From 6565fe0567409937a490e398b8c72470e3e20099 Mon Sep 17 00:00:00 2001 From: Juan Cruz Viotti Date: Thu, 30 Sep 2021 13:43:22 -0400 Subject: [PATCH 1/3] fix: Enable X509_V_FLAG_TRUSTED_FIRST flag in BoringSSL Fixes: https://github.com/electron/electron/issues/31212 Signed-off-by: Juan Cruz Viotti --- patches/boringssl/.patches | 3 +++ ...nable_x509_v_flag_trusted_first_flag.patch | 20 +++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch diff --git a/patches/boringssl/.patches b/patches/boringssl/.patches index 35e773ad74db6..ea99b0d7e721e 100644 --- a/patches/boringssl/.patches +++ b/patches/boringssl/.patches @@ -1,3 +1,6 @@ expose_ripemd160.patch expose_aes-cfb.patch expose_des-ede3.patch +fix_sync_evp_get_cipherbynid_and_evp_get_cipherbyname.patch +add_maskhash_to_rsa_pss_params_st_for_compat.patch +enable_x509_v_flag_trusted_first_flag.patch diff --git a/patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch b/patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch new file mode 100644 index 0000000000000..5c3c96ccb3f4e --- /dev/null +++ b/patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch @@ -0,0 +1,20 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Juan Cruz Viotti +Date: Thu, 30 Sep 2021 13:39:23 -0400 +Subject: Enable X509_V_FLAG_TRUSTED_FIRST flag + +Signed-off-by: Juan Cruz Viotti + +diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c +index 5a881d64c30076404cc800fff9e943bb0b30d2ac..29d5341efc8eb7ae6f90bdde5a8032e99f75c98e 100644 +--- a/crypto/x509/x509_vpm.c ++++ b/crypto/x509/x509_vpm.c +@@ -528,7 +528,7 @@ static const X509_VERIFY_PARAM default_table[] = { + (char *)"default", /* X509 default parameters */ + 0, /* Check time */ + 0, /* internal flags */ +- 0, /* flags */ ++ X509_V_FLAG_TRUSTED_FIRST, /* flags */ + 0, /* purpose */ + 0, /* trust */ + 100, /* depth */ From 3aa0b9576bfe817183dd4be0ce35f9eed36f73fb Mon Sep 17 00:00:00 2001 From: Samuel Attard Date: Thu, 30 Sep 2021 13:26:21 -0700 Subject: [PATCH 2/3] Update .patches --- patches/boringssl/.patches | 2 -- 1 file changed, 2 deletions(-) diff --git a/patches/boringssl/.patches b/patches/boringssl/.patches index ea99b0d7e721e..d99a7f6c51d57 100644 --- a/patches/boringssl/.patches +++ b/patches/boringssl/.patches @@ -1,6 +1,4 @@ expose_ripemd160.patch expose_aes-cfb.patch expose_des-ede3.patch -fix_sync_evp_get_cipherbynid_and_evp_get_cipherbyname.patch -add_maskhash_to_rsa_pss_params_st_for_compat.patch enable_x509_v_flag_trusted_first_flag.patch From c8f2532c8f2105cb17187a974f0c9f460a2fd2f0 Mon Sep 17 00:00:00 2001 From: PatchUp <73610968+patchup[bot]@users.noreply.github.com> Date: Thu, 30 Sep 2021 20:37:12 +0000 Subject: [PATCH 3/3] chore: update patches --- patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch b/patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch index 5c3c96ccb3f4e..0757335515fc9 100644 --- a/patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch +++ b/patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch @@ -6,10 +6,10 @@ Subject: Enable X509_V_FLAG_TRUSTED_FIRST flag Signed-off-by: Juan Cruz Viotti diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c -index 5a881d64c30076404cc800fff9e943bb0b30d2ac..29d5341efc8eb7ae6f90bdde5a8032e99f75c98e 100644 +index d8d1efe883321510e4da1aab2cd78378e395c2b2..a371d611dbb2ea7a287a3cb117c3e3d0e1a925b6 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c -@@ -528,7 +528,7 @@ static const X509_VERIFY_PARAM default_table[] = { +@@ -548,7 +548,7 @@ static const X509_VERIFY_PARAM default_table[] = { (char *)"default", /* X509 default parameters */ 0, /* Check time */ 0, /* internal flags */