From 0b0eccaec8c18e8cbb7e5e59770e888da2c1283c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 28 Apr 2026 14:33:45 +0000 Subject: [PATCH 1/2] chore: sync ncrypto from nodejs/node Node-Base-Commit: 84aaed75978e537ebcfa82b094794fa4bb0ffa79 Node-Target-Commit: 8385efc01343a835e3a0efe05611f44272cbb413 --- .github/sync-node-ncrypto.json | 2 +- include/ncrypto.h | 64 ++++++++++- src/ncrypto.cpp | 199 +++++++++++++++++++++++++++++---- 3 files changed, 238 insertions(+), 27 deletions(-) diff --git a/.github/sync-node-ncrypto.json b/.github/sync-node-ncrypto.json index 484039f..5e32169 100644 --- a/.github/sync-node-ncrypto.json +++ b/.github/sync-node-ncrypto.json @@ -1,3 +1,3 @@ { - "node_commit": null + "node_commit": "8385efc01343a835e3a0efe05611f44272cbb413" } diff --git a/include/ncrypto.h b/include/ncrypto.h index 79b7298..222139c 100644 --- a/include/ncrypto.h +++ b/include/ncrypto.h @@ -899,6 +899,9 @@ class EVPKeyPointer final { DER, PEM, JWK, + RAW_PUBLIC, + RAW_PRIVATE, + RAW_SEED, }; enum class PKParseError { NOT_RECOGNIZED, NEED_PASSPHRASE, FAILED }; @@ -908,6 +911,7 @@ class EVPKeyPointer final { bool output_key_object = false; PKFormatType format = PKFormatType::DER; PKEncodingType type = PKEncodingType::PKCS8; + int ec_point_form = POINT_CONVERSION_UNCOMPRESSED; AsymmetricKeyEncodingConfig() = default; AsymmetricKeyEncodingConfig(bool output_key_object, PKFormatType format, @@ -1622,8 +1626,9 @@ int NoPasswordCallback(char* buf, int size, int rwflag, void* u); int PasswordCallback(char* buf, int size, int rwflag, void* u); -bool SafeX509SubjectAltNamePrint(const BIOPointer& out, X509_EXTENSION* ext); -bool SafeX509InfoAccessPrint(const BIOPointer& out, X509_EXTENSION* ext); +bool SafeX509SubjectAltNamePrint(const BIOPointer& out, + const X509_EXTENSION* ext); +bool SafeX509InfoAccessPrint(const BIOPointer& out, const X509_EXTENSION* ext); // ============================================================================ // SPKAC @@ -1698,6 +1703,7 @@ DataPointer pbkdf2(const Digest& md, uint32_t iterations, size_t length); +<<<<<<< nodejs/ncrypto:include/ncrypto.h #if OPENSSL_VERSION_NUMBER >= 0x30200000L #ifndef OPENSSL_NO_ARGON2 enum class Argon2Type { ARGON2D, ARGON2I, ARGON2ID }; @@ -1715,6 +1721,60 @@ DataPointer argon2(const Buffer& pass, #endif #endif +||||||| nodejs/node:deps/ncrypto/ncrypto.h@84aaed75978e +======= +#if OPENSSL_VERSION_NUMBER >= 0x30200000L +#ifndef OPENSSL_NO_ARGON2 +enum class Argon2Type { ARGON2D, ARGON2I, ARGON2ID }; + +DataPointer argon2(const Buffer& pass, + const Buffer& salt, + uint32_t lanes, + size_t length, + uint32_t memcost, + uint32_t iter, + uint32_t version, + const Buffer& secret, + const Buffer& ad, + Argon2Type type); +#endif +#endif + +// ============================================================================ +// KEM (Key Encapsulation Mechanism) +#if OPENSSL_VERSION_MAJOR >= 3 + +class KEM final { + public: + struct EncapsulateResult { + DataPointer ciphertext; + DataPointer shared_key; + + EncapsulateResult() = default; + EncapsulateResult(DataPointer ct, DataPointer sk) + : ciphertext(std::move(ct)), shared_key(std::move(sk)) {} + }; + + // Encapsulate a shared secret using KEM with a public key. + // Returns both the ciphertext and shared secret. + static std::optional Encapsulate( + const EVPKeyPointer& public_key); + + // Decapsulate a shared secret using KEM with a private key and ciphertext. + // Returns the shared secret. + static DataPointer Decapsulate(const EVPKeyPointer& private_key, + const Buffer& ciphertext); + + private: +#if !OPENSSL_VERSION_PREREQ(3, 5) + static bool SetOperationParameter(EVP_PKEY_CTX* ctx, + const EVPKeyPointer& key); +#endif +}; + +#endif // OPENSSL_VERSION_MAJOR >= 3 + +>>>>>>> nodejs/node:deps/ncrypto/ncrypto.h@8385efc01343 // ============================================================================ // KEM (Key Encapsulation Mechanism) #if OPENSSL_VERSION_MAJOR >= 3 diff --git a/src/ncrypto.cpp b/src/ncrypto.cpp index ee0822a..22f74ea 100644 --- a/src/ncrypto.cpp +++ b/src/ncrypto.cpp @@ -22,12 +22,20 @@ #include #include #include +<<<<<<< nodejs/ncrypto:src/ncrypto.cpp #include #include +||||||| nodejs/node:deps/ncrypto/ncrypto.cc@84aaed75978e +======= +#include +>>>>>>> nodejs/node:deps/ncrypto/ncrypto.cc@8385efc01343 #if OPENSSL_VERSION_MAJOR >= 3 #include #include #include +#if OPENSSL_VERSION_NUMBER >= 0x30200000L +#include +#endif #endif #if OPENSSL_WITH_PQC struct PQCMapping { @@ -819,11 +827,15 @@ bool PrintGeneralName(const BIOPointer& out, const GENERAL_NAME* gen) { // Note that the preferred name syntax (see RFCs 5280 and 1034) with // wildcards is a subset of what we consider "safe", so spec-compliant DNS // names will never need to be escaped. - PrintAltName(out, reinterpret_cast(name->data), name->length); + PrintAltName(out, + reinterpret_cast(ASN1_STRING_get0_data(name)), + ASN1_STRING_length(name)); } else if (gen->type == GEN_EMAIL) { ASN1_IA5STRING* name = gen->d.rfc822Name; BIO_write(out.get(), "email:", 6); - PrintAltName(out, reinterpret_cast(name->data), name->length); + PrintAltName(out, + reinterpret_cast(ASN1_STRING_get0_data(name)), + ASN1_STRING_length(name)); } else if (gen->type == GEN_URI) { ASN1_IA5STRING* name = gen->d.uniformResourceIdentifier; BIO_write(out.get(), "URI:", 4); @@ -831,7 +843,9 @@ bool PrintGeneralName(const BIOPointer& out, const GENERAL_NAME* gen) { // with a few exceptions, most notably URIs that contains commas (see // RFC 2396). In other words, most legitimate URIs will not require // escaping. - PrintAltName(out, reinterpret_cast(name->data), name->length); + PrintAltName(out, + reinterpret_cast(ASN1_STRING_get0_data(name)), + ASN1_STRING_length(name)); } else if (gen->type == GEN_DIRNAME) { // Earlier versions of Node.js used X509_NAME_oneline to print the X509_NAME // object. The format was non standard and should be avoided. The use of @@ -864,17 +878,18 @@ bool PrintGeneralName(const BIOPointer& out, const GENERAL_NAME* gen) { } else if (gen->type == GEN_IPADD) { BIO_printf(out.get(), "IP Address:"); const ASN1_OCTET_STRING* ip = gen->d.ip; - const unsigned char* b = ip->data; - if (ip->length == 4) { + const unsigned char* b = ASN1_STRING_get0_data(ip); + int ip_len = ASN1_STRING_length(ip); + if (ip_len == 4) { BIO_printf(out.get(), "%d.%d.%d.