Openssl 1.1

dist.ini

@@ -7,4 +7,4 @@ lib_dir = lib
 doc_dir = lib
 repo_link = https://github.com/SkyLothar/lua-resty-jwt
 main_module = lib/resty/jwt.lua
-requires = luajit, jkeys089/lua-resty-hmac >= 0.01
+requires = luajit, jkeys089/lua-resty-hmac >= 0.02

lib/resty/evp.lua

@@ -88,8 +88,15 @@ typedef struct env_md_ctx_st EVP_MD_CTX;
 typedef struct env_md_st EVP_MD;
 typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
 const EVP_MD *EVP_get_digestbyname(const char *name);
+
+//OpenSSL 1.0
 EVP_MD_CTX *EVP_MD_CTX_create(void);
 void    EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+
+//OpenSSL 1.1
+EVP_MD_CTX *EVP_MD_CTX_new(void);
+void    EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+
 int     EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
 int     EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                         const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
@@ -118,6 +125,28 @@ local function _err(ret)
     return ret, ffi.string(_C.ERR_reason_error_string(code))
 end
 
+local ctx_new, ctx_free
+local openssl11, e = pcall(function ()
+    local ctx = _C.HMAC_CTX_new()
+    _C.HMAC_CTX_free(ctx)
+end)
+if openssl11 then
+    ctx_new = function ()
+        return _C.HMAC_CTX_new()
+    end
+    ctx_free = function (ctx)
+        ffi.gc(ctx, _C.EVP_MD_CTX_free)
+    end
+else
+    ctx_new = function ()
+        local ctx = _C.EVP_MD_CTX_create()
+        return ctx
+    end
+    ctx_free = function (ctx)
+        ffi.gc(ctx, _C.EVP_MD_CTX_destroy)
+    end
+end
+
 
 local RSASigner = {}
 _M.RSASigner = RSASigner
@@ -157,11 +186,11 @@ function RSASigner.sign(self, message, digest_name)
     local buf = ffi.new("unsigned char[?]", 1024)
     local len = ffi.new("size_t[1]", 1024)
 
-    local ctx = _C.EVP_MD_CTX_create()
+    local ctx = ctx_new()
     if not ctx then
         return _err()
     end
-    ffi.gc(ctx, _C.EVP_MD_CTX_destroy)
+    ctx_free(ctx)
 
     local md = _C.EVP_get_digestbyname(digest_name)
     if not md then
@@ -213,11 +242,11 @@ function RSAVerifier.verify(self, message, sig, digest_name)
         return _err(false)
     end
 
-    local ctx = _C.EVP_MD_CTX_create()
+    local ctx = ctx_new()
     if not ctx then
         return _err(false)
     end
-    ffi.gc(ctx, _C.EVP_MD_CTX_destroy)
+    ctx_free(ctx)
 
     if _C.EVP_DigestInit_ex(ctx, md, nil) ~= 1 then
         return _err(false)
@@ -276,7 +305,7 @@ function Cert.new(self, payload)
     end
 
     ffi.gc(public_key, _C.EVP_PKEY_free)
-    
+
     self.public_key = public_key
     return self, nil
 end
@@ -366,7 +395,7 @@ _M.PublicKey = PublicKey
 --
 -- ----- BEGIN PUBLIC KEY -----
 --
--- @param payload A PEM or DER format public key file 
+-- @param payload A PEM or DER format public key file
 -- @return PublicKey, error_string
 function PublicKey.new(self, payload)
     if not payload then
@@ -393,6 +422,6 @@ function PublicKey.new(self, payload)
     self.public_key = pkey
     return self, nil
 end
-    
+
 
 return _M

vendor/resty/hmac.lua

@@ -1,9 +1,11 @@
 
 local str_util = require "resty.string"
+local to_hex = str_util.to_hex
 local ffi = require "ffi"
 local ffi_new = ffi.new
 local ffi_str = ffi.string
 local ffi_gc = ffi.gc
+local ffi_typeof = ffi.typeof
 local C = ffi.C
 local setmetatable = setmetatable
 local error = error
@@ -60,10 +62,15 @@ typedef struct hmac_ctx_st
     unsigned char key[128];
     } HMAC_CTX;
 
+//OpenSSL 1.0
 void HMAC_CTX_init(HMAC_CTX *ctx);
 void HMAC_CTX_cleanup(HMAC_CTX *ctx);
 
-int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,const EVP_MD *md, ENGINE *impl);
+//OpenSSL 1.1
+HMAC_CTX *HMAC_CTX_new(void);
+void HMAC_CTX_free(HMAC_CTX *ctx);
+
+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl);
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 
@@ -75,30 +82,51 @@ const EVP_MD *EVP_sha512(void);
 
 local buf = ffi_new("unsigned char[64]")
 local res_len = ffi_new("unsigned int[1]")
-local ctx_ptr_type = ffi.typeof("HMAC_CTX[1]")
+local ctx_ptr_type = ffi_typeof("HMAC_CTX[1]")
 local hashes = {
     MD5 = C.EVP_md5(),
     SHA1 = C.EVP_sha1(),
     SHA256 = C.EVP_sha256(),
     SHA512 = C.EVP_sha512()
 }
 
+local ctx_new, ctx_free
+local openssl11, e = pcall(function ()
+    local ctx = C.HMAC_CTX_new()
+    C.HMAC_CTX_free(ctx)
+end)
+if openssl11 then
+    ctx_new = function ()
+        return C.HMAC_CTX_new()
+    end
+    ctx_free = function (ctx)
+        C.HMAC_CTX_free(ctx)
+    end
+else
+    ctx_new = function ()
+        local ctx = ffi_new(ctx_ptr_type)
+        C.HMAC_CTX_init(ctx)
+        return ctx
+    end
+    ctx_free = function (ctx) 
+        C.HMAC_CTX_cleanup(ctx)
+    end
+end
+
 
 _M.ALGOS = hashes
 
 
 function _M.new(self, key, hash_algo)
-    local ctx = ffi_new(ctx_ptr_type)
-
-    C.HMAC_CTX_init(ctx)
+    local ctx = ctx_new()
 
     local _hash_algo = hash_algo or hashes.md5
 
     if C.HMAC_Init_ex(ctx, key, #key, _hash_algo, nil) == 0 then
         return nil
     end
 
-    ffi_gc(ctx, C.HMAC_CTX_cleanup)
+    ffi_gc(ctx, ctx_free)
 
     return setmetatable({ _ctx = ctx }, mt)
 end
@@ -119,7 +147,7 @@ function _M.final(self, s, hex_output)
 
     if C.HMAC_Final(self._ctx, buf, res_len) == 1 then
         if hex_output == true then
-            return str_util.to_hex(ffi_str(buf, res_len[0]))
+            return to_hex(ffi_str(buf, res_len[0]))
         end
         return ffi_str(buf, res_len[0])
     end