crypto: use EVP_PKEY_CTX_set_dsa_paramgen_q_bits when available

davidben · juanarbol · commit 7e07cce24ba5 · 2022-10-11T14:45:29.000-05:00
This matches the formulation described in the documentation: https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_CTX_set_dsa_paramgen_q_bits.html It is also, starting OpenSSL 3.0, more type-safe because the wrapper macros were finally converted to real functions. In OpenSSL 3.0, it is also no longer quite a wrapper over EVP_PKEY_CTX_ctrl, so using this name saves some extra OSSL_PARAM <-> EVP_PKEY_CTRL conversions. Alas, it was only backported to OpenSSL 1.1.1e, so I've left a temporary compatibility define until you all decide to drop pre-1.1.1e releases of 1.1.1. PR-URL: #44561 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
diff --git a/src/crypto/crypto_dsa.cc b/src/crypto/crypto_dsa.cc
@@ -12,6 +12,17 @@
 
 #include <cstdio>
 
+// EVP_PKEY_CTX_set_dsa_paramgen_q_bits was added in OpenSSL 1.1.1e.
+#if OPENSSL_VERSION_NUMBER < 0x1010105fL
+#define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits)                       \
+  EVP_PKEY_CTX_ctrl((ctx),                                                     \
+                    EVP_PKEY_DSA,                                              \
+                    EVP_PKEY_OP_PARAMGEN,                                      \
+                    EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS,                         \
+                    (qbits),                                                   \
+                    nullptr)
+#endif
+
 namespace node {
 
 using v8::FunctionCallbackInfo;
@@ -39,13 +50,8 @@ EVPKeyCtxPointer DsaKeyGenTraits::Setup(DsaKeyPairGenConfig* params) {
   }
 
   if (params->params.divisor_bits != -1) {
-    if (EVP_PKEY_CTX_ctrl(
-            param_ctx.get(),
-            EVP_PKEY_DSA,
-            EVP_PKEY_OP_PARAMGEN,
-            EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS,
-            params->params.divisor_bits,
-            nullptr) <= 0) {
+    if (EVP_PKEY_CTX_set_dsa_paramgen_q_bits(
+            param_ctx.get(), params->params.divisor_bits) <= 0) {
       return EVPKeyCtxPointer();
     }
   }
