SSL: fixed compatibility with OpenSSL 3.0.
diff --git a/auto/openssl b/auto/openssl
index 1140c6f..8409f75 100644
--- a/auto/openssl
+++ b/auto/openssl
@@ -25,31 +25,7 @@
if [ $njs_found = yes ]; then
- njs_feature="OpenSSL HKDF"
- njs_feature_name=NJS_HAVE_OPENSSL_HKDF
- njs_feature_test="#include <openssl/evp.h>
- #include <openssl/kdf.h>
-
- int main(void) {
- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
-
- EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256());
- EVP_PKEY_CTX_free(pctx);
-
- return 0;
- }"
- . auto/feature
-
- njs_feature="OpenSSL EVP_MD_CTX_new()"
- njs_feature_name=NJS_HAVE_OPENSSL_EVP_MD_CTX_NEW
- njs_feature_test="#include <openssl/evp.h>
-
- int main(void) {
- EVP_MD_CTX *ctx = EVP_MD_CTX_new();
- EVP_MD_CTX_free(ctx);
- return 0;
- }"
- . auto/feature
+ echo " + OpenSSL version: `openssl version`"
NJS_HAVE_OPENSSL=YES
NJS_OPENSSL_LIB="$njs_feature_libs"
diff --git a/external/njs_openssl.h b/external/njs_openssl.h
new file mode 100644
index 0000000..dd2f34c
--- /dev/null
+++ b/external/njs_openssl.h
@@ -0,0 +1,53 @@
+
+/*
+ * Copyright (C) Dmitry Volyntsev
+ * Copyright (C) NGINX, Inc.
+ */
+
+
+#ifndef _NJS_EXTERNAL_OPENSSL_H_INCLUDED_
+#define _NJS_EXTERNAL_OPENSSL_H_INCLUDED_
+
+
+#define OPENSSL_SUPPRESS_DEPRECATED
+
+#include <openssl/bn.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+#include <openssl/rsa.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/crypto.h>
+
+#if EVP_PKEY_HKDF
+#include <openssl/kdf.h>
+#endif
+
+
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
+#undef OPENSSL_VERSION_NUMBER
+#if (LIBRESSL_VERSION_NUMBER >= 0x2080000fL)
+#define OPENSSL_VERSION_NUMBER 0x1010000fL
+#else
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
+#endif
+#endif
+
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#define njs_evp_md_ctx_new() EVP_MD_CTX_new()
+#define njs_evp_md_ctx_free(_ctx) EVP_MD_CTX_free(_ctx)
+#else
+#define njs_evp_md_ctx_new() EVP_MD_CTX_create()
+#define njs_evp_md_ctx_free(_ctx) EVP_MD_CTX_destroy(_ctx)
+#endif
+
+
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L && !defined ERR_peek_error_data)
+#define ERR_peek_error_data(d, f) ERR_peek_error_line_data(NULL, NULL, d, f)
+#endif
+
+
+#endif /* _NJS_EXTERNAL_OPENSSL_H_INCLUDED_ */
diff --git a/external/njs_webcrypto.c b/external/njs_webcrypto.c
index 00f9e63..bed7cef 100644
--- a/external/njs_webcrypto.c
+++ b/external/njs_webcrypto.c
@@ -7,29 +7,7 @@
#include <njs_main.h>
#include "njs_webcrypto.h"
-
-#include <openssl/bn.h>
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/evp.h>
-#include <openssl/aes.h>
-#include <openssl/rsa.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/crypto.h>
-
-#if NJS_HAVE_OPENSSL_HKDF
-#include <openssl/kdf.h>
-#endif
-
-#if NJS_HAVE_OPENSSL_EVP_MD_CTX_NEW
-#define njs_evp_md_ctx_new() EVP_MD_CTX_new();
-#define njs_evp_md_ctx_free(_ctx) EVP_MD_CTX_free(_ctx);
-#else
-#define njs_evp_md_ctx_new() EVP_MD_CTX_create();
-#define njs_evp_md_ctx_free(_ctx) EVP_MD_CTX_destroy(_ctx);
-#endif
-
+#include "njs_openssl.h"
typedef enum {
NJS_KEY_FORMAT_RAW = 1 << 1,
@@ -1449,7 +1427,7 @@
break;
case NJS_ALGORITHM_HKDF:
-#ifdef NJS_HAVE_OPENSSL_HKDF
+#ifdef EVP_PKEY_HKDF
ret = njs_algorithm_hash(vm, aobject, &hash);
if (njs_slow_path(ret == NJS_ERROR)) {
goto fail;
@@ -2588,7 +2566,7 @@
for ( ;; ) {
- n = ERR_peek_error_line_data(NULL, NULL, &data, &flags);
+ n = ERR_peek_error_data(&data, &flags);
if (n == 0) {
break;
