fix(kdf) correct FFI definition for BoringSSL

fffonion · fffonion · commit 30ba7cf9d90d · 2022-02-02T17:11:16.000+08:00
diff --git a/lib/resty/openssl/include/evp.lua b/lib/resty/openssl/include/evp.lua
@@ -5,18 +5,33 @@ local bit = require("bit")
 require "resty.openssl.include.ossl_typ"
 require "resty.openssl.include.objects"
 local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30
+local BORINGSSL = require("resty.openssl.version").BORINGSSL
 
-ffi.cdef [[
-  /* KDF */
-  int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
-    const unsigned char *salt, int saltlen, int iter,
-    const EVP_MD *digest, int keylen, unsigned char *out);
-
-  int EVP_PBE_scrypt(const char *pass, size_t passlen,
-    const unsigned char *salt, size_t saltlen,
-    uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
-    unsigned char *key, size_t keylen);
-]]
+if BORINGSSL then
+  ffi.cdef [[
+    int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
+        const uint8_t *salt, size_t salt_len,
+        unsigned iterations, const EVP_MD *digest,
+        size_t key_len, uint8_t *out_key);
+    int EVP_PBE_scrypt(const char *password, size_t password_len,
+        const uint8_t *salt, size_t salt_len,
+        uint64_t N, uint64_t r, uint64_t p,
+        size_t max_mem, uint8_t *out_key,
+        size_t key_len);
+  ]]
+else
+  ffi.cdef [[
+    /* KDF */
+    int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+      const unsigned char *salt, int saltlen, int iter,
+      const EVP_MD *digest, int keylen, unsigned char *out);
+
+    int EVP_PBE_scrypt(const char *pass, size_t passlen,
+      const unsigned char *salt, size_t saltlen,
+      uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
+      unsigned char *key, size_t keylen);
+  ]]
+end
 
 if OPENSSL_30 then
   require "resty.openssl.include.provider"
diff --git a/t/openssl/kdf.t b/t/openssl/kdf.t
@@ -7,7 +7,6 @@ use Cwd qw(cwd);
 my $pwd = cwd();
 
 my $use_luacov = $ENV{'TEST_NGINX_USE_LUACOV'} // '';
-my $on_github_actions = $ENV{'CI'} // '';
 
 our $HttpConfig = qq{
     lua_package_path "$pwd/t/openssl/?.lua;$pwd/lib/?.lua;$pwd/lib/?/init.lua;;";
@@ -17,7 +16,6 @@ our $HttpConfig = qq{
             jit.off()
         end
         _G.myassert = require("helper").myassert
-        _G.on_github_actions = "$on_github_actions" ~= ""
     }
 };
 
@@ -73,11 +71,7 @@ kdf.derive: unknown type 19823718236128632
 --- config
     location =/t {
         content_by_lua_block {
-            -- boringssl has pbkdf2 working, but not github actions, why?
-            if require("resty.openssl.version").BORINGSSL and _G.on_github_actions then
-                ngx.say("cDRFLQ7NWt+AP4i0TdBzog==")
-                ngx.exit(0)
-            end
+
             local kdf = require("resty.openssl.kdf")
             local key = myassert(kdf.derive({
                 type = kdf.PBKDF2,
@@ -103,11 +97,6 @@ kdf.derive: unknown type 19823718236128632
 --- config
     location =/t {
         content_by_lua_block {
-            -- boringssl has pbkdf2 working, but not github actions, why?
-            if require("resty.openssl.version").BORINGSSL and _G.on_github_actions then
-                ngx.say("HkN6HHnXW+YekRQdriCv/A==")
-                ngx.exit(0)
-            end
             local kdf = require("resty.openssl.kdf")
             local key = myassert(kdf.derive({
                 type = kdf.PBKDF2,
