[njs] Fixed WebCrypto sign() and verify() methods with OpenSSL 3.0.
Dmitry Volyntsev
xeioex at nginx.com
Wed Nov 17 14:12:26 UTC 2021
details: https://hg.nginx.org/njs/rev/fd40eb687bc7
branches:
changeset: 1746:fd40eb687bc7
user: Dmitry Volyntsev <xeioex at nginx.com>
date: Wed Nov 17 14:11:28 2021 +0000
description:
Fixed WebCrypto sign() and verify() methods with OpenSSL 3.0.
diffstat:
external/njs_webcrypto.c | 36 ++++++++++++++++++++++++------------
1 files changed, 24 insertions(+), 12 deletions(-)
diffs (57 lines):
diff -r 728c3741f556 -r fd40eb687bc7 external/njs_webcrypto.c
--- a/external/njs_webcrypto.c Thu Nov 11 14:27:15 2021 +0000
+++ b/external/njs_webcrypto.c Wed Nov 17 14:11:28 2021 +0000
@@ -2006,22 +2006,22 @@ njs_ext_sign(njs_vm_t *vm, njs_value_t *
md = njs_algorithm_hash_digest(hash);
- ret = EVP_DigestSignInit(mctx, NULL, md, NULL, key->pkey);
- if (njs_slow_path(ret <= 0)) {
- njs_webcrypto_error(vm, "EVP_DigestSignInit() failed");
- goto fail;
- }
-
- ret = EVP_DigestSignUpdate(mctx, data.start, data.length);
- if (njs_slow_path(ret <= 0)) {
- njs_webcrypto_error(vm, "EVP_DigestSignUpdate() failed");
- goto fail;
- }
-
outlen = 0;
switch (alg->type) {
case NJS_ALGORITHM_HMAC:
+ ret = EVP_DigestSignInit(mctx, NULL, md, NULL, key->pkey);
+ if (njs_slow_path(ret <= 0)) {
+ njs_webcrypto_error(vm, "EVP_DigestSignInit() failed");
+ goto fail;
+ }
+
+ ret = EVP_DigestSignUpdate(mctx, data.start, data.length);
+ if (njs_slow_path(ret <= 0)) {
+ njs_webcrypto_error(vm, "EVP_DigestSignUpdate() failed");
+ goto fail;
+ }
+
olen = EVP_MD_size(md);
if (!verify) {
@@ -2051,6 +2051,18 @@ njs_ext_sign(njs_vm_t *vm, njs_value_t *
case NJS_ALGORITHM_RSA_PSS:
case NJS_ALGORITHM_ECDSA:
default:
+ ret = EVP_DigestInit_ex(mctx, md, NULL);
+ if (njs_slow_path(ret <= 0)) {
+ njs_webcrypto_error(vm, "EVP_DigestInit_ex() failed");
+ goto fail;
+ }
+
+ ret = EVP_DigestUpdate(mctx, data.start, data.length);
+ if (njs_slow_path(ret <= 0)) {
+ njs_webcrypto_error(vm, "EVP_DigestUpdate() failed");
+ goto fail;
+ }
+
ret = EVP_DigestFinal_ex(mctx, m, &m_len);
if (njs_slow_path(ret <= 0)) {
njs_webcrypto_error(vm, "EVP_DigestFinal_ex() failed");
More information about the nginx-devel
mailing list