Welcome! Log In Create A New Profile

Advanced

[njs] WebCrypto: fixed building with OpenSSL 1.1.0.

Previous Message Next Message
Forum List Message List New Topic Print View
Dmitry Volyntsev
May 05, 2023 01:18AM
details: https://hg.nginx.org/njs/rev/4c4e5b60c766
branches:
changeset: 2104:4c4e5b60c766
user: Dmitry Volyntsev <xeioex@nginx.com>
date: Thu May 04 22:15:46 2023 -0700
description:
WebCrypto: fixed building with OpenSSL 1.1.0.

The issue was introduced in 0681bf662222 (0.7.10).

This closes #636 issue on Github.

diffstat:

external/njs_openssl.h | 4 +---
external/njs_webcrypto_module.c | 24 ++++++++++++++++--------
2 files changed, 17 insertions(+), 11 deletions(-)

diffs (79 lines):

diff -r f1432043a6a4 -r 4c4e5b60c766 external/njs_openssl.h
--- a/external/njs_openssl.h Tue May 02 20:50:57 2023 -0700
+++ b/external/njs_openssl.h Thu May 04 22:15:46 2023 -0700
@@ -43,8 +43,6 @@
#else
#define njs_evp_md_ctx_new() EVP_MD_CTX_create()
#define njs_evp_md_ctx_free(_ctx) EVP_MD_CTX_destroy(_ctx)
-#define ECDSA_SIG_get0_s(sig) (sig)->s
-#define ECDSA_SIG_get0_r(sig) (sig)->r
#endif


@@ -303,7 +301,7 @@ njs_inline int
njs_ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
BIGNUM *x, BIGNUM *y)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x10100001L)
+#if (OPENSSL_VERSION_NUMBER >= 0x10101001L)
return EC_POINT_get_affine_coordinates(group, p, x, y, NULL);
#else
return EC_POINT_get_affine_coordinates_GFp(group, p, x, y, NULL);
diff -r f1432043a6a4 -r 4c4e5b60c766 external/njs_webcrypto_module.c
--- a/external/njs_webcrypto_module.c Tue May 02 20:50:57 2023 -0700
+++ b/external/njs_webcrypto_module.c Thu May 04 22:15:46 2023 -0700
@@ -1863,7 +1863,7 @@ njs_export_jwk_ec(njs_vm_t *vm, njs_webc
group = EC_KEY_get0_group(ec);

group_bits = EC_GROUP_get_degree(group);
- group_bytes = (group_bits / CHAR_BIT) + (7 + (group_bits % CHAR_BIT)) / 8;
+ group_bytes = (group_bits / 8) + (7 + (group_bits % 8)) / 8;

x_bn = BN_new();
if (x_bn == NULL) {
@@ -2024,7 +2024,7 @@ njs_export_jwk_asymmetric(njs_vm_t *vm,

switch (EVP_PKEY_id(key->pkey)) {
case EVP_PKEY_RSA:
-#if (OPENSSL_VERSION_NUMBER >= 0x10100001L)
+#if (OPENSSL_VERSION_NUMBER >= 0x10101001L)
case EVP_PKEY_RSA_PSS:
#endif
ret = njs_export_jwk_rsa(vm, key, retval);
@@ -3636,10 +3636,11 @@ static njs_int_t
njs_convert_der_to_p1363(njs_vm_t *vm, EVP_PKEY *pkey, const u_char *der,
size_t der_len, u_char **pout, size_t *out_len)
{
- u_char *data;
- unsigned n;
- njs_int_t ret;
- ECDSA_SIG *ec_sig;
+ u_char *data;
+ unsigned n;
+ njs_int_t ret;
+ ECDSA_SIG *ec_sig;
+ const BIGNUM *r, *s;

ret = NJS_OK;
ec_sig = NULL;
@@ -3659,11 +3660,18 @@ njs_convert_der_to_p1363(njs_vm_t *vm, E
goto fail;
}

- if (njs_bn_bn2binpad(ECDSA_SIG_get0_r(ec_sig), data, n) <= 0) {
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ ECDSA_SIG_get0(ec_sig, &r, &s);
+#else
+ r = ec_sig->r;
+ s = ec_sig->s;
+#endif
+
+ if (njs_bn_bn2binpad(r, data, n) <= 0) {
goto fail;
}

- if (njs_bn_bn2binpad(ECDSA_SIG_get0_s(ec_sig), &data[n], n) <= 0) {
+ if (njs_bn_bn2binpad(s, &data[n], n) <= 0) {
goto fail;
}

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[njs] WebCrypto: fixed building with OpenSSL 1.1.0.

Dmitry Volyntsev 301 May 05, 2023 01:18AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 151
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready