diff --git a/patches/boringssl/.patches b/patches/boringssl/.patches index 4064ae2cc762..35e773ad74db 100644 --- a/patches/boringssl/.patches +++ b/patches/boringssl/.patches @@ -1,5 +1,3 @@ expose_ripemd160.patch expose_aes-cfb.patch expose_des-ede3.patch -src_add_impl_for_evp_pkey_get0.patch -ensure_name_not_null_in_evp_get_cipherbyname.patch diff --git a/patches/boringssl/ensure_name_not_null_in_evp_get_cipherbyname.patch b/patches/boringssl/ensure_name_not_null_in_evp_get_cipherbyname.patch deleted file mode 100644 index c35d07309f40..000000000000 --- a/patches/boringssl/ensure_name_not_null_in_evp_get_cipherbyname.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Shelley Vohr -Date: Wed, 2 Jun 2021 11:58:18 +0200 -Subject: Ensure name not null in EVP_get_cipherbyname - -This adds a check to EVP_get_cipherbyname which ensures that name -is not null when passed to OPENSSL_strcasecmp, which cannot handle -null values. - -OpenSSL already ensures this in their implementation of -EVP_get_cipherbyname by using OBJ_NAME_get, so this improves parity. - -Upstreamed at https://boringssl-review.googlesource.com/c/boringssl/+/47844. - -diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c -index e771ed6589b4579cc35300d5b2a1b68d92e444f5..8205e121c152fe4e2d8df34a1ac2fe0498381f31 100644 ---- a/crypto/cipher_extra/cipher_extra.c -+++ b/crypto/cipher_extra/cipher_extra.c -@@ -89,6 +89,10 @@ const EVP_CIPHER *EVP_get_cipherbynid(int nid) { - } - - const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { -+ if (name == NULL) { -+ return NULL; -+ } -+ - if (OPENSSL_strcasecmp(name, "rc4") == 0) { - return EVP_rc4(); - } else if (OPENSSL_strcasecmp(name, "des-cbc") == 0) { diff --git a/patches/boringssl/src_add_impl_for_evp_pkey_get0.patch b/patches/boringssl/src_add_impl_for_evp_pkey_get0.patch deleted file mode 100644 index 8e3c2f430285..000000000000 --- a/patches/boringssl/src_add_impl_for_evp_pkey_get0.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Shelley Vohr -Date: Mon, 31 May 2021 11:30:38 +0200 -Subject: src: add impl for EVP_PKEY_get0 - -This adds the missing implementation for EVP_PKEY_get0, which Node.js -uses and which is present in OpenSSL but not BoringSSL. - -This will be upstreamed either fully or as a shim. - -diff --git a/crypto/evp/evp.c b/crypto/evp/evp.c -index 653d6573fdf1c542010698e9f6d1cf8170ea2f0c..738cec60a9fed4bfad56c7b2b75c44eb225abfcf 100644 ---- a/crypto/evp/evp.c -+++ b/crypto/evp/evp.c -@@ -224,6 +224,10 @@ int EVP_PKEY_type(int nid) { - return meth->pkey_id; - } - -+void *EVP_PKEY_get0(const EVP_PKEY *pkey) { -+ return pkey->pkey.ptr; -+} -+ - int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) { - if (EVP_PKEY_assign_RSA(pkey, key)) { - RSA_up_ref(key); -diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index 378eb320f7c01df33850cca9d0111db32ffa6175..9eebf9c609abd31ed63c1f1c720c716d074e3f6d 100644 ---- a/include/openssl/evp.h -+++ b/include/openssl/evp.h -@@ -156,6 +156,8 @@ OPENSSL_EXPORT int EVP_PKEY_type(int nid); - // returned lower-level objects are considered to also mutate the |EVP_PKEY| and - // may not be called concurrently with other operations on the |EVP_PKEY|. - -+OPENSSL_EXPORT void *EVP_PKEY_get0(const EVP_PKEY *pkey); -+ - OPENSSL_EXPORT int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); - OPENSSL_EXPORT int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); - OPENSSL_EXPORT RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);