[njs] Fixed WebCrypto sign() and verify() methods with OpenSSL 3.0.

Dmitry Volyntsev xeioex at nginx.com
Wed Nov 17 14:12:26 UTC 2021


details:   https://hg.nginx.org/njs/rev/fd40eb687bc7
branches:  
changeset: 1746:fd40eb687bc7
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Wed Nov 17 14:11:28 2021 +0000
description:
Fixed WebCrypto sign() and verify() methods with OpenSSL 3.0.

diffstat:

 external/njs_webcrypto.c |  36 ++++++++++++++++++++++++------------
 1 files changed, 24 insertions(+), 12 deletions(-)

diffs (57 lines):

diff -r 728c3741f556 -r fd40eb687bc7 external/njs_webcrypto.c
--- a/external/njs_webcrypto.c	Thu Nov 11 14:27:15 2021 +0000
+++ b/external/njs_webcrypto.c	Wed Nov 17 14:11:28 2021 +0000
@@ -2006,22 +2006,22 @@ njs_ext_sign(njs_vm_t *vm, njs_value_t *
 
     md = njs_algorithm_hash_digest(hash);
 
-    ret = EVP_DigestSignInit(mctx, NULL, md, NULL, key->pkey);
-    if (njs_slow_path(ret <= 0)) {
-        njs_webcrypto_error(vm, "EVP_DigestSignInit() failed");
-        goto fail;
-    }
-
-    ret = EVP_DigestSignUpdate(mctx, data.start, data.length);
-    if (njs_slow_path(ret <= 0)) {
-        njs_webcrypto_error(vm, "EVP_DigestSignUpdate() failed");
-        goto fail;
-    }
-
     outlen = 0;
 
     switch (alg->type) {
     case NJS_ALGORITHM_HMAC:
+        ret = EVP_DigestSignInit(mctx, NULL, md, NULL, key->pkey);
+        if (njs_slow_path(ret <= 0)) {
+            njs_webcrypto_error(vm, "EVP_DigestSignInit() failed");
+            goto fail;
+        }
+
+        ret = EVP_DigestSignUpdate(mctx, data.start, data.length);
+        if (njs_slow_path(ret <= 0)) {
+            njs_webcrypto_error(vm, "EVP_DigestSignUpdate() failed");
+            goto fail;
+        }
+
         olen = EVP_MD_size(md);
 
         if (!verify) {
@@ -2051,6 +2051,18 @@ njs_ext_sign(njs_vm_t *vm, njs_value_t *
     case NJS_ALGORITHM_RSA_PSS:
     case NJS_ALGORITHM_ECDSA:
     default:
+        ret = EVP_DigestInit_ex(mctx, md, NULL);
+        if (njs_slow_path(ret <= 0)) {
+            njs_webcrypto_error(vm, "EVP_DigestInit_ex() failed");
+            goto fail;
+        }
+
+        ret = EVP_DigestUpdate(mctx, data.start, data.length);
+        if (njs_slow_path(ret <= 0)) {
+            njs_webcrypto_error(vm, "EVP_DigestUpdate() failed");
+            goto fail;
+        }
+
         ret = EVP_DigestFinal_ex(mctx, m, &m_len);
         if (njs_slow_path(ret <= 0)) {
             njs_webcrypto_error(vm, "EVP_DigestFinal_ex() failed");


More information about the nginx-devel mailing list