Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 612078 Details for
Bug 613344
net-libs/nodejs: add libressl support
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
experimental libressl patch
node-v13.4.0-libressl-experimental.patch (text/plain), 16.10 KB, created by
Sandino Araico Sanchez
on 2020-02-06 12:21:28 UTC
(
hide
)
Description:
experimental libressl patch
Filename:
MIME Type:
Creator:
Sandino Araico Sanchez
Created:
2020-02-06 12:21:28 UTC
Size:
16.10 KB
patch
obsolete
>Only in node-v13.4.0.orig: .BUILDING.md.swp >Only in node-v13.4.0/deps/v8/third_party/inspector_protocol: __pycache__ >Only in node-v13.4.0/deps/v8/third_party/jinja2: __pycache__ >Only in node-v13.4.0/deps/v8/third_party/markupsafe: __pycache__ >Only in node-v13.4.0/out: Debug >Only in node-v13.4.0.orig/out: Makefile >Only in node-v13.4.0/out: Release >Only in node-v13.4.0/src: .node.cc.swp >Only in node-v13.4.0/src: .node.h.swp >Only in node-v13.4.0/src: .node_crypto.cc.swp >Only in node-v13.4.0/src: .node_crypto.h.swp >Only in node-v13.4.0/src: .node_crypto_bio.cc.swp >Only in node-v13.4.0/src: .tls_wrap.cc.swp >diff -uri node-v13.4.0.orig/src/node_crypto.cc node-v13.4.0/src/node_crypto.cc >--- node-v13.4.0.orig/src/node_crypto.cc 2019-12-17 01:41:03.000000000 -0600 >+++ node-v13.4.0/src/node_crypto.cc 2020-02-01 06:13:53.000000000 -0600 >@@ -104,7 +104,7 @@ > using v8::Undefined; > using v8::Value; > >-#ifdef OPENSSL_NO_OCB >+#if defined (OPENSSL_NO_OCB) || defined (LIBRESSL_VERSION_NUMBER) > # define IS_OCB_MODE(mode) false > #else > # define IS_OCB_MODE(mode) ((mode) == EVP_CIPH_OCB_MODE) >@@ -539,7 +539,15 @@ > > // A maxVersion of 0 means "any", but OpenSSL may support TLS versions that > // Node.js doesn't, so pin the max to what we do support. >+#if defined (LIBRESSL_VERSION_NUMBER) >+#if defined (LIBRESSL_HAS_TLS1_3) > const int MAX_SUPPORTED_VERSION = TLS1_3_VERSION; >+#else >+const int MAX_SUPPORTED_VERSION = TLS1_2_VERSION; >+#endif >+#else >+const int MAX_SUPPORTED_VERSION = TLS1_3_VERSION; >+#endif > > void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { > SecureContext* sc; >@@ -760,11 +768,13 @@ > > const node::Utf8Value sigalgs(env->isolate(), args[0]); > >+#ifndef LIBRESSL_VERSION_NUMBER > int rv = SSL_CTX_set1_sigalgs_list(sc->ctx_.get(), *sigalgs); > > if (rv == 0) { > return ThrowCryptoError(env, ERR_get_error()); > } >+#endif > } > > #ifndef OPENSSL_NO_ENGINE >@@ -1181,6 +1191,9 @@ > CHECK(args[0]->IsString()); > > const node::Utf8Value ciphers(args.GetIsolate(), args[0]); >+#ifdef LIBRESSL_VERSION_NUMBER >+ return env->ThrowError("SSL_CTX_set_ciphersuites not supported in libressl"); >+#else > if (!SSL_CTX_set_ciphersuites(sc->ctx_.get(), *ciphers)) { > unsigned long err = ERR_get_error(); // NOLINT(runtime/int) > if (!err) { >@@ -1190,6 +1203,7 @@ > return ThrowCryptoError(env, err); > } > #endif >+#endif > } > > >@@ -2078,6 +2092,7 @@ > info->Set(env->context(), env->pubkey_string(), pubbuff).Check(); > } else if (ec) { > const EC_GROUP* group = EC_KEY_get0_group(ec.get()); >+#ifndef LIBRESSL_VERSION_NUMBER > if (group != nullptr) { > int bits = EC_GROUP_order_bits(group); > if (bits > 0) { >@@ -2085,6 +2100,7 @@ > Integer::New(env->isolate(), bits)).Check(); > } > } >+#endif > > const EC_POINT* pubkey = EC_KEY_get0_public_key(ec.get()); > Local<Object> buf; >@@ -2473,6 +2489,9 @@ > > template <class Base> > void SSLWrap<Base>::GetTLSTicket(const FunctionCallbackInfo<Value>& args) { >+#ifdef LIBRESSL_VERSION_NUMBER >+ return; >+#else > Base* w; > ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder()); > Environment* env = w->ssl_env(); >@@ -2492,6 +2511,7 @@ > env, reinterpret_cast<const char*>(ticket), length).ToLocalChecked(); > > args.GetReturnValue().Set(buff); >+#endif > } > > >@@ -2685,7 +2705,11 @@ > const char* cipher_name = SSL_CIPHER_get_name(c); > info->Set(context, env->name_string(), > OneByteString(args.GetIsolate(), cipher_name)).Check(); >+#ifdef LIBRESSL_VERSION_NUMBER >+ const char* cipher_standard_name = "(NONE)"; >+#else > const char* cipher_standard_name = SSL_CIPHER_standard_name(c); >+#endif > info->Set(context, env->standard_name_string(), > OneByteString(args.GetIsolate(), cipher_standard_name)).Check(); > const char* cipher_version = SSL_CIPHER_get_version(c); >@@ -2702,8 +2726,12 @@ > Environment* env = w->ssl_env(); > > SSL* ssl = w->ssl_.get(); >+#ifdef LIBRESSL_VERSION_NUMBER >+ int nsig = 0; >+#else > int nsig = SSL_get_shared_sigalgs(ssl, 0, nullptr, nullptr, nullptr, nullptr, > nullptr); >+#endif > MaybeStackBuffer<Local<Value>, 16> ret_arr(nsig); > > for (int i = 0; i < nsig; i++) { >@@ -2711,8 +2739,10 @@ > int sign_nid; > std::string sig_with_md; > >+#ifndef LIBRESSL_VERSION_NUMBER > SSL_get_shared_sigalgs(ssl, i, &sign_nid, &hash_nid, nullptr, nullptr, > nullptr); >+#endif > > switch (sign_nid) { > case EVP_PKEY_RSA: >@@ -2959,7 +2989,11 @@ > info->Set(context, env->servername_string(), str).Check(); > } > >+#ifdef LIBRESSL_VERSION_NUMBER >+ const bool ocsp = false; >+#else > const bool ocsp = (SSL_get_tlsext_status_type(s) == TLSEXT_STATUSTYPE_ocsp); >+#endif > info->Set(context, env->ocsp_request_string(), > Boolean::New(env->isolate(), ocsp)).Check(); > >@@ -3001,7 +3035,11 @@ > > // NOTE: reference count is not increased by this API methods > X509* x509 = SSL_CTX_get0_certificate(sc->ctx_.get()); >+#ifdef LIBRESSL_VERSION_NUMBER >+ EVP_PKEY* pkey = NULL; >+#else > EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_.get()); >+#endif > STACK_OF(X509)* chain; > > rv = SSL_CTX_get0_chain_certs(sc->ctx_.get(), &chain); >@@ -3055,6 +3093,9 @@ > > template <class Base> > int SSLWrap<Base>::SetCACerts(SecureContext* sc) { >+#ifdef LIBRESSL_VERSION_NUMBER >+ return 0; >+#else > int err = SSL_set1_verify_cert_store(ssl_.get(), > SSL_CTX_get_cert_store(sc->ctx_.get())); > if (err != 1) >@@ -3066,6 +3107,7 @@ > // NOTE: `SSL_set_client_CA_list` takes the ownership of `list` > SSL_set_client_CA_list(ssl_.get(), list); > return 1; >+#endif > } > > template <class Base> >@@ -3133,7 +3175,12 @@ > // OpenSSL might modify the pointer, so we need to make a copy before parsing. > const unsigned char* p = der_data; > pkey->reset(parse(&p, der_len)); >+#ifdef LIBRESSL_VERSION_NUMBER >+ OPENSSL_cleanse(der_data, der_len); >+ OPENSSL_free(der_data); >+#else > OPENSSL_clear_free(der_data, der_len); >+#endif > > return *pkey ? ParseKeyResult::kParseKeyOk : > ParseKeyResult::kParseKeyFailed; >@@ -3375,12 +3422,22 @@ > } > > ByteSource::~ByteSource() { >+#ifdef LIBRESSL_VERSION_NUMBER >+ OPENSSL_cleanse(allocated_data_, size_); >+ OPENSSL_free(allocated_data_); >+#else > OPENSSL_clear_free(allocated_data_, size_); >+#endif > } > > ByteSource& ByteSource::operator=(ByteSource&& other) { > if (&other != this) { >+#ifdef LIBRESSL_VERSION_NUMBER >+ OPENSSL_cleanse(allocated_data_, size_); >+ OPENSSL_free(allocated_data_); >+#else > OPENSSL_clear_free(allocated_data_, size_); >+#endif > data_ = other.data_; > allocated_data_ = other.allocated_data_; > other.allocated_data_ = nullptr; >@@ -3864,7 +3921,12 @@ > abv->CopyContents(mem, key_len); > this->symmetric_key_ = std::unique_ptr<char, std::function<void(char*)>>(mem, > [key_len](char* p) { >+#ifdef LIBRESSL_VERSION_NUMBER >+ OPENSSL_cleanse(p, key_len); >+ OPENSSL_free(p); >+#else > OPENSSL_clear_free(p, key_len); >+#endif > }); > this->symmetric_key_len_ = key_len; > } >@@ -4840,8 +4902,12 @@ > ret = EVP_DigestFinal_ex(hash->mdctx_.get(), hash->md_value_, > &hash->md_len_); > } else { >+#ifdef LIBRESSL_VERSION_NUMBER >+ ret = 0; >+#else > ret = EVP_DigestFinalXOF(hash->mdctx_.get(), hash->md_value_, > hash->md_len_); >+#endif > } > > if (ret != 1) { >@@ -5019,11 +5085,15 @@ > if (base_id == EVP_PKEY_DSA) { > DSA* dsa_key = EVP_PKEY_get0_DSA(pkey.get()); > // Both r and s are computed mod q, so their width is limited by that of q. >+#ifdef LIBRESSL_VERSION_NUMBER >+ bits = BN_num_bits(dsa_key->q); >+#else > bits = BN_num_bits(DSA_get0_q(dsa_key)); > } else if (base_id == EVP_PKEY_EC) { > EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(pkey.get()); > const EC_GROUP* ec_group = EC_KEY_get0_group(ec_key); > bits = EC_GROUP_order_bits(ec_group); >+#endif > } else { > return kNoDsaSignature; > } >@@ -5048,8 +5118,14 @@ > AllocatedBuffer buf = env->AllocateManaged(2 * n); > unsigned char* data = reinterpret_cast<unsigned char*>(buf.data()); > >+#ifdef LIBRESSL_VERSION_NUMBER >+ const ECDSA_SIG* sig = asn1_sig.get(); >+ const BIGNUM* r = sig->r; >+ const BIGNUM* s = sig->s; >+#else > const BIGNUM* r = ECDSA_SIG_get0_r(asn1_sig.get()); > const BIGNUM* s = ECDSA_SIG_get0_s(asn1_sig.get()); >+#endif > CHECK_EQ(n, static_cast<unsigned int>(BN_bn2binpad(r, data, n))); > CHECK_EQ(n, static_cast<unsigned int>(BN_bn2binpad(s, data + n, n))); > >@@ -5262,10 +5338,22 @@ > const unsigned char* input = > reinterpret_cast<const unsigned char*>(data.data()); > size_t sig_len; >+#ifdef LIBRESSL_VERSION_NUMBER >+ if (!EVP_DigestSignFinal(mdctx.get(), nullptr, &sig_len)) >+ return CheckThrow(env, SignBase::Error::kSignPrivateKey); >+#else > if (!EVP_DigestSign(mdctx.get(), nullptr, &sig_len, input, data.length())) > return CheckThrow(env, SignBase::Error::kSignPrivateKey); >+#endif > > AllocatedBuffer signature = env->AllocateManaged(sig_len); >+#ifdef LIBRESSL_VERSION_NUMBER >+ if (!EVP_DigestSignFinal(mdctx.get(), >+ reinterpret_cast<unsigned char*>(signature.data()), >+ &sig_len)) { >+ return CheckThrow(env, SignBase::Error::kSignPrivateKey); >+ } >+#else > if (!EVP_DigestSign(mdctx.get(), > reinterpret_cast<unsigned char*>(signature.data()), > &sig_len, >@@ -5273,6 +5361,7 @@ > data.length())) { > return CheckThrow(env, SignBase::Error::kSignPrivateKey); > } >+#endif > > signature.Resize(sig_len); > >@@ -5461,12 +5550,19 @@ > } > > bool verify_result; >+#ifdef LIBRESSL_VERSION_NUMBER >+ const int r = EVP_DigestVerifyFinal( >+ mdctx.get(), >+ reinterpret_cast<const unsigned char*>(sig_bytes.get()), >+ sig_bytes.size()); >+#else > const int r = EVP_DigestVerify( > mdctx.get(), > reinterpret_cast<const unsigned char*>(sig_bytes.get()), > sig_bytes.size(), > reinterpret_cast<const unsigned char*>(data.data()), > data.length()); >+#endif > switch (r) { > case 1: > verify_result = true; >@@ -6350,7 +6446,7 @@ > } > > >-#ifndef OPENSSL_NO_SCRYPT >+#if !( defined(OPENSSL_NO_SCRYPT) || defined(LIBRESSL_VERSION_NUMBER) ) > struct ScryptJob : public CryptoJob { > unsigned char* keybuf_data; > size_t keybuf_size; >@@ -7098,7 +7194,7 @@ > } > > void InitCryptoOnce() { >-#ifndef OPENSSL_IS_BORINGSSL >+#if !( defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER) ) > OPENSSL_INIT_SETTINGS* settings = OPENSSL_INIT_new(); > > // --openssl-config=... >@@ -7278,7 +7374,7 @@ > PublicKeyCipher::Cipher<PublicKeyCipher::kPublic, > EVP_PKEY_verify_recover_init, > EVP_PKEY_verify_recover>); >-#ifndef OPENSSL_NO_SCRYPT >+#if !( defined(OPENSSL_NO_SCRYPT) || defined(LIBRESSL_VERSION_NUMBER) ) > env->SetMethod(target, "scrypt", Scrypt); > #endif // OPENSSL_NO_SCRYPT > } >diff -uri node-v13.4.0.orig/src/node_crypto.h node-v13.4.0/src/node_crypto.h >--- node-v13.4.0.orig/src/node_crypto.h 2019-12-17 01:41:03.000000000 -0600 >+++ node-v13.4.0/src/node_crypto.h 2020-02-01 06:10:05.000000000 -0600 >@@ -40,6 +40,69 @@ > #include <openssl/ec.h> > #include <openssl/rsa.h> > >+/* >+ * libressl compat >+ */ >+#ifdef LIBRESSL_VERSION_NUMBER >+/* defines from opnssl's crypto.h */ >+# define OPENSSL_memdup(str, s) \ >+ BUF_memdup(str, s) >+/* defines from opnssl's err.h */ >+# define ERR_LIB_OSSL_STORE 44 >+# define ERR_LIB_CT 50 >+# define ERR_LIB_ASYNC 51 >+# define ERR_LIB_KDF 52 >+# define ERR_LIB_SM2 53 >+/* defines from openssl's evp.h */ >+# define EVP_PKEY_X25519 NID_X25519 >+# define EVP_PKEY_X448 NID_X448 >+# define EVP_PKEY_RSA_PSS NID_rsassaPss >+# define EVP_PKEY_ED25519 NID_ED25519 >+# define EVP_PKEY_ED448 NID_ED448 >+# define EVP_CTRL_AEAD_SET_IVLEN 0x9 >+# define EVP_CTRL_AEAD_SET_TAG 0x11 >+# define EVP_MD_FLAG_XOF 0x0002 >+# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG >+# define EVP_CTRL_AEAD_GET_TAG 0x10 >+/* defines from openssl's evperr.h */ >+# define EVP_F_EVP_DIGESTFINALXOF 174 >+# define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178 >+/* defines from openssl's obj_mac.h */ >+#define NID_ED25519 1087 >+#define NID_ED448 1088 >+#define NID_id_GostR3410_2012_256 979 >+#define NID_id_GostR3410_2012_512 980 >+/* defines from openssl's rsa.h */ >+# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ >+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ >+ EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) >+ >+# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ >+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ >+ EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) >+ >+# define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ >+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ >+ EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)) >+ >+# define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \ >+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ >+ EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l)) >+ >+# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ >+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ >+ EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \ >+ 0, (void *)(md)) >+ >+# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) >+# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) >+/* defines from opnssl's bn.h */ >+# define BN_bn2binpad(a, to, n) \ >+ BN_bn2bin(a, to) >+/* defines from opnssl's ec.h */ >+# define OPENSSL_EC_EXPLICIT_CURVE 0x000 >+#endif >+ > namespace node { > namespace crypto { > >@@ -618,8 +681,14 @@ > } > > ~Hash() override { >- if (md_value_ != nullptr) >- OPENSSL_clear_free(md_value_, md_len_); >+ if (md_value_ != nullptr) { >+#ifdef LIBRESSL_VERSION_NUMBER >+ OPENSSL_cleanse(md_value_, md_len_); >+ OPENSSL_free(md_value_); >+#else >+ OPENSSL_clear_free(md_value_, md_len_); >+#endif >+ } > } > > private: >diff -uri node-v13.4.0.orig/src/node_crypto_bio.cc node-v13.4.0/src/node_crypto_bio.cc >--- node-v13.4.0.orig/src/node_crypto_bio.cc 2019-12-17 01:41:03.000000000 -0600 >+++ node-v13.4.0/src/node_crypto_bio.cc 2020-02-01 06:19:31.000000000 -0600 >@@ -65,7 +65,11 @@ > return 0; > > if (BIO_get_shutdown(bio)) { >+#ifdef LIBRESSL_VERSION_NUMBER >+ if (bio->init && BIO_get_data(bio) != nullptr) { >+#else > if (BIO_get_init(bio) && BIO_get_data(bio) != nullptr) { >+#endif > delete FromBIO(bio); > BIO_set_data(bio, nullptr); > } >diff -uri node-v13.4.0.orig/src/tls_wrap.cc node-v13.4.0/src/tls_wrap.cc >--- node-v13.4.0.orig/src/tls_wrap.cc 2019-12-17 01:41:03.000000000 -0600 >+++ node-v13.4.0/src/tls_wrap.cc 2020-02-04 05:06:18.000000000 -0600 >@@ -140,7 +140,11 @@ > > ConfigureSecureContext(sc_); > >+#ifdef LIBRESSL_VERSION_NUMBER >+/* FIXME: cert callback not implemented in libressl */ >+#else > SSL_set_cert_cb(ssl_.get(), SSLWrap<TLSWrap>::SSLCertCallback, this); >+#endif > > if (is_server()) { > SSL_set_accept_state(ssl_.get()); >@@ -916,8 +920,12 @@ > TLSWrap* wrap; > ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); > CHECK_NOT_NULL(wrap->sc_); >+#ifdef LIBRESSL_VERSION_NUMBER >+/* FIXME: keylog_callback not implemented in libressl */ >+#else > SSL_CTX_set_keylog_callback(wrap->sc_->ctx_.get(), > SSLWrap<TLSWrap>::KeylogCallback); >+#endif > } > > // Check required capabilities were not excluded from the OpenSSL build: >@@ -935,7 +943,8 @@ > TLSWrap* wrap; > ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); > >-#if HAVE_SSL_TRACE >+#ifndef LIBRESSL_VERSION_NUMBER >+#if HAVE_SSL_TRACE > if (wrap->ssl_) { > wrap->bio_trace_.reset(BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT)); > SSL_set_msg_callback(wrap->ssl_.get(), [](int write_p, int version, int >@@ -952,6 +961,7 @@ > SSL_set_msg_callback_arg(wrap->ssl_.get(), wrap->bio_trace_.get()); > } > #endif >+#endif > } > > void TLSWrap::DestroySSL(const FunctionCallbackInfo<Value>& args) { >Only in node-v13.4.0.orig/test/parallel: test-stdout-close-unref.js
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 613344
:
543960
|
610150
| 612078