From bf197b144396de42ababb33eb3da3dae904e690f Mon Sep 17 00:00:00 2001
From: Dmitry Volyntsev <xeioex@nginx.com>
Date: Wed, 4 Jan 2023 20:39:21 -0800
Subject: [PATCH] WebCrypto: improved njs_bn_bn2binpad() for OpenSSL < 1.1.0.

The patch makes njs_bn_bn2binpad() more similar to BN_bn2binpad().
---
 external/njs_openssl.h          | 13 ++++++++++++-
 external/njs_webcrypto_module.c |  4 ----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/external/njs_openssl.h b/external/njs_openssl.h
index 87d425de..dab3f6ad 100644
--- a/external/njs_openssl.h
+++ b/external/njs_openssl.h
@@ -62,7 +62,18 @@ njs_bn_bn2binpad(const BIGNUM *bn, unsigned char *to, int tolen)
 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
     return BN_bn2binpad(bn, to, tolen);
 #else
-    return BN_bn2bin(bn, &to[tolen - BN_num_bytes(bn)]);
+    int  len;
+
+    len = BN_num_bytes(bn);
+
+    if (tolen > len) {
+        memset(to, 0, tolen - len);
+
+    } else if (tolen < len) {
+        return -1;
+    }
+
+    return BN_bn2bin(bn, &to[tolen - len]);
 #endif
 }
 
diff --git a/external/njs_webcrypto_module.c b/external/njs_webcrypto_module.c
index ae63ae61..9a856402 100644
--- a/external/njs_webcrypto_module.c
+++ b/external/njs_webcrypto_module.c
@@ -3646,10 +3646,6 @@ njs_convert_der_to_p1363(njs_vm_t *vm, EVP_PKEY *pkey, const u_char *der,
         goto fail;
     }
 
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-    memset(data, 0, 2 * n);
-#endif
-
     if (njs_bn_bn2binpad(ECDSA_SIG_get0_r(ec_sig), data, n) <= 0) {
         goto fail;
     }
-- 
2.47.3