From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Shelley Vohr Date: Wed, 12 Feb 2020 15:08:04 -0800 Subject: fix: handle BoringSSL and OpenSSL incompatibilities This patch corrects for imcompatibilities between OpenSSL, which Node.js uses, and BoringSSL which Electron uses via Chromium. Each incompatibility typically has ~2 paths forward: * Upstream a shim or adapted implementation to BoringSSL * Alter Node.js functionality to something which both libraries can handle. Where possible, we should seek to make this patch as minimal as possible. Upstreams: - https://github.com/nodejs/node/pull/39054 - https://github.com/nodejs/node/pull/39138 - https://github.com/nodejs/node/pull/39136 diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc index 6f9406eecacb7411a2e84a7b51e60b726d1961f3..bffdb0259eeed7389adb54a8ff13a1ac4e767d90 100644 --- a/deps/ncrypto/ncrypto.cc +++ b/deps/ncrypto/ncrypto.cc @@ -786,7 +786,7 @@ bool SafeX509SubjectAltNamePrint(const BIOPointer& out, X509_EXTENSION* ext) { bool ok = true; - for (int i = 0; i < sk_GENERAL_NAME_num(names); i++) { + for (size_t i = 0; i < sk_GENERAL_NAME_num(names); i++) { GENERAL_NAME* gen = sk_GENERAL_NAME_value(names, i); if (i != 0) BIO_write(out.get(), ", ", 2); @@ -810,7 +810,7 @@ bool SafeX509InfoAccessPrint(const BIOPointer& out, X509_EXTENSION* ext) { bool ok = true; - for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(descs); i++) { + for (size_t i = 0; i < sk_ACCESS_DESCRIPTION_num(descs); i++) { ACCESS_DESCRIPTION* desc = sk_ACCESS_DESCRIPTION_value(descs, i); if (i != 0) BIO_write(out.get(), "\n", 1); @@ -952,13 +952,17 @@ BIOPointer X509View::getValidTo() const { int64_t X509View::getValidToTime() const { struct tm tp; - ASN1_TIME_to_tm(X509_get0_notAfter(cert_), &tp); +#ifndef OPENSSL_IS_BORINGSSL + ASN1_TIME_to_tm(X509_get0_notAfter(cert_), &tp); +#endif return PortableTimeGM(&tp); } int64_t X509View::getValidFromTime() const { struct tm tp; +#ifndef OPENSSL_IS_BORINGSSL ASN1_TIME_to_tm(X509_get0_notBefore(cert_), &tp); +#endif return PortableTimeGM(&tp); } @@ -1233,7 +1237,11 @@ BIOPointer BIOPointer::NewMem() { } BIOPointer BIOPointer::NewSecMem() { - return BIOPointer(BIO_new(BIO_s_secmem())); +#ifdef OPENSSL_IS_BORINGSSL + return BIOPointer(BIO_new(BIO_s_mem())); +#else + return BIOPointer(BIO_new(BIO_s_secmem())); +#endif } BIOPointer BIOPointer::New(const BIO_METHOD* method) { @@ -1303,8 +1311,10 @@ BignumPointer DHPointer::FindGroup(const std::string_view name, #define V(n, p) \ if (EqualNoCase(name, n)) return BignumPointer(p(nullptr)); if (option != FindGroupOption::NO_SMALL_PRIMES) { +#ifndef OPENSSL_IS_BORINGSSL V("modp1", BN_get_rfc2409_prime_768); V("modp2", BN_get_rfc2409_prime_1024); +#endif V("modp5", BN_get_rfc3526_prime_1536); } V("modp14", BN_get_rfc3526_prime_2048); @@ -1380,11 +1390,13 @@ DHPointer::CheckPublicKeyResult DHPointer::checkPublicKey( int codes = 0; if (DH_check_pub_key(dh_.get(), pub_key.get(), &codes) != 1) return DHPointer::CheckPublicKeyResult::CHECK_FAILED; +#ifndef OPENSSL_IS_BORINGSSL if (codes & DH_CHECK_PUBKEY_TOO_SMALL) { return DHPointer::CheckPublicKeyResult::TOO_SMALL; } else if (codes & DH_CHECK_PUBKEY_TOO_SMALL) { return DHPointer::CheckPublicKeyResult::TOO_LARGE; - } else if (codes != 0) { +#endif + if (codes != 0) { return DHPointer::CheckPublicKeyResult::INVALID; } return