fix(openssl) BREAKING: not load sub modules by default

fffonion · fffonion · commit a402f05f3ea4 · 2021-02-02T17:35:46.000+08:00
diff --git a/README.md b/README.md
@@ -272,12 +272,17 @@ consul its manual for differences between OpenSSL API.
 
 ## resty.openssl
 
-This meta module provides a version sanity check against linked OpenSSL library
-and returns all exported modules to a table.
+This meta module provides a version sanity check against linked OpenSSL library.
+
+[Back to TOC](#table-of-contents)
+
+### openssl.load_modules
+
+**syntax**: *openssl.load_modules()*
+
+Load all available sub modules into current module:
 
 ```lua
-return {
-  _VERSION = 'x.y.z',
   bn = require("resty.openssl.bn"),
   cipher = require("resty.openssl.cipher"),
   digest = require("resty.openssl.digest"),
@@ -298,7 +303,6 @@ return {
   store = require("resty.openssl.x509.store"),
   ssl = require("resty.openssl.ssl"),
   ssl_ctx = require("resty.openssl.ssl_ctx"),
-}
 ```
 
 Starting OpenSSL 3.0, [`provider`](#restyopensslprovider) is also available.
@@ -317,15 +321,6 @@ Note that not all `luaossl` API has been implemented, please check readme for so
 
 [Back to TOC](#table-of-contents)
 
-### openssl.resty_hmac_compat
-
-**syntax**: *openssl.resty_hmac_compat()*
-
-Call this function before `require("resty.hmac")` to allow these two libraries play nice with
-each other. This function is not available with OpenSSL 1.0.
-
-[Back to TOC](#table-of-contents)
-
 ### openssl.get_fips_mode
 
 **syntax**: *enabled = openssl.get_fips_mode()*
diff --git a/lib/resty/openssl.lua b/lib/resty/openssl.lua
@@ -1,38 +1,46 @@
 local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30
+local err = require("resty.openssl.err")
 local C = require("ffi").C
 
 
 local _M = {
   _VERSION = '0.6.11',
-  bn = require("resty.openssl.bn"),
-  cipher = require("resty.openssl.cipher"),
-  digest = require("resty.openssl.digest"),
-  hmac = require("resty.openssl.hmac"),
-  kdf = require("resty.openssl.kdf"),
-  pkey = require("resty.openssl.pkey"),
-  objects = require("resty.openssl.objects"),
-  rand = require("resty.openssl.rand"),
-  version = require("resty.openssl.version"),
-  x509 = require("resty.openssl.x509"),
-  altname = require("resty.openssl.x509.altname"),
-  chain = require("resty.openssl.x509.chain"),
-  csr = require("resty.openssl.x509.csr"),
-  crl = require("resty.openssl.x509.crl"),
-  extension = require("resty.openssl.x509.extension"),
-  extensions = require("resty.openssl.x509.extensions"),
-  name = require("resty.openssl.x509.name"),
-  revoked = require("resty.openssl.x509.revoked"),
-  store = require("resty.openssl.x509.store"),
-  pkcs12 = require("resty.openssl.pkcs12"),
 }
 
-if OPENSSL_30 then
-  _M.provider = require("resty.openssl.provider")
-end
+function _M.load_modules()
+  _M.bn = require("resty.openssl.bn")
+  _M.cipher = require("resty.openssl.cipher")
+  _M.digest = require("resty.openssl.digest")
+  _M.hmac = require("resty.openssl.hmac")
+  _M.kdf = require("resty.openssl.kdf")
+  _M.pkey = require("resty.openssl.pkey")
+  _M.objects = require("resty.openssl.objects")
+  _M.rand = require("resty.openssl.rand")
+  _M.version = require("resty.openssl.version")
+  _M.x509 = require("resty.openssl.x509")
+  _M.altname = require("resty.openssl.x509.altname")
+  _M.chain = require("resty.openssl.x509.chain")
+  _M.csr = require("resty.openssl.x509.csr")
+  _M.crl = require("resty.openssl.x509.crl")
+  _M.extension = require("resty.openssl.x509.extension")
+  _M.extensions = require("resty.openssl.x509.extensions")
+  _M.name = require("resty.openssl.x509.name")
+  _M.revoked = require("resty.openssl.x509.revoked")
+  _M.store = require("resty.openssl.x509.store")
+  _M.pkcs12 = require("resty.openssl.pkcs12")
+  _M.ssl = require("resty.openssl.ssl")
+  _M.ssl_ctx = require("resty.openssl.ssl_ctx")
+
+  if OPENSSL_30 then
+    _M.provider = require("resty.openssl.provider")
+  end
 
-_M.bignum = _M.bn
+  _M.bignum = _M.bn
+end
 
 function _M.luaossl_compat()
+  _M.load_modules()
+
   _M.csr.setSubject = _M.csr.set_subject_name
   _M.csr.setPublicKey = _M.csr.set_pubkey
 
@@ -181,38 +189,6 @@ function _M.luaossl_compat()
   end
 end
 
--- we made a typo sometime, this is going to be removed in next major release
-_M.luaossl_compact = _M.luaossl_compat
-
-local resty_hmac_compat_patched = false
-function _M.resty_hmac_compat()
-  if resty_hmac_compat_patched then
-    return
-  end
-  if _M.version.OPENSSL_10 then
-    error("use resty_hmac_compat in OpenSSL 1.0 is not supported")
-  end
-
-  require("resty.openssl.include.evp")
-  require("ffi").cdef [[
-    // originally named evp_cipher_ctx_st in evp.lua
-    struct evp_md_ctx_st {
-      const EVP_MD *digest;
-      ENGINE *engine;             /* functional reference if 'digest' is
-                                  * ENGINE-provided */
-      unsigned long flags;
-      void *md_data;
-      /* Public key context for sign/verify */
-      EVP_PKEY_CTX *pctx;
-      /* Update function: usually copied from EVP_MD */
-      int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
-    }/* EVP_MD_CTX */ ;
-  ]]
-  resty_hmac_compat_patched = true
-end
-
-local err = require("resty.openssl.err")
-
 function _M.set_fips_mode(enable)
   if not not enable == _M.get_fips_mode() then
     return true
diff --git a/t/openssl.t b/t/openssl.t
@@ -27,6 +27,7 @@ __DATA__
     location =/t {
         content_by_lua_block {
             local openssl = require("resty.openssl")
+            openssl.load_modules()
             ngx.say(string.format("%x", openssl.version.version_num))
         }
     }
@@ -58,31 +59,3 @@ false
 .+pkey.new.+
 --- no_error_log
 [error]
-
-=== TEST 3: lua-resty-hmac compat
---- http_config eval: $::HttpConfig
---- config
-    location =/t {
-        content_by_lua_block {
-            local openssl = require("resty.openssl")
-            require("resty.openssl.hmac")
-            local pok, perr = pcall(require, "resty.hmac")
-            ngx.say(pok)
-            ngx.say(perr)
-            openssl.resty_hmac_compat()
-            local pok, mod = pcall(require, "resty.hmac")
-            ngx.say(pok)
-            ngx.say(mod ~= nil)
-        }
-    }
---- request
-    GET /t
---- skip_openssl
-2: < 1.1.0
---- response_body_like
-false
-.+size of C type is unknown or too large.+
-true
-true
---- no_error_log
-[error]
