Attachment #612078 for bug #613344

Lines 104-110 Link Here

(-)node-v13.4.0.orig/src/node_crypto.cc (-4 / +100 lines)
104	using v8::Undefined;	104	using v8::Undefined;
105	using v8::Value;	105	using v8::Value;
106		106
107	#ifdef OPENSSL_NO_OCB	107	#if defined (OPENSSL_NO_OCB) \|\| defined (LIBRESSL_VERSION_NUMBER)
108	# define IS_OCB_MODE(mode) false	108	# define IS_OCB_MODE(mode) false
109	#else	109	#else
110	# define IS_OCB_MODE(mode) ((mode) == EVP_CIPH_OCB_MODE)	110	# define IS_OCB_MODE(mode) ((mode) == EVP_CIPH_OCB_MODE)
Lines 539-545 Link Here
539		539
540	// A maxVersion of 0 means "any", but OpenSSL may support TLS versions that	540	// A maxVersion of 0 means "any", but OpenSSL may support TLS versions that
541	// Node.js doesn't, so pin the max to what we do support.	541	// Node.js doesn't, so pin the max to what we do support.
		542	#if defined (LIBRESSL_VERSION_NUMBER)
		543	#if defined (LIBRESSL_HAS_TLS1_3)
542	const int MAX_SUPPORTED_VERSION = TLS1_3_VERSION;	544	const int MAX_SUPPORTED_VERSION = TLS1_3_VERSION;
		545	#else
		546	const int MAX_SUPPORTED_VERSION = TLS1_2_VERSION;
		547	#endif
		548	#else
		549	const int MAX_SUPPORTED_VERSION = TLS1_3_VERSION;
		550	#endif
543		551
544	void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {	552	void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
545	SecureContext* sc;	553	SecureContext* sc;
Lines 760-770 Link Here
760		768
761	const node::Utf8Value sigalgs(env->isolate(), args[0]);	769	const node::Utf8Value sigalgs(env->isolate(), args[0]);
762		770
		771	#ifndef LIBRESSL_VERSION_NUMBER
763	int rv = SSL_CTX_set1_sigalgs_list(sc->ctx_.get(), *sigalgs);	772	int rv = SSL_CTX_set1_sigalgs_list(sc->ctx_.get(), *sigalgs);
764		773
765	if (rv == 0) {	774	if (rv == 0) {
766	return ThrowCryptoError(env, ERR_get_error());	775	return ThrowCryptoError(env, ERR_get_error());
767	}	776	}
		777	#endif
768	}	778	}
769		779
770	#ifndef OPENSSL_NO_ENGINE	780	#ifndef OPENSSL_NO_ENGINE
Lines 1181-1186 Link Here
1181	CHECK(args[0]->IsString());	1191	CHECK(args[0]->IsString());
1182		1192
1183	const node::Utf8Value ciphers(args.GetIsolate(), args[0]);	1193	const node::Utf8Value ciphers(args.GetIsolate(), args[0]);
		1194	#ifdef LIBRESSL_VERSION_NUMBER
		1195	return env->ThrowError("SSL_CTX_set_ciphersuites not supported in libressl");
		1196	#else
1184	if (!SSL_CTX_set_ciphersuites(sc->ctx_.get(), *ciphers)) {	1197	if (!SSL_CTX_set_ciphersuites(sc->ctx_.get(), *ciphers)) {
1185	unsigned long err = ERR_get_error(); // NOLINT(runtime/int)	1198	unsigned long err = ERR_get_error(); // NOLINT(runtime/int)
1186	if (!err) {	1199	if (!err) {
Lines 1190-1195 Link Here
1190	return ThrowCryptoError(env, err);	1203	return ThrowCryptoError(env, err);
1191	}	1204	}
1192	#endif	1205	#endif
		1206	#endif
1193	}	1207	}
1194		1208
1195		1209
Lines 2078-2083 Link Here
2078	info->Set(env->context(), env->pubkey_string(), pubbuff).Check();	2092	info->Set(env->context(), env->pubkey_string(), pubbuff).Check();
2079	} else if (ec) {	2093	} else if (ec) {
2080	const EC_GROUP* group = EC_KEY_get0_group(ec.get());	2094	const EC_GROUP* group = EC_KEY_get0_group(ec.get());
		2095	#ifndef LIBRESSL_VERSION_NUMBER
2081	if (group != nullptr) {	2096	if (group != nullptr) {
2082	int bits = EC_GROUP_order_bits(group);	2097	int bits = EC_GROUP_order_bits(group);
2083	if (bits > 0) {	2098	if (bits > 0) {
Lines 2085-2090 Link Here
2085	Integer::New(env->isolate(), bits)).Check();	2100	Integer::New(env->isolate(), bits)).Check();
2086	}	2101	}
2087	}	2102	}
		2103	#endif
2088		2104
