Commit d6dd62f
committed
Crypto: switched to OpenSSL EVP for hashing.
Previously, the crypto module used built-in software implementations
for a limited set of hash algorithms (md5, sha1, sha256). This
prevented users from using algorithms like sha384, sha512, and sha3
family, even when the underlying OpenSSL library supported them.
The change replaces built-in hash implementations with OpenSSL
EVP_MD_CTX for createHash() and HMAC_CTX for createHmac(), following
the webcrypto module. Algorithm lookup now uses EVP_get_digestbyname(),
making any digest supported by the linked OpenSSL available to
JavaScript code.
The module now requires OpenSSL and is conditionally compiled, same as
the webcrypto module. Builds without OpenSSL (--no-openssl) will no
longer have the crypto module available.
Tested with OpenSSL 3.0, OpenSSL 1.1.1w, LibreSSL 3.9.2, and
BoringSSL. SHA-3 tests are skipped when the SSL library does not
support them (e.g. BoringSSL).
This closes #1037 feature request on Github.1 parent 8f42e99 commit d6dd62f
File tree
12 files changed
+417
-1202
lines changed- auto
- external
- nginx
- src/test
- test
12 files changed
+417
-1202
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
10 | | - | |
11 | | - | |
12 | | - | |
13 | | - | |
14 | | - | |
15 | | - | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
16 | 14 | | |
17 | | - | |
| 15 | + | |
18 | 16 | | |
19 | | - | |
20 | 17 | | |
21 | 18 | | |
22 | 19 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
10 | | - | |
11 | | - | |
12 | | - | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
13 | 14 | | |
14 | | - | |
| 15 | + | |
| 16 | + | |
15 | 17 | | |
16 | 18 | | |
17 | 19 | | |
| |||
0 commit comments