fix: add a compatibility EVP_CIPH_OCB_MODE value (#16214). (#17873)

* fix: add a compatibility EVP_CIPH_OCB_MODE value (#16214).

Backported google/boringssl@4b9683 to 4.1.x branch. This patch
replaces the no-op modes with negative numbers rather than zero.
Stream ciphers like RC4 report a "mode" of zero, so code comparing
the mode to a dummy value will get confused.

This patch fixed issue #16214.

* revert: "fix: add a compatibility EVP_CIPH_OCB_MODE value (#16214)."

This reverts commit f1156a8.

* fix: (recommit) add a compatibility EVP_CIPH_OCB_MODE value (#16214).

Recommited change @f1156a with patches generated by
"git-export-patches".

patches/common/boringssl/.patches

@@ -3,3 +3,4 @@ expose_ripemd160.patch
 expose_aes-cfb.patch
 sync_sorted_ciphers.patch
 handle_pub_key_null_in_ec_key_set_public_key.patch
+add_a_compatibility_evp_ciph_ocb_mode_value.patch

patches/common/boringssl/add_a_compatibility_evp_ciph_ocb_mode_value.patch

@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: David Benjamin <davidben@google.com>
+Date: Sun, 14 Oct 2018 11:01:40 -0500
+Subject: Add a compatibility EVP_CIPH_OCB_MODE value.
+
+Node references it these days. Also replace the no-op modes with negative
+numbers rather than zero. Stream ciphers like RC4 report a "mode" of zero, so
+code comparing the mode to a dummy value will get confused.
+
+(I came across https://github.com/nodejs/node/pull/23635, though we'd have run
+into it sooner or later anyway. Better to just define the value and avoid ifdef
+proliferation.)
+
+Change-Id: I223f25663e138480ad83f35aa16f5218f1425563
+Reviewed-on: https://boringssl-review.googlesource.com/c/32464
+Reviewed-by: Adam Langley <agl@google.com>
+Commit-Queue: Adam Langley <agl@google.com>
+CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
+
+diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
+index e2ab9449275a62ee8a93bd48284b39e8df88a14f..7d4d78b3730022fb61ae63c6d3a86a61cb0c91e2 100644
+--- a/include/openssl/cipher.h
++++ b/include/openssl/cipher.h
+@@ -425,8 +425,9 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb128(void);
+
+ // The following flags do nothing and are included only to make it easier to
+ // compile code with BoringSSL.
+-#define EVP_CIPH_CCM_MODE 0
+-#define EVP_CIPH_WRAP_MODE 0
++#define EVP_CIPH_CCM_MODE (-1)
++#define EVP_CIPH_OCB_MODE (-2)
++#define EVP_CIPH_WRAP_MODE (-3)
+ #define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0
+
+ // EVP_CIPHER_CTX_set_flags does nothing.

patches/common/boringssl/expose_aes-cfb.patch

@@ -71,7 +71,7 @@ index acc4719b7e9c4c4461fc6142f2ae9156b407915b..8b008a401ec2f2d0673f6876609dd578
    callback(EVP_aes_256_ecb(), "aes-256-ecb", NULL, arg);
    callback(EVP_aes_256_ofb(), "aes-256-ofb", NULL, arg);
 diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
-index 59634138cb60237f008eb99e7d8df54da7629c1a..b30b8434b301fb5b8630ae954698b6fee255df77 100644
+index 7d99d49ba7ae2d8a4eb80681cbd9b41eee86bac7..e2ab9449275a62ee8a93bd48284b39e8df88a14f 100644
 --- a/include/openssl/cipher.h
 +++ b/include/openssl/cipher.h
 @@ -421,6 +421,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ofb(void);

patches/common/boringssl/expose_ripemd160.patch

@@ -80,7 +80,7 @@ index 38b8f9f78f76050174096740596ac59a0fe18757..acc4719b7e9c4c4461fc6142f2ae9156
 +  callback(EVP_ripemd160(), "ripemd160", NULL, arg);
  }
 diff --git a/include/openssl/digest.h b/include/openssl/digest.h
-index 1a1ca29732afae317c8e8740c629e8922fc83093..48ebdd1eb93b3febecddbc2545b7aae583f21525 100644
+index 4077d902a07c215659ed61b54a468231536d70ee..f15df35d16402256fa00263e2c2e71d55ce67d1a 100644
 --- a/include/openssl/digest.h
 +++ b/include/openssl/digest.h
 @@ -88,6 +88,9 @@ OPENSSL_EXPORT const EVP_MD *EVP_sha512(void);

patches/common/boringssl/handle_pub_key_null_in_ec_key_set_public_key.patch

@@ -5,7 +5,7 @@ Subject: handle pub_key == null in EC_KEY_set_public_key
 
 
 diff --git a/crypto/fipsmodule/ec/ec_key.c b/crypto/fipsmodule/ec/ec_key.c
-index 4bc12a073650f66f5ae8ba2beabb9a6fb2b21878..7e86ccb0d76c66f32fc05c7093c870d5da7b9994 100644
+index a6d469767adfad1c9095cc58c567b10c71e95cfa..d1f754afeba102208c668f3678f64abed666cd64 100644
 --- a/crypto/fipsmodule/ec/ec_key.c
 +++ b/crypto/fipsmodule/ec/ec_key.c
 @@ -267,7 +267,7 @@ int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) {

patches/common/boringssl/implement_ssl_get_tlsext_status_type.patch

@@ -14,10 +14,10 @@ Commit-Queue: David Benjamin <davidben@google.com>
 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
 
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
-index ae8b8385fc73701a4346202f213b5974af4e2aed..0f3d1747173ffb09eafd5c7d5d692ae3c35c9874 100644
+index f693030a8a7c4bf79dd791e1abd0e94f8e97a292..3fee95c0a89dc4a25da527e2ac9cc50bab9c35a6 100644
 --- a/include/openssl/ssl.h
 +++ b/include/openssl/ssl.h
-@@ -4268,6 +4268,14 @@ OPENSSL_EXPORT int OPENSSL_init_ssl(uint64_t opts,
+@@ -4293,6 +4293,14 @@ OPENSSL_EXPORT int OPENSSL_init_ssl(uint64_t opts,
  // Use |SSL_enable_ocsp_stapling| instead.
  OPENSSL_EXPORT int SSL_set_tlsext_status_type(SSL *ssl, int type);
 
@@ -33,10 +33,10 @@ index ae8b8385fc73701a4346202f213b5974af4e2aed..0f3d1747173ffb09eafd5c7d5d692ae3
  // success and zero on error. On success, |ssl| takes ownership of |resp|, which
  // must have been allocated by |OPENSSL_malloc|.
 diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
-index 9c16de4958ef29d638e05e0f90b9b15b11b15cac..1f648658b8cb6ae7b82132b276b927e8fb11a47a 100644
+index c68968a514b76717d4c42448ef4b9c440c330fb2..547be0229e2c60c8aefb4644bc84e96f5a17c7f3 100644
 --- a/ssl/ssl_lib.cc
 +++ b/ssl/ssl_lib.cc
-@@ -2751,6 +2751,19 @@ int SSL_set_tlsext_status_type(SSL *ssl, int type) {
+@@ -2896,6 +2896,19 @@ int SSL_set_tlsext_status_type(SSL *ssl, int type) {
    return 1;
  }