BUG/MINOR: jws: fix OpenSSL 3.0 version check from > to >=

Three #if directives used > 0x30000000L which excluded OpenSSL 3.0.0
exactly from the modern code path, treating it as pre-3.0. Changed all
three to >= 0x30000000L to match jwe.c and openssl-compat.h conventions.

This affects EC key thumbprint generation, RSA JWK generation, and
JWS algorithm detection for OpenSSL 3.0.0.

diff --git a/src/jws.c b/src/jws.c
index f8fb4738f621c1f1ee20bb2795c20ec69760f9d0..ae94fc3ca0c871de8592ecc0ee51b8f2819df229 100644 (file)
--- a/src/jws.c
+++ b/src/jws.c
@@ -54,7 +54,7 @@ static size_t EVP_PKEY_EC_to_pub_jwk(EVP_PKEY *pkey, char *dst, size_t dsize)
        int ret = 0;
        const char *crv = NULL;
 
-#if HA_OPENSSL_VERSION_NUMBER > 0x30000000L
+#if HA_OPENSSL_VERSION_NUMBER >= 0x30000000L
        char curve[32] = {};
        size_t curvelen;
        int nid;
@@ -144,7 +144,7 @@ static size_t EVP_PKEY_RSA_to_pub_jwk(EVP_PKEY *pkey, char *dst, size_t dsize)
        struct buffer *str_n = NULL, *str_e = NULL;
        int ret = 0;
 
-#if HA_OPENSSL_VERSION_NUMBER > 0x30000000L
+#if HA_OPENSSL_VERSION_NUMBER >= 0x30000000L
 
        if ((EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n)) == 0)
                goto out;
@@ -292,7 +292,7 @@ enum jwt_alg EVP_PKEY_to_jws_alg(EVP_PKEY *pkey)
        enum jwt_alg alg = JWS_ALG_NONE;
 
        if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) {
-#if HA_OPENSSL_VERSION_NUMBER > 0x30000000L
+#if HA_OPENSSL_VERSION_NUMBER >= 0x30000000L
                char curve[32] = {};
                size_t curvelen;
                int nid;