njs_sha1.c	[deleted file]	blob \| history
external/njs_sha2.c	[deleted file]	blob \| history
external/qjs_crypto_module.c		diff \| blob \| history
nginx/config		diff \| blob \| history
src/test/njs_unit_test.c		diff \| blob \| history
test/crypto.t.mjs		diff \| blob \| history