Skip to content

Commit

Permalink
feat: Added support for compiling with openssl v1 (#203)
Browse files Browse the repository at this point in the history
  • Loading branch information
naqvis authored Dec 18, 2024
1 parent e0d52c1 commit ac40805
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 2 deletions.
15 changes: 15 additions & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ option(PIPY_LTO "enable LTO" OFF)
option(PIPY_USE_NTLS, "Use externally compiled TongSuo Crypto library instead of OpenSSL. Used with PIPY_OPENSSL" OFF)
option(PIPY_USE_SYSTEM_ZLIB "Use system installed zlib" OFF)
option(PIPY_USE_SYSTEM_OPENSSL "Use system installed OpenSSL" OFF)
option(PIPY_USE_OPENSSL1, "Use openssl v1 when compiling pipy" OFF)

set(BUILD_SHARED_LIBS OFF)
set(BUILD_TESTING OFF)
Expand Down Expand Up @@ -131,6 +132,10 @@ else()
endif(PIPY_USE_SYSTEM_ZLIB)
endif()

if(PIPY_USE_OPENSSL1)
add_definitions(-DPIPY_USE_OPENSSL1)
endif()

if(PIPY_USE_SYSTEM_OPENSSL)
find_package(OpenSSL REQUIRED)
if(OPENSSL_FOUND)
Expand All @@ -148,6 +153,16 @@ elseif(PIPY_OPENSSL)
set(OPENSSL_LIB_DIR ${PIPY_OPENSSL}/lib)

else()
if (DEFINED PIPY_USE_OPENSSL1)
message(FATAL_ERROR
"Error: OpenSSL v1 detected (PIPY_USE_OPENSSL1 is set).\n"
"To compile with OpenSSL v1, you must set one of the following options:\n"
" - PIPY_OPENSSL: Provide a custom OpenSSL installation path.\n"
" - PIPY_USE_SYSTEM_OPENSSL: Use the system-installed OpenSSL library.\n"
"Please configure CMake with the correct option and try again."
)
endif()

set(OPENSSL_SRC_DIR ${CMAKE_SOURCE_DIR}/deps/openssl-3.2.0)
set(OPENSSL_LIB_DIR ${OPENSSL_SRC_DIR}/build)
set(OPENSSL_INC_DIR ${OPENSSL_SRC_DIR}/include ${OPENSSL_LIB_DIR}/include)
Expand Down
21 changes: 19 additions & 2 deletions src/api/crypto.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -168,8 +168,16 @@ PublicKey::PublicKey(pjs::Str *data) {
}

PublicKey::PublicKey(PrivateKey *pkey) {
#ifdef PIPY_USE_OPENSSL1
m_pkey = pkey->pkey();
if (!m_pkey)
throw_error();
EVP_PKEY_up_ref(m_pkey);
#else
m_pkey = EVP_PKEY_dup(pkey->pkey());
if (!m_pkey) throw_error();
if (!m_pkey)
throw_error();
#endif
}

PublicKey::~PublicKey() {
Expand Down Expand Up @@ -423,14 +431,23 @@ Certificate::Certificate(const Options &options) {
throw std::runtime_error("missing public key");
}

// Digest algorithm
// Digest algorithm
#ifdef PIPY_USE_OPENSSL1
const EVP_MD *md = nullptr;
if (EVP_PKEY_type(EVP_PKEY_id(options.private_key->pkey())) == EVP_PKEY_RSA ||
EVP_PKEY_type(EVP_PKEY_id(options.private_key->pkey())) == EVP_PKEY_EC) {
// Default to SHA256 for RSA and EC keys
md = EVP_sha256();
}
#else
char digest_name[80];
if (EVP_PKEY_get_default_digest_name(options.private_key->pkey(), digest_name, sizeof(digest_name)) == 2) {
if (!std::strcmp(digest_name, "UNDEF")) {
digest_name[0] = '\0';
}
}
auto md = digest_name[0] ? Hash::algorithm(digest_name) : nullptr;
#endif

// Sign
if (!X509_sign(x509, options.private_key->pkey(), md)) throw_error();
Expand Down
7 changes: 7 additions & 0 deletions src/filters/tls.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -353,9 +353,16 @@ auto TLSSession::hostname() -> pjs::Str* {

auto TLSSession::peer() -> crypto::Certificate* {
if (!m_peer) {
#ifndef PIPY_USE_OPENSSL1
if (auto x = SSL_get0_peer_certificate(m_ssl)) {
m_peer = crypto::Certificate::make(x);
}
#else
if (auto x = SSL_get_peer_certificate(m_ssl)) {
m_peer = crypto::Certificate::make(x);
X509_free(x);
}
#endif
}
return m_peer;
}
Expand Down

0 comments on commit ac40805

Please sign in to comment.