src: move more crypto code to ncrypto

nodejs/node#54320

patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch

@@ -109,19 +109,19 @@ index 85d48dfd2c15c453707bf6eb94e22f89b4f856b2..fe31a9a7f465a03d2de365cef392dfbb
    crypto::EVPKeyPointer key(raw_key);
 
 diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
-index cef0c877c67643d47da787eddb95ed5a410a941b..1b8af49a48f1a34a92d4f0b502d435f3a4ab5d8e 100644
+index c924a54639e8c22d765dc240dffacfffb200ca0c..661e8a13c9245f76441414982dc4a996f4896a81 100644
 --- a/src/crypto/crypto_context.cc
 +++ b/src/crypto/crypto_context.cc
-@@ -63,7 +63,7 @@ inline X509_STORE* GetOrCreateRootCertStore() {
+@@ -64,7 +64,7 @@ X509_STORE* GetOrCreateRootCertStore() {
  // Caller responsible for BIO_free_all-ing the returned object.
  BIOPointer LoadBIO(Environment* env, Local<Value> v) {
    if (v->IsString() || v->IsArrayBufferView()) {
--    BIOPointer bio(BIO_new(BIO_s_secmem()));
-+    BIOPointer bio(BIO_new(BIO_s_mem()));
-     if (!bio) return nullptr;
+-    auto bio = BIOPointer::NewSecMem();
++    auto bio = BIOPointer::NewMem();
+     if (!bio) return {};
      ByteSource bsrc = ByteSource::FromStringOrBuffer(env, v);
-     if (bsrc.size() > INT_MAX) return nullptr;
-@@ -882,10 +882,12 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo<Value>& args) {
+     if (bsrc.size() > INT_MAX) return {};
+@@ -920,11 +920,12 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo<Value>& args) {
    // If the user specified "auto" for dhparams, the JavaScript layer will pass
    // true to this function instead of the original string. Any other string
    // value will be interpreted as custom DH parameters below.
@@ -130,66 +130,82 @@ index cef0c877c67643d47da787eddb95ed5a410a941b..1b8af49a48f1a34a92d4f0b502d435f3
      CHECK(SSL_CTX_set_dh_auto(sc->ctx_.get(), true));
      return;
    }
+-
 +#endif
-
    DHPointer dh;
    {
+     BIOPointer bio(LoadBIO(env, args[0]));
+diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
+index eb3533bb4623b152605c3c590f37f086cce5f073..ce60ca610cc5e5fab38258639453c0914bf15b1b 100644
+--- a/deps/ncrypto/ncrypto.cc
++++ b/deps/ncrypto/ncrypto.cc
+@@ -1057,8 +1057,10 @@ BignumPointer DHPointer::FindGroup(const std::string_view name,
+                                    FindGroupOption option) {
+ #define V(n, p) if (EqualNoCase(name, n)) return BignumPointer(p(nullptr));
+   if (option != FindGroupOption::NO_SMALL_PRIMES) {
++#ifndef OPENSSL_IS_BORINGSSL
+     V("modp1", BN_get_rfc2409_prime_768);
+     V("modp2", BN_get_rfc2409_prime_1024);
++#endif
+     V("modp5", BN_get_rfc3526_prime_1536);
+   }
+   V("modp14", BN_get_rfc3526_prime_2048);
 diff --git a/src/crypto/crypto_dh.cc b/src/crypto/crypto_dh.cc
-index dac37f52b9687cadfa2d02152241e9a6e4c16ddf..d47cfa4ad8707ed7f0a42e7fe176fec25be64305 100644
+index e5664dfa2bc7e11922fa965f28acdf21470d1147..d8df6b46013ed8177270648e89b5f9ce6bf548f2 100644
 --- a/src/crypto/crypto_dh.cc
 +++ b/src/crypto/crypto_dh.cc
-@@ -154,13 +154,11 @@ bool DiffieHellman::Init(BignumPointer&& bn_p, int g) {
- bool DiffieHellman::Init(const char* p, int p_len, int g) {
-   dh_.reset(DH_new());
-   if (p_len <= 0) {
--    ERR_put_error(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX,
--      BN_R_BITS_TOO_SMALL, __FILE__, __LINE__);
-+    OPENSSL_PUT_ERROR(BN, BN_R_BITS_TOO_SMALL);
-     return false;
-   }
-   if (g <= 1) {
--    ERR_put_error(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS,
--      DH_R_BAD_GENERATOR, __FILE__, __LINE__);
-+    OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
-     return false;
-   }
-   BignumPointer bn_p(
-@@ -176,20 +174,17 @@ bool DiffieHellman::Init(const char* p, int p_len, int g) {
- bool DiffieHellman::Init(const char* p, int p_len, const char* g, int g_len) {
-   dh_.reset(DH_new());
-   if (p_len <= 0) {
--    ERR_put_error(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX,
--      BN_R_BITS_TOO_SMALL, __FILE__, __LINE__);
-+    OPENSSL_PUT_ERROR(BN, BN_R_BITS_TOO_SMALL);
-     return false;
-   }
-   if (g_len <= 0) {
--    ERR_put_error(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS,
--      DH_R_BAD_GENERATOR, __FILE__, __LINE__);
-+    OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
-     return false;
-   }
-   BignumPointer bn_g(
-       BN_bin2bn(reinterpret_cast<const unsigned char*>(g), g_len, nullptr));
-   if (BN_is_zero(bn_g.get()) || BN_is_one(bn_g.get())) {
--    ERR_put_error(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS,
--      DH_R_BAD_GENERATOR, __FILE__, __LINE__);
-+    OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
-     return false;
+@@ -86,11 +86,7 @@ void New(const FunctionCallbackInfo<Value>& args) {
+   if (args[0]->IsInt32()) {
+     int32_t bits = args[0].As<Int32>()->Value();
+     if (bits < 2) {
+-#if OPENSSL_VERSION_MAJOR >= 3
+-      ERR_put_error(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_SMALL, __FILE__, __LINE__);
+-#else
+-      ERR_put_error(ERR_LIB_BN, 0, BN_R_BITS_TOO_SMALL, __FILE__, __LINE__);
+-#endif
++      OPENSSL_PUT_ERROR(BN, BN_R_BITS_TOO_SMALL);
+       return ThrowCryptoError(env, ERR_get_error(), "Invalid prime length");
+     }
+
+@@ -103,7 +99,7 @@ void New(const FunctionCallbackInfo<Value>& args) {
+     }
+     int32_t generator = args[1].As<Int32>()->Value();
+     if (generator < 2) {
+-      ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__);
++      OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
+       return ThrowCryptoError(env, ERR_get_error(), "Invalid generator");
+     }
+
+@@ -132,12 +128,12 @@ void New(const FunctionCallbackInfo<Value>& args) {
+   if (args[1]->IsInt32()) {
+     int32_t generator = args[1].As<Int32>()->Value();
+     if (generator < 2) {
+-      ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__);
++      OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
+       return ThrowCryptoError(env, ERR_get_error(), "Invalid generator");
+     }
+     bn_g = BignumPointer::New();
+     if (!bn_g.setWord(generator)) {
+-      ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__);
++      OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
+       return ThrowCryptoError(env, ERR_get_error(), "Invalid generator");
+     }
+   } else {
+@@ -146,11 +142,11 @@ void New(const FunctionCallbackInfo<Value>& args) {
+       return THROW_ERR_OUT_OF_RANGE(env, "generator is too big");
+     bn_g = BignumPointer(reinterpret_cast<uint8_t*>(arg1.data()), arg1.size());
+     if (!bn_g) {
+-      ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__);
++      OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
+       return ThrowCryptoError(env, ERR_get_error(), "Invalid generator");
+     }
+     if (bn_g.getWord() < 2) {
+-      ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__);
++      OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
+       return ThrowCryptoError(env, ERR_get_error(), "Invalid generator");
+     }
    }
-   BignumPointer bn_p(
-@@ -219,8 +214,10 @@ typedef BignumPointer (*StandardizedGroupInstantiator)();
- inline StandardizedGroupInstantiator FindDiffieHellmanGroup(const char* name) {
- #define V(n, p)                                                                \
-   if (StringEqualNoCase(name, n)) return InstantiateStandardizedGroup<p>
-+#ifndef OPENSSL_IS_BORINGSSL
-   V("modp1", BN_get_rfc2409_prime_768);
-   V("modp2", BN_get_rfc2409_prime_1024);
-+#endif
-   V("modp5", BN_get_rfc3526_prime_1536);
-   V("modp14", BN_get_rfc3526_prime_2048);
-   V("modp15", BN_get_rfc3526_prime_3072);
-@@ -565,9 +562,11 @@ EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) {
+@@ -398,9 +394,11 @@ EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) {
      key_params = EVPKeyPointer(EVP_PKEY_new());
      CHECK(key_params);
      CHECK_EQ(EVP_PKEY_assign_DH(key_params.get(), dh.release()), 1);
@@ -202,7 +218,7 @@ index dac37f52b9687cadfa2d02152241e9a6e4c16ddf..d47cfa4ad8707ed7f0a42e7fe176fec2
      if (!param_ctx ||
          EVP_PKEY_paramgen_init(param_ctx.get()) <= 0 ||
          EVP_PKEY_CTX_set_dh_paramgen_prime_len(
-@@ -581,6 +580,9 @@ EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) {
+@@ -414,6 +412,9 @@ EVPKeyCtxPointer DhKeyGenTraits::Setup(DhKeyPairGenConfig* params) {
      }
 
      key_params = EVPKeyPointer(raw_params);