Diff

--- a/mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua	Sun Jun 01 11:41:42 2025 +0700
+++ b/mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua	Sun Jun 01 11:43:16 2025 +0700
@@ -1,13 +1,23 @@
 local array = require "util.array";
 local base64 = require "util.encodings".base64;
 local valid_utf8 = require "util.encodings".utf8.valid;
-local ciphers = require "openssl.cipher";
+local have_crypto, crypto = pcall(require, "util.crypto");
 local jid = require "util.jid";
 local json = require "util.json";
 local random = require "util.random";
 local set = require "util.set";
 local st = require "util.stanza";
 
+if not have_crypto then
+	local ossl_ciphers = require "openssl.cipher";
+	crypto = {};
+	-- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes
+	-- Siskin does not validate the tag anyway.
+	function crypto.aes_128_gcm_encrypt(key, iv, message)
+		return ciphers.new("AES-128-GCM"):encrypt(key, iv):final(message)..string.rep("\0", 16);
+	end
+end
+
 local xmlns_jmi = "urn:xmpp:jingle-message:0";
 local xmlns_jingle_apps_rtp = "urn:xmpp:jingle:apps:rtp:1";
 local xmlns_push = "urn:xmpp:push:0";
@@ -127,9 +137,7 @@
 	local key_binary = base64.decode(encryption.key_base64);
 	local push_json = json.encode(push_payload);
 
-	-- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes
-	-- Siskin does not validate the tag anyway.
-	local encrypted_payload = base64.encode(ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json)..string.rep("\0", 16));
+	local encrypted_payload = base64.encode(crypto.aes_128_gcm_encrypt(key_binary, iv, push_json));
 	local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) })
 		:text(encrypted_payload);
 	if push_payload.type == "call" then