chore: handle BoringSSL patch upstreams

electron · Jun 24, 2021 · 8507b22 · 8507b22
1 parent 7e495bc
commit 8507b22
Showing 1 changed file with 7 additions and 87 deletions.
diff --git a/patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch b/patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch
@@ -21,28 +21,6 @@ Upstreams for code herein (update when changed):
 * https://github.com/nodejs/node/pull/38864
 * https://github.com/nodejs/node/pull/38744
 
-diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
-index 4629143d47e492cb834fab507b13ac414be92307..37f50773e6d7ade5e88ffb5f8437ab8f79fad00a 100644
---- a/src/crypto/crypto_cipher.cc
-+++ b/src/crypto/crypto_cipher.cc
-@@ -148,7 +148,7 @@ void GetCipherInfo(const FunctionCallbackInfo<Value>& args) {
-   if (info->Set(
-           env->context(),
-           env->name_string(),
--          OneByteString(env->isolate(), EVP_CIPHER_name(cipher))).IsNothing()) {
-+          OneByteString(env->isolate(), OBJ_nid2sn(EVP_CIPHER_nid(cipher)))).IsNothing()) {
-     return;
-   }
-
-@@ -906,7 +906,7 @@ bool PublicKeyCipher::Cipher(
-     void* label = OPENSSL_memdup(oaep_label.data(), oaep_label.size());
-     CHECK_NOT_NULL(label);
-     if (0 >= EVP_PKEY_CTX_set0_rsa_oaep_label(ctx.get(),
--                reinterpret_cast<unsigned char*>(label),
-+                     static_cast<unsigned char*>(label),
-                                       oaep_label.size())) {
-       OPENSSL_free(label);
-       return false;
 diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc
 index f4b7bd3ad8548a0b69943ddea669e6f1991b7a49..221d652fa7de246e5f69fcf392e334087bac0199 100644
 --- a/src/crypto/crypto_common.cc
@@ -110,18 +88,6 @@ index f4b7bd3ad8548a0b69943ddea669e6f1991b7a49..221d652fa7de246e5f69fcf392e33408
      buf += 2;
      Local<Object> obj = Object::New(env->isolate());
      if (!Set(env->context(),
-diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
-index 8feefde819ea8b67c92afd2af7edf1fcc00aabd0..7eb17ee53475fbbedb456f535b7d4a76ea66693e 100644
---- a/src/crypto/crypto_context.cc
-+++ b/src/crypto/crypto_context.cc
-@@ -13,6 +13,7 @@
-
- #include <openssl/x509.h>
- #include <openssl/pkcs12.h>
-+#include <openssl/rand.h>
- #ifndef OPENSSL_NO_ENGINE
- #include <openssl/engine.h>
- #endif  // !OPENSSL_NO_ENGINE
 diff --git a/src/crypto/crypto_dh.cc b/src/crypto/crypto_dh.cc
 index 1c48f98656fd211403354bb88331450e51ffb3e5..19029e058eb7ebbea283ad49be47c0c6246cf4e7 100644
 --- a/src/crypto/crypto_dh.cc
@@ -264,14 +230,6 @@ diff --git a/src/crypto/crypto_random.cc b/src/crypto/crypto_random.cc
 index b24f8f32136ffaed54310d5dc02e57b0f69450d6..50a6663966cdb147a702df21240fa449850c3549 100644
 --- a/src/crypto/crypto_random.cc
 +++ b/src/crypto/crypto_random.cc
-@@ -8,6 +8,7 @@
- #include "v8.h"
-
- #include <openssl/bn.h>
-+#include <openssl/rand.h>
-
- namespace node {
-
 @@ -149,7 +150,7 @@ Maybe<bool> RandomPrimeTraits::AdditionalConfig(
 
