Skip to content

src,tools: enable BoringSSL in test-shared.yml#63206

Open
panva wants to merge 2 commits intonodejs:mainfrom
panva:test-shared-boring
Open

src,tools: enable BoringSSL in test-shared.yml#63206
panva wants to merge 2 commits intonodejs:mainfrom
panva:test-shared-boring

Conversation

@panva
Copy link
Copy Markdown
Member

@panva panva commented May 8, 2026
edited
Loading

This PR

  • adds an embedder and nodejs/ncrypto-users non-conflicting 🤞12 fallback for OpenSSL APIs missing in BoringSSL
  • makes the final test expectation adjustments for running the existing test suite with BoringSSL
  • adds BoringSSL to the test-shared.yml GHA workflow

This means that, barring arm test skips in test *.status files hiding BoringSSL failures (and yes i fixed those earlier), embedders such as electron who use BoringSSL will not need to skip test suites, or at least not because we didn't account for BoringSSL.

This does not add algorithm implementation fallbacks for BoringSSL, that'll come next.

Footnotes

  1. electron does not use nodejs/ncrypto, hence electron doesn't set NCRYPTO_BSSL_LIBDECREPIT_MISSING which means the fallback isn't in place and their boringssl w/ libdecrepit kicks in

  2. nodejs/ncrypto builds define NCRYPTO_BSSL_LIBDECREPIT_MISSING which means when missing our fallback kicks in, if present libdecrepit takes over

panva added 2 commits May 8, 2026 21:55
@panva
src: add BoringSSL EVP enumeration fallback
bd778b4 
BoringSSL declares EVP_CIPHER_do_all_sorted and
EVP_MD_do_all_sorted, but stock no-decrepit builds do not provide
those symbols. Add a Node build flag that keeps ncrypto and its
dependents on a local BoringSSL fallback list when libdecrepit is
absent.

Keep embedders that provide the EVP enumeration symbols on the normal
OpenSSL-compatible path, matching Electron's patched BoringSSL build.

Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
tools: add boringssl to tools/nix/openssl-matrix.nix
d6d120c 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva panva requested review from aduh95, anonrig, codebytere and jasnell May 8, 2026 20:04
@panva panva added the commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. label May 8, 2026
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented May 8, 2026

Review requested:

  • @nodejs/crypto
  • @nodejs/gyp
  • @nodejs/security-wg
  • @nodejs/web-standards

@nodejs-github-bot nodejs-github-bot added lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels May 8, 2026
@panva panva added crypto Issues and PRs related to the crypto subsystem. tools Issues and PRs related to the tools directory. dont-land-on-v22.x PRs that should not land on the v22.x-staging branch and should not be released in v22.x. dont-land-on-v24.x PRs that should not land on the v24.x-staging branch and should not be released in v24.x. dont-land-on-v25.x PRs that should not land on the v25.x-staging branch and should not be released in v25.x. labels May 8, 2026
@panva
Copy link
Copy Markdown
Member Author

panva commented May 8, 2026

🎉

aarch64-linux: with shared boringssl-0.20260413.0

===
=== All tests succeeded
===
All tests passed.

@panva panva added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. labels May 8, 2026
@github-actions github-actions Bot removed the request-ci Add this label to start a Jenkins CI on a PR. label May 8, 2026
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@codecov
Copy link
Copy Markdown

codecov Bot commented May 8, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.03%. Comparing base (bbf51ad) to head (d6d120c).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #63206      +/-   ##
==========================================
- Coverage   90.03%   90.03%   -0.01%     
==========================================
  Files         713      713              
  Lines      224950   224950              
  Branches    42532    42532              
==========================================
- Hits       202542   202529      -13     
- Misses      14175    14181       +6     
- Partials     8233     8240       +7
Files with missing lines Coverage Δ
src/crypto/crypto_hash.cc 76.94% <ø> (-0.30%) ⬇️

... and 26 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented May 9, 2026

CI: https://ci.nodejs.org/job/node-test-pull-request/73301/

@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented May 9, 2026

CI: https://ci.nodejs.org/job/node-test-pull-request/73303/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anonrig anonrig anonrig approved these changes

@aduh95 aduh95 aduh95 approved these changes

@jasnell jasnell Awaiting requested review from jasnell

@codebytere codebytere Awaiting requested review from codebytere

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. crypto Issues and PRs related to the crypto subsystem. dont-land-on-v22.x PRs that should not land on the v22.x-staging branch and should not be released in v22.x. dont-land-on-v24.x PRs that should not land on the v24.x-staging branch and should not be released in v24.x. dont-land-on-v25.x PRs that should not land on the v25.x-staging branch and should not be released in v25.x. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. tools Issues and PRs related to the tools directory.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@panva @nodejs-github-bot @anonrig @aduh95