fix: add a compatibility EVP_CIPH_OCB_MODE value (#16214).

[TaikiAkita]

Backport of google/boringssl@4b9683. This patch replaces the no-op modes with negative numbers rather than zero. Stream ciphers like RC4 report a "mode" of zero, so code comparing the mode to a dummy value will get confused.

This patch fixed issue #16214.

Release Notes

Notes: Fixed the "rc4" cipher (#16214) (4.1.x).

[MarshallOfSound]

Was this patch added manually? I'm not sure how this could have been added to the top of the file if the export-patches script was used

[TaikiAkita]

Was this patch added manually? I'm not sure how this could have been added to the top of the file if the export-patches script was used

This patch was added manually. Shall I re-add it with the export-patches command?

[MarshallOfSound]

@TaikiAkita Yep, the flow for making these patches is like this

• Run gclient sync --your --flags --here
• Add your commit on top of the checked out boringssl
• Run git-export-patches -o electron/patches/common/boringssl

👍

[TaikiAkita]

@MarshallOfSound

I regenerated the patches with git-export-patches, please have a look.

[TaikiAkita]

@MarshallOfSound

I regenerated the patches with git-export-patches, please have a look.

[codebytere]

LGTM after changes but paging @MarshallOfSound for second opinion!

[MarshallOfSound]

This patch is currently flagged as an invalid backport because it is targeting 4.1.

Can you confirm that this fix is not needed in current 5.0 or master branches?

[TaikiAkita]

This patch is currently flagged as an invalid backport because it is targeting 4.1.

Can you confirm that this fix is not needed in current 5.0 or master branches?

@MarshallOfSound

This patch is exactly backported from 5.x. The upstream BoringSSL of 5.x branch has this patch already. So this patch is NOT needed in 5.x.

Test with following code:

var cipher = require("crypto").createCipher("rc4", "hello");

In 4.x, an error will occur.
In 5.x, run successfully.

BTW. This patch should also be backported to 4.0.x branch.

[TaikiAkita]

@codebytere
Now it is ready to be merged. Please help to merge this PR.

[TaikiAkita]

@codebytere
Please merge this PR.

[shiftkey]

@TaikiAkita please address the failing commit status: https://github.com/electron/electron/pull/17873/checks?check_run_id=105806788

[TaikiAkita]

This patch is currently flagged as an invalid backport because it is targeting 4.1.
Can you confirm that this fix is not needed in current 5.0 or master branches?

@MarshallOfSound

This patch is exactly backported from 5.x. The upstream BoringSSL of 5.x branch has this patch already. So this patch is NOT needed in 5.x.

Test with following code:

var cipher = require("crypto").createCipher("rc4", "hello");

In 4.x, an error will occur.
In 5.x, run successfully.

BTW. This patch should also be backported to 4.0.x branch.

@shiftkey
Described above. This patch was derived from upstream and can only be applied in 4.x branches, it was NOT derived from other PR (so I can not add the "Backport of #{N}" declaration).

[release-clerk]

Release Notes Persisted

Fixed the "rc4" cipher (#16214).

[welcome]

Congrats on merging your first pull request! 🎉🎉🎉