2089	const EC_POINT* pubkey = EC_KEY_get0_public_key(ec.get());	2105	const EC_POINT* pubkey = EC_KEY_get0_public_key(ec.get());
2090	Local<Object> buf;	2106	Local<Object> buf;
Lines 2473-2478 Link Here
2473		2489
2474	template <class Base>	2490	template <class Base>
2475	void SSLWrap<Base>::GetTLSTicket(const FunctionCallbackInfo<Value>& args) {	2491	void SSLWrap<Base>::GetTLSTicket(const FunctionCallbackInfo<Value>& args) {
		2492	#ifdef LIBRESSL_VERSION_NUMBER
		2493	return;
		2494	#else
2476	Base* w;	2495	Base* w;
2477	ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder());	2496	ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder());
2478	Environment* env = w->ssl_env();	2497	Environment* env = w->ssl_env();
Lines 2492-2497 Link Here
2492	env, reinterpret_cast<const char*>(ticket), length).ToLocalChecked();	2511	env, reinterpret_cast<const char*>(ticket), length).ToLocalChecked();
2493		2512
2494	args.GetReturnValue().Set(buff);	2513	args.GetReturnValue().Set(buff);
		2514	#endif
2495	}	2515	}
2496		2516
2497		2517
Lines 2685-2691 Link Here
2685	const char* cipher_name = SSL_CIPHER_get_name(c);	2705	const char* cipher_name = SSL_CIPHER_get_name(c);
2686	info->Set(context, env->name_string(),	2706	info->Set(context, env->name_string(),
2687	OneByteString(args.GetIsolate(), cipher_name)).Check();	2707	OneByteString(args.GetIsolate(), cipher_name)).Check();
		2708	#ifdef LIBRESSL_VERSION_NUMBER
		2709	const char* cipher_standard_name = "(NONE)";
		2710	#else
2688	const char* cipher_standard_name = SSL_CIPHER_standard_name(c);	2711	const char* cipher_standard_name = SSL_CIPHER_standard_name(c);
		2712	#endif
2689	info->Set(context, env->standard_name_string(),	2713	info->Set(context, env->standard_name_string(),
2690	OneByteString(args.GetIsolate(), cipher_standard_name)).Check();	2714	OneByteString(args.GetIsolate(), cipher_standard_name)).Check();
2691	const char* cipher_version = SSL_CIPHER_get_version(c);	2715	const char* cipher_version = SSL_CIPHER_get_version(c);
Lines 2702-2709 Link Here
2702	Environment* env = w->ssl_env();	2726	Environment* env = w->ssl_env();
2703		2727
2704	SSL* ssl = w->ssl_.get();	2728	SSL* ssl = w->ssl_.get();
		2729	#ifdef LIBRESSL_VERSION_NUMBER
		2730	int nsig = 0;
		2731	#else
2705	int nsig = SSL_get_shared_sigalgs(ssl, 0, nullptr, nullptr, nullptr, nullptr,	2732	int nsig = SSL_get_shared_sigalgs(ssl, 0, nullptr, nullptr, nullptr, nullptr,
2706	nullptr);	2733	nullptr);
		2734	#endif
2707	MaybeStackBuffer<Local<Value>, 16> ret_arr(nsig);	2735	MaybeStackBuffer<Local<Value>, 16> ret_arr(nsig);
2708		2736
2709	for (int i = 0; i < nsig; i++) {	2737	for (int i = 0; i < nsig; i++) {
Lines 2711-2718 Link Here
2711	int sign_nid;	2739	int sign_nid;
2712	std::string sig_with_md;	2740	std::string sig_with_md;
2713		2741
		2742	#ifndef LIBRESSL_VERSION_NUMBER
2714	SSL_get_shared_sigalgs(ssl, i, &sign_nid, &hash_nid, nullptr, nullptr,	2743	SSL_get_shared_sigalgs(ssl, i, &sign_nid, &hash_nid, nullptr, nullptr,
2715	nullptr);	2744	nullptr);
		2745	#endif
2716		2746
2717	switch (sign_nid) {	2747	switch (sign_nid) {
2718	case EVP_PKEY_RSA:	2748	case EVP_PKEY_RSA:
Lines 2959-2965 Link Here
2959	info->Set(context, env->servername_string(), str).Check();	2989	info->Set(context, env->servername_string(), str).Check();
2960	}	2990	}
2961		2991
		2992	#ifdef LIBRESSL_VERSION_NUMBER
		2993	const bool ocsp = false;
		2994	#else
2962	const bool ocsp = (SSL_get_tlsext_status_type(s) == TLSEXT_STATUSTYPE_ocsp);	2995	const bool ocsp = (SSL_get_tlsext_status_type(s) == TLSEXT_STATUSTYPE_ocsp);
		2996	#endif
