rpms / rh-nodejs12-nodejs

Clone
Source Code
GIT

Blame SOURCES/0002-Use-OpenSSL-1.0-API.patch

c7
  1.   b24b2a480cd50f82b73a5e3f6cf11d9f520be177
  2.   SOURCES
  3.   0002-Use-OpenSSL-1.0-API.patch
Blob History Raw
b24b2a 
From ae4f772872661d6435c27e50937a0c3cbcede43c Mon Sep 17 00:00:00 2001
d744d0 
From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
b24b2a 
Date: Mon, 23 Nov 2020 11:56:26 +0100
d744d0 
Subject: [PATCH] Use OpenSSL 1.0 API
d744d0 
MIME-Version: 1.0
d744d0 
Content-Type: text/plain; charset=UTF-8
d744d0 
Content-Transfer-Encoding: 8bit
d744d0
d744d0 
- Pass non-const pointer to BIO_new
d744d0
d744d0 
  In legacy OpenSSL, the method parameter for BIO_new is not marked const,
d744d0 
  although the function does not need it to be mutable.
d744d0 
  This is likely an oversight in the interface.
d744d0
d744d0 
  The provided "fix" is potentially dangerous,
d744d0 
  as casting away `const`-ness is potentially an undefined behaviour.
d744d0 
  Since the code around assumes it is constant anyway,
d744d0 
  it *should* be fine here – but use with care.
d744d0
d744d0 
- Remove const-classifier for SSL_SESSION callback argument
d744d0
d744d0 
  In legacy OpenSSL, the parameter is expected to be mutable.
d744d0 
  Using `const` prevents passing the method as a function pointer
d744d0 
  to other OpenSSL API functions.
d744d0
b24b2a 
- Provide GetCipherValue wrapper for non-const strings
b24b2a
d744d0 
- Sanitize inputs into PBKDF2
d744d0
d744d0 
Signed-off-by: Jan Staněk <jstanek@redhat.com>
d744d0 
---
b24b2a 
 src/node_crypto.cc        | 26 ++++++++++++++++++++++++--
b24b2a 
 src/node_crypto.h         |  4 ++++
b24b2a 
 src/node_crypto_bio.cc    |  4 ++++
b24b2a 
 src/node_crypto_common.cc |  8 ++++++++
b24b2a 
 4 files changed, 40 insertions(+), 2 deletions(-)
d744d0
d744d0 
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
b24b2a 
index 90df5f25e0..7be3f77e1a 100644
d744d0 
--- a/src/node_crypto.cc
d744d0 
+++ b/src/node_crypto.cc
d744d0 
@@ -123,7 +123,11 @@ template int SSLWrap<TLSWrap>::SetCACerts(SecureContext* sc);
d744d0 
 template void SSLWrap<TLSWrap>::MemoryInfo(MemoryTracker* tracker) const;
d744d0 
 template SSL_SESSION* SSLWrap<TLSWrap>::GetSessionCallback(
d744d0 
     SSL* s,
d744d0 
+#if OPENSSL_IS_LEGACY
d744d0 
+    unsigned char *key,
d744d0 
+#else
d744d0 
     const unsigned char* key,
d744d0 
+#endif
d744d0 
     int len,
d744d0 
     int* copy);
d744d0 
 template int SSLWrap<TLSWrap>::NewSessionCallback(SSL* s,
b24b2a 
@@ -1746,7 +1750,11 @@ void SSLWrap<Base>::ConfigureSecureContext(SecureContext* sc) {
d744d0
d744d0 
 template <class Base>
d744d0 
 SSL_SESSION* SSLWrap<Base>::GetSessionCallback(SSL* s,
d744d0 
+#if OPENSSL_IS_LEGACY
d744d0 
+                                               unsigned char* key,
d744d0 
+#else
d744d0 
                                                const unsigned char* key,
d744d0 
+#endif
d744d0 
                                                int len,
d744d0 
                                                int* copy) {
d744d0 
   Base* w = static_cast<Base*>(SSL_get_app_data(s));
b24b2a 
@@ -5917,9 +5925,23 @@ struct PBKDF2Job : public CryptoJob {
d744d0 
   }
d744d0
d744d0 
   inline void DoThreadPoolWork() override {
d744d0 
-    auto salt_data = reinterpret_cast<const unsigned char*>(salt.data());
d744d0 
+    static const char * const empty = "";
d744d0 
+
d744d0 
+    auto pass_data = reinterpret_cast<const char *>(empty);
d744d0 
+    auto pass_size = int(0);
d744d0 
+    auto salt_data = reinterpret_cast<const unsigned char *>(empty);
d744d0 
+    auto salt_size = int(0);
d744d0 
+
d744d0 
+    if (pass.size() > 0) {
d744d0 
+      pass_data = pass.data(), pass_size = pass.size();
d744d0 
+    }
d744d0 
+    if (salt.size() > 0) {
d744d0 
+      salt_data = reinterpret_cast<const unsigned char *>(salt.data());
d744d0 
+      salt_size = salt.size();
d744d0 
+    }
d744d0 
+
d744d0 
     const bool ok =
d744d0 
-        PKCS5_PBKDF2_HMAC(pass.data(), pass.size(), salt_data, salt.size(),
d744d0 
+        PKCS5_PBKDF2_HMAC(pass_data, pass_size, salt_data, salt_size,
d744d0 
                           iteration_count, digest, keybuf_size, keybuf_data);
d744d0 
     success = Just(ok);
d744d0 
     Cleanse();
d744d0 
diff --git a/src/node_crypto.h b/src/node_crypto.h
b24b2a 
index 0b9dab833d..7d6417b66f 100644
d744d0 
--- a/src/node_crypto.h
d744d0 
+++ b/src/node_crypto.h
b24b2a 
@@ -234,7 +234,11 @@ class SSLWrap {
d744d0 
   static void AddMethods(Environment* env, v8::Local<v8::FunctionTemplate> t);
d744d0
d744d0 
   static SSL_SESSION* GetSessionCallback(SSL* s,
d744d0 
+#if OPENSSL_IS_LEGACY
d744d0 
+                                         unsigned char* key,
d744d0 
+#else // OPENSSL_IS_LEGACY
d744d0 
                                          const unsigned char* key,
d744d0 
+#endif // OPENSSL_IS_LEGACY
d744d0 
                                          int len,
d744d0 
                                          int* copy);
d744d0 
   static int NewSessionCallback(SSL* s, SSL_SESSION* sess);
d744d0 
diff --git a/src/node_crypto_bio.cc b/src/node_crypto_bio.cc
d744d0 
index 55f5e8a5a3..c2a44fdb86 100644
d744d0 
--- a/src/node_crypto_bio.cc
d744d0 
+++ b/src/node_crypto_bio.cc
d744d0 
@@ -31,7 +31,11 @@ namespace node {
d744d0 
 namespace crypto {
d744d0
d744d0 
 BIOPointer NodeBIO::New(Environment* env) {
d744d0 
+#if OPENSSL_IS_LEGACY
d744d0 
+  BIOPointer bio(BIO_new(const_cast<BIO_METHOD *>(GetMethod())));
d744d0 
+#else
d744d0 
   BIOPointer bio(BIO_new(GetMethod()));
d744d0 
+#endif
d744d0 
   if (bio && env != nullptr)
d744d0 
     NodeBIO::FromBIO(bio.get())->env_ = env;
d744d0 
   return bio;
b24b2a 
diff --git a/src/node_crypto_common.cc b/src/node_crypto_common.cc
b24b2a 
index 6c3bb0b1b6..d1d9edd6cd 100644
b24b2a 
--- a/src/node_crypto_common.cc
b24b2a 
+++ b/src/node_crypto_common.cc
b24b2a 
@@ -392,6 +392,14 @@ MaybeLocal<Value> GetCipherValue(Environment* env,
b24b2a
b24b2a 
   return OneByteString(env->isolate(), getstr(cipher));
b24b2a 
 }
b24b2a 
+MaybeLocal<Value> GetCipherValue(Environment* env,
b24b2a 
+    const SSL_CIPHER* cipher,
b24b2a 
+    char* (*getstr)(const SSL_CIPHER* cipher)) {
b24b2a 
+  if (cipher == nullptr) {
b24b2a 
+    return Undefined(env->isolate());
b24b2a 
+  }
b24b2a 
+  return OneByteString(env->isolate(), const_cast<const char *>(getstr(cipher)));
b24b2a 
+}
b24b2a
b24b2a 
 MaybeLocal<Value> GetCipherName(Environment* env, const SSL_CIPHER* cipher) {
b24b2a 
   return GetCipherValue(env, cipher, SSL_CIPHER_get_name);
d744d0 
--
b24b2a 
2.28.0
d744d0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation