npm - react-native-quick-crypto - Versions diffs - 1.0.9 → 1.0.10 - Mend

react-native-quick-crypto 1.0.9 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (170) hide show

package/QuickCrypto.podspec +9 -2
package/README.md +13 -9
package/android/CMakeLists.txt +4 -0
package/cpp/cipher/HybridCipherFactory.hpp +15 -1
package/cpp/cipher/OCBCipher.cpp +4 -4
package/cpp/cipher/XChaCha20Poly1305Cipher.cpp +161 -0
package/cpp/cipher/XChaCha20Poly1305Cipher.hpp +43 -0
package/cpp/cipher/XSalsa20Poly1305Cipher.cpp +145 -0
package/cpp/cipher/XSalsa20Poly1305Cipher.hpp +42 -0
package/cpp/dh/HybridDiffieHellman.cpp +10 -0
package/cpp/dh/HybridDiffieHellman.hpp +1 -0
package/cpp/ec/HybridEcKeyPair.cpp +21 -0
package/cpp/ec/HybridEcKeyPair.hpp +1 -0
package/cpp/hash/HybridHash.cpp +1 -1
package/cpp/hash/HybridHash.hpp +1 -1
package/cpp/hmac/HybridHmac.cpp +1 -1
package/cpp/hmac/HybridHmac.hpp +1 -1
package/cpp/keys/HybridKeyObjectHandle.cpp +112 -1
package/cpp/keys/HybridKeyObjectHandle.hpp +5 -1
package/deps/ncrypto/.bazelrc +0 -1
package/deps/ncrypto/.bazelversion +1 -1
package/deps/ncrypto/.github/workflows/commitlint.yml +16 -0
package/deps/ncrypto/.github/workflows/linter.yml +2 -2
package/deps/ncrypto/.github/workflows/release-please.yml +16 -0
package/deps/ncrypto/.github/workflows/ubuntu.yml +82 -0
package/deps/ncrypto/.release-please-manifest.json +3 -0
package/deps/ncrypto/BUILD.bazel +9 -1
package/deps/ncrypto/CHANGELOG.md +37 -0
package/deps/ncrypto/CMakeLists.txt +35 -11
package/deps/ncrypto/MODULE.bazel +16 -1
package/deps/ncrypto/MODULE.bazel.lock +299 -118
package/deps/ncrypto/cmake/ncrypto-flags.cmake +1 -0
package/deps/ncrypto/include/ncrypto/aead.h +137 -0
package/deps/ncrypto/include/ncrypto/version.h +14 -0
package/deps/ncrypto/include/ncrypto.h +85 -230
package/deps/ncrypto/ncrypto.pc.in +10 -0
package/deps/ncrypto/release-please-config.json +11 -0
package/deps/ncrypto/src/CMakeLists.txt +31 -6
package/deps/ncrypto/src/aead.cpp +302 -0
package/deps/ncrypto/src/ncrypto.cpp +274 -556
package/deps/ncrypto/tests/BUILD.bazel +2 -0
package/deps/ncrypto/tests/basic.cpp +772 -2
package/deps/ncrypto/tools/run-clang-format.sh +5 -5
package/lib/commonjs/diffie-hellman.js +4 -1
package/lib/commonjs/diffie-hellman.js.map +1 -1
package/lib/commonjs/ec.js +20 -25
package/lib/commonjs/ec.js.map +1 -1
package/lib/commonjs/ed.js +1 -2
package/lib/commonjs/ed.js.map +1 -1
package/lib/commonjs/hash.js +7 -0
package/lib/commonjs/hash.js.map +1 -1
package/lib/commonjs/index.js +11 -1
package/lib/commonjs/index.js.map +1 -1
package/lib/commonjs/keys/classes.js +9 -5
package/lib/commonjs/keys/classes.js.map +1 -1
package/lib/commonjs/subtle.js +82 -31
package/lib/commonjs/subtle.js.map +1 -1
package/lib/commonjs/utils/types.js.map +1 -1
package/lib/module/diffie-hellman.js +4 -0
package/lib/module/diffie-hellman.js.map +1 -1
package/lib/module/ec.js +19 -25
package/lib/module/ec.js.map +1 -1
package/lib/module/ed.js +1 -2
package/lib/module/ed.js.map +1 -1
package/lib/module/hash.js +6 -0
package/lib/module/hash.js.map +1 -1
package/lib/module/index.js +3 -0
package/lib/module/index.js.map +1 -1
package/lib/module/keys/classes.js +9 -5
package/lib/module/keys/classes.js.map +1 -1
package/lib/module/subtle.js +83 -32
package/lib/module/subtle.js.map +1 -1
package/lib/module/utils/types.js.map +1 -1
package/lib/tsconfig.tsbuildinfo +1 -1
package/lib/typescript/diffie-hellman.d.ts +2 -0
package/lib/typescript/diffie-hellman.d.ts.map +1 -1
package/lib/typescript/ec.d.ts +1 -0
package/lib/typescript/ec.d.ts.map +1 -1
package/lib/typescript/ed.d.ts.map +1 -1
package/lib/typescript/hash.d.ts +2 -0
package/lib/typescript/hash.d.ts.map +1 -1
package/lib/typescript/index.d.ts +5 -0
package/lib/typescript/index.d.ts.map +1 -1
package/lib/typescript/keys/classes.d.ts +2 -0
package/lib/typescript/keys/classes.d.ts.map +1 -1
package/lib/typescript/specs/diffie-hellman.nitro.d.ts +1 -0
package/lib/typescript/specs/diffie-hellman.nitro.d.ts.map +1 -1
package/lib/typescript/specs/ecKeyPair.nitro.d.ts +1 -0
package/lib/typescript/specs/ecKeyPair.nitro.d.ts.map +1 -1
package/lib/typescript/specs/keyObjectHandle.nitro.d.ts +2 -0
package/lib/typescript/specs/keyObjectHandle.nitro.d.ts.map +1 -1
package/lib/typescript/subtle.d.ts.map +1 -1
package/lib/typescript/utils/types.d.ts +12 -5
package/lib/typescript/utils/types.d.ts.map +1 -1
package/nitrogen/generated/android/QuickCrypto+autolinking.cmake +8 -5
package/nitrogen/generated/android/QuickCrypto+autolinking.gradle +1 -1
package/nitrogen/generated/android/QuickCryptoOnLoad.cpp +54 -54
package/nitrogen/generated/android/QuickCryptoOnLoad.hpp +1 -1
package/nitrogen/generated/android/kotlin/com/margelo/nitro/crypto/QuickCryptoOnLoad.kt +1 -1
package/nitrogen/generated/ios/QuickCrypto+autolinking.rb +2 -2
package/nitrogen/generated/ios/QuickCrypto-Swift-Cxx-Bridge.cpp +1 -1
package/nitrogen/generated/ios/QuickCrypto-Swift-Cxx-Bridge.hpp +1 -1
package/nitrogen/generated/ios/QuickCrypto-Swift-Cxx-Umbrella.hpp +1 -1
package/nitrogen/generated/ios/QuickCryptoAutolinking.mm +54 -54
package/nitrogen/generated/ios/QuickCryptoAutolinking.swift +5 -1
package/nitrogen/generated/shared/c++/AsymmetricKeyType.hpp +1 -1
package/nitrogen/generated/shared/c++/CipherArgs.hpp +34 -19
package/nitrogen/generated/shared/c++/HybridBlake3Spec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridBlake3Spec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridCipherFactorySpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridCipherFactorySpec.hpp +1 -1
package/nitrogen/generated/shared/c++/HybridCipherSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridCipherSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridDiffieHellmanSpec.cpp +2 -1
package/nitrogen/generated/shared/c++/HybridDiffieHellmanSpec.hpp +3 -3
package/nitrogen/generated/shared/c++/HybridECDHSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridECDHSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridEcKeyPairSpec.cpp +2 -1
