/
fix_comment_out_incompatible_crypto_modules.patch
96 lines (88 loc) · 3.51 KB
/
fix_comment_out_incompatible_crypto_modules.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Shelley Vohr <shelley.vohr@gmail.com>
Date: Wed, 27 May 2020 13:02:13 -0700
Subject: fix: comment out incompatible crypto modules
Node.js introduced some functionality in https://github.com/nodejs/node/pull/32739
and https://github.com/nodejs/node/pull/31178 that is not currently compatible
with what's exposed through BoringSSL. I plan to upstream parts of this or
otherwise introduce shims to reduce friction.
diff --git a/src/crypto/crypto_dh.cc b/src/crypto/crypto_dh.cc
index 1c48f98656fd211403354bb88331450e51ffb3e5..5c50976b663db560d758c7bb6f97d3e35d5dcb55 100644
--- a/src/crypto/crypto_dh.cc
+++ b/src/crypto/crypto_dh.cc
@@ -469,6 +469,7 @@ Maybe<bool> DhKeyGenTraits::AdditionalConfig(
EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) {
EVPKeyPointer key_params;
if (params->params.prime_fixed_value) {
+#if 0
DHPointer dh(DH_new());
if (!dh)
return EVPKeyCtxPointer();
@@ -485,9 +486,11 @@ EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) {
key_params = EVPKeyPointer(EVP_PKEY_new());
CHECK(key_params);
EVP_PKEY_assign_DH(key_params.get(), dh.release());
+#endif
} else {
EVPKeyCtxPointer param_ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_DH, nullptr));
EVP_PKEY* raw_params = nullptr;
+#if 0
if (!param_ctx ||
EVP_PKEY_paramgen_init(param_ctx.get()) <= 0 ||
EVP_PKEY_CTX_set_dh_paramgen_prime_len(
@@ -499,7 +502,7 @@ EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) {
EVP_PKEY_paramgen(param_ctx.get(), &raw_params) <= 0) {
return EVPKeyCtxPointer();
}
-
+#endif
key_params = EVPKeyPointer(raw_params);
}
diff --git a/src/crypto/crypto_ec.cc b/src/crypto/crypto_ec.cc
index ea4c70ad5d8c844860ba3480fc7ef4205f0a3cdc..cdf8dd47d6e2a5894066cec01fbe347af079ec22 100644
--- a/src/crypto/crypto_ec.cc
+++ b/src/crypto/crypto_ec.cc
@@ -314,7 +314,7 @@ void ECDH::SetPrivateKey(const FunctionCallbackInfo<Value>& args) {
return THROW_ERR_CRYPTO_OPERATION_FAILED(env,
"Failed to set generated public key");
- EC_KEY_copy(ecdh->key_.get(), new_key.get());
+ ecdh->key_.reset(EC_KEY_dup(new_key.get()));
ecdh->group_ = EC_KEY_get0_group(ecdh->key_.get());
}
diff --git a/src/crypto/crypto_util.h b/src/crypto/crypto_util.h
index f2f61aa45185812e9248845b664539be4fe24550..303ba4c3b7c4c2fc5dee906e22d5e7642b8351c8 100644
--- a/src/crypto/crypto_util.h
+++ b/src/crypto/crypto_util.h
@@ -15,7 +15,9 @@
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/ec.h>
+#ifndef OPENSSL_IS_BORINGSSL
#include <openssl/kdf.h>
+#endif
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/ssl.h>
diff --git a/src/node.cc b/src/node.cc
index a99f2f4f01b16fc70f3038a25da22c788714b3f6..ceb532648b33a6c2f3b8a135b315985cfff5419e 100644
--- a/src/node.cc
+++ b/src/node.cc
@@ -1020,7 +1020,7 @@ InitializationResult InitializeOncePerProcess(int argc, char** argv) {
return result;
}
-#if HAVE_OPENSSL
+#if HAVE_OPENSSL && !defined(OPENSSL_IS_BORINGSSL)
{
std::string extra_ca_certs;
if (credentials::SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs))
diff --git a/src/node_metadata.h b/src/node_metadata.h
index 4486d5af2c1622c7c8f44401dc3ebb986d8e3c2e..db1769f1b3f1617ed8dbbea57b5e324183b42be2 100644
--- a/src/node_metadata.h
+++ b/src/node_metadata.h
@@ -6,7 +6,7 @@
#include <string>
#include "node_version.h"
-#if HAVE_OPENSSL
+#if 0
#include <openssl/crypto.h>
#endif // HAVE_OPENSSL