%d", b[0], b[1], b[2], b[3]); - } else if (ip->length == 16) { + } else if (ip_len == 16) { for (unsigned int j = 0; j < 8; j++) { uint16_t pair = (b[2 * j] << 8) | b[2 * j + 1]; BIO_printf(out.get(), (j == 0) ? "%X" : ":%X", pair); } } else { #if OPENSSL_VERSION_MAJOR >= 3 - BIO_printf(out.get(), "", ip->length); + BIO_printf(out.get(), "", ip_len); #else BIO_printf(out.get(), ""); #endif @@ -924,15 +939,15 @@ bool PrintGeneralName(const BIOPointer& out, const GENERAL_NAME* gen) { if (unicode) { auto name = gen->d.otherName->value->value.utf8string; PrintAltName(out, - reinterpret_cast(name->data), - name->length, + reinterpret_cast(ASN1_STRING_get0_data(name)), + ASN1_STRING_length(name), AltNameOption::UTF8, prefix); } else { auto name = gen->d.otherName->value->value.ia5string; PrintAltName(out, - reinterpret_cast(name->data), - name->length, + reinterpret_cast(ASN1_STRING_get0_data(name)), + ASN1_STRING_length(name), AltNameOption::NONE, prefix); } @@ -953,11 +968,14 @@ bool PrintGeneralName(const BIOPointer& out, const GENERAL_NAME* gen) { } } // namespace -bool SafeX509SubjectAltNamePrint(const BIOPointer& out, X509_EXTENSION* ext) { - auto ret = OBJ_obj2nid(X509_EXTENSION_get_object(ext)); +bool SafeX509SubjectAltNamePrint(const BIOPointer& out, + const X509_EXTENSION* ext) { + // const_cast needed for OpenSSL < 4.0 which lacks const-correctness + auto* mext = const_cast(ext); + auto ret = OBJ_obj2nid(X509_EXTENSION_get_object(mext)); if (ret != NID_subject_alt_name) return false; - GENERAL_NAMES* names = static_cast(X509V3_EXT_d2i(ext)); + GENERAL_NAMES* names = static_cast(X509V3_EXT_d2i(mext)); if (names == nullptr) return false; bool ok = true; @@ -976,12 +994,14 @@ bool SafeX509SubjectAltNamePrint(const BIOPointer& out, X509_EXTENSION* ext) { return ok; } -bool SafeX509InfoAccessPrint(const BIOPointer& out, X509_EXTENSION* ext) { - auto ret = OBJ_obj2nid(X509_EXTENSION_get_object(ext)); +bool SafeX509InfoAccessPrint(const BIOPointer& out, const X509_EXTENSION* ext) { + // const_cast needed for OpenSSL < 4.0 which lacks const-correctness + auto* mext = const_cast(ext); + auto ret = OBJ_obj2nid(X509_EXTENSION_get_object(mext)); if (ret != NID_info_access) return false; AUTHORITY_INFO_ACCESS* descs = - static_cast(X509V3_EXT_d2i(ext)); + static_cast(X509V3_EXT_d2i(mext)); if (descs == nullptr) return false; bool ok = true; @@ -1125,7 +1145,7 @@ BIOPointer X509View::getValidFrom() const { if (cert_ == nullptr) return {}; BIOPointer bio(BIO_new(BIO_s_mem())); if (!bio) return {}; - ASN1_TIME_print(bio.get(), X509_get_notBefore(cert_)); + ASN1_TIME_print(bio.get(), X509_get0_notBefore(cert_)); return bio; } @@ -1134,7 +1154,7 @@ BIOPointer X509View::getValidTo() const { if (cert_ == nullptr) return {}; BIOPointer bio(BIO_new(BIO_s_mem())); if (!bio) return {}; - ASN1_TIME_print(bio.get(), X509_get_notAfter(cert_)); + ASN1_TIME_print(bio.get(), X509_get0_notAfter(cert_)); return bio; } @@ -3238,6 +3258,7 @@ const Cipher Cipher::AES_256_GCM = Cipher::FromNid(NID_aes_256_gcm); const Cipher Cipher::AES_128_KW = Cipher::FromNid(NID_id_aes128_wrap); const Cipher Cipher::AES_192_KW = Cipher::FromNid(NID_id_aes192_wrap); const