2963	info->Set(context, env->ocsp_request_string(),	2997	info->Set(context, env->ocsp_request_string(),
2964	Boolean::New(env->isolate(), ocsp)).Check();	2998	Boolean::New(env->isolate(), ocsp)).Check();
2965		2999
Lines 3001-3007 Link Here
3001		3035
3002	// NOTE: reference count is not increased by this API methods	3036	// NOTE: reference count is not increased by this API methods
3003	X509* x509 = SSL_CTX_get0_certificate(sc->ctx_.get());	3037	X509* x509 = SSL_CTX_get0_certificate(sc->ctx_.get());
		3038	#ifdef LIBRESSL_VERSION_NUMBER
		3039	EVP_PKEY* pkey = NULL;
		3040	#else
3004	EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_.get());	3041	EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_.get());
		3042	#endif
3005	STACK_OF(X509)* chain;	3043	STACK_OF(X509)* chain;
3006		3044
3007	rv = SSL_CTX_get0_chain_certs(sc->ctx_.get(), &chain);	3045	rv = SSL_CTX_get0_chain_certs(sc->ctx_.get(), &chain);
Lines 3055-3060 Link Here
3055		3093
3056	template <class Base>	3094	template <class Base>
3057	int SSLWrap<Base>::SetCACerts(SecureContext* sc) {	3095	int SSLWrap<Base>::SetCACerts(SecureContext* sc) {
		3096	#ifdef LIBRESSL_VERSION_NUMBER
		3097	return 0;
		3098	#else
3058	int err = SSL_set1_verify_cert_store(ssl_.get(),	3099	int err = SSL_set1_verify_cert_store(ssl_.get(),
3059	SSL_CTX_get_cert_store(sc->ctx_.get()));	3100	SSL_CTX_get_cert_store(sc->ctx_.get()));
3060	if (err != 1)	3101	if (err != 1)
Lines 3066-3071 Link Here
3066	// NOTE: `SSL_set_client_CA_list` takes the ownership of `list`	3107	// NOTE: `SSL_set_client_CA_list` takes the ownership of `list`
3067	SSL_set_client_CA_list(ssl_.get(), list);	3108	SSL_set_client_CA_list(ssl_.get(), list);
3068	return 1;	3109	return 1;
		3110	#endif
3069	}	3111	}
3070		3112
3071	template <class Base>	3113	template <class Base>
Lines 3133-3139 Link Here
3133	// OpenSSL might modify the pointer, so we need to make a copy before parsing.	3175	// OpenSSL might modify the pointer, so we need to make a copy before parsing.
3134	const unsigned char* p = der_data;	3176	const unsigned char* p = der_data;
3135	pkey->reset(parse(&p, der_len));	3177	pkey->reset(parse(&p, der_len));
		3178	#ifdef LIBRESSL_VERSION_NUMBER
		3179	OPENSSL_cleanse(der_data, der_len);
		3180	OPENSSL_free(der_data);
		3181	#else
3136	OPENSSL_clear_free(der_data, der_len);	3182	OPENSSL_clear_free(der_data, der_len);
		3183	#endif
3137		3184
3138	return *pkey ? ParseKeyResult::kParseKeyOk :	3185	return *pkey ? ParseKeyResult::kParseKeyOk :
3139	ParseKeyResult::kParseKeyFailed;	3186	ParseKeyResult::kParseKeyFailed;
Lines 3375-3386 Link Here
3375	}	3422	}
3376		3423
3377	ByteSource::~ByteSource() {	3424	ByteSource::~ByteSource() {
		3425	#ifdef LIBRESSL_VERSION_NUMBER
		3426	OPENSSL_cleanse(allocated_data_, size_);
		3427	OPENSSL_free(allocated_data_);
		3428	#else
3378	OPENSSL_clear_free(allocated_data_, size_);	3429	OPENSSL_clear_free(allocated_data_, size_);
		3430	#endif
3379	}	3431	}
3380		3432
3381	ByteSource& ByteSource::operator=(ByteSource&& other) {	3433	ByteSource& ByteSource::operator=(ByteSource&& other) {
3382	if (&other != this) {	3434	if (&other != this) {
		3435	#ifdef LIBRESSL_VERSION_NUMBER
		3436	OPENSSL_cleanse(allocated_data_, size_);
		3437	OPENSSL_free(allocated_data_);
		3438	#else
3383	OPENSSL_clear_free(allocated_data_, size_);	3439	OPENSSL_clear_free(allocated_data_, size_);
		3440	#endif
3384	data_ = other.data_;	3441	data_ = other.data_;
3385	allocated_data_ = other.allocated_data_;	3442	allocated_data_ = other.allocated_data_;
3386	other.allocated_data_ = nullptr;	3443	other.allocated_data_ = nullptr;
Lines 3864-3870 Link Here
3864	abv->CopyContents(mem, key_len);	3921	abv->CopyContents(mem, key_len);
3865	this->symmetric_key_ = std::unique_ptr<char, std::function<void(char*)>>(mem,	3922	this->symmetric_key_ = std::unique_ptr<char, std::function<void(char*)>>(mem,
3866	[key_len](char* p) {	3923	[key_len](char* p) {
		3924	#ifdef LIBRESSL_VERSION_NUMBER
		3925	OPENSSL_cleanse(p, key_len);
		3926	OPENSSL_free(p);
		3927	#else
3867	OPENSSL_clear_free(p, key_len);	3928	OPENSSL_clear_free(p, key_len);
		3929	#endif
3868	});	3930	});
3869	this->symmetric_key_len_ = key_len;	3931	this->symmetric_key_len_ = key_len;
3870	}	3932	}
Lines 4840-4847 Link Here
4840	ret = EVP_DigestFinal_ex(hash->mdctx_.get(), hash->md_value_,	4902	ret = EVP_DigestFinal_ex(hash->mdctx_.get(), hash->md_value_,
4841	&hash->md_len_);	4903	&hash->md_len_);
4842	} else {	4904	} else {
		4905	#ifdef LIBRESSL_VERSION_NUMBER
		4906	ret = 0;
		4907	#else
4843	ret = EVP_DigestFinalXOF(hash->mdctx_.get(), hash->md_value_,	4908	ret = EVP_DigestFinalXOF(hash->mdctx_.get(), hash->md_value_,
4844	hash->md_len_);	4909	hash->md_len_);
		4910	#endif
4845	}	4911	}
4846		4912
4847	if (ret != 1) {	4913	if (ret != 1) {
Lines 5019-5029 Link Here
5019	if (base_id == EVP_PKEY_DSA) {	5085	if (base_id == EVP_PKEY_DSA) {
5020	DSA* dsa_key = EVP_PKEY_get0_DSA(pkey.get());	5086	DSA* dsa_key = EVP_PKEY_get0_DSA(pkey.get());
5021	// Both r and s are computed mod q, so their width is limited by that of q.	5087	// Both r and s are computed mod q, so their width is limited by that of q.
		5088	#ifdef LIBRESSL_VERSION_NUMBER
		5089	bits = BN_num_bits(dsa_key->q);
		5090	#else
5022	bits = BN_num_bits(DSA_get0_q(dsa_key));	5091	bits = BN_num_bits(DSA_get0_q(dsa_key));
5023	} else if (base_id == EVP_PKEY_EC) {	5092	} else if (base_id == EVP_PKEY_EC) {
5024	EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(pkey.get());	5093	EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(pkey.get());
5025	const EC_GROUP* ec_group = EC_KEY_get0_group(ec_key);	5094	const EC_GROUP* ec_group = EC_KEY_get0_group(ec_key);
5026	bits = EC_GROUP_order_bits(ec_group);	5095	bits = EC_GROUP_order_bits(ec_group);
		5096	#endif
5027	} else {	5097	} else {
5028	return kNoDsaSignature;	5098	return kNoDsaSignature;
5029	}	5099	}
Lines 5048-5055 Link Here
5048	AllocatedBuffer buf = env->AllocateManaged(2 * n);	5118	AllocatedBuffer buf = env->AllocateManaged(2 * n);
5049	unsigned char* data = reinterpret_cast<unsigned char*>(buf.data());	5119	unsigned char* data = reinterpret_cast<unsigned char*>(buf.data());
5050		5120
		5121	#ifdef LIBRESSL_VERSION_NUMBER
		5122	const ECDSA_SIG* sig = asn1_sig.get();
		5123	const BIGNUM* r = sig->r;
		5124	const BIGNUM* s = sig->s;
		5125	#else
5051	const BIGNUM* r = ECDSA_SIG_get0_r(asn1_sig.get());	5126	const BIGNUM* r = ECDSA_SIG_get0_r(asn1_sig.get());
5052	const BIGNUM* s = ECDSA_SIG_get0_s(asn1_sig.get());	5127	const BIGNUM* s = ECDSA_SIG_get0_s(asn1_sig.get());
		5128	#endif
5053	CHECK_EQ(n, static_cast<unsigned int>(BN_bn2binpad(r, data, n)));	5129	CHECK_EQ(n, static_cast<unsigned int>(BN_bn2binpad(r, data, n)));
5054	CHECK_EQ(n, static_cast<unsigned int>(BN_bn2binpad(s, data + n, n)));	5130	CHECK_EQ(n, static_cast<unsigned int>(BN_bn2binpad(s, data + n, n)));
5055		5131
Lines 5262-5271 Link Here
5262	const unsigned char* input =	5338	const unsigned char* input =
5263	reinterpret_cast<const unsigned char*>(data.data());	5339	reinterpret_cast<const unsigned char*>(data.data());
5264	size_t sig_len;	5340	size_t sig_len;
		5341	#ifdef LIBRESSL_VERSION_NUMBER
