crypto: expose crypto.constants.OPENSSL_IS_BORINGSSL

PR-URL: https://github.com/nodejs/node/pull/58387
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>

lib/internal/bootstrap/node.js

@@ -266,7 +266,7 @@ ObjectDefineProperty(process, 'allowedNodeEnvironmentFlags', {
 
 // TODO(joyeecheung): this property has not been well-maintained, should we
 // deprecate it in favor of a better API?
-const { isDebugBuild, hasOpenSSL, hasInspector } = config;
+const { isDebugBuild, hasOpenSSL, openSSLIsBoringSSL, hasInspector } = config;
 const features = {
   inspector: hasInspector,
   debug: isDebugBuild,
@@ -276,6 +276,7 @@ const features = {
   tls_sni: hasOpenSSL,
   tls_ocsp: hasOpenSSL,
   tls: hasOpenSSL,
+  openssl_is_boringssl: openSSLIsBoringSSL,
   // This needs to be dynamic because --no-node-snapshot disables the
   // code cache even if the binary is built with embedded code cache.
   get cached_builtins() {

src/node_config.cc

@@ -48,6 +48,12 @@ static void InitConfig(Local<Object> target,
   READONLY_FALSE_PROPERTY(target, "isDebugBuild");
 #endif  // defined(DEBUG) && DEBUG
 
+#ifdef OPENSSL_IS_BORINGSSL
+  READONLY_TRUE_PROPERTY(target, "openSSLIsBoringSSL");
+#else
+  READONLY_FALSE_PROPERTY(target, "openSSLIsBoringSSL");
+#endif  // OPENSSL_IS_BORINGSSL
+
 #if HAVE_OPENSSL
   READONLY_TRUE_PROPERTY(target, "hasOpenSSL");
 #else

test/parallel/test-crypto-getcipherinfo.js

@@ -62,9 +62,13 @@ assert(getCipherInfo('aes-128-cbc', { ivLength: 16 }));
 
 assert(!getCipherInfo('aes-128-ccm', { ivLength: 1 }));
 assert(!getCipherInfo('aes-128-ccm', { ivLength: 14 }));
-for (let n = 7; n <= 13; n++)
+if (!process.features.openssl_is_boringssl) {
-  assert(getCipherInfo('aes-128-ccm', { ivLength: n }));
+  for (let n = 7; n <= 13; n++)
+    assert(getCipherInfo('aes-128-ccm', { ivLength: n }));
+}
 
 assert(!getCipherInfo('aes-128-ocb', { ivLength: 16 }));
-for (let n = 1; n < 16; n++)
+if (!process.features.openssl_is_boringssl) {
-  assert(getCipherInfo('aes-128-ocb', { ivLength: n }));
+  for (let n = 1; n < 16; n++)
+    assert(getCipherInfo('aes-128-ocb', { ivLength: n }));
+}

test/parallel/test-crypto-hkdf.js

@@ -125,7 +125,7 @@ const algorithms = [
   ['sha256', '', 'salt', '', 10],
   ['sha512', 'secret', 'salt', '', 15],
 ];
-if (!hasOpenSSL3)
+if (!hasOpenSSL3 && !process.features.openssl_is_boringssl)
   algorithms.push(['whirlpool', 'secret', '', 'info', 20]);
 
 algorithms.forEach(([ hash, secret, salt, info, length ]) => {

test/parallel/test-process-features.js

@@ -9,6 +9,7 @@ const expectedKeys = new Map([
   ['debug', ['boolean']],
   ['uv', ['boolean']],
   ['ipv6', ['boolean']],
+  ['openssl_is_boringssl', ['boolean']],
   ['tls_alpn', ['boolean']],
   ['tls_sni', ['boolean']],
   ['tls_ocsp', ['boolean']],

test/parallel/test-tls-getprotocol.js

@@ -29,11 +29,14 @@ const clientConfigs = [
 
 const serverConfig = {
   secureProtocol: 'TLS_method',
-  ciphers: 'RSA@SECLEVEL=0',
   key: fixtures.readKey('agent2-key.pem'),
   cert: fixtures.readKey('agent2-cert.pem')
 };
 
+if (!process.features.openssl_is_boringssl) {
+  serverConfig.ciphers = 'RSA@SECLEVEL=0';
+}
+
 const server = tls.createServer(serverConfig, common.mustCall(clientConfigs.length))
 .listen(0, common.localhostIPv4, function() {
   let connected = 0;

test/parallel/test-tls-write-error.js

@@ -17,9 +17,12 @@ const server_cert = fixtures.readKey('agent1-cert.pem');
 const opts = {
   key: server_key,
   cert: server_cert,
-  ciphers: 'ALL@SECLEVEL=0'
 };
 
+if (!process.features.openssl_is_boringssl) {
+  opts.ciphers = 'ALL@SECLEVEL=0';
+}
+
 const server = https.createServer(opts, (req, res) => {
   res.write('hello');
 }).listen(0, common.mustCall(() => {