    params->bits = bits;
@@ -281,22 +239,6 @@ index b24f8f32136ffaed54310d5dc02e57b0f69450d6..50a6663966cdb147a702df21240fa449
    if (!params->prime) {
      THROW_ERR_CRYPTO_OPERATION_FAILED(env, "could not generate prime");
      return Nothing<bool>();
-diff --git a/src/crypto/crypto_rsa.cc b/src/crypto/crypto_rsa.cc
-index 5fa91cce1a6ad2bc1167e20a4dadcfdfc2343440..5bbeb01ab58ac7f95e2c4ee1357f50540be86229 100644
---- a/src/crypto/crypto_rsa.cc
-+++ b/src/crypto/crypto_rsa.cc
-@@ -210,7 +210,10 @@ WebCryptoCipherStatus RSA_Cipher(
-   if (label_len > 0) {
-     void* label = OPENSSL_memdup(params.label.get(), label_len);
-     CHECK_NOT_NULL(label);
--    if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx.get(), label, label_len) <= 0) {
-+    if (EVP_PKEY_CTX_set0_rsa_oaep_label(
-+      ctx.get(),
-+      static_cast<unsigned char*>(label),
-+      label_len) <= 0) {
-       OPENSSL_free(label);
-       return WebCryptoCipherStatus::FAILED;
-     }
 diff --git a/src/crypto/crypto_sig.cc b/src/crypto/crypto_sig.cc
 index 7b113a8dcb06b0b0e1329ce0daf7305598ea6545..b04e53a7f24885ffb6639430988d0ffb524b028e 100644
 --- a/src/crypto/crypto_sig.cc
@@ -311,34 +253,25 @@ index 7b113a8dcb06b0b0e1329ce0daf7305598ea6545..b04e53a7f24885ffb6639430988d0ffb
      const EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(pkey.get());
      const EC_GROUP* ec_group = EC_KEY_get0_group(ec_key);
 diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
-index 47945389b4068dfce126274a1cf2d10d635c50a9..2bf22564a34a3d7e91be59c88063447fdc501dd0 100644
+index 13c40dcb757661220288465c39101de0b4018e90..fe44be28e40d50abdc61d1fe72df5656e583fc00 100644
 --- a/src/crypto/crypto_util.cc
 +++ b/src/crypto/crypto_util.cc
-@@ -20,6 +20,8 @@
- #endif
- #endif
-
-+#include <openssl/rand.h>
-+
- namespace node {
-
- using v8::ArrayBuffer;
-@@ -120,7 +122,6 @@ void InitCryptoOnce() {
+@@ -139,7 +139,6 @@ void InitCryptoOnce() {
    OPENSSL_init_ssl(0, settings);
    OPENSSL_INIT_free(settings);
    settings = nullptr;
 -#endif
 
  #ifndef _WIN32
    if (per_process::cli_options->secure_heap != 0) {
-@@ -139,6 +140,7 @@ void InitCryptoOnce() {
-         break;
-     }
+@@ -160,6 +159,7 @@ void InitCryptoOnce() {
    }
-+#endif
  #endif
 
-   /* Override FIPS settings in cnf file, if needed. */
++#endif
+   // Turn off compression. Saves memory and protects against CRIME attacks.
+   // No-op with OPENSSL_NO_COMP builds of OpenSSL.
+   sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
 @@ -490,24 +492,14 @@ Maybe<bool> Decorate(Environment* env, Local<Object> obj,
      V(BIO)                                                                    \
      V(PKCS7)                                                                  \
@@ -409,19 +342,6 @@ index 94bcb100cca0e213ac19afb2ed30b80716cf27af..1fe961a99b3f115c1381f3641d718a21
  #include <openssl/rsa.h>
  #include <openssl/dsa.h>
  #include <openssl/ssl.h>
-diff --git a/src/node.cc b/src/node.cc
-index 5c52ab8081253706d2c643457a5dfcbb8e24e6ac..040c4995ed3366d858a5bbb61d10a7354ea02d4d 100644
---- a/src/node.cc
-+++ b/src/node.cc
-@@ -1020,7 +1020,7 @@ InitializationResult InitializeOncePerProcess(int argc, char** argv) {
-     return result;
-   }
-
--#if HAVE_OPENSSL
-+#if HAVE_OPENSSL && !defined(OPENSSL_IS_BORINGSSL)
-   {
-     std::string extra_ca_certs;
-     if (credentials::SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs))
 diff --git a/src/node_metadata.h b/src/node_metadata.h
 index 4486d5af2c1622c7c8f44401dc3ebb986d8e3c2e..db1769f1b3f1617ed8dbbea57b5e324183b42be2 100644
 --- a/src/node_metadata.h