Skip to content

crypto: expose crypto.constants.OPENSSL_IS_BORINGSSL #58387

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

crypto: expose crypto.constants.OPENSSL_IS_BORINGSSL #58387

wants to merge 1 commit into from

Conversation

codebytere
Copy link
Member

@codebytere codebytere commented May 19, 2025
edited
Loading

This PR exposes a constant OPENSSL_IS_BORINGSSL. This allows knowing which crypto library is in use at the JS level - previously the only way to know was to check the version string, which would be 0.0.0 when built with BoringSSL.

This also sets the stage for adapting some of Node.js' crypto tests to run and pass with both BoringSSL and OpenSSL.

@codebytere codebytere requested a review from jasnell May 19, 2025 08:19
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. labels May 19, 2025
@codecov Codecov
Copy link

codecov bot commented May 19, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.24%. Comparing base (4edb139) to head (978897f).
Report is 31 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #58387   +/-   ##
=======================================
  Coverage   90.24%   90.24%           
=======================================
  Files         633      633           
  Lines      186860   186902   +42     
  Branches    36675    36691   +16     
=======================================
+ Hits       168623   168671   +48     
- Misses      11035    11039    +4     
+ Partials     7202     7192   -10
Files with missing lines Coverage Δ
src/node_constants.cc 99.71% <ø> (ø)

... and 51 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

legendecas
legendecas reviewed May 19, 2025
View reviewed changes
Copy link
Member

@legendecas legendecas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we expose this bit on process.features instead? crypto.constants object does not seem to be a good place for feature detection.

@codebytere
Copy link
Member Author

@legendecas i don't feel super strongly either way but via crypto.constants is a bit more straightforward imo

addaleax
addaleax reviewed May 19, 2025
View reviewed changes
@codebytere codebytere requested a review from addaleax May 19, 2025 13:49
jasnell
jasnell reviewed May 19, 2025
View reviewed changes
src/node_constants.cc
#undef OPENSSL_IS_BORINGSSL
#define OPENSSL_IS_BORINGSSL 1
NODE_DEFINE_CONSTANT(target, OPENSSL_IS_BORINGSSL);
#endif
Copy link
Member

@jasnell jasnell May 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not a big fan of redefining the existing define this way. Perhaps this could just be crypto.constants.BORINGSSL and the definition here could be:

#ifdef OPENSSL_IS_BORINGSSL
  constexpr auto BORINGSSL = 1;
#else
  constexpr auto BORINGSSL = 0;
#endif
  NODE_DEFINE_CONSTANT(target, BORINGSSL);

Copy link
Member

@jasnell jasnell May 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alternatively, I do wonder if this is better exposed via process.config or process.features. We do have the existing process.config.openssl_is_fips and process.config.openssl_quic flags in process.config.

ha... I missed the previous comment about this ;-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell left review comments

@legendecas legendecas legendecas left review comments

@addaleax addaleax addaleax approved these changes

Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@codebytere @jasnell @addaleax @legendecas @nodejs-github-bot