Skip to content

src: pull in more electron boringssl adjustments #56858

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

src: pull in more electron boringssl adjustments #56858

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions src/crypto/crypto_cipher.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1005,11 +1005,15 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
return ThrowCryptoError(env, ERR_get_error());
}

#ifndef OPENSSL_IS_BORINGSSL
// RSA implicit rejection here is not supported by BoringSSL.
// Skip this check when boring is used.
if (!ctx.setRsaImplicitRejection()) {
return THROW_ERR_INVALID_ARG_VALUE(
env,
"RSA_PKCS1_PADDING is no longer supported for private decryption");
}
#endif
}

const EVP_MD* digest = nullptr;
Expand Down
35 changes: 33 additions & 2 deletions src/crypto/crypto_dh.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@
#include "memory_tracker-inl.h"
#include "ncrypto.h"
#include "node_errors.h"
#ifndef OPENSSL_IS_BORINGSSL
#include "openssl/bnerr.h"
#endif
#include "openssl/dh.h"
#include "threadpoolwork-inl.h"
#include "v8.h"
Expand Down Expand Up @@ -88,11 +90,15 @@ void New(const FunctionCallbackInfo<Value>& args) {
if (args[0]->IsInt32()) {
int32_t bits = args[0].As<Int32>()->Value();
if (bits < 2) {
#ifndef OPENSSL_IS_BORINGSSL
#if OPENSSL_VERSION_MAJOR >= 3
ERR_put_error(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_SMALL, __FILE__, __LINE__);
#else
ERR_put_error(ERR_LIB_BN, 0, BN_R_BITS_TOO_SMALL, __FILE__, __LINE__);
#endif
#endif // OPENSSL_VERSION_MAJOR >= 3
#else // OPENSSL_IS_BORINGSSL
OPENSSL_PUT_ERROR(BN, BN_R_BITS_TOO_SMALL);
#endif // OPENSSL_IS_BORINGSSL
return ThrowCryptoError(env, ERR_get_error(), "Invalid prime length");
}

Expand All @@ -105,7 +111,11 @@ void New(const FunctionCallbackInfo<Value>& args) {
}
int32_t generator = args[1].As<Int32>()->Value();
if (generator < 2) {
#ifndef OPENSSL_IS_BORINGSSL
ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__);
#else
OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
#endif
return ThrowCryptoError(env, ERR_get_error(), "Invalid generator");
}

Expand Down Expand Up @@ -134,12 +144,20 @@ void New(const FunctionCallbackInfo<Value>& args) {
if (args[1]->IsInt32()) {
int32_t generator = args[1].As<Int32>()->Value();
if (generator < 2) {
#ifndef OPENSSL_IS_BORINGSSL
ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__);
#else
OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
#endif
return ThrowCryptoError(env, ERR_get_error(), "Invalid generator");
}
bn_g = BignumPointer::New();
if (!bn_g.setWord(generator)) {
#ifndef OPENSSL_IS_BORINGSSL
ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__);
#else
OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
#endif
return ThrowCryptoError(env, ERR_get_error(), "Invalid generator");
}
} else {
Expand All @@ -148,11 +166,19 @@ void New(const FunctionCallbackInfo<Value>& args) {
return THROW_ERR_OUT_OF_RANGE(env, "generator is too big");
bn_g = BignumPointer(reinterpret_cast<uint8_t*>(arg1.data()), arg1.size());
if (!bn_g) {
#ifndef OPENSSL_IS_BORINGSSL
ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__);
#else
OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
#endif
return ThrowCryptoError(env, ERR_get_error(), "Invalid generator");
}
if (bn_g.getWord() < 2) {
#ifndef OPENSSL_IS_BORINGSSL
ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__);
#else
OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
#endif
return ThrowCryptoError(env, ERR_get_error(), "Invalid generator");
}
}
Expand Down Expand Up @@ -398,14 +424,19 @@ EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) {
if (!dh) return {};

