src: add BoringSSL EVP enumeration fallback

panva · panva · commit 4c72d6dfd6f6 · 2026-05-05T14:40:14.000+02:00
BoringSSL declares EVP_CIPHER_do_all_sorted and
EVP_MD_do_all_sorted, but stock no-decrepit builds do not provide
those symbols. Add a Node build flag that keeps ncrypto and its
dependents on a local BoringSSL fallback list when libdecrepit is
absent.

Keep embedders that provide the EVP enumeration symbols on the normal
OpenSSL-compatible path, matching Electron's patched BoringSSL build.

Signed-off-by: Filip Skokan &lt;panva.ip@gmail.com&gt;
diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
@@ -9,6 +9,7 @@
 #include <openssl/x509v3.h>
 #ifdef OPENSSL_IS_BORINGSSL
 #include <openssl/bytestring.h>
+#include <openssl/cipher.h>
 #include <openssl/pem.h>
 #endif
 #include <algorithm>
@@ -76,6 +77,28 @@ using NetscapeSPKIPointer = DeleteFnPtr<NETSCAPE_SPKI, NETSCAPE_SPKI_free>;
 
 static constexpr int kX509NameFlagsRFC2253WithinUtf8JSON =
     XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB & ~ASN1_STRFLGS_ESC_CTRL;
+
+#if NCRYPTO_USE_BORINGSSL_EVP_DO_ALL_FALLBACK
+struct BoringSSLCipher {
+  const EVP_CIPHER* (*get)();
+  const char* name;
+};
+
+constexpr BoringSSLCipher kBoringSSLCiphers[] = {
+    {EVP_aes_128_cbc, "aes-128-cbc"},   {EVP_aes_128_ctr, "aes-128-ctr"},
+    {EVP_aes_128_ecb, "aes-128-ecb"},   {EVP_aes_128_gcm, "aes-128-gcm"},
+    {EVP_aes_128_ofb, "aes-128-ofb"},   {EVP_aes_192_cbc, "aes-192-cbc"},
+    {EVP_aes_192_ctr, "aes-192-ctr"},   {EVP_aes_192_ecb, "aes-192-ecb"},
+    {EVP_aes_192_gcm, "aes-192-gcm"},   {EVP_aes_192_ofb, "aes-192-ofb"},
+    {EVP_aes_256_cbc, "aes-256-cbc"},   {EVP_aes_256_ctr, "aes-256-ctr"},
+    {EVP_aes_256_ecb, "aes-256-ecb"},   {EVP_aes_256_gcm, "aes-256-gcm"},
+    {EVP_aes_256_ofb, "aes-256-ofb"},   {EVP_des_cbc, "des-cbc"},
+    {EVP_des_ecb, "des-ecb"},           {EVP_des_ede, "des-ede"},
+    {EVP_des_ede3_cbc, "des-ede3-cbc"}, {EVP_des_ede_cbc, "des-ede-cbc"},
+    {EVP_rc2_cbc, "rc2-cbc"},           {EVP_rc4, "rc4"},
+};
+
+#endif
 }  // namespace
 
 // ============================================================================
@@ -4286,6 +4309,12 @@ void Cipher::ForEach(Cipher::CipherNameCallback callback) {
   CipherCallbackContext context;
   context.cb = std::move(callback);
 
+#if NCRYPTO_USE_BORINGSSL_EVP_DO_ALL_FALLBACK
+  for (const auto& cipher : kBoringSSLCiphers) {
+    static_cast<void>(cipher.get);
+    context.cb(cipher.name);
+  }
+#else
   EVP_CIPHER_do_all_sorted(
 #if OPENSSL_VERSION_MAJOR >= 3
       array_push_back<EVP_CIPHER,
@@ -4297,6 +4326,7 @@ void Cipher::ForEach(Cipher::CipherNameCallback callback) {
       array_push_back<EVP_CIPHER>,
 #endif
       &context);
+#endif
 }
 
 // ============================================================================
diff --git a/deps/ncrypto/ncrypto.gyp b/deps/ncrypto/ncrypto.gyp
@@ -1,5 +1,6 @@
 {
   'variables': {
+    'ncrypto_bssl_libdecrepit_missing%': 1,
     'ncrypto_sources': [
       'engine.cc',
       'ncrypto.cc',
@@ -11,8 +12,14 @@
       'target_name': 'ncrypto',
       'type': 'static_library',
       'include_dirs': ['.'],
+      'defines': [
+        'NCRYPTO_BSSL_LIBDECREPIT_MISSING=<(ncrypto_bssl_libdecrepit_missing)',
+      ],
       'direct_dependent_settings': {
         'include_dirs': ['.'],
+        'defines': [
+          'NCRYPTO_BSSL_LIBDECREPIT_MISSING=<(ncrypto_bssl_libdecrepit_missing)',
+        ],
       },
       'sources': [ '<@(ncrypto_sources)' ],
       'conditions': [
diff --git a/deps/ncrypto/ncrypto.h b/deps/ncrypto/ncrypto.h
@@ -28,6 +28,18 @@
   (OPENSSL_VERSION_NUMBER >= (((maj) << 28) | ((min) << 20)))
 #endif
 
+// BoringSSL declares the EVP_*_do_all* APIs, but their implementation may
+// live in libdecrepit. This matches standalone ncrypto's build flag.
+#ifndef NCRYPTO_BSSL_LIBDECREPIT_MISSING
+#define NCRYPTO_BSSL_LIBDECREPIT_MISSING 0
+#endif
+
+#if defined(OPENSSL_IS_BORINGSSL) && NCRYPTO_BSSL_LIBDECREPIT_MISSING
+#define NCRYPTO_USE_BORINGSSL_EVP_DO_ALL_FALLBACK 1
+#else
+#define NCRYPTO_USE_BORINGSSL_EVP_DO_ALL_FALLBACK 0
+#endif
+
 // The FIPS-related functions are only available
 // when the OpenSSL itself was compiled with FIPS support.
 #if defined(OPENSSL_FIPS) && !OPENSSL_VERSION_PREREQ(3, 0)
diff --git a/src/crypto/crypto_hash.cc b/src/crypto/crypto_hash.cc
@@ -7,6 +7,10 @@
 #include "threadpoolwork-inl.h"
 #include "v8.h"
 
+#if NCRYPTO_USE_BORINGSSL_EVP_DO_ALL_FALLBACK
+#include <openssl/digest.h>
+#endif
+
 #include <cstdio>
 
 namespace node {
@@ -41,6 +45,24 @@ void Hash::MemoryInfo(MemoryTracker* tracker) const {
   tracker->TrackFieldWithSize("md", digest_ ? md_len_ : 0);
 }
 
+#if NCRYPTO_USE_BORINGSSL_EVP_DO_ALL_FALLBACK
+struct BoringSSLDigest {
+  const EVP_MD* (*get)();
+  const char* name;
+};
+
+constexpr BoringSSLDigest kBoringSSLDigests[] = {
+    {EVP_md4, "md4"},
+    {EVP_md5, "md5"},
+    {EVP_sha1, "sha1"},
+    {EVP_sha224, "sha224"},
+    {EVP_sha256, "sha256"},
+    {EVP_sha384, "sha384"},
+    {EVP_sha512, "sha512"},
+    {EVP_sha512_256, "sha512-256"},
+};
+#endif
+
 #if OPENSSL_VERSION_MAJOR >= 3
 void PushAliases(const char* name, void* data) {
   static_cast<std::vector<std::string>*>(data)->push_back(name);
@@ -122,7 +144,12 @@ void SaveSupportedHashAlgorithms(const EVP_MD* md,
 const std::vector<std::string>& GetSupportedHashAlgorithms(Environment* env) {
   if (env->supported_hash_algorithms.empty()) {
     MarkPopErrorOnReturn mark_pop_error_on_return;
-#if OPENSSL_VERSION_MAJOR >= 3
+#if NCRYPTO_USE_BORINGSSL_EVP_DO_ALL_FALLBACK
+    for (const auto& digest : kBoringSSLDigests) {
+      static_cast<void>(digest.get);
+      env->supported_hash_algorithms.emplace_back(digest.name);
+    }
+#elif OPENSSL_VERSION_MAJOR >= 3
     // Since we'll fetch the EVP_MD*, cache them along the way to speed up
     // later lookups instead of throwing them away immediately.
     EVP_MD_do_all_sorted(SaveSupportedHashAlgorithmsAndCacheMD, env);
diff --git a/test/parallel/test-crypto-boringssl-evp-list.js b/test/parallel/test-crypto-boringssl-evp-list.js
@@ -0,0 +1,31 @@
+'use strict';
+
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+if (!process.features.openssl_is_boringssl)
+  common.skip('BoringSSL-only test');
+
+const assert = require('assert');
+const { getCiphers, getHashes } = require('crypto');
+
+const ciphers = getCiphers();
+[
+  'aes-128-cbc',
+  'aes-256-gcm',
+  'des-ede',
+  'des-ede-cbc',
+  'des-ede3-cbc',
+  'rc2-cbc',
+  'rc4',
+].forEach((cipher) => assert(ciphers.includes(cipher), cipher));
+
+const hashes = getHashes();
+[
+  'md4',
+  'md5',
+  'sha1',
+  'sha256',
+  'sha512-256',
+].forEach((hash) => assert(hashes.includes(hash), hash));