		5342	if (!EVP_DigestSignFinal(mdctx.get(), nullptr, &sig_len))
		5343	return CheckThrow(env, SignBase::Error::kSignPrivateKey);
		5344	#else
5265	if (!EVP_DigestSign(mdctx.get(), nullptr, &sig_len, input, data.length()))	5345	if (!EVP_DigestSign(mdctx.get(), nullptr, &sig_len, input, data.length()))
5266	return CheckThrow(env, SignBase::Error::kSignPrivateKey);	5346	return CheckThrow(env, SignBase::Error::kSignPrivateKey);
		5347	#endif
5267		5348
5268	AllocatedBuffer signature = env->AllocateManaged(sig_len);	5349	AllocatedBuffer signature = env->AllocateManaged(sig_len);
		5350	#ifdef LIBRESSL_VERSION_NUMBER
		5351	if (!EVP_DigestSignFinal(mdctx.get(),
		5352	reinterpret_cast<unsigned char*>(signature.data()),
		5353	&sig_len)) {
		5354	return CheckThrow(env, SignBase::Error::kSignPrivateKey);
		5355	}
		5356	#else
5269	if (!EVP_DigestSign(mdctx.get(),	5357	if (!EVP_DigestSign(mdctx.get(),
5270	reinterpret_cast<unsigned char*>(signature.data()),	5358	reinterpret_cast<unsigned char*>(signature.data()),
5271	&sig_len,	5359	&sig_len,
Lines 5273-5278 Link Here
5273	data.length())) {	5361	data.length())) {
5274	return CheckThrow(env, SignBase::Error::kSignPrivateKey);	5362	return CheckThrow(env, SignBase::Error::kSignPrivateKey);
5275	}	5363	}
		5364	#endif
5276		5365
5277	signature.Resize(sig_len);	5366	signature.Resize(sig_len);
5278		5367
Lines 5461-5472 Link Here
5461	}	5550	}
5462		5551
5463	bool verify_result;	5552	bool verify_result;
		5553	#ifdef LIBRESSL_VERSION_NUMBER
		5554	const int r = EVP_DigestVerifyFinal(
		5555	mdctx.get(),
		5556	reinterpret_cast<const unsigned char*>(sig_bytes.get()),
		5557	sig_bytes.size());
		5558	#else
5464	const int r = EVP_DigestVerify(	5559	const int r = EVP_DigestVerify(
5465	mdctx.get(),	5560	mdctx.get(),
5466	reinterpret_cast<const unsigned char*>(sig_bytes.get()),	5561	reinterpret_cast<const unsigned char*>(sig_bytes.get()),
5467	sig_bytes.size(),	5562	sig_bytes.size(),
5468	reinterpret_cast<const unsigned char*>(data.data()),	5563	reinterpret_cast<const unsigned char*>(data.data()),
5469	data.length());	5564	data.length());
		5565	#endif
5470	switch (r) {	5566	switch (r) {
5471	case 1:	5567	case 1:
5472	verify_result = true;	5568	verify_result = true;
Lines 6350-6356 Link Here
6350	}	6446	}
6351		6447
6352		6448
6353	#ifndef OPENSSL_NO_SCRYPT	6449	#if !( defined(OPENSSL_NO_SCRYPT) \|\| defined(LIBRESSL_VERSION_NUMBER) )
6354	struct ScryptJob : public CryptoJob {	6450	struct ScryptJob : public CryptoJob {
6355	unsigned char* keybuf_data;	6451	unsigned char* keybuf_data;
6356	size_t keybuf_size;	6452	size_t keybuf_size;
Lines 7098-7104 Link Here
7098	}	7194	}
7099		7195
7100	void InitCryptoOnce() {	7196	void InitCryptoOnce() {
7101	#ifndef OPENSSL_IS_BORINGSSL	7197	#if !( defined(OPENSSL_IS_BORINGSSL) \|\| defined(LIBRESSL_VERSION_NUMBER) )
7102	OPENSSL_INIT_SETTINGS* settings = OPENSSL_INIT_new();	7198	OPENSSL_INIT_SETTINGS* settings = OPENSSL_INIT_new();
7103		7199
7104	// --openssl-config=...	7200	// --openssl-config=...
Lines 7278-7284 Link Here
7278	PublicKeyCipher::Cipher<PublicKeyCipher::kPublic,	7374	PublicKeyCipher::Cipher<PublicKeyCipher::kPublic,
7279	EVP_PKEY_verify_recover_init,	7375	EVP_PKEY_verify_recover_init,
7280	EVP_PKEY_verify_recover>);	7376	EVP_PKEY_verify_recover>);
7281	#ifndef OPENSSL_NO_SCRYPT	7377	#if !( defined(OPENSSL_NO_SCRYPT) \|\| defined(LIBRESSL_VERSION_NUMBER) )
7282	env->SetMethod(target, "scrypt", Scrypt);	7378	env->SetMethod(target, "scrypt", Scrypt);
7283	#endif // OPENSSL_NO_SCRYPT	7379	#endif // OPENSSL_NO_SCRYPT
7284	}	7380	}




