This adds the required files for supporting openssl
on arm64.
This uses the same configuration that can be found in
https://github.com/openssl/openssl/pull/12369 to generate the required
files.
PR-URL: https://github.com/nodejs/node/pull/34238
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ash Cripps <ashley.cripps@ibm.com>
This adds a new make target to generate platform dependent
files for openssl on non-linux machines. The scripts we currently
have in place require linux. This adds a Dockerfile that installs
the necessary dependencies to be able to generate these files.
Previously, it was necessary to run `make -C deps/openssl/config`
on a linux machine. Now, as long as docker is installed and in
your `PATH`, it is possible to run `make gen-openssl`.
PR-URL: https://github.com/nodejs/node/pull/34642
Reviewed-By: James M Snell <jasnell@gmail.com>
Original Commit Message:
Fix out-of-bounds read when TLS msg is split up into multiple chunks
Previously, SSL_provide_quic_data tried to handle this kind of
situation, but it failed when the length of input data is less than
SSL3_HM_HEADER_LENGTH. If that happens, the code might get wrong
message length by reading value from out-of-bounds region.
PR-URL: https://github.com/nodejs/node/pull/34033
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Original Commit Message:
Test KeyUpdate rejection
For now, just test that we don't generate any, since we don't really
expose the mechanics for encrypting one and the QUIC API is not
integrated into the TLSProxy setup.
PR-URL: https://github.com/nodejs/node/pull/34033
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Original Commit Message:
Prevent KeyUpdate for QUIC
QUIC does not use the TLS KeyUpdate message/mechanism, and indeed
it is an error to generate or receive such a message. Add the
necessary checks (noting that the check for receipt should be
redundant since SSL_provide_quic_data() is the only way to provide
input to the TLS layer for a QUIC connection).
PR-URL: https://github.com/nodejs/node/pull/34033
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Original Commit Message:
Some cleanup for the main QUIC changes
Try to reduce unneeded whitespace changes and wrap new code to 80 columns.
Reword documentation to attempt to improve clarity.
Add some more sanity checks and clarifying comments to the code.
Update referenced I-D versions.
PR-URL: https://github.com/nodejs/node/pull/34033
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
$ make -C deps/openssl/config
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl/include/crypto/bn_conf.h
$ git add deps/openssl/openssl/include/crypto/dso_conf.h
$ git add deps/openssl/openssl/include/openssl/opensslconf.h
$ git commit
PR-URL: https://github.com/nodejs/node/pull/32379
Reviewed-By: Anna Henningsen <anna@addaleax.net>
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
$ cd deps/openssl/config
$ make
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl/include/crypto/bn_conf.h
$ git add deps/openssl/openssl/include/crypto/dso_conf.h
$ git add deps/openssl/openssl/include/openssl/opensslconf.h
$ git commit
PR-URL: https://github.com/nodejs/node/pull/32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
This updates all sources in deps/openssl/openssl by:
$ cd deps/openssl/
$ rm -rf openssl
$ tar zxf ~/tmp/openssl-1.1.1g.tar.gz
$ mv openssl-1.1.1g openssl
$ git add --all openssl
$ git commit openssl
PR-URL: https://github.com/nodejs/node/pull/32971
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
After an OpenSSL source update, all the config files need to be
regenerated and comitted by:
$ cd deps/openssl/config
$ make
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl/include/crypto/bn_conf.h
$ git add deps/openssl/openssl/include/crypto/dso_conf.h
$ git add deps/openssl/openssl/include/openssl/opensslconf.h
$ git commit
PR-URL: https://github.com/nodejs/node/pull/32583
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
After an OpenSSL source update, all the config files need to be
regenerated and comitted by:
$ cd deps/openssl/config
$ make
$ git add deps/openssl/config/archs
$ git add deps/openssl/include
PR-URL: https://github.com/nodejs/node/pull/32328
Fixes: https://github.com/nodejs/node/issues/32210
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
The scripts used by make were modified to correctly reference the source
files that were originially in crypto/include/internal, but got moved to
include/crypto. The base path has been left unaltered since that would
require too many changes
PR-URL: https://github.com/nodejs/node/pull/32328
Fixes: https://github.com/nodejs/node/issues/32210
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This updates all sources in deps/openssl/openssl by:
$ cd deps/openssl/
$ rm -rf openssl
$ tar zxf ~/tmp/openssl-1.1.1e.tar.gz
$ mv openssl-1.1.1e openssl
$ git add --all openssl
$ git commit openssl
PR-URL: https://github.com/nodejs/node/pull/32328
Fixes: https://github.com/nodejs/node/issues/32210
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
The maintainenance guides are mostly in doc/guides-maintaining-*.md, so
move the OpenSSL one there, too.
PR-URL: https://github.com/nodejs/node/pull/32209
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
change scripts and sources for android build, don't need standalone
toolchain after ndk 19, and use clang as default android target
compiler.
PR-URL: https://github.com/nodejs/node/pull/31521
Reviewed-By: Christian Clauss <cclauss@me.com>
OpenSSL 1.1.1d does not ship with getrandom syscall being
predefined on all architectures. So when NodeJS is run with glibc
prior to 2.25, where getentropy is unavailable, and the getrandom
syscall is unknown, it will fail. PPC64LE or s390 are affected
by lack of this definition.
Original commit message.
commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02
Author: Kurt Roeckx <kurt@roeckx.be>
Date: Sat Sep 28 14:59:32 2019 +0200
Add defines for __NR_getrandom for all Linux architectures
Fixes: https://github.com/openssl/openssl/issues/10015
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
GH: https://github.com/openssl/openssl/pull/10044
Fixes: https://github.com/nodejs/node/issues/31671
PR-URL: https://github.com/nodejs/node/pull/32002
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Silence the following compiler warning on Windows:
`'function': different 'const' qualifiers`
PR-URL: https://github.com/nodejs/node/pull/31311
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Backslashes and spaces are need to be escaped to define OPENSSLDIR to
"C:\Program Files\Common Files\SSL".
PR-URL: https://github.com/nodejs/node/pull/29456
Refs: https://github.com/nodejs/node/pull/29455
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Make `distutils.version.StrictVersion` available as a helper to
gyp expressions so they can do proper version checks and update
the gyp files accordingly.
Caveat emptor: `StrictVersion` does *not* like empty strings so
this commit adds truthiness guards. The helper could deal with
those but I felt it better to make it explicit.
Fixes: https://github.com/nodejs/node/issues/29927
PR-URL: https://github.com/nodejs/node/pull/29931
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
If GYP finds a string variable that can be converted to an integer,
it will do it when the variable is expanded. Use "0.0" instead of "0"
to force strings and be able to use comparison operations such as
`gas_version >= "2.26"` in Python 3.
PR-URL: https://github.com/nodejs/node/pull/29897
Reviewed-By: Christian Clauss <cclauss@me.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
After an OpenSSL source update, all the config files need to be
regenerated and comitted by:
$ cd deps/openssl/config
$ make
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl/crypto/include/internal/bn_conf.h
$ git add deps/openssl/openssl/crypto/include/internal/dso_conf.h
$ git add deps/openssl/openssl/include/openssl/opensslconf.h
$ git commit
PR-URL: https://github.com/nodejs/node/pull/29550
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Upstream V8 removed support for s390 earlier this year and it's known
to no longer build. Remove the support from our build scripts.
Fixes: https://github.com/nodejs/node/issues/28866
PR-URL: https://github.com/nodejs/node/pull/28883
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Add BSD-x86 to the list of arches and regenerate everything.
Everything in deps/openssl/config/archs/BSD-x86 is auto-generated,
everything else is manual edits to include the right files in the
right places.
I cheated a little: I didn't check in changes to files for other arches
because they contained mostly churn (updated buildstamps and such.)
Fixes: https://github.com/nodejs/node/issues/20326
PR-URL: https://github.com/nodejs/node/pull/28806
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
The upstream commit fixes an incorrect initialization of memory in
rand_lib.c. This fixes all errors that are reported by valgrind during
startup.
Origin: https://github.com/openssl/openssl/commit/15d7e7997e219fc
PR-URL: https://github.com/nodejs/node/pull/28796
Fixes: https://github.com/nodejs/node/issues/28739
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
V8 now resume supporting for mipsel/mips64el.
This commit add linux64-mips64 platform dependent
files in 'deps/openssl/config/archs/linux64-mips64',
and update the corresponding gypi files and header
files.
Refs: https://groups.google.com/forum/#!topic/v8-dev/oXkv5OVCXyc
PR-URL: https://github.com/nodejs/node/pull/27992
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
After an OpenSSL source update, all the config files need to be
regenerated and comitted by:
$ cd deps/openssl/config
$ make
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl/crypto/include/internal/bn_conf.h
$ git add deps/openssl/openssl/crypto/include/internal/dso_conf.h
$ git add deps/openssl/openssl/include/openssl/opensslconf.h
$ git commit
PR-URL: https://github.com/nodejs/node/pull/28211
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
This change contains the results of running `make` in
`deps/openssl/config` (based on information in
deps/openssl/config/README.md) and not reverting anything.
This is not necessary, but it does indicate to the curious developer
that all architectures were automatically generated at the same time.
PR-URL: https://github.com/nodejs/node/pull/27544
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This change contains the results of running `make` in
`deps/openssl/config` (based on information in
deps/openssl/config/README.md) then reverting changes not in the
VC-WIN64-ARM directory.
This leverages a preceding change that fixes a cross-configuration file
reuse bug that only impacts VC-WIN64-ARM.
PR-URL: https://github.com/nodejs/node/pull/27544
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This change adds a clean target to the VC-WIN* Makefiles, then adjusts
the config generation script to call it before config file generation
as well as after. This prevents files from previous configurations from
causing make to incorrectly assume the files are up to date.
PR-URL: https://github.com/nodejs/node/pull/27543
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Ran:
$ cd deps/openssl/config; make
to update deps/openssl/config/archs/ with current configuration.
PR-URL: https://github.com/nodejs/node/pull/27376
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
OpenSSL doesn't compile `SSL_trace()` by default for historical reasons.
Add the enable-ssl-trace option to the OpenSSL Configure arguments.
PR-URL: https://github.com/nodejs/node/pull/27376
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
This change adds the generated files required for building OpenSSL for
Node.js for ARM64 Windows. I did this on a VM running Ubuntu 18.04. The
basic workflow is to cd to deps/openssl/config and run `make`,
installing any needed packages until all architectures build correctly.
Note that OpenSSL 1.1.1 does not support ASM on ARM64 Windows, so this
change also supports only no-asm on ARM64 Windows.
PR-URL: https://github.com/nodejs/node/pull/26001
Fixes: https://github.com/nodejs/node/issues/25998
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
This adds ARM64 Windows support in the OpenSSL build system.
Since OpenSSL's ARM64 Windows support does not have support for ASM--
that is, VC-WIN64-ARM inherits from VC-noCE-common which has no ASM
files--`openssl_no_asm.gypi` is always used for building. This
essentially forces the 'no-asm' Configure flag.
PR-URL: https://github.com/nodejs/node/pull/26001
Fixes: https://github.com/nodejs/node/issues/25998
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Particularly, ensure that the commit messages are self-explanatory so
that reviewers can understand that the large commits are the result of a
simple repeatable process. This should make them easier to review.
See: https://github.com/nodejs/node/pull/26327#issuecomment-468745161
PR-URL: https://github.com/nodejs/node/pull/26378
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Since its not packaged, we don't have to delete it, and the Makefile
and update can become a (tiny) bit simpler.
PR-URL: https://github.com/nodejs/node/pull/26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.
PR-URL: https://github.com/nodejs/node/pull/26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Original:
Fixes: https://github.com/nodejs/node/issues/4270
PR-URL: https://github.com/nodejs/node/pull/19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
This updates all sources in deps/openssl/openssl with openssl-1.1.1b.
PR-URL: https://github.com/nodejs/node/pull/26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This reverts commit f395a4a401.
As of openssl-1.1.1b, the dot-files are no longer distributed, so this
is no longer necessary.
PR-URL: https://github.com/nodejs/node/pull/26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
OpenSSL is packaging its git and travis configuration files. Remove
them, Node.js has its own.
PR-URL: https://github.com/nodejs/node/pull/25689
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
