Welcome! Log In Create A New Profile

Advanced

[njs] Fixed WebCrypto sign() and verify() methods with OpenSSL 3.0.

Dmitry Volyntsev
November 17, 2021 09:14AM
details: https://hg.nginx.org/njs/rev/fd40eb687bc7
branches:
changeset: 1746:fd40eb687bc7
user: Dmitry Volyntsev <xeioex@nginx.com>
date: Wed Nov 17 14:11:28 2021 +0000
description:
Fixed WebCrypto sign() and verify() methods with OpenSSL 3.0.

diffstat:

external/njs_webcrypto.c | 36 ++++++++++++++++++++++++------------
1 files changed, 24 insertions(+), 12 deletions(-)

diffs (57 lines):

diff -r 728c3741f556 -r fd40eb687bc7 external/njs_webcrypto.c
--- a/external/njs_webcrypto.c Thu Nov 11 14:27:15 2021 +0000
+++ b/external/njs_webcrypto.c Wed Nov 17 14:11:28 2021 +0000
@@ -2006,22 +2006,22 @@ njs_ext_sign(njs_vm_t *vm, njs_value_t *

md = njs_algorithm_hash_digest(hash);

- ret = EVP_DigestSignInit(mctx, NULL, md, NULL, key->pkey);
- if (njs_slow_path(ret <= 0)) {
- njs_webcrypto_error(vm, "EVP_DigestSignInit() failed");
- goto fail;
- }
-
- ret = EVP_DigestSignUpdate(mctx, data.start, data.length);
- if (njs_slow_path(ret <= 0)) {
- njs_webcrypto_error(vm, "EVP_DigestSignUpdate() failed");
- goto fail;
- }
-
outlen = 0;

switch (alg->type) {
case NJS_ALGORITHM_HMAC:
+ ret = EVP_DigestSignInit(mctx, NULL, md, NULL, key->pkey);
+ if (njs_slow_path(ret <= 0)) {
+ njs_webcrypto_error(vm, "EVP_DigestSignInit() failed");
+ goto fail;
+ }
+
+ ret = EVP_DigestSignUpdate(mctx, data.start, data.length);
+ if (njs_slow_path(ret <= 0)) {
+ njs_webcrypto_error(vm, "EVP_DigestSignUpdate() failed");
+ goto fail;
+ }
+
olen = EVP_MD_size(md);

if (!verify) {
@@ -2051,6 +2051,18 @@ njs_ext_sign(njs_vm_t *vm, njs_value_t *
case NJS_ALGORITHM_RSA_PSS:
case NJS_ALGORITHM_ECDSA:
default:
+ ret = EVP_DigestInit_ex(mctx, md, NULL);
+ if (njs_slow_path(ret <= 0)) {
+ njs_webcrypto_error(vm, "EVP_DigestInit_ex() failed");
+ goto fail;
+ }
+
+ ret = EVP_DigestUpdate(mctx, data.start, data.length);
+ if (njs_slow_path(ret <= 0)) {
+ njs_webcrypto_error(vm, "EVP_DigestUpdate() failed");
+ goto fail;
+ }
+
ret = EVP_DigestFinal_ex(mctx, m, &m_len);
if (njs_slow_path(ret <= 0)) {
njs_webcrypto_error(vm, "EVP_DigestFinal_ex() failed");
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[njs] Fixed WebCrypto sign() and verify() methods with OpenSSL 3.0.

Dmitry Volyntsev 82 November 17, 2021 09:14AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 78
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready