lib,src: updates for BoringSSL#63125
Open
panva wants to merge 14 commits intonodejs:mainfrom
Open
Conversation
panva
added
wip
panva
force-pushed
the
make-crypto-boring-again
branch
2 times, most recently
from
121a7ab to
97a3c8f
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #63125 +/- ##
==========================================
+ Coverage 89.67% 89.69% +0.01%
==========================================
Files 712 712
Lines 221256 221284 +28
Branches 42397 42416 +19
==========================================
+ Hits 198404 198471 +67
+ Misses 14676 14635 -41
- Partials 8176 8178 +2
🚀 New features to boost your workflow:
|
panva
force-pushed
the
make-crypto-boring-again
branch
from
97a3c8f to
6b8d741
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
Introduce explicit OPENSSL_WITH_* feature macros for crypto capabilities that vary by OpenSSL version or BoringSSL support. Use those macros at call sites instead of repeating version and backend checks, and centralize PQC key metadata so key handling can query helper functions instead of duplicating algorithm switch lists. Signed-off-by: Filip Skokan <panva.ip@gmail.com>
BoringSSL declares EVP_CIPHER_do_all_sorted and EVP_MD_do_all_sorted, but stock no-decrepit builds do not provide those symbols. Add a Node build flag that keeps ncrypto and its dependents on a local BoringSSL fallback list when libdecrepit is absent. Keep embedders that provide the EVP enumeration symbols on the normal OpenSSL-compatible path, matching Electron's patched BoringSSL build. Signed-off-by: Filip Skokan <panva.ip@gmail.com>
Map BoringSSL's native renegotiation failure to ERR_TLS_RENEGOTIATION_UNSUPPORTED when TLSSocket#renegotiate() is called. This avoids exposing an implementation-specific OpenSSL error when the TLS backend does not support caller-initiated renegotiation. Signed-off-by: Filip Skokan <panva.ip@gmail.com>
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
Factor ML-DSA and ML-KEM seed sizes and seed import/export helpers into shared helpers. Keep the provider-specific OpenSSL and BoringSSL paths contained in those helpers. Signed-off-by: Filip Skokan <panva.ip@gmail.com>
Reject raw-private and raw-seed imports before key construction when the selected asymmetric key type does not support that raw private material. Signed-off-by: Filip Skokan <panva.ip@gmail.com>
Reject raw-public object input in createPrivateKey() before it reaches native raw key import. Cover matching-length raw public keys across the supported raw-public key types. Signed-off-by: Filip Skokan <panva.ip@gmail.com>
Use the raw-seed key format constant for WebCrypto ML-KEM raw-seed imports instead of passing the raw-private constant to native key import. Signed-off-by: Filip Skokan <panva.ip@gmail.com>
panva
force-pushed
the
make-crypto-boring-again
branch
from
6b8d741 to
db65e65
Compare
Collaborator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
wipIssues and PRs that are still a work in progress.