CheckPublicKeyResult::NONE; @@ -2327,7 +2339,7 @@ const std::string_view SSLPointer::getClientHelloAlpn() const { const unsigned char* buf; size_t len; size_t rem; - +#ifndef OPENSSL_IS_BORINGSSL if (!SSL_client_hello_get0_ext( get(), TLSEXT_TYPE_application_layer_protocol_negotiation, @@ -2340,6 +2352,8 @@ const std::string_view SSLPointer::getClientHelloAlpn() const { len = (buf[0] << 8) | buf[1]; if (len + 2 != rem) return {}; return reinterpret_cast(buf + 3); +#endif + return nullptr; } const std::string_view SSLPointer::getClientHelloServerName() const { @@ -2347,7 +2361,7 @@ const std::string_view SSLPointer::getClientHelloServerName() const { const unsigned char* buf; size_t len; size_t rem; - +#ifndef OPENSSL_IS_BORINGSSL if (!SSL_client_hello_get0_ext(get(), TLSEXT_TYPE_server_name, &buf, &rem) || rem <= 2) { return {}; @@ -2363,6 +2377,8 @@ const std::string_view SSLPointer::getClientHelloServerName() const { len = (*(buf + 3) << 8) | *(buf + 4); if (len + 2 > rem) return {}; return reinterpret_cast(buf + 5); +#endif + return nullptr; } std::optional SSLPointer::GetServerName( @@ -2396,8 +2412,11 @@ bool SSLPointer::isServer() const { EVPKeyPointer SSLPointer::getPeerTempKey() const { if (!ssl_) return {}; EVP_PKEY* raw_key = nullptr; +#ifndef OPENSSL_IS_BORINGSSL if (!SSL_get_peer_tmp_key(get(), &raw_key)) return {}; return EVPKeyPointer(raw_key); +#endif + return {}; } SSLCtxPointer::SSLCtxPointer(SSL_CTX* ctx) : ctx_(ctx) {} diff --git a/deps/ncrypto/ncrypto.h b/deps/ncrypto/ncrypto.h index e5bf2b529bf23914677e25d7468aad58a4684557..9a3c6029ff3319cce58c79782a7bd5d1fcd467f9 100644 --- a/deps/ncrypto/ncrypto.h +++ b/deps/ncrypto/ncrypto.h @@ -623,17 +623,21 @@ class DHPointer final { UNABLE_TO_CHECK_GENERATOR = DH_UNABLE_TO_CHECK_GENERATOR, NOT_SUITABLE_GENERATOR = DH_NOT_SUITABLE_GENERATOR, Q_NOT_PRIME = DH_CHECK_Q_NOT_PRIME, +#ifndef OPENSSL_IS_BORINGSSL INVALID_Q = DH_CHECK_INVALID_Q_VALUE, INVALID_J = DH_CHECK_INVALID_J_VALUE, +#endif CHECK_FAILED = 512, }; CheckResult check(); enum class CheckPublicKeyResult { NONE, +#ifndef OPENSSL_IS_BORINGSSL TOO_SMALL = DH_R_CHECK_PUBKEY_TOO_SMALL, TOO_LARGE = DH_R_CHECK_PUBKEY_TOO_LARGE, - INVALID = DH_R_CHECK_PUBKEY_INVALID, +#endif + INVALID = DH_R_INVALID_PUBKEY, CHECK_FAILED = 512, }; // Check to see if the given public key is suitable for this DH instance. diff --git a/node.gni b/node.gni index 62cd49c6a87074912a1cb6792576c8d4f239b669..165b26a79a7f2b74d2a2252dc2350b2e10c091e6 100644 --- a/node.gni +++ b/node.gni @@ -11,7 +11,7 @@ declare_args() { node_v8_path = "//v8" # The location of OpenSSL - use the one from node's deps by default. - node_openssl_path = "$node_path/deps/openssl" + node_openssl_path = "//third_party/boringssl" # The location of simdutf - use the one from node's deps by default. node_simdutf_path = "//third_party/simdutf" diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc index 2176fb6982484e2c42538478eeb4dd81c9d50ee1..c00d3616e08b00b1e0a3a29b2dbb5278e1e14fcc 100644 --- a/src/crypto/crypto_cipher.cc +++ b/src/crypto/crypto_cipher.cc @@ -1027,7 +1027,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo& args) { if (EVP_PKEY_decrypt_init(ctx.get()) <= 0) { return ThrowCryptoError(env, ERR_get_error()); } - +#ifndef OPENSSL_IS_BORINGSSL int rsa_pkcs1_implicit_rejection = EVP_PKEY_CTX_ctrl_str(ctx.get(), "rsa_pkcs1_implicit_rejection", "1"); // From the doc -2 means that the option is not supported. @@ -1042,6 +1042,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo& args) { env, "RSA_PKCS1_PADDING is no longer supported for private decryption"); } +#endif } const EVP_MD* digest = nullptr; diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc index d94f6e1c82c4a62547b3b395f375c86ce4deb5de..b81b9005365272217c77e2b9289bd9f877c0e77c 100644 --- a/src/crypto/crypto_common.cc +++ b/src/crypto/crypto_common.cc @@ -124,7 +124,7 @@ StackOfX509 CloneSSLCerts(X509Pointer&& cert, if (!peer_certs) return StackOfX509(); if (cert && !sk_X509_push(peer_certs.get(), cert.release())) return StackOfX509(); - for (int i = 0; i < sk_X509_num(ssl_certs); i++) { + for (size_t i = 0; i < sk_X509_num(ssl_certs); i++) { X509Pointer cert(X509_dup(sk_X509_value(ssl_certs, i))); if (!cert || !sk_X509_push(peer_certs.get(), cert.get())) return StackOfX509(); @@ -140,7 +140,7 @@ MaybeLocal AddIssuerChainToObject(X509Pointer* cert, Environment* const env) { cert->reset(sk_X509_delete(peer_certs.get(), 0)); for (;;) { - int i; + size_t i; for (i = 0; i < sk_X509_num(peer_certs.get()); i++) { X509View ca(sk_X509_value(peer_certs.get(), i)); if (!cert->view().isIssuedBy(ca)) continue; diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc index a054e4c1285208c9ba8b9679c284f459f1ace690..3de8ef4fafcdbdc2cb0ce31de162663d5272340f 100644 --- a/src/crypto/crypto_context.cc +++ b/src/crypto/crypto_context.cc @@ -123,7 +123,7 @@ int SSL_CTX_use_certificate_chain(SSL_CTX* ctx, // the CA certificates. SSL_CTX_clear_extra_chain_certs(ctx); - for (int i = 0; i < sk_X509_num(extra_certs); i++) { + for (size_t i = 0; i < sk_X509_num(extra_certs); i++) { X509* ca = sk_X509_value(extra_certs, i); // NOTE: Increments reference count on `ca` @@ -1584,11 +1584,12 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo& args) { // If the user specified "auto" for dhparams, the JavaScript layer will pass // true to this function instead of the original string. Any other string // value will be interpreted as custom DH parameters below. +#ifndef OPENSSL_IS_BORINGSSL if (args[0]->IsTrue()) { CHECK(SSL_CTX_set_dh_auto(sc->ctx_.get(), true)); return; } - +#endif DHPointer dh; { BIOPointer bio(LoadBIO(env, args[0])); @@ -1814,7 +1815,7 @@ void SecureContext::LoadPKCS12(const FunctionCallbackInfo& args) { } // Add CA certs too - for (int i = 0; i < sk_X509_num(extra_certs.get()); i++) { + for (size_t i = 0; i < sk_X509_num(extra_certs.get()); i++) { X509* ca = sk_X509_value(extra_certs.get(), i); X509_STORE_add_cert(sc->GetCertStoreOwnedByThisSecureContext(), ca); diff --git a/src/crypto/crypto_dh.cc b/src/crypto/crypto_dh.cc index c26a88b395abfc645da56231635b36fb23c8fa09..f23cedf4f2449d8edc9a8de1b70332e75d693cdd 100644 --- a/src/crypto/crypto_dh.cc +++ b/src/crypto/crypto_dh.cc @@ -7,7 +7,9 @@ #include "memory_tracker-inl.h" #include "ncrypto.h" #include "node_errors.h" +#ifndef OPENSSL_IS_BORINGSSL #include "openssl/bnerr.h" +#endif #include "openssl/dh.h" #include "threadpoolwork-inl.h" #include "v8.h" @@ -88,11 +90,7 @@ void New(const FunctionCallbackInfo& args) { if (args[0]->IsInt32()) { int32_t bits = args[0].As()->Value(); if (bits < 2) { -#if OPENSSL_VERSION_MAJOR >= 3 - ERR_put_error(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_SMALL, __FILE__, __LINE__); -#else - ERR_put_error(ERR_LIB_BN, 0, BN_R_BITS_TOO_SMALL, __FILE__, __LINE__); -#endif + OPENSSL_PUT_ERROR(BN, BN_R_BITS_TOO_SMALL); return ThrowCryptoError(env, ERR_get_error(), "Invalid prime length"); } @@ -105,7 +103,7 @@ void New(const FunctionCallbackInfo& args) { } int32_t generator = args[1].As()->Value(); if (generator < 2) { - ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__); + OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR); return ThrowCryptoError(env, ERR_get_error(), "Invalid generator"); } @@ -134,12 +132,12 @@ void New(const FunctionCallbackInfo& args) { if (args[1]->IsInt32()) { int32_t generator = args[1].As()->Value(); if (generator < 2) { - ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__); + OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR); return ThrowCryptoError(env, ERR_get_error(), "Invalid generator"); } bn_g = BignumPointer::New(); if (!bn_g.setWord(generator)) { - ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__); + OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR); return ThrowCryptoError(env, ERR_get_error(), "Invalid generator"); } } else { @@ -148,11 +146,11 @@ void New(const FunctionCallbackInfo& args) { return THROW_ERR_OUT_OF_RANGE(env, "generator is too big"); bn_g = BignumPointer(reinterpret_cast(arg1.data()), arg1.size()); if (!bn_g) { - ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__); + OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR); return ThrowCryptoError(env, ERR_get_error(), "Invalid generator"); } if (bn_g.getWord() < 2) { - ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__); + OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR); return ThrowCryptoError(env, ERR_get_error(), "Invalid generator"); } } @@ -260,15 +258,17 @@ void ComputeSecret(const FunctionCallbackInfo& args) { BignumPointer key(key_buf.data(), key_buf.size()); switch (dh.checkPublicKey(key)) { - case DHPointer::CheckPublicKeyResult::INVALID: - // Fall-through case DHPointer::CheckPublicKeyResult::CHECK_FAILED: return THROW_ERR_CRYPTO_INVALID_KEYTYPE(env, "Unspecified validation error"); +#ifndef OPENSSL_IS_BORINGSSL case DHPointer::CheckPublicKeyResult::TOO_SMALL: return THROW_ERR_CRYPTO_INVALID_KEYLEN(env, "Supplied key is too small"); case DHPointer::CheckPublicKeyResult::TOO_LARGE: return THROW_ERR_CRYPTO_INVALID_KEYLEN(env, "Supplied key is too large"); +#endif + case DHPointer::CheckPublicKeyResult::INVALID: + return THROW_ERR_CRYPTO_INVALID_KEYTYPE(env, "Supplied key is invalid"); case DHPointer::CheckPublicKeyResult::NONE: break; } @@ -400,9 +400,11 @@ EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) { key_params = EVPKeyPointer::New(); CHECK(key_params); CHECK_EQ(EVP_PKEY_assign_DH(key_params.get(), dh.release()), 1); - } else if (int* prime_size = std::get_if(¶ms->params.prime)) { + } else if (std::get_if(¶ms->params.prime)) { EVPKeyCtxPointer param_ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_DH, nullptr)); EVP_PKEY* raw_params = nullptr; +#ifndef OPENSSL_IS_BORINGSSL + int* prime_size = std::get_if(¶ms->params.prime); if (!param_ctx || EVP_PKEY_paramgen_init(param_ctx.get()) <= 0 || EVP_PKEY_CTX_set_dh_paramgen_prime_len( @@ -416,6 +418,9 @@ EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) { } key_params = EVPKeyPointer(raw_params); +#else + return EVPKeyCtxPointer(); +#endif } else { UNREACHABLE(); } diff --git a/src/crypto/crypto_dsa.cc b/src/crypto/crypto_dsa.cc index 471fee77531139ce988292470dff443fdfb05b07..931f7c2ae3d7e12afce471545d610d22f63412d7 100644 --- a/src/crypto/crypto_dsa.cc +++ b/src/crypto/crypto_dsa.cc @@ -43,7 +43,7 @@ namespace crypto { EVPKeyCtxPointer DsaKeyGenTraits::Setup(DsaKeyPairGenConfig* params) { EVPKeyCtxPointer param_ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, nullptr)); EVP_PKEY* raw_params = nullptr; - +#ifndef OPENSSL_IS_BORINGSSL if (!param_ctx || EVP_PKEY_paramgen_init(param_ctx.get()) <= 0 || EVP_PKEY_CTX_set_dsa_paramgen_bits( @@ -58,7 +58,9 @@ EVPKeyCtxPointer DsaKeyGenTraits::Setup(DsaKeyPairGenConfig* params) { return EVPKeyCtxPointer(); } } - +#else + return EVPKeyCtxPointer(); +#endif if (EVP_PKEY_paramgen(param_ctx.get(), &raw_params) <= 0) return EVPKeyCtxPointer(); diff --git a/src/crypto/crypto_keys.cc b/src/crypto/crypto_keys.cc index b38a9a377738fd5fe6cc89c3a27c403bf6a97715..0cd43c2005b431e180b7483cb89825a75e1fe03f 100644 --- a/src/crypto/crypto_keys.cc +++ b/src/crypto/crypto_keys.cc @@ -949,6 +949,7 @@ void KeyObjectHandle::GetAsymmetricKeyType( } bool KeyObjectHandle::CheckEcKeyData() const { +#ifndef OPENSSL_IS_BORINGSSL MarkPopErrorOnReturn mark_pop_error_on_return; const auto& key = data_.GetAsymmetricKey(); @@ -965,6 +966,9 @@ bool KeyObjectHandle::CheckEcKeyData() const { #else return EVP_PKEY_public_check(ctx.get()) == 1; #endif +#else + return true; +#endif } void KeyObjectHandle::CheckEcKeyData(const FunctionCallbackInfo& args) { diff --git a/src/crypto/crypto_random.cc b/src/crypto/crypto_random.cc index 78f2093d1d010be6f9c492662f4f582657ff6a13..b6aef7fd27cd974697bcee05955bfd9ccf4d5837 100644 --- a/src/crypto/crypto_random.cc +++ b/src/crypto/crypto_random.cc @@ -143,7 +143,7 @@ Maybe RandomPrimeTraits::AdditionalConfig( params->bits = bits; params->safe = safe; - params->prime = BignumPointer::NewSecure(); + params->prime = BignumPointer::New(); if (!params->prime) { THROW_ERR_CRYPTO_OPERATION_FAILED(env, "could not generate prime"); return Nothing(); diff --git a/src/crypto/crypto_rsa.cc b/src/crypto/crypto_rsa.cc index 05a3882c7e17d78e27aabb29891aa250789a47c0..1f2fccce6ed8f14525557644e0bdd130eedf3337 100644 --- a/src/crypto/crypto_rsa.cc +++ b/src/crypto/crypto_rsa.cc @@ -612,10 +612,13 @@ Maybe GetRsaKeyDetail(Environment* env, } if (params->saltLength != nullptr) { +#ifndef OPENSSL_IS_BORINGSSL + // TODO(codebytere): Upstream a shim to BoringSSL? if (ASN1_INTEGER_get_int64(&salt_length, params->saltLength) != 1) { ThrowCryptoError(env, ERR_get_error(), "ASN1_INTEGER_get_in64 error"); return Nothing(); } +#endif } if (target diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc index 7c548d32b40365343f0e208c3aa856a1c847f4c3..6346f8f7199cf7b7d3736c59571606fff102fbb6 100644 --- a/src/crypto/crypto_util.cc +++ b/src/crypto/crypto_util.cc @@ -207,7 +207,8 @@ void TestFipsCrypto(const v8::FunctionCallbackInfo& args) { void GetOpenSSLSecLevelCrypto(const FunctionCallbackInfo& args) { // for BoringSSL assume the same as the default - int sec_level = OPENSSL_TLS_SECURITY_LEVEL; + // value of OPENSSL_TLS_SECURITY_LEVEL. + int sec_level = 1; #ifndef OPENSSL_IS_BORINGSSL Environment* env = Environment::GetCurrent(args); @@ -527,24 +528,15 @@ Maybe Decorate(Environment* env, V(BIO) \ V(PKCS7) \ V(X509V3) \ - V(PKCS12) \ V(RAND) \ - V(DSO) \ V(ENGINE) \ V(OCSP) \ V(UI) \ V(COMP) \ V(ECDSA) \ V(ECDH) \ - V(OSSL_STORE) \ - V(FIPS) \ - V(CMS) \ - V(TS) \ V(HMAC) \ - V(CT) \ - V(ASYNC) \ - V(KDF) \ - V(SM2) \ + V(HKDF) \ V(USER) \ #define V(name) case ERR_LIB_##name: lib = #name "_"; break; @@ -686,7 +678,7 @@ void SecureBuffer(const FunctionCallbackInfo& args) { CHECK(args[0]->IsUint32()); Environment* env = Environment::GetCurrent(args); uint32_t len = args[0].As()->Value(); - void* data = OPENSSL_secure_zalloc(len); + void* data = OPENSSL_malloc(len); if (data == nullptr) { // There's no memory available for the allocation. // Return nothing. @@ -697,7 +689,7 @@ void SecureBuffer(const FunctionCallbackInfo& args) { data, len, [](void* data, size_t len, void* deleter_data) { - OPENSSL_secure_clear_free(data, len); + OPENSSL_clear_free(data, len); }, data); Local buffer = ArrayBuffer::New(env->isolate(), store); @@ -705,10 +697,12 @@ void SecureBuffer(const FunctionCallbackInfo& args) { } void SecureHeapUsed(const FunctionCallbackInfo& args) { +#ifndef OPENSSL_IS_BORINGSSL Environment* env = Environment::GetCurrent(args); if (CRYPTO_secure_malloc_initialized()) args.GetReturnValue().Set( BigInt::New(env->isolate(), CRYPTO_secure_used())); +#endif } } // namespace diff --git a/src/env.h b/src/env.h index c42493ad958508f650917bf5ca92088714a5056c..07accfbcca491966c6c8ad9c20e146dbd22347f0 100644 --- a/src/env.h +++ b/src/env.h @@ -50,7 +50,7 @@ #include "uv.h" #include "v8.h" -#if HAVE_OPENSSL +#if HAVE_OPENSSL && OPENSSL_VERSION_MAJOR >= 3 #include #endif @@ -1076,7 +1076,7 @@ class Environment final : public MemoryRetainer { kExitInfoFieldCount }; -#if HAVE_OPENSSL +#if HAVE_OPENSSL// && !defined(OPENSSL_IS_BORINGSSL) #if OPENSSL_VERSION_MAJOR >= 3 // We declare another alias here to avoid having to include crypto_util.h using EVPMDPointer = DeleteFnPtr; diff --git a/src/node_config.cc b/src/node_config.cc index 6032bbd10f41da7bae44828a8e908c1bec0ea0b6..2013de54f0f6a036e8378deefbff8d7cb5f7cfb2 100644 --- a/src/node_config.cc +++ b/src/node_config.cc @@ -7,6 +7,10 @@ #include "node_options.h" #include "util-inl.h" +#if HAVE_OPENSSL +#include +#endif + namespace node { using v8::Context; diff --git a/src/node_metadata.h b/src/node_metadata.h index 7b2072ad39c3f1a7c73101b25b69beb781141e26..d23536d88d21255d348175425a59e2424332cd19 100644 --- a/src/node_metadata.h +++ b/src/node_metadata.h @@ -6,7 +6,7 @@ #include #include "node_version.h" -#if HAVE_OPENSSL +#if 0 #include #if NODE_OPENSSL_HAS_QUIC #include diff --git a/src/node_options.cc b/src/node_options.cc index da39abf79c53fcc3d83d3431deda9dbdf3b0621e..14f7764c995e8de6582faf58c9b98a9cbe4fab73 100644 --- a/src/node_options.cc +++ b/src/node_options.cc @@ -7,7 +7,7 @@ #include "node_external_reference.h" #include "node_internals.h" #include "node_sea.h" -#if HAVE_OPENSSL +#if HAVE_OPENSSL && !defined(OPENSSL_IS_BORINGSSL) #include "openssl/opensslv.h" #endif diff --git a/src/node_options.h b/src/node_options.h index 165950c207ca752ec942ef27a671af66cbd2b938..eb18fdd617fd19e5b97cd67f351e70c28fee3e75 100644 --- a/src/node_options.h +++ b/src/node_options.h @@ -11,7 +11,7 @@ #include "node_mutex.h" #include "util.h" -#if HAVE_OPENSSL +#if 0 #include "openssl/opensslv.h" #endif