Cipher Cipher::AES_256_KW = Cipher::FromNid(NID_id_aes256_wrap); +<<<<<<< nodejs/ncrypto:src/ncrypto.cpp #ifndef OPENSSL_IS_BORINGSSL const Cipher Cipher::AES_128_OCB = Cipher::FromNid(NID_aes_128_ocb); @@ -3245,6 +3266,12 @@ const Cipher Cipher::AES_192_OCB = Cipher::FromNid(NID_aes_192_ocb); const Cipher Cipher::AES_256_OCB = Cipher::FromNid(NID_aes_256_ocb); #endif +||||||| nodejs/node:deps/ncrypto/ncrypto.cc@84aaed75978e +======= +const Cipher Cipher::AES_128_OCB = Cipher::FromNid(NID_aes_128_ocb); +const Cipher Cipher::AES_192_OCB = Cipher::FromNid(NID_aes_192_ocb); +const Cipher Cipher::AES_256_OCB = Cipher::FromNid(NID_aes_256_ocb); +>>>>>>> nodejs/node:deps/ncrypto/ncrypto.cc@8385efc01343 const Cipher Cipher::CHACHA20_POLY1305 = Cipher::FromNid(NID_chacha20_poly1305); bool Cipher::isGcmMode() const { @@ -3679,8 +3706,38 @@ bool ECKeyPointer::setPublicKey(const ECPointPointer& pub) { bool ECKeyPointer::setPublicKeyRaw(const BignumPointer& x, const BignumPointer& y) { if (!key_) return false; - return EC_KEY_set_public_key_affine_coordinates( - key_.get(), x.get(), y.get()) == 1; + const EC_GROUP* group = EC_KEY_get0_group(key_.get()); + if (group == nullptr) return false; + + // For curves with cofactor h=1, use EC_POINT_oct2point + + // EC_KEY_set_public_key instead of EC_KEY_set_public_key_affine_coordinates. + // The latter internally calls EC_KEY_check_key() which performs a scalar + // multiplication (n*Q) for order validation — redundant when h=1 since every + // on-curve point already has order n. EC_POINT_oct2point validates the point + // is on the curve, which is sufficient. For curves with h!=1, fall back to + // the full check. + auto cofactor = BignumPointer::New(); + if (!cofactor || !EC_GROUP_get_cofactor(group, cofactor.get(), nullptr) || + !cofactor.isOne()) { + return EC_KEY_set_public_key_affine_coordinates( + key_.get(), x.get(), y.get()) == 1; + } + + // Field element byte length: ceil(degree_bits / 8). + size_t field_len = (EC_GROUP_get_degree(group) + 7) / 8; + // Build an uncompressed point: 0x04 || x || y, each padded to field_len. + size_t uncompressed_len = 1 + 2 * field_len; + auto buf = DataPointer::Alloc(uncompressed_len); + if (!buf) return false; + unsigned char* ptr = static_cast(buf.get()); + ptr[0] = POINT_CONVERSION_UNCOMPRESSED; + x.encodePaddedInto(ptr + 1, field_len); + y.encodePaddedInto(ptr + 1 + field_len, field_len); + + auto point = ECPointPointer::New(group); + if (!point) return false; + if (!point.setFromBuffer({ptr, uncompressed_len}, group)) return false; + return EC_KEY_set_public_key(key_.get(), point.get()) == 1; } bool ECKeyPointer::setPrivateKey(const BignumPointer& priv) { @@ -4495,6 +4552,57 @@ std::optional EVPMDCtxPointer::verifyInit( return ctx; } +<<<<<<< nodejs/ncrypto:src/ncrypto.cpp +std::optional EVPMDCtxPointer::signInitWithContext( + const EVPKeyPointer& key, + const Digest& digest, + const Buffer& context_string) { +#ifdef OSSL_SIGNATURE_PARAM_CONTEXT_STRING + EVP_PKEY_CTX* ctx = nullptr; + + const OSSL_PARAM params[] = { + OSSL_PARAM_construct_octet_string( + OSSL_SIGNATURE_PARAM_CONTEXT_STRING, + const_cast(context_string.data), + context_string.len), + OSSL_PARAM_END}; + + if (!EVP_DigestSignInit_ex( + ctx_.get(), &ctx, nullptr, nullptr, nullptr, key.get(), params)) { + return std::nullopt; + } + return ctx; +#else + return std::nullopt; +#endif +} + +std::optional EVPMDCtxPointer::verifyInitWithContext( + const EVPKeyPointer& key, + const Digest& digest, + const Buffer& context_string) { +#ifdef OSSL_SIGNATURE_PARAM_CONTEXT_STRING + EVP_PKEY_CTX* ctx = nullptr; + + const OSSL_PARAM params[] = { + OSSL_PARAM_construct_octet_string( + OSSL_SIGNATURE_PARAM_CONTEXT_STRING, + const_cast(context_string.data), + context_string.len), + OSSL_PARAM_END}; + + if (!EVP_DigestVerifyInit_ex( + ctx_.get(), &ctx, nullptr, nullptr, nullptr, key.get(), params)) { + return std::nullopt; + } + return ctx; +#else + return std::nullopt; +#endif +} + +||||||| nodejs/node:deps/ncrypto/ncrypto.cc@84aaed75978e +======= std::optional EVPMDCtxPointer::signInitWithContext( const EVPKeyPointer& key, const Digest& digest, @@ -4502,6 +4610,27 @@ std::optional EVPMDCtxPointer::signInitWithContext( #ifdef OSSL_SIGNATURE_PARAM_CONTEXT_STRING EVP_PKEY_CTX* ctx = nullptr; +#ifdef OSSL_SIGNATURE_PARAM_INSTANCE + // Ed25519 requires the INSTANCE param to switch into Ed25519ctx mode. + // Without it, OpenSSL silently ignores the context string. + if (key.id() == EVP_PKEY_ED25519) { + const OSSL_PARAM params[] = { + OSSL_PARAM_construct_utf8_string( + OSSL_SIGNATURE_PARAM_INSTANCE, const_cast("Ed25519ctx"), 0), + OSSL_PARAM_construct_octet_string( + OSSL_SIGNATURE_PARAM_CONTEXT_STRING, + const_cast(context_string.data), + context_string.len), + OSSL_PARAM_END}; + + if (!EVP_DigestSignInit_ex( + ctx_.get(), &ctx, nullptr, nullptr, nullptr, key.get(), params)) { + return std::nullopt; + } + return ctx; + } +#endif // OSSL_SIGNATURE_PARAM_INSTANCE + const OSSL_PARAM params[] = { OSSL_PARAM_construct_octet_string( OSSL_SIGNATURE_PARAM_CONTEXT_STRING, @@ -4526,6 +4655,27 @@ std::optional EVPMDCtxPointer::verifyInitWithContext( #ifdef OSSL_SIGNATURE_PARAM_CONTEXT_STRING EVP_PKEY_CTX* ctx = nullptr; +#ifdef OSSL_SIGNATURE_PARAM_INSTANCE + // Ed25519 requires the INSTANCE param to switch into Ed25519ctx mode. + // Without it, OpenSSL silently ignores the context string. + if (key.id() == EVP_PKEY_ED25519) { + const OSSL_PARAM params[] = { + OSSL_PARAM_construct_utf8_string( + OSSL_SIGNATURE_PARAM_INSTANCE, const_cast("Ed25519ctx"), 0), + OSSL_PARAM_construct_octet_string( + OSSL_SIGNATURE_PARAM_CONTEXT_STRING, + const_cast(context_string.data), + context_string.len), + OSSL_PARAM_END}; + + if (!EVP_DigestVerifyInit_ex( + ctx_.get(), &ctx, nullptr, nullptr, nullptr, key.get(), params)) { + return std::nullopt; + } + return ctx; + } +#endif // OSSL_SIGNATURE_PARAM_INSTANCE + const OSSL_PARAM params[] = { OSSL_PARAM_construct_octet_string( OSSL_SIGNATURE_PARAM_CONTEXT_STRING, @@ -4543,6 +4693,7 @@ std::optional EVPMDCtxPointer::verifyInitWithContext( #endif } +>>>>>>> nodejs/node:deps/ncrypto/ncrypto.cc@8385efc01343 DataPointer EVPMDCtxPointer::signOneShot( const Buffer& buf) const { if (!ctx_) return {}; @@ -4824,12 +4975,12 @@ bool X509Name::Iterator::operator!=(const Iterator& other) const { std::pair X509Name::Iterator::operator*() const { if (loc_ == name_.total_) return {{}, {}}; - X509_NAME_ENTRY* entry = X509_NAME_get_entry(name_, loc_); + const X509_NAME_ENTRY* entry = X509_NAME_get_entry(name_, loc_); if (entry == nullptr) [[unlikely]] return {{}, {}}; - ASN1_OBJECT* name = X509_NAME_ENTRY_get_object(entry); - ASN1_STRING* value = X509_NAME_ENTRY_get_data(entry); + const ASN1_OBJECT* name = X509_NAME_ENTRY_get_object(entry); + const ASN1_STRING* value = X509_NAME_ENTRY_get_data(entry); if (name == nullptr || value == nullptr) [[unlikely]] { return {{}, {}}; From ce5b003ab7f293e68ab99820a720fb51fb9e265d Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 28 Apr 2026 17:07:13 +0200 Subject: [PATCH 2/2] fixup! chore: sync ncrypto from nodejs/node Signed-off-by: Filip Skokan --- include/ncrypto.h | 55 -------------------------------------- src/ncrypto.cpp | 68 ----------------------------------------------- 2 files changed, 123 deletions(-) diff --git a/include/ncrypto.h b/include/ncrypto.h index 222139c..4f499a9 100644 --- a/include/ncrypto.h +++ b/include/ncrypto.h @@ -1703,7 +1703,6 @@ DataPointer pbkdf2(const Digest& md, uint32_t iterations, size_t length); -<<<<<<< nodejs/ncrypto:include/ncrypto.h #if OPENSSL_VERSION_NUMBER >= 0x30200000L #ifndef OPENSSL_NO_ARGON2 enum class Argon2Type { ARGON2D, ARGON2I, ARGON2ID }; @@ -1721,60 +1720,6 @@ DataPointer argon2(const Buffer& pass, #endif #endif -||||||| nodejs/node:deps/ncrypto/ncrypto.h@84aaed75978e -======= -#if OPENSSL_VERSION_NUMBER >= 0x30200000L -#ifndef OPENSSL_NO_ARGON2 -enum class Argon2Type { ARGON2D, ARGON2I, ARGON2ID }; - -DataPointer argon2(const Buffer& pass, - const Buffer& salt, - uint32_t lanes, - size_t length, - uint32_t memcost, - uint32_t iter, - uint32_t version, - const Buffer& secret, - const Buffer& ad, - Argon2Type type); -#endif -#endif - -// ============================================================================ -// KEM (Key Encapsulation Mechanism) -#if OPENSSL_VERSION_MAJOR >= 3 - -class KEM final { - public: - struct EncapsulateResult { - DataPointer ciphertext; - DataPointer shared_key; - - EncapsulateResult() = default; - EncapsulateResult(DataPointer ct, DataPointer sk) - : ciphertext(std::move(ct)), shared_key(std::move(sk)) {} - }; - - // Encapsulate a shared secret using KEM with a public key. - // Returns both the ciphertext and shared secret. - static std::optional Encapsulate( - const EVPKeyPointer& public_key); - - // Decapsulate a shared secret using KEM with a private key and ciphertext. - // Returns the shared secret. - static DataPointer Decapsulate(const EVPKeyPointer& private_key, - const Buffer& ciphertext); - - private: -#if !OPENSSL_VERSION_PREREQ(3, 5) - static bool SetOperationParameter(EVP_PKEY_CTX* ctx, - const EVPKeyPointer& key); -#endif -}; - -#endif // OPENSSL_VERSION_MAJOR >= 3 - ->>>>>>> nodejs/node:deps/ncrypto/ncrypto.h@8385efc01343 // ============================================================================ // KEM (Key Encapsulation Mechanism) #if OPENSSL_VERSION_MAJOR >= 3 diff --git a/src/ncrypto.cpp b/src/ncrypto.cpp index 22f74ea..5e450e2 100644 --- a/src/ncrypto.cpp +++ b/src/ncrypto.cpp @@ -15,20 +15,11 @@ #include #endif -#if OPENSSL_VERSION_NUMBER >= 0x30200000L -#include -#endif - #include #include #include -<<<<<<< nodejs/ncrypto:src/ncrypto.cpp #include #include -||||||| nodejs/node:deps/ncrypto/ncrypto.cc@84aaed75978e -======= -#include ->>>>>>> nodejs/node:deps/ncrypto/ncrypto.cc@8385efc01343 #if OPENSSL_VERSION_MAJOR >= 3 #include #include @@ -3258,7 +3249,6 @@ const Cipher Cipher::AES_256_GCM = Cipher::FromNid(NID_aes_256_gcm); const Cipher Cipher::AES_128_KW = Cipher::FromNid(NID_id_aes128_wrap); const Cipher Cipher::AES_192_KW = Cipher::FromNid(NID_id_aes192_wrap); const Cipher Cipher::AES_256_KW = Cipher::FromNid(NID_id_aes256_wrap); -<<<<<<< nodejs/ncrypto:src/ncrypto.cpp #ifndef OPENSSL_IS_BORINGSSL const Cipher Cipher::AES_128_OCB = Cipher::FromNid(NID_aes_128_ocb); @@ -3266,12 +3256,6 @@ const Cipher Cipher::AES_192_OCB = Cipher::FromNid(NID_aes_192_ocb); const Cipher Cipher::AES_256_OCB = Cipher::FromNid(NID_aes_256_ocb); #endif -||||||| nodejs/node:deps/ncrypto/ncrypto.cc@84aaed75978e -======= -const Cipher Cipher::AES_128_OCB = Cipher::FromNid(NID_aes_128_ocb); -const Cipher Cipher::AES_192_OCB = Cipher::FromNid(NID_aes_192_ocb); -const Cipher Cipher::AES_256_OCB = Cipher::FromNid(NID_aes_256_ocb); ->>>>>>> nodejs/node:deps/ncrypto/ncrypto.cc@8385efc01343 const Cipher Cipher::CHACHA20_POLY1305 = Cipher::FromNid(NID_chacha20_poly1305); bool Cipher::isGcmMode() const { @@ -4552,57 +4536,6 @@ std::optional EVPMDCtxPointer::verifyInit( return ctx; } -<<<<<<< nodejs/ncrypto:src/ncrypto.cpp -std::optional EVPMDCtxPointer::signInitWithContext( - const EVPKeyPointer& key, - const Digest& digest, - const Buffer& context_string) { -#ifdef OSSL_SIGNATURE_PARAM_CONTEXT_STRING - EVP_PKEY_CTX* ctx = nullptr; - - const OSSL_PARAM params[] = { - OSSL_PARAM_construct_octet_string( - OSSL_SIGNATURE_PARAM_CONTEXT_STRING, - const_cast(context_string.data), - context_string.len), - OSSL_PARAM_END}; - - if (!EVP_DigestSignInit_ex( - ctx_.get(), &ctx, nullptr, nullptr, nullptr, key.get(), params)) { - return std::nullopt; - } - return ctx; -#else - return std::nullopt; -#endif -} - -std::optional EVPMDCtxPointer::verifyInitWithContext( - const EVPKeyPointer& key, - const Digest& digest, - const Buffer& context_string) { -#ifdef OSSL_SIGNATURE_PARAM_CONTEXT_STRING - EVP_PKEY_CTX* ctx = nullptr; - - const OSSL_PARAM params[] = { - OSSL_PARAM_construct_octet_string( - OSSL_SIGNATURE_PARAM_CONTEXT_STRING, - const_cast(context_string.data), - context_string.len), - OSSL_PARAM_END}; - - if (!EVP_DigestVerifyInit_ex( - ctx_.get(), &ctx, nullptr, nullptr, nullptr, key.get(), params)) { - return std::nullopt; - } - return ctx; -#else - return std::nullopt; -#endif -} - -||||||| nodejs/node:deps/ncrypto/ncrypto.cc@84aaed75978e -======= std::optional EVPMDCtxPointer::signInitWithContext( const EVPKeyPointer& key, const Digest& digest, @@ -4693,7 +4626,6 @@ std::optional EVPMDCtxPointer::verifyInitWithContext( #endif } ->>>>>>> nodejs/node:deps/ncrypto/ncrypto.cc@8385efc01343 DataPointer EVPMDCtxPointer::signOneShot( const Buffer& buf) const { if (!ctx_) return {};