fixup! crypto: add guards and adjust tests for BoringSSL

panva · panva · commit f61353840dc0 · 2026-04-23T10:22:02.000+02:00
Signed-off-by: Filip Skokan &lt;panva.ip@gmail.com&gt;
diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
@@ -147,7 +147,12 @@ DataPointer DataPointer::SecureAlloc(size_t len) {
 #ifndef OPENSSL_IS_BORINGSSL
   auto ptr = OPENSSL_secure_zalloc(len);
   if (ptr == nullptr) return {};
-  return DataPointer(ptr, len, true);
+  // OPENSSL_secure_zalloc transparently falls back to a regular allocation
+  // when the secure heap is not initialized or is exhausted. Reflect the
+  // actual provenance of the pointer so that reset() routes to the correct
+  // free function (OPENSSL_secure_clear_free vs. OPENSSL_clear_free) and
+  // callers of isSecure() get a truthful answer.
+  return DataPointer(ptr, len, CRYPTO_secure_allocated(ptr) == 1);
 #else
   // BoringSSL does not implement the OPENSSL_secure_zalloc API.
   auto ptr = OPENSSL_malloc(len);
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
@@ -736,7 +736,6 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
   uint32_t len = args[0].As<Uint32>()->Value();
 
   auto data = DataPointer::SecureAlloc(len);
-  CHECK(data.isSecure());
   if (!data) {
     return THROW_ERR_OPERATION_FAILED(env, "Allocation failed");
   }

Original file line number	Diff line number	Diff line change
`@@ -736,7 +736,6 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {`
`736`	`736`	`uint32_t len = args[0].As<Uint32>()->Value();`
`737`	`737`
`738`	`738`	`auto data = DataPointer::SecureAlloc(len);`
`739`		`- CHECK(data.isSecure());`
`740`	`739`	`if (!data) {`
`741`	`740`	`return THROW_ERR_OPERATION_FAILED(env, "Allocation failed");`
`742`	`741`	`}`