diff --git a/cmake/targets/BuildBoringSSL.cmake b/cmake/targets/BuildBoringSSL.cmake index 9050cb5c36..d9ce01c685 100644 --- a/cmake/targets/BuildBoringSSL.cmake +++ b/cmake/targets/BuildBoringSSL.cmake @@ -4,7 +4,7 @@ register_repository( REPOSITORY oven-sh/boringssl COMMIT - f1ffd9e83d4f5c28a9c70d73f9a4e6fcf310062f + 4f4f5ef8ebc6e23cbf393428f0ab1b526773f7ac ) register_cmake_command( diff --git a/src/bun.js/bindings/ncrypto.cpp b/src/bun.js/bindings/ncrypto.cpp index e1e747ed78..48281ca1ad 100644 --- a/src/bun.js/bindings/ncrypto.cpp +++ b/src/bun.js/bindings/ncrypto.cpp @@ -1901,7 +1901,7 @@ DataPointer DHPointer::stateless(const EVPKeyPointer& ourKey, // ============================================================================ // KDF -const EVP_MD* getDigestByName(const WTF::StringView name, bool ignoreSHA512_224) +const EVP_MD* getDigestByName(const WTF::StringView name) { // Historically, "dss1" and "DSS1" were DSA aliases for SHA-1 // exposed through the public API. @@ -1955,9 +1955,6 @@ const EVP_MD* getDigestByName(const WTF::StringView name, bool ignoreSHA512_224) return EVP_sha512(); } if (WTF::equalIgnoringASCIICase(moreBits, "/224"_s)) { - if (ignoreSHA512_224) { - return nullptr; - } return EVP_sha512_224(); } if (WTF::equalIgnoringASCIICase(moreBits, "/256"_s)) { @@ -1979,10 +1976,6 @@ const EVP_MD* getDigestByName(const WTF::StringView name, bool ignoreSHA512_224) } } - if (ignoreSHA512_224 && WTF::equalIgnoringASCIICase(name, "sha512-224"_s)) { - return nullptr; - } - // if (name == "ripemd160WithRSA"_s || name == "RSA-RIPEMD160"_s) { // return EVP_ripemd160(); // } diff --git a/src/bun.js/bindings/ncrypto.h b/src/bun.js/bindings/ncrypto.h index 358b89d58e..4e4be88722 100644 --- a/src/bun.js/bindings/ncrypto.h +++ b/src/bun.js/bindings/ncrypto.h @@ -1575,7 +1575,7 @@ Buffer ExportChallenge(const char* input, size_t length); // ============================================================================ // KDF -const EVP_MD* getDigestByName(const WTF::StringView name, bool ignoreSHA512_224 = false); +const EVP_MD* getDigestByName(const WTF::StringView name); const EVP_CIPHER* getCipherByName(const WTF::StringView name); // Verify that the specified HKDF output length is valid for the given digest. diff --git a/src/bun.js/bindings/node/crypto/JSHash.cpp b/src/bun.js/bindings/node/crypto/JSHash.cpp index 8708a6040e..4987675c75 100644 --- a/src/bun.js/bindings/node/crypto/JSHash.cpp +++ b/src/bun.js/bindings/node/crypto/JSHash.cpp @@ -251,15 +251,7 @@ JSC_DEFINE_HOST_FUNCTION(jsHashProtoFuncDigest, (JSC::JSGlobalObject * lexicalGl // Only compute the digest if it hasn't been cached yet if (!hash->m_digest && len > 0) { - - const EVP_MD* md = hash->m_ctx.getDigest(); - uint32_t bufLen = len; - if (md == EVP_sha512_224()) { - // SHA-512/224 expects buffer length of length % 8. can be truncated afterwards - bufLen = SHA512_224_DIGEST_BUFFER_LENGTH; - } - - auto data = hash->m_ctx.digestFinal(bufLen); + auto data = hash->m_ctx.digestFinal(len); if (!data) { throwCryptoError(lexicalGlobalObject, scope, ERR_get_error(), "Failed to finalize digest"_s); return {}; @@ -325,7 +317,7 @@ JSC_DEFINE_HOST_FUNCTION(constructHash, (JSC::JSGlobalObject * globalObject, JSC WTF::String algorithm = algorithmOrHashInstanceValue.toWTFString(globalObject); RETURN_IF_EXCEPTION(scope, {}); - md = ncrypto::getDigestByName(algorithm, true); + md = ncrypto::getDigestByName(algorithm); if (!md) { zigHasher = ExternZigHash::getByName(zigGlobalObject, algorithm); }