Skip to content

lib,src: updates for BoringSSL#63125

Closed
panva wants to merge 6 commits into
nodejs:mainfrom
panva:make-crypto-boring-again
Closed

lib,src: updates for BoringSSL#63125
panva wants to merge 6 commits into
nodejs:mainfrom
panva:make-crypto-boring-again

Conversation

@panva
Copy link
Copy Markdown
Member

@panva panva commented May 5, 2026
edited
Loading

wip Issues and PRs that are still a work in progress.

aarch64-linux: with shared boringssl-0.20260413.0

===
=== All tests succeeded
===

All tests passed.

@panva panva added wip Issues and PRs that are still a work in progress. test-shared-boringssl labels May 5, 2026
@panva panva force-pushed the make-crypto-boring-again branch 2 times, most recently from 121a7ab to 97a3c8f Compare May 5, 2026 13:30
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@codecov
Copy link
Copy Markdown

codecov Bot commented May 5, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 90.24390% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.03%. Comparing base (bbf51ad) to head (02d372e).

Files with missing lines Patch % Lines
lib/internal/crypto/webidl.js 50.00% 5 Missing ⚠️
src/crypto/crypto_pqc.cc 92.00% 0 Missing and 2 partials ⚠️
src/crypto/crypto_keys.cc 97.61% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #63125      +/-   ##
==========================================
- Coverage   90.03%   90.03%   -0.01%     
==========================================
  Files         713      713              
  Lines      224950   224969      +19     
  Branches    42532    42560      +28     
==========================================
+ Hits       202542   202552      +10     
- Misses      14175    14180       +5     
- Partials     8233     8237       +4
Files with missing lines Coverage Δ
lib/internal/crypto/util.js 97.08% <100.00%> (+0.10%) ⬆️
src/crypto/crypto_aes.cc 53.81% <ø> (-0.35%) ⬇️
src/crypto/crypto_aes.h 33.33% <ø> (ø)
src/crypto/crypto_argon2.cc 64.13% <ø> (ø)
src/crypto/crypto_argon2.h 50.00% <ø> (ø)
src/crypto/crypto_chacha20_poly1305.cc 58.13% <ø> (ø)
src/crypto/crypto_cipher.cc 77.43% <ø> (ø)
src/crypto/crypto_hash.cc 76.94% <ø> (-0.30%) ⬇️
src/crypto/crypto_kem.cc 80.74% <ø> (ø)
src/crypto/crypto_kem.h 33.33% <ø> (ø)
... and 8 more

... and 29 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@panva panva force-pushed the make-crypto-boring-again branch from 97a3c8f to 6b8d741 Compare May 5, 2026 15:49
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@panva panva force-pushed the make-crypto-boring-again branch from 6b8d741 to db65e65 Compare May 5, 2026 17:17
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@panva panva force-pushed the make-crypto-boring-again branch 3 times, most recently from 078d5ed to b88eca8 Compare May 6, 2026 19:13
@panva panva mentioned this pull request May 6, 2026
Closed
jasnell
jasnell approved these changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jasnell jasnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but would be good to have @codebytere also take a look if they're available to do so.

@panva
Copy link
Copy Markdown
Member Author

panva commented May 7, 2026
edited
Loading

This is WIP / CI harness @jasnell . I am slowly taking things off the stack here and opening them individually. E.g. #63161

@panva panva force-pushed the make-crypto-boring-again branch 3 times, most recently from 8868f43 to b2b116e Compare May 8, 2026 08:53
aduh95
aduh95 reviewed May 8, 2026
View reviewed changes
Comment thread tools/dep_updaters/update-nixpkgs-pin.sh Outdated
@panva panva force-pushed the make-crypto-boring-again branch 3 times, most recently from 2a7cae8 to cd86c6a Compare May 8, 2026 18:12
panva added 6 commits May 8, 2026 21:55
@panva
src: add BoringSSL EVP enumeration fallback
bd778b4 
BoringSSL declares EVP_CIPHER_do_all_sorted and
EVP_MD_do_all_sorted, but stock no-decrepit builds do not provide
those symbols. Add a Node build flag that keeps ncrypto and its
dependents on a local BoringSSL fallback list when libdecrepit is
absent.

Keep embedders that provide the EVP enumeration symbols on the normal
OpenSSL-compatible path, matching Electron's patched BoringSSL build.

Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
tools: add boringssl to tools/nix/openssl-matrix.nix
d6d120c 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
src: simplify OpenSSL feature gates
a323c57 
Add OPENSSL_WITH_* feature macros for crypto capabilities that vary by
OpenSSL version and use those instead of repeating version checks.

Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
crypto: wire AES-KW in Web Cryptography when using BoringSSL
8aa51ae 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
crypto: wire ChaCha20-Poly1305 in Web Cryptography when using BoringSSL
5df074c 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
crypto: wire ML-DSA and ML-KEM for use when using BoringSSL
02d372e 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva panva force-pushed the make-crypto-boring-again branch from cd86c6a to 02d372e Compare May 8, 2026 23:15
@panva panva closed this May 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aduh95 aduh95 aduh95 left review comments

@jasnell jasnell jasnell approved these changes

Assignees

No one assigned

Labels

wip Issues and PRs that are still a work in progress.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@panva @nodejs-github-bot @jasnell @aduh95