#include <openssl/ec.h>
#include <openssl/rsa.h>

/* 
 * libressl compat 
 */ 
#ifdef LIBRESSL_VERSION_NUMBER
/* defines from opnssl's crypto.h */
# define OPENSSL_memdup(str, s) \
        BUF_memdup(str, s)
/* defines from opnssl's err.h */
# define ERR_LIB_OSSL_STORE      44
# define ERR_LIB_CT              50
# define ERR_LIB_ASYNC           51
# define ERR_LIB_KDF             52
# define ERR_LIB_SM2             53
/* defines from openssl's evp.h */
# define EVP_PKEY_X25519 NID_X25519
# define EVP_PKEY_X448 NID_X448
# define EVP_PKEY_RSA_PSS NID_rsassaPss
# define EVP_PKEY_ED25519 NID_ED25519
# define EVP_PKEY_ED448 NID_ED448
# define         EVP_CTRL_AEAD_SET_IVLEN         0x9
# define         EVP_CTRL_AEAD_SET_TAG           0x11
#  define EVP_MD_FLAG_XOF         0x0002
# define         EVP_CTRL_CCM_GET_TAG            EVP_CTRL_AEAD_GET_TAG
# define         EVP_CTRL_AEAD_GET_TAG           0x10
/* defines from openssl's evperr.h */
# define EVP_F_EVP_DIGESTFINALXOF                         174
# define EVP_R_NOT_XOF_OR_INVALID_LENGTH                  178
/* defines from openssl's obj_mac.h */
#define NID_ED25519             1087
#define NID_ED448               1088
#define NID_id_GostR3410_2012_256               979
#define NID_id_GostR3410_2012_512               980
/* defines from openssl's rsa.h */
# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
                          EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)