key_params = EVPKeyPointer::NewDH(std::move(dh));
} else if (int* prime_size = std::get_if<int>(&params->params.prime)) {
} else if (std::get_if<int>(&params->params.prime)) {
auto param_ctx = EVPKeyCtxPointer::NewFromID(EVP_PKEY_DH);
#ifndef OPENSSL_IS_BORINGSSL
int* prime_size = std::get_if<int>(&params->params.prime);
if (!param_ctx.initForParamgen() ||
!param_ctx.setDhParameters(*prime_size, params->params.generator)) {
return {};
}

key_params = param_ctx.paramgen();
#else
return {};
#endif
} else {
UNREACHABLE();
}
Expand Down
5 changes: 5 additions & 0 deletions src/crypto/crypto_dsa.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,10 @@ using v8::Value;

namespace crypto {
EVPKeyCtxPointer DsaKeyGenTraits::Setup(DsaKeyPairGenConfig* params) {
#ifdef OPENSSL_IS_BORINGSSL
// Operation is unsupported in BoringSSL
return {};
#else
auto param_ctx = EVPKeyCtxPointer::NewFromID(EVP_PKEY_DSA);

if (!param_ctx.initForParamgen() ||
Expand All @@ -45,6 +49,7 @@ EVPKeyCtxPointer DsaKeyGenTraits::Setup(DsaKeyPairGenConfig* params) {
EVPKeyCtxPointer key_ctx = key_params.newCtx();
if (!key_ctx.initForKeygen()) return {};
return key_ctx;
#endif
}

// Input arguments for DsaKeyPairGenJob
Expand Down
5 changes: 5 additions & 0 deletions src/crypto/crypto_keys.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -924,6 +924,10 @@ void KeyObjectHandle::GetAsymmetricKeyType(
}

bool KeyObjectHandle::CheckEcKeyData() const {
#ifdef OPENSSL_IS_BORINGSSL
// Operation is unsupported on BoringSSL
return true;
#else
MarkPopErrorOnReturn mark_pop_error_on_return;

const auto& key = data_.GetAsymmetricKey();
Expand All @@ -933,6 +937,7 @@ bool KeyObjectHandle::CheckEcKeyData() const {

return data_.GetKeyType() == kKeyTypePrivate ? ctx.privateCheck()
: ctx.publicCheck();
#endif
}

void KeyObjectHandle::CheckEcKeyData(const FunctionCallbackInfo<Value>& args) {
Expand Down
17 changes: 17 additions & 0 deletions src/crypto/crypto_util.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -682,29 +682,46 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
CHECK(args[0]->IsUint32());
Environment* env = Environment::GetCurrent(args);
uint32_t len = args[0].As<Uint32>()->Value();
#ifndef OPENSSL_IS_BORINGSSL
void* data = OPENSSL_secure_zalloc(len);
#else
void* data = OPENSSL_malloc(len);
#endif
if (data == nullptr) {
// There's no memory available for the allocation.
// Return nothing.
return;
}
#ifdef OPENSSL_IS_BORINGSSL
memset(data, 0, len);
#endif
std::shared_ptr<BackingStore> store =
ArrayBuffer::NewBackingStore(
data,
len,
[](void* data, size_t len, void* deleter_data) {
#ifndef OPENSSL_IS_BORINGSSL
OPENSSL_secure_clear_free(data, len);
#else
OPENSSL_clear_free(data, len);
#endif
},
data);
Local<ArrayBuffer> buffer = ArrayBuffer::New(env->isolate(), store);
args.GetReturnValue().Set(Uint8Array::New(buffer, 0, len));
}

void SecureHeapUsed(const FunctionCallbackInfo<Value>& args) {
#ifndef OPENSSL_IS_BORINGSSL
Environment* env = Environment::GetCurrent(args);
if (CRYPTO_secure_malloc_initialized())
args.GetReturnValue().Set(
BigInt::New(env->isolate(), CRYPTO_secure_used()));
#else
// BoringSSL does not have the secure heap and therefore
// will always return 0.
args.GetReturnValue().Set(BigInt::New(args.GetIsolate(), 0));
#endif
}
} // namespace

Expand Down
Loading