package/nitrogen/generated/shared/c++/HybridEcKeyPairSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridEdKeyPairSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridEdKeyPairSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridHashSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridHashSpec.hpp +2 -4
package/nitrogen/generated/shared/c++/HybridHkdfSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridHkdfSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridHmacSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridHmacSpec.hpp +3 -4
package/nitrogen/generated/shared/c++/HybridKeyObjectHandleSpec.cpp +3 -1
package/nitrogen/generated/shared/c++/HybridKeyObjectHandleSpec.hpp +8 -4
package/nitrogen/generated/shared/c++/HybridMlDsaKeyPairSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridMlDsaKeyPairSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridPbkdf2Spec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridPbkdf2Spec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridRandomSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridRandomSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridRsaCipherSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridRsaCipherSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridRsaKeyPairSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridRsaKeyPairSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridScryptSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridScryptSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridSignHandleSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridSignHandleSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/HybridUtilsSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridUtilsSpec.hpp +2 -3
package/nitrogen/generated/shared/c++/HybridVerifyHandleSpec.cpp +1 -1
package/nitrogen/generated/shared/c++/HybridVerifyHandleSpec.hpp +1 -3
package/nitrogen/generated/shared/c++/JWK.hpp +84 -68
package/nitrogen/generated/shared/c++/JWKkty.hpp +5 -1
package/nitrogen/generated/shared/c++/JWKuse.hpp +1 -1
package/nitrogen/generated/shared/c++/KFormatType.hpp +1 -1
package/nitrogen/generated/shared/c++/KeyDetail.hpp +39 -23
package/nitrogen/generated/shared/c++/KeyEncoding.hpp +1 -1
package/nitrogen/generated/shared/c++/KeyObject.hpp +21 -5
package/nitrogen/generated/shared/c++/KeyType.hpp +1 -1
package/nitrogen/generated/shared/c++/KeyUsage.hpp +1 -1
package/nitrogen/generated/shared/c++/NamedCurve.hpp +1 -1
package/package.json +1 -1
package/src/diffie-hellman.ts +6 -0
package/src/ec.ts +23 -19
package/src/ed.ts +1 -2
package/src/hash.ts +11 -0
package/src/index.ts +3 -0
package/src/keys/classes.ts +10 -3
package/src/specs/diffie-hellman.nitro.ts +1 -0
package/src/specs/ecKeyPair.nitro.ts +2 -0
package/src/specs/keyObjectHandle.nitro.ts +2 -0
package/src/subtle.ts +131 -32
package/src/utils/types.ts +18 -3
package/deps/ncrypto/WORKSPACE +0 -15