# define  EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
                          EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md))

# define  EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
                          EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md))

# define  EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
                          EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l))

# define  EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS,  \
                          EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD,  \
                          0, (void *)(md))

# define EVP_PKEY_CTRL_RSA_OAEP_MD       (EVP_PKEY_ALG_CTRL + 9)
# define EVP_PKEY_CTRL_RSA_OAEP_LABEL    (EVP_PKEY_ALG_CTRL + 10)
/* defines from opnssl's bn.h */
# define BN_bn2binpad(a, to, n) \
		BN_bn2bin(a, to)
/* defines from opnssl's ec.h */
# define OPENSSL_EC_EXPLICIT_CURVE  0x000
#endif

namespace node {
namespace crypto {


  }

  ~Hash() override {
    if (md_value_ != nullptr) {
#ifdef LIBRESSL_VERSION_NUMBER
		OPENSSL_cleanse(md_value_, md_len_);
		OPENSSL_free(md_value_);
#else 
      	OPENSSL_clear_free(md_value_, md_len_);
#endif
	}
  }

 private:

Lines 65-71 Link Here

(-)node-v13.4.0.orig/src/node_crypto_bio.cc (+4 lines)
65	return 0;	65	return 0;
66		66
67	if (BIO_get_shutdown(bio)) {	67	if (BIO_get_shutdown(bio)) {
		68	#ifdef LIBRESSL_VERSION_NUMBER
		69	if (bio->init && BIO_get_data(bio) != nullptr) {
		70	#else
68	if (BIO_get_init(bio) && BIO_get_data(bio) != nullptr) {	71	if (BIO_get_init(bio) && BIO_get_data(bio) != nullptr) {
		72	#endif
69	delete FromBIO(bio);	73	delete FromBIO(bio);
70	BIO_set_data(bio, nullptr);	74	BIO_set_data(bio, nullptr);
71	}	75	}

Lines 140-146 Link Here

(-)node-v13.4.0.orig/src/tls_wrap.cc (-1 / +11 lines)
140		140
141	ConfigureSecureContext(sc_);	141	ConfigureSecureContext(sc_);
142		142
		143	#ifdef LIBRESSL_VERSION_NUMBER
		144	/* FIXME: cert callback not implemented in libressl */
		145	#else
143	SSL_set_cert_cb(ssl_.get(), SSLWrap<TLSWrap>::SSLCertCallback, this);	146	SSL_set_cert_cb(ssl_.get(), SSLWrap<TLSWrap>::SSLCertCallback, this);
		147	#endif
144		148
145	if (is_server()) {	149	if (is_server()) {
146	SSL_set_accept_state(ssl_.get());	150	SSL_set_accept_state(ssl_.get());
Lines 916-923 Link Here
916	TLSWrap* wrap;	920	TLSWrap* wrap;
917	ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());	921	ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());
918	CHECK_NOT_NULL(wrap->sc_);	922	CHECK_NOT_NULL(wrap->sc_);
		923	#ifdef LIBRESSL_VERSION_NUMBER
		924	/* FIXME: keylog_callback not implemented in libressl */
		925	#else
919	SSL_CTX_set_keylog_callback(wrap->sc_->ctx_.get(),	926	SSL_CTX_set_keylog_callback(wrap->sc_->ctx_.get(),
920	SSLWrap<TLSWrap>::KeylogCallback);	927	SSLWrap<TLSWrap>::KeylogCallback);
		928	#endif
921	}	929	}
922		930
923	// Check required capabilities were not excluded from the OpenSSL build:	931	// Check required capabilities were not excluded from the OpenSSL build:
Lines 935-941 Link Here
935	TLSWrap* wrap;	943	TLSWrap* wrap;
936	ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());	944	ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());
937		945
938	#if HAVE_SSL_TRACE	946	#ifndef LIBRESSL_VERSION_NUMBER
		947	#if HAVE_SSL_TRACE
939	if (wrap->ssl_) {	948	if (wrap->ssl_) {
940	wrap->bio_trace_.reset(BIO_new_fp(stderr, BIO_NOCLOSE \| BIO_FP_TEXT));	949	wrap->bio_trace_.reset(BIO_new_fp(stderr, BIO_NOCLOSE \| BIO_FP_TEXT));
941	SSL_set_msg_callback(wrap->ssl_.get(), [](int write_p, int version, int	950	SSL_set_msg_callback(wrap->ssl_.get(), [](int write_p, int version, int
Lines 952-957 Link Here
952	SSL_set_msg_callback_arg(wrap->ssl_.get(), wrap->bio_trace_.get());	961	SSL_set_msg_callback_arg(wrap->ssl_.get(), wrap->bio_trace_.get());
953	}	962	}
954	#endif	963	#endif
		964	#endif
955	}	965	}
956		966
957	void TLSWrap::DestroySSL(const FunctionCallbackInfo<Value>& args) {	967	void TLSWrap::DestroySSL(const FunctionCallbackInfo<Value>& args) {

