New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: add a compatibility EVP_CIPH_OCB_MODE value (#16214). #17873
Conversation
Backported google/boringssl@4b9683 to 4.1.x branch. This patch replaces the no-op modes with negative numbers rather than zero. Stream ciphers like RC4 report a "mode" of zero, so code comparing the mode to a dummy value will get confused. This patch fixed issue #16214.
patches/common/boringssl/.patches
Outdated
@@ -1,3 +1,4 @@ | |||
compatibility_evp_ciph_ocb_mode.patch |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was this patch added manually? I'm not sure how this could have been added to the top of the file if the export-patches
script was used
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was this patch added manually? I'm not sure how this could have been added to the top of the file if the
export-patches
script was used
This patch was added manually. Shall I re-add it with the export-patches
command?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@TaikiAkita Yep, the flow for making these patches is like this
- Run
gclient sync --your --flags --here
- Add your commit on top of the checked out
boringssl
- Run
git-export-patches -o electron/patches/common/boringssl
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I regenerated the patches with git-export-patches
, please have a look.
This reverts commit f1156a8.
Recommited change @f1156a with patches generated by "git-export-patches".
I regenerated the patches with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM after changes but paging @MarshallOfSound for second opinion!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This patch is currently flagged as an invalid backport because it is targeting 4.1.
Can you confirm that this fix is not needed in current 5.0 or master branches?
This patch is exactly backported from 5.x. The upstream BoringSSL of 5.x branch has this patch already. So this patch is NOT needed in 5.x. Test with following code:
In 4.x, an error will occur. BTW. This patch should also be backported to 4.0.x branch. |
@codebytere |
@codebytere |
@TaikiAkita please address the failing commit status: https://github.com/electron/electron/pull/17873/checks?check_run_id=105806788 |
@shiftkey |
Release Notes Persisted
|
Congrats on merging your first pull request! 🎉🎉🎉 |
Backport of google/boringssl@4b9683. This patch replaces the no-op modes with negative numbers rather than zero. Stream ciphers like RC4 report a "mode" of zero, so code comparing the mode to a dummy value will get confused.
This patch fixed issue #16214.
Release Notes
Notes: Fixed the "rc4" cipher (#16214) (4.1.x).