package/cpp/keys/HybridKeyObjectHandle.cpp CHANGED Viewed

@@ -5,6 +5,7 @@
 #include "HybridKeyObjectHandle.hpp"
 #include "QuickCryptoUtils.hpp"
 #include <openssl/bn.h>
+#include <openssl/crypto.h>
 #include <openssl/ec.h>
 #include <openssl/evp.h>
 #include <openssl/obj_mac.h>
@@ -292,6 +293,44 @@ JWK HybridKeyObjectHandle::exportJwk(const JWK& key, bool handleRsaPss) {
     return result;
   }
+  // Export OKP keys (Ed25519, Ed448, X25519, X448) per RFC 8037
+  if (keyId == EVP_PKEY_ED25519 || keyId == EVP_PKEY_ED448 || keyId == EVP_PKEY_X25519 || keyId == EVP_PKEY_X448) {
+    result.kty = JWKkty::OKP;
+    switch (keyId) {
+      case EVP_PKEY_ED25519:
+        result.crv = "Ed25519";
+        break;
+      case EVP_PKEY_ED448:
+        result.crv = "Ed448";
+        break;
+      case EVP_PKEY_X25519:
+        result.crv = "X25519";
+        break;
+      case EVP_PKEY_X448:
+        result.crv = "X448";
+        break;
+      default:
+        break;
+    }
+    auto pubKey = pkey.rawPublicKey();
+    if (!pubKey) {
+      throw std::runtime_error("Failed to get raw public key for OKP JWK export");
+    }
+    result.x = base64url_encode(reinterpret_cast<const unsigned char*>(pubKey.get()), pubKey.size());
+    if (keyType == KeyType::PRIVATE) {
+      auto privKey = pkey.rawPrivateKey();
+      if (!privKey) {
+        throw std::runtime_error("Failed to get raw private key for OKP JWK export");
+      }
+      result.d = base64url_encode(reinterpret_cast<const unsigned char*>(privKey.get()), privKey.size());
+    }
+    return result;
+  }
   throw std::runtime_error("Unsupported key type for JWK export");
 }
@@ -335,7 +374,7 @@ AsymmetricKeyType HybridKeyObjectHandle::getAsymmetricKeyType() {
   }
 }
-bool HybridKeyObjectHandle::init(KeyType keyType, const std::variant<std::string, std::shared_ptr<ArrayBuffer>>& key,
+bool HybridKeyObjectHandle::init(KeyType keyType, const std::variant<std::shared_ptr<ArrayBuffer>, std::string>& key,
                                  std::optional<KFormatType> format, std::optional<KeyEncoding> type,
                                  const std::optional<std::shared_ptr<ArrayBuffer>>& passphrase) {
   // Reset any existing data to prevent state leakage
@@ -597,6 +636,50 @@ std::optional<KeyType> HybridKeyObjectHandle::initJwk(const JWK& keyData, std::o
     return type;
   }
+  // Handle OKP keys (Ed25519, Ed448, X25519, X448) per RFC 8037
+  if (kty == JWKkty::OKP) {
+    bool isPrivate = keyData.d.has_value();
+    if (!keyData.crv.has_value() || !keyData.x.has_value()) {
+      throw std::runtime_error("JWK OKP key missing required fields (crv, x)");
+    }
+    std::string crv = keyData.crv.value();
+    int evpType;
+    if (crv == "Ed25519") {
+      evpType = EVP_PKEY_ED25519;
+    } else if (crv == "Ed448") {
+      evpType = EVP_PKEY_ED448;
+    } else if (crv == "X25519") {
+      evpType = EVP_PKEY_X25519;
+    } else if (crv == "X448") {
+      evpType = EVP_PKEY_X448;
+    } else {
+      throw std::runtime_error("Unsupported OKP curve: " + crv);
+    }
+    if (isPrivate) {
+      std::string privBytes = base64url_decode(keyData.d.value());
+      EVP_PKEY* pkey =
+          EVP_PKEY_new_raw_private_key(evpType, nullptr, reinterpret_cast<const unsigned char*>(privBytes.data()), privBytes.size());
+      if (!pkey) {
+        throw std::runtime_error("Failed to create OKP private key from JWK");
+      }
+      data_ = KeyObjectData::CreateAsymmetric(KeyType::PRIVATE, ncrypto::EVPKeyPointer(pkey));
+      return KeyType::PRIVATE;
+    } else {
+      std::string pubBytes = base64url_decode(keyData.x.value());
+      EVP_PKEY* pkey =
+          EVP_PKEY_new_raw_public_key(evpType, nullptr, reinterpret_cast<const unsigned char*>(pubBytes.data()), pubBytes.size());
+      if (!pkey) {
+        throw std::runtime_error("Failed to create OKP public key from JWK");
+      }
+      data_ = KeyObjectData::CreateAsymmetric(KeyType::PUBLIC, ncrypto::EVPKeyPointer(pkey));
+      return KeyType::PUBLIC;
+    }
+  }
   throw std::runtime_error("Unsupported JWK key type");
 }
@@ -754,4 +837,32 @@ bool HybridKeyObjectHandle::initECRaw(const std::string& namedCurve, const std::
   return true;
 }
+bool HybridKeyObjectHandle::keyEquals(const std::shared_ptr<HybridKeyObjectHandleSpec>& other) {
+  auto otherHandle = std::dynamic_pointer_cast<HybridKeyObjectHandle>(other);
+  if (!otherHandle)
+    return false;
+  const auto& otherData = otherHandle->getKeyObjectData();
+  if (data_.GetKeyType() != otherData.GetKeyType())
+    return false;
+  if (data_.GetKeyType() == KeyType::SECRET) {
+    auto thisKey = data_.GetSymmetricKey();
+    auto otherKey = otherData.GetSymmetricKey();
+    if (thisKey->size() != otherKey->size())
+      return false;
+    return CRYPTO_memcmp(thisKey->data(), otherKey->data(), thisKey->size()) == 0;
+  }
+  const auto& thisPkey = data_.GetAsymmetricKey();
+  const auto& otherPkey = otherData.GetAsymmetricKey();
+  if (!thisPkey || !otherPkey)
+    return false;
+  return EVP_PKEY_eq(thisPkey.get(), otherPkey.get()) == 1;
+}
+double HybridKeyObjectHandle::getSymmetricKeySize() {
+  return static_cast<double>(data_.GetSymmetricKeySize());
+}
 } // namespace margelo::nitro::crypto