Return to bug 613344

Lines 40-45 Link Here

(-)node-v13.4.0.orig/src/node_crypto.h (-2 / +71 lines)
40	#include <openssl/ec.h>	40	#include <openssl/ec.h>
41	#include <openssl/rsa.h>	41	#include <openssl/rsa.h>
42		42
		43	/*
		44	* libressl compat
		45	*/
		46	#ifdef LIBRESSL_VERSION_NUMBER
		47	/* defines from opnssl's crypto.h */
		48	# define OPENSSL_memdup(str, s) \
		49	BUF_memdup(str, s)
		50	/* defines from opnssl's err.h */
		51	# define ERR_LIB_OSSL_STORE 44
		52	# define ERR_LIB_CT 50
		53	# define ERR_LIB_ASYNC 51
		54	# define ERR_LIB_KDF 52
		55	# define ERR_LIB_SM2 53
		56	/* defines from openssl's evp.h */
		57	# define EVP_PKEY_X25519 NID_X25519
		58	# define EVP_PKEY_X448 NID_X448
		59	# define EVP_PKEY_RSA_PSS NID_rsassaPss
		60	# define EVP_PKEY_ED25519 NID_ED25519
		61	# define EVP_PKEY_ED448 NID_ED448
		62	# define EVP_CTRL_AEAD_SET_IVLEN 0x9
		63	# define EVP_CTRL_AEAD_SET_TAG 0x11
		64	# define EVP_MD_FLAG_XOF 0x0002
		65	# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
		66	# define EVP_CTRL_AEAD_GET_TAG 0x10
		67	/* defines from openssl's evperr.h */
		68	# define EVP_F_EVP_DIGESTFINALXOF 174
		69	# define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178
		70	/* defines from openssl's obj_mac.h */
		71	#define NID_ED25519 1087
		72	#define NID_ED448 1088
		73	#define NID_id_GostR3410_2012_256 979
		74	#define NID_id_GostR3410_2012_512 980
		75	/* defines from openssl's rsa.h */
		76	# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \
		77	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
		78	EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)
		79
		80	# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \
		81	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
		82	EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md))
		83
		84	# define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \
		85	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
		86	EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md))
		87
		88	# define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \
		89	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
		90	EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l))
		91
		92	# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
		93	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \
		94	EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \
		95	0, (void *)(md))
		96
		97	# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9)
		98	# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10)
		99	/* defines from opnssl's bn.h */
		100	# define BN_bn2binpad(a, to, n) \
		101	BN_bn2bin(a, to)
		102	/* defines from opnssl's ec.h */
		103	# define OPENSSL_EC_EXPLICIT_CURVE 0x000
		104	#endif
		105
43	namespace node {	106	namespace node {
44	namespace crypto {	107	namespace crypto {
45		108
Lines 618-625 Link Here
618	}	681	}
619		682
620	~Hash() override {	683	~Hash() override {
621	if (md_value_ != nullptr)	684	if (md_value_ != nullptr) {
622	OPENSSL_clear_free(md_value_, md_len_);	685	#ifdef LIBRESSL_VERSION_NUMBER
		686	OPENSSL_cleanse(md_value_, md_len_);
		687	OPENSSL_free(md_value_);
		688	#else
		689	OPENSSL_clear_free(md_value_, md_len_);
		690	#endif
		691	}
623	}	692	}
624		693
625	private:	694	private: