archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

src: update OpenSSL pqc checks

Browse source 
PR-URL: https://github.com/nodejs/node/pull/59436
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <richard.lau@ibm.com>
This commit is contained in:
Filip Skokan 2025-08-12 23:15:25 +02:00 committed by GitHub
parent abccbb438b
commit db18bc865a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 22 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

8
deps/ncrypto/ncrypto.cc vendored
View file

@ -1897,7 +1897,7 @@ EVPKeyPointer EVPKeyPointer::NewRawPrivate(
EVP_PKEY_new_raw_private_key(id, nullptr, data.data, data.len)); EVP_PKEY_new_raw_private_key(id, nullptr, data.data, data.len));
} }
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
EVPKeyPointer EVPKeyPointer::NewRawSeed( EVPKeyPointer EVPKeyPointer::NewRawSeed(
int id, const Buffer<const unsigned char>& data) { int id, const Buffer<const unsigned char>& data) {
if (id == 0) return {}; if (id == 0) return {};
@ -1968,7 +1968,7 @@ EVP_PKEY* EVPKeyPointer::release() {
int EVPKeyPointer::id(const EVP_PKEY* key) { int EVPKeyPointer::id(const EVP_PKEY* key) {
if (key == nullptr) return 0; if (key == nullptr) return 0;
int type = EVP_PKEY_id(key); int type = EVP_PKEY_id(key);
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
// https://github.com/openssl/openssl/issues/27738#issuecomment-3013215870 // https://github.com/openssl/openssl/issues/27738#issuecomment-3013215870
if (type == -1) { if (type == -1) {
if (EVP_PKEY_is_a(key, "ML-DSA-44")) return EVP_PKEY_ML_DSA_44; if (EVP_PKEY_is_a(key, "ML-DSA-44")) return EVP_PKEY_ML_DSA_44;
@ -2032,7 +2032,7 @@ DataPointer EVPKeyPointer::rawPublicKey() const {
return {}; return {};
} }
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
DataPointer EVPKeyPointer::rawSeed() const { DataPointer EVPKeyPointer::rawSeed() const {
if (!pkey_) return {}; if (!pkey_) return {};
switch (id()) { switch (id()) {
@ -2515,7 +2515,7 @@ bool EVPKeyPointer::isOneShotVariant() const {
switch (type) { switch (type) {
case EVP_PKEY_ED25519: case EVP_PKEY_ED25519:
case EVP_PKEY_ED448: case EVP_PKEY_ED448:
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
case EVP_PKEY_ML_DSA_44: case EVP_PKEY_ML_DSA_44:
case EVP_PKEY_ML_DSA_65: case EVP_PKEY_ML_DSA_65:
case EVP_PKEY_ML_DSA_87: case EVP_PKEY_ML_DSA_87:

13
deps/ncrypto/ncrypto.h vendored
View file

@ -28,11 +28,14 @@
#include <openssl/fips.h> #include <openssl/fips.h>
#endif // OPENSSL_FIPS #endif // OPENSSL_FIPS
#if OPENSSL_VERSION_MAJOR >= 3 // Define OPENSSL_WITH_PQC for post-quantum cryptography support
#define OSSL3_CONST const #if OPENSSL_VERSION_NUMBER >= 0x30500000L
#if OPENSSL_VERSION_MINOR >= 5 #define OPENSSL_WITH_PQC 1
#include <openssl/core_names.h> #include <openssl/core_names.h>
#endif #endif
#if OPENSSL_VERSION_MAJOR >= 3
#define OSSL3_CONST const
#else #else
#define OSSL3_CONST #define OSSL3_CONST
#endif #endif
@ -820,7 +823,7 @@ class EVPKeyPointer final {
const Buffer<const unsigned char>& data); const Buffer<const unsigned char>& data);
static EVPKeyPointer NewRawPrivate(int id, static EVPKeyPointer NewRawPrivate(int id,
const Buffer<const unsigned char>& data); const Buffer<const unsigned char>& data);
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
static EVPKeyPointer NewRawSeed(int id, static EVPKeyPointer NewRawSeed(int id,
const Buffer<const unsigned char>& data); const Buffer<const unsigned char>& data);
#endif #endif
@ -917,7 +920,7 @@ class EVPKeyPointer final {
DataPointer rawPrivateKey() const; DataPointer rawPrivateKey() const;
BIOPointer derPublicKey() const; BIOPointer derPublicKey() const;
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
DataPointer rawSeed() const; DataPointer rawSeed() const;
#endif #endif

14
src/crypto/crypto_keys.cc
View file

@ -177,7 +177,7 @@ bool ExportJWKAsymmetricKey(Environment* env,
// Fall through // Fall through
case EVP_PKEY_X448: case EVP_PKEY_X448:
return ExportJWKEdKey(env, key, target); return ExportJWKEdKey(env, key, target);
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
case EVP_PKEY_ML_DSA_44: case EVP_PKEY_ML_DSA_44:
// Fall through // Fall through
case EVP_PKEY_ML_DSA_65: case EVP_PKEY_ML_DSA_65:
@ -280,7 +280,7 @@ int GetNidFromName(const char* name) {
nid = EVP_PKEY_X25519; nid = EVP_PKEY_X25519;
} else if (strcmp(name, "X448") == 0) { } else if (strcmp(name, "X448") == 0) {
nid = EVP_PKEY_X448; nid = EVP_PKEY_X448;
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
} else if (strcmp(name, "ML-DSA-44") == 0) { } else if (strcmp(name, "ML-DSA-44") == 0) {
nid = EVP_PKEY_ML_DSA_44; nid = EVP_PKEY_ML_DSA_44;
} else if (strcmp(name, "ML-DSA-65") == 0) { } else if (strcmp(name, "ML-DSA-65") == 0) {
@ -620,7 +620,7 @@ Local<Function> KeyObjectHandle::Initialize(Environment* env) {
SetProtoMethod(isolate, templ, "exportJwk", ExportJWK); SetProtoMethod(isolate, templ, "exportJwk", ExportJWK);
SetProtoMethod(isolate, templ, "initECRaw", InitECRaw); SetProtoMethod(isolate, templ, "initECRaw", InitECRaw);
SetProtoMethod(isolate, templ, "initEDRaw", InitEDRaw); SetProtoMethod(isolate, templ, "initEDRaw", InitEDRaw);
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
SetProtoMethod(isolate, templ, "initMlDsaRaw", InitMlDsaRaw); SetProtoMethod(isolate, templ, "initMlDsaRaw", InitMlDsaRaw);
#endif #endif
SetProtoMethod(isolate, templ, "initJwk", InitJWK); SetProtoMethod(isolate, templ, "initJwk", InitJWK);
@ -643,7 +643,7 @@ void KeyObjectHandle::RegisterExternalReferences(
registry->Register(ExportJWK); registry->Register(ExportJWK);
registry->Register(InitECRaw); registry->Register(InitECRaw);
registry->Register(InitEDRaw); registry->Register(InitEDRaw);
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
registry->Register(InitMlDsaRaw); registry->Register(InitMlDsaRaw);
#endif #endif
registry->Register(InitJWK); registry->Register(InitJWK);
@ -838,7 +838,7 @@ void KeyObjectHandle::InitEDRaw(const FunctionCallbackInfo<Value>& args) {
args.GetReturnValue().Set(true); args.GetReturnValue().Set(true);
} }
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
void KeyObjectHandle::InitMlDsaRaw(const FunctionCallbackInfo<Value>& args) { void KeyObjectHandle::InitMlDsaRaw(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args); Environment* env = Environment::GetCurrent(args);
KeyObjectHandle* key; KeyObjectHandle* key;
@ -971,7 +971,7 @@ Local<Value> KeyObjectHandle::GetAsymmetricKeyType() const {
return env()->crypto_x25519_string(); return env()->crypto_x25519_string();
case EVP_PKEY_X448: case EVP_PKEY_X448:
return env()->crypto_x448_string(); return env()->crypto_x448_string();
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
case EVP_PKEY_ML_DSA_44: case EVP_PKEY_ML_DSA_44:
return env()->crypto_ml_dsa_44_string(); return env()->crypto_ml_dsa_44_string();
case EVP_PKEY_ML_DSA_65: case EVP_PKEY_ML_DSA_65:
@ -1254,7 +1254,7 @@ void Initialize(Environment* env, Local<Object> target) {
NODE_DEFINE_CONSTANT(target, kWebCryptoKeyFormatJWK); NODE_DEFINE_CONSTANT(target, kWebCryptoKeyFormatJWK);
NODE_DEFINE_CONSTANT(target, EVP_PKEY_ED25519); NODE_DEFINE_CONSTANT(target, EVP_PKEY_ED25519);
NODE_DEFINE_CONSTANT(target, EVP_PKEY_ED448); NODE_DEFINE_CONSTANT(target, EVP_PKEY_ED448);
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_DSA_44); NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_DSA_44);
NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_DSA_65); NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_DSA_65);
NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_DSA_87); NODE_DEFINE_CONSTANT(target, EVP_PKEY_ML_DSA_87);

2
src/crypto/crypto_keys.h
View file

@ -152,7 +152,7 @@ class KeyObjectHandle : public BaseObject {
static void Init(const v8::FunctionCallbackInfo<v8::Value>& args); static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
static void InitECRaw(const v8::FunctionCallbackInfo<v8::Value>& args); static void InitECRaw(const v8::FunctionCallbackInfo<v8::Value>& args);
static void InitEDRaw(const v8::FunctionCallbackInfo<v8::Value>& args); static void InitEDRaw(const v8::FunctionCallbackInfo<v8::Value>& args);
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
static void InitMlDsaRaw(const v8::FunctionCallbackInfo<v8::Value>& args); static void InitMlDsaRaw(const v8::FunctionCallbackInfo<v8::Value>& args);
#endif #endif
static void InitJWK(const v8::FunctionCallbackInfo<v8::Value>& args); static void InitJWK(const v8::FunctionCallbackInfo<v8::Value>& args);

2
src/crypto/crypto_ml_dsa.cc
View file

@ -14,7 +14,7 @@ using v8::Value;
namespace crypto { namespace crypto {
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
constexpr const char* GetMlDsaAlgorithmName(int id) { constexpr const char* GetMlDsaAlgorithmName(int id) {
switch (id) { switch (id) {
case EVP_PKEY_ML_DSA_44: case EVP_PKEY_ML_DSA_44:

2
src/crypto/crypto_ml_dsa.h
View file

@ -9,7 +9,7 @@
namespace node { namespace node {
namespace crypto { namespace crypto {
#if OPENSSL_VERSION_MAJOR >= 3 && OPENSSL_VERSION_MINOR >= 5 #if OPENSSL_WITH_PQC
bool ExportJwkMlDsaKey(Environment* env, bool ExportJwkMlDsaKey(Environment* env,
const KeyObjectData& key, const KeyObjectData& key,
v8::Local<v8::Object> target); v8::Local<v8::Object> target);