package/cpp/keys/HybridKeyObjectHandle.hpp CHANGED Viewed

@@ -26,7 +26,7 @@ class HybridKeyObjectHandle : public HybridKeyObjectHandleSpec {
   AsymmetricKeyType getAsymmetricKeyType() override;
-  bool init(KeyType keyType, const std::variant<std::string, std::shared_ptr<ArrayBuffer>>& key, std::optional<KFormatType> format,
+  bool init(KeyType keyType, const std::variant<std::shared_ptr<ArrayBuffer>, std::string>& key, std::optional<KFormatType> format,
             std::optional<KeyEncoding> type, const std::optional<std::shared_ptr<ArrayBuffer>>& passphrase) override;
   bool initECRaw(const std::string& namedCurve, const std::shared_ptr<ArrayBuffer>& keyData) override;
@@ -35,6 +35,10 @@ class HybridKeyObjectHandle : public HybridKeyObjectHandleSpec {
   KeyDetail keyDetail() override;
+  bool keyEquals(const std::shared_ptr<HybridKeyObjectHandleSpec>& other) override;
+  double getSymmetricKeySize() override;
   KeyObjectData& getKeyObjectData() {
     return data_;
   }

package/deps/ncrypto/.bazelrc CHANGED Viewed

	@@ -1,2 +1 @@
1	- common --enable_workspace
2 1	build --cxxopt="-std=c++20"

package/deps/ncrypto/.bazelversion CHANGED Viewed

	@@ -1 +1 @@
1	- 8.0.0
1	+ 9.0.0

package/deps/ncrypto/.github/workflows/commitlint.yml ADDED Viewed

@@ -0,0 +1,16 @@
+name: Conventional Commit Linter
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  commitlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        with:
+          fetch-depth: 100
+      - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1

package/deps/ncrypto/.github/workflows/linter.yml CHANGED Viewed

@@ -27,9 +27,9 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Run clang-format
-        uses: jidicula/clang-format-action@c74383674bf5f7c69f60ce562019c1c94bc1421a # v4.13.0
+        uses: jidicula/clang-format-action@6cd220de46c89139a0365edae93eee8eb30ca8fe # v4.16.0
         with:
-          clang-format-version: '17'
+          clang-format-version: '21'
           fallback-style: 'Google'
       - uses: chartboost/ruff-action@e18ae971ccee1b2d7bbef113930f00c670b78da4 # v1.0.0

package/deps/ncrypto/.github/workflows/release-please.yml ADDED Viewed

@@ -0,0 +1,16 @@
+name: Release Please
+on:
+  push:
+    branches:
+      - main
+permissions:
+  contents: write
+  pull-requests: write
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38  # v4.4.0

package/deps/ncrypto/.github/workflows/ubuntu.yml CHANGED Viewed

@@ -44,3 +44,85 @@ jobs:
         run: cmake --build build -j=4
       - name: Test
         run: ctest --output-on-failure --test-dir build
+  # Test with OpenSSL 3.2+ to cover Argon2 code path
+  openssl:
+    runs-on: ubuntu-latest
+    env:
+      OPENSSL_VERSION: "3.4.1"
+      OPENSSL_DIR: "${{ github.workspace }}/openssl-install"
+    steps:
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - name: Cache OpenSSL
+        id: cache-openssl
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.OPENSSL_DIR }}
+          key: openssl-${{ env.OPENSSL_VERSION }}-${{ runner.os }}
+      - name: Build OpenSSL
+        if: steps.cache-openssl.outputs.cache-hit != 'true'
+        run: |
+          curl -LO https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz
+          tar xzf openssl-${OPENSSL_VERSION}.tar.gz
+          cd openssl-${OPENSSL_VERSION}
+          ./Configure --prefix=${OPENSSL_DIR} --openssldir=${OPENSSL_DIR}/ssl
+          make -j$(nproc)
+          make install_sw
+      - name: ccache
+        uses: hendrikmuhs/ccache-action@v1.2
+        with:
+          key: ${{github.job}}-openssl
+      - name: Setup dependencies
+        run: sudo apt-get update && sudo apt-get install -y ninja-build libgtest-dev
+      - name: Prepare
+        run: |
+          cmake -DNCRYPTO_SHARED_LIBS=ON -G Ninja -B build \
+            -DOPENSSL_ROOT_DIR=${OPENSSL_DIR} \
+            -DCMAKE_PREFIX_PATH=${OPENSSL_DIR}
+      - name: Build
+        run: cmake --build build -j=4
+      - name: Test
+        run: ctest --output-on-failure --test-dir build
+        env:
+          LD_LIBRARY_PATH: ${{ env.OPENSSL_DIR }}/lib64:${{ env.OPENSSL_DIR }}/lib
+  # Test with OPENSSL_NO_ARGON2 defined (Argon2 tests excluded)
+  openssl-no-argon2:
+    runs-on: ubuntu-latest
+    env:
+      OPENSSL_VERSION: "3.4.1"
+      OPENSSL_DIR: "${{ github.workspace }}/openssl-install"
+    steps:
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - name: Cache OpenSSL
+        id: cache-openssl
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.OPENSSL_DIR }}
+          key: openssl-${{ env.OPENSSL_VERSION }}-${{ runner.os }}
+      - name: Build OpenSSL
+        if: steps.cache-openssl.outputs.cache-hit != 'true'
+        run: |
+          curl -LO https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz
+          tar xzf openssl-${OPENSSL_VERSION}.tar.gz
+          cd openssl-${OPENSSL_VERSION}
+          ./Configure --prefix=${OPENSSL_DIR} --openssldir=${OPENSSL_DIR}/ssl
+          make -j$(nproc)
+          make install_sw
+      - name: ccache
+        uses: hendrikmuhs/ccache-action@v1.2
+        with:
+          key: ${{github.job}}-openssl-no-argon2
+      - name: Setup dependencies
+        run: sudo apt-get update && sudo apt-get install -y ninja-build libgtest-dev
+      - name: Prepare
+        run: |
+          cmake -DNCRYPTO_SHARED_LIBS=ON -DCMAKE_CXX_FLAGS="-DOPENSSL_NO_ARGON2" -G Ninja -B build \
+            -DOPENSSL_ROOT_DIR=${OPENSSL_DIR} \
+            -DCMAKE_PREFIX_PATH=${OPENSSL_DIR}
+      - name: Build
+        run: cmake --build build -j=4
+      - name: Test
+        run: ctest --output-on-failure --test-dir build
+        env:
+          LD_LIBRARY_PATH: ${{ env.OPENSSL_DIR }}/lib64:${{ env.OPENSSL_DIR }}/lib

package/deps/ncrypto/.release-please-manifest.json ADDED Viewed

@@ -0,0 +1,3 @@
+{
+  ".": "1.1.3"
+}

package/deps/ncrypto/BUILD.bazel CHANGED Viewed

@@ -1,4 +1,5 @@
 load("@bazel_skylib//rules:common_settings.bzl", "bool_flag")
+load("@rules_cc//cc:cc_library.bzl", "cc_library")
 bool_flag(
     name = "bssl_libdecrepit_missing",
@@ -15,7 +16,14 @@ config_setting(
 cc_library(
     name = "ncrypto",
     srcs = glob(["src/*.cpp"]),
-    hdrs = glob(["include/*.h"]),
+    hdrs = glob(["include/*.h", "include/ncrypto/*.h"]),
+    copts = [
+        "-Werror",
+        "-Wextra",
+        "-Wno-unused-parameter",
+        "-Wimplicit-fallthrough",
+        "-Wno-deprecated-declarations",  # OpenSSL 3.0 deprecates many APIs we intentionally use
+    ],
     includes = ["include"],
     local_defines = {
         "NCRYPTO_BSSL_LIBDECREPIT_MISSING": select(

package/deps/ncrypto/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,37 @@
+# Changelog
+## [1.1.3](https://github.com/nodejs/ncrypto/compare/v1.1.2...v1.1.3) (2026-02-04)
+### Bug Fixes
+* unconditionally include vector ([ba39e40](https://github.com/nodejs/ncrypto/commit/ba39e40ed1c1231902a676f53906cdd2f6119648))
+* use more strict compiler flags ([fc401e3](https://github.com/nodejs/ncrypto/commit/fc401e387491005bfbe6c48b7296862d07ea85d7))
+## [1.1.2](https://github.com/nodejs/ncrypto/compare/v1.1.1...v1.1.2) (2026-02-02)
+### Bug Fixes
+* handle edge cases and CI builds ([57cae0f](https://github.com/nodejs/ncrypto/commit/57cae0f055ba7c2d060f0ed4e49431e9e56a0a2d))
+## [1.1.1](https://github.com/nodejs/ncrypto/compare/v1.1.0...v1.1.1) (2026-02-02)
+### Bug Fixes
+* re-add more functions that are moved ([2ceab38](https://github.com/nodejs/ncrypto/commit/2ceab38e9caafd49b2f0a722ad76ae68f68fe7b5))
+* re-add removed BignumPointer::bitLength() ([0ba85e3](https://github.com/nodejs/ncrypto/commit/0ba85e3c3a3cdd8abcab066b046bbb11c9136bc8))
+## [1.1.0](https://github.com/nodejs/ncrypto/compare/1.0.1...v1.1.0) (2026-01-31)
+### Features
+* sync source code with nodejs/node ([#17](https://github.com/nodejs/ncrypto/issues/17)) ([47c21db](https://github.com/nodejs/ncrypto/commit/47c21db34df5f00eab945e2cd4e3ca6d9d57c793))
+### Bug Fixes
+* add missing header files during install ([#27](https://github.com/nodejs/ncrypto/issues/27)) ([d714e74](https://github.com/nodejs/ncrypto/commit/d714e745cd54b5f06686e2def826da101ebb2205))
+* use BN_GENCB_get_arg accessor for OpenSSL 3.x compatibility ([#16](https://github.com/nodejs/ncrypto/issues/16)) ([afc7e12](https://github.com/nodejs/ncrypto/commit/afc7e12c3f862165d7cfdc10bd971d7115d4fdb5))

package/deps/ncrypto/CMakeLists.txt CHANGED Viewed

@@ -1,9 +1,8 @@
 cmake_minimum_required(VERSION 3.28)
-project(ncrypto)
+project(ncrypto VERSION 1.1.3) # x-release-please-version
 include(CTest)
 include(GNUInstallDirs)
-include(FetchContent)
 include(cmake/ncrypto-flags.cmake)
 if (NOT CMAKE_BUILD_TYPE)
@@ -11,29 +10,37 @@ if (NOT CMAKE_BUILD_TYPE)
   set(CMAKE_BUILD_TYPE Release CACHE STRING "Choose the type of build." FORCE)
 endif()
-include(cmake/CPM.cmake)
+if (NCRYPTO_SHARED_LIBS)
+  find_package(OpenSSL REQUIRED)
+else()
+  include(FetchContent)
+  include(cmake/CPM.cmake)
-CPMAddPackage(
+  CPMAddPackage(
     NAME boringssl
     VERSION 0.20250818.0
     GITHUB_REPOSITORY google/boringssl
     GIT_TAG 0.20250818.0
     OPTIONS "BUILD_SHARED_LIBS OFF" "BUILD_TESTING OFF"
-)
+  )
+endif()
 add_subdirectory(src)
 add_library(ncrypto::ncrypto ALIAS ncrypto)
-include_directories(${boringssl_SOURCE_DIR}/include)
 if (NCRYPTO_TESTING)
-  CPMAddPackage(
+  if (NCRYPTO_SHARED_LIBS)
+    find_package(GTest REQUIRED)
+  else()
+    CPMAddPackage(
       NAME GTest
       GITHUB_REPOSITORY google/googletest
       VERSION 1.15.2
       OPTIONS  "BUILD_GMOCK OFF" "INSTALL_GTEST OFF"
-  )
-  # For Windows: Prevent overriding the parent project's compiler/linker settings
-  set(gtest_force_shared_crt ON CACHE BOOL "" FORCE)
+    )
+    # For Windows: Prevent overriding the parent project's compiler/linker settings
+    set(gtest_force_shared_crt ON CACHE BOOL "" FORCE)
+  endif()
   enable_testing()
   add_subdirectory(tests)
 endif()
@@ -43,6 +50,11 @@ install(
   DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}"
   COMPONENT ncrypto_development
 )
+install(
+  DIRECTORY include/ncrypto
+  DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}"
+  COMPONENT ncrypto_development
+)
 install(
   TARGETS ncrypto
@@ -53,3 +65,15 @@ install(
   ARCHIVE COMPONENT ncrypto_development
   INCLUDES DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}"
 )
+# Generate pkg-config file
+configure_file(
+  ${CMAKE_CURRENT_SOURCE_DIR}/ncrypto.pc.in
+  ${CMAKE_CURRENT_BINARY_DIR}/ncrypto.pc
+  @ONLY
+)
+install(
+  FILES ${CMAKE_CURRENT_BINARY_DIR}/ncrypto.pc
+  DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig
+)

package/deps/ncrypto/MODULE.bazel CHANGED Viewed

@@ -1 +1,16 @@
-bazel_dep(name = "googletest", version = "1.15.2")
+bazel_dep(name = "googletest", version = "1.17.0.bcr.2")
+bazel_dep(name = "bazel_skylib", version = "1.9.0")
+bazel_dep(name = "boringssl", version = "0.20251002.0", repo_name = "ssl")
+bazel_dep(name = "rules_cc", version = "0.2.16")
+archive_override(
+    module_name = "boringssl",
+    patch_strip = 1,
+    patches = [
+        "//:patches/0001-Expose-libdecrepit-so-NodeJS-can-use-it-for-ncrypto.patch",
+    ],
+    sha256 = "f96733fc3df03d4195db656d1b7b8c174c33f95d052f811f0ecc8f4e4e3db332",
+    strip_prefix = "boringssl-0.20251002.0",
+    type = "tgz",
+    urls = ["https://github.com/google/boringssl/archive/refs/tags/0.20251002.0.tar.gz"],
+)