/
fix_use_crypto_impls_for_compat.patch
53 lines (49 loc) · 2.5 KB
/
fix_use_crypto_impls_for_compat.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Shelley Vohr <shelley.vohr@gmail.com>
Date: Wed, 12 Feb 2020 15:08:04 -0800
Subject: fix: use crypto impls for compat
BoringSSL does not export DSA_get0_q, OPENSSL_secure_malloc, or
OPENSSL_secure_clear_free.
This patch works around the DSA_get0_q problem by using the
implementations of that function as found in the OpenSSL repo.
Node.js added the malloc/free incompatibilities in https://github.com/nodejs/node/pull/36729
though they don't use secure heap at the moment. This makes it equivalent
to swap these out with OPENSSL_malloc and OPENSSL_clear_free at present.
We can revisit this once that happens and determine a more mutually
compatible path forward either by upstreaming a shim to BoringSSL or
adapting Node.js.
diff --git a/src/crypto/crypto_sig.cc b/src/crypto/crypto_sig.cc
index 7b113a8dcb06b0b0e1329ce0daf7305598ea6545..b04e53a7f24885ffb6639430988d0ffb524b028e 100644
--- a/src/crypto/crypto_sig.cc
+++ b/src/crypto/crypto_sig.cc
@@ -110,7 +110,7 @@ unsigned int GetBytesOfRS(const ManagedEVPPKey& pkey) {
if (base_id == EVP_PKEY_DSA) {
const DSA* dsa_key = EVP_PKEY_get0_DSA(pkey.get());
// Both r and s are computed mod q, so their width is limited by that of q.
- bits = BN_num_bits(DSA_get0_q(dsa_key));
+ bits = BN_num_bits(dsa_key->q);
} else if (base_id == EVP_PKEY_EC) {
const EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(pkey.get());
const EC_GROUP* ec_group = EC_KEY_get0_group(ec_key);
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
index da66cde877c6ce045d907205bb2a6e369234fb8e..fbe4c0f06c10df7c8a492711594381c27c6f81f7 100644
--- a/src/crypto/crypto_util.cc
+++ b/src/crypto/crypto_util.cc
@@ -655,7 +655,7 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
CHECK(args[0]->IsUint32());
Environment* env = Environment::GetCurrent(args);
uint32_t len = args[0].As<Uint32>()->Value();
- char* data = static_cast<char*>(OPENSSL_secure_malloc(len));
+ char* data = static_cast<char*>(OPENSSL_malloc(len));
if (data == nullptr) {
// There's no memory available for the allocation.
// Return nothing.
@@ -667,7 +667,7 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
data,
len,
[](void* data, size_t len, void* deleter_data) {
- OPENSSL_secure_clear_free(data, len);
+ OPENSSL_clear_free(data, len);
},
data);
Local<ArrayBuffer> buffer = ArrayBuffer::New(env->isolate(), store);