crypto: expose crypto.constants.OPENSSL_IS_BORINGSSL

codebytere · targos · commit 9fccb0609fb8 · 2025-05-31T13:23:26.000+02:00
PR-URL: #58387 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
diff --git a/lib/internal/bootstrap/node.js b/lib/internal/bootstrap/node.js
@@ -266,7 +266,7 @@ ObjectDefineProperty(process, 'allowedNodeEnvironmentFlags', {
 
 // TODO(joyeecheung): this property has not been well-maintained, should we
 // deprecate it in favor of a better API?
-const { isDebugBuild, hasOpenSSL, hasInspector } = config;
+const { isDebugBuild, hasOpenSSL, openSSLIsBoringSSL, hasInspector } = config;
 const features = {
   inspector: hasInspector,
   debug: isDebugBuild,
@@ -276,6 +276,7 @@ const features = {
   tls_sni: hasOpenSSL,
   tls_ocsp: hasOpenSSL,
   tls: hasOpenSSL,
+  openssl_is_boringssl: openSSLIsBoringSSL,
   // This needs to be dynamic because --no-node-snapshot disables the
   // code cache even if the binary is built with embedded code cache.
   get cached_builtins() {
diff --git a/src/node_config.cc b/src/node_config.cc
@@ -48,6 +48,12 @@ static void InitConfig(Local<Object> target,
   READONLY_FALSE_PROPERTY(target, "isDebugBuild");
 #endif  // defined(DEBUG) && DEBUG
 
+#ifdef OPENSSL_IS_BORINGSSL
+  READONLY_TRUE_PROPERTY(target, "openSSLIsBoringSSL");
+#else
+  READONLY_FALSE_PROPERTY(target, "openSSLIsBoringSSL");
+#endif  // OPENSSL_IS_BORINGSSL
+
 #if HAVE_OPENSSL
   READONLY_TRUE_PROPERTY(target, "hasOpenSSL");
 #else
diff --git a/test/parallel/test-crypto-getcipherinfo.js b/test/parallel/test-crypto-getcipherinfo.js
@@ -62,9 +62,13 @@ assert(getCipherInfo('aes-128-cbc', { ivLength: 16 }));
 
 assert(!getCipherInfo('aes-128-ccm', { ivLength: 1 }));
 assert(!getCipherInfo('aes-128-ccm', { ivLength: 14 }));
-for (let n = 7; n <= 13; n++)
-  assert(getCipherInfo('aes-128-ccm', { ivLength: n }));
+if (!process.features.openssl_is_boringssl) {
+  for (let n = 7; n <= 13; n++)
+    assert(getCipherInfo('aes-128-ccm', { ivLength: n }));
+}
 
 assert(!getCipherInfo('aes-128-ocb', { ivLength: 16 }));
-for (let n = 1; n < 16; n++)
-  assert(getCipherInfo('aes-128-ocb', { ivLength: n }));
+if (!process.features.openssl_is_boringssl) {
+  for (let n = 1; n < 16; n++)
+    assert(getCipherInfo('aes-128-ocb', { ivLength: n }));
+}
diff --git a/test/parallel/test-crypto-hkdf.js b/test/parallel/test-crypto-hkdf.js
@@ -125,7 +125,7 @@ const algorithms = [
   ['sha256', '', 'salt', '', 10],
   ['sha512', 'secret', 'salt', '', 15],
 ];
-if (!hasOpenSSL3)
+if (!hasOpenSSL3 && !process.features.openssl_is_boringssl)
   algorithms.push(['whirlpool', 'secret', '', 'info', 20]);
 
 algorithms.forEach(([ hash, secret, salt, info, length ]) => {
diff --git a/test/parallel/test-process-features.js b/test/parallel/test-process-features.js
@@ -9,6 +9,7 @@ const expectedKeys = new Map([
   ['debug', ['boolean']],
   ['uv', ['boolean']],
   ['ipv6', ['boolean']],
+  ['openssl_is_boringssl', ['boolean']],
   ['tls_alpn', ['boolean']],
   ['tls_sni', ['boolean']],
   ['tls_ocsp', ['boolean']],
diff --git a/test/parallel/test-tls-getprotocol.js b/test/parallel/test-tls-getprotocol.js
@@ -29,11 +29,14 @@ const clientConfigs = [
 
 const serverConfig = {
   secureProtocol: 'TLS_method',
-  ciphers: 'RSA@SECLEVEL=0',
   key: fixtures.readKey('agent2-key.pem'),
   cert: fixtures.readKey('agent2-cert.pem')
 };
 
+if (!process.features.openssl_is_boringssl) {
+  serverConfig.ciphers = 'RSA@SECLEVEL=0';
+}
+
 const server = tls.createServer(serverConfig, common.mustCall(clientConfigs.length))
 .listen(0, common.localhostIPv4, function() {
   let connected = 0;
diff --git a/test/parallel/test-tls-write-error.js b/test/parallel/test-tls-write-error.js
@@ -17,9 +17,12 @@ const server_cert = fixtures.readKey('agent1-cert.pem');
 const opts = {
   key: server_key,
   cert: server_cert,
-  ciphers: 'ALL@SECLEVEL=0'
 };
 
+if (!process.features.openssl_is_boringssl) {
+  opts.ciphers = 'ALL@SECLEVEL=0';
+}
+
 const server = https.createServer(opts, (req, res) => {
   res.write('hello');
 }).listen(0, common.mustCall(() => {
