[njs] WebCrypto: fixed building with OpenSSL 1.1.0.

Dmitry Volyntsev xeioex at nginx.com
Fri May 5 05:17:07 UTC 2023 

details:   https://hg.nginx.org/njs/rev/4c4e5b60c766
branches:  
changeset: 2104:4c4e5b60c766
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Thu May 04 22:15:46 2023 -0700
description:
WebCrypto: fixed building with OpenSSL 1.1.0.

The issue was introduced in 0681bf662222 (0.7.10).

This closes #636 issue on Github.

diffstat:

 external/njs_openssl.h          |   4 +---
 external/njs_webcrypto_module.c |  24 ++++++++++++++++--------
 2 files changed, 17 insertions(+), 11 deletions(-)

diffs (79 lines):

diff -r f1432043a6a4 -r 4c4e5b60c766 external/njs_openssl.h
--- a/external/njs_openssl.h	Tue May 02 20:50:57 2023 -0700
+++ b/external/njs_openssl.h	Thu May 04 22:15:46 2023 -0700
@@ -43,8 +43,6 @@
 #else
 #define njs_evp_md_ctx_new()  EVP_MD_CTX_create()
 #define njs_evp_md_ctx_free(_ctx)  EVP_MD_CTX_destroy(_ctx)
-#define ECDSA_SIG_get0_s(sig) (sig)->s
-#define ECDSA_SIG_get0_r(sig) (sig)->r
 #endif
 
 
@@ -303,7 +301,7 @@ njs_inline int
 njs_ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
     BIGNUM *x, BIGNUM *y)
 {
-#if (OPENSSL_VERSION_NUMBER >= 0x10100001L)
+#if (OPENSSL_VERSION_NUMBER >= 0x10101001L)
     return EC_POINT_get_affine_coordinates(group, p, x, y, NULL);
 #else
     return EC_POINT_get_affine_coordinates_GFp(group, p, x, y, NULL);
diff -r f1432043a6a4 -r 4c4e5b60c766 external/njs_webcrypto_module.c
--- a/external/njs_webcrypto_module.c	Tue May 02 20:50:57 2023 -0700
+++ b/external/njs_webcrypto_module.c	Thu May 04 22:15:46 2023 -0700
@@ -1863,7 +1863,7 @@ njs_export_jwk_ec(njs_vm_t *vm, njs_webc
     group = EC_KEY_get0_group(ec);
 
     group_bits = EC_GROUP_get_degree(group);
-    group_bytes = (group_bits / CHAR_BIT) + (7 + (group_bits % CHAR_BIT)) / 8;
+    group_bytes = (group_bits / 8) + (7 + (group_bits % 8)) / 8;
 
     x_bn = BN_new();
     if (x_bn == NULL) {
@@ -2024,7 +2024,7 @@ njs_export_jwk_asymmetric(njs_vm_t *vm, 
 
     switch (EVP_PKEY_id(key->pkey)) {
     case EVP_PKEY_RSA:
-#if (OPENSSL_VERSION_NUMBER >= 0x10100001L)
+#if (OPENSSL_VERSION_NUMBER >= 0x10101001L)
     case EVP_PKEY_RSA_PSS:
 #endif
         ret = njs_export_jwk_rsa(vm, key, retval);
@@ -3636,10 +3636,11 @@ static njs_int_t
 njs_convert_der_to_p1363(njs_vm_t *vm, EVP_PKEY *pkey, const u_char *der,
     size_t der_len, u_char **pout, size_t *out_len)
 {
-    u_char     *data;
-    unsigned   n;
-    njs_int_t  ret;
-    ECDSA_SIG  *ec_sig;
+    u_char        *data;
+    unsigned      n;
+    njs_int_t     ret;
+    ECDSA_SIG     *ec_sig;
+    const BIGNUM  *r, *s;
 
     ret = NJS_OK;
     ec_sig = NULL;
@@ -3659,11 +3660,18 @@ njs_convert_der_to_p1363(njs_vm_t *vm, E
         goto fail;
     }
 
-    if (njs_bn_bn2binpad(ECDSA_SIG_get0_r(ec_sig), data, n) <= 0) {
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    ECDSA_SIG_get0(ec_sig, &r, &s);
+#else
+    r = ec_sig->r;
+    s = ec_sig->s;
+#endif
+
+    if (njs_bn_bn2binpad(r, data, n) <= 0) {
         goto fail;
     }
 
-    if (njs_bn_bn2binpad(ECDSA_SIG_get0_s(ec_sig), &data[n], n) <= 0) {
+    if (njs_bn_bn2binpad(s, &data[n], n) <= 0) {
         goto fail;
     }

More information about the nginx-devel mailing list