◐ Shell
clean mode source ↗

Update to openssl1.1.1a by sam-github · Pull Request #25381 · nodejs/node

nodejs-github-bot

@nodejs-github-bot added build

Issues and PRs related to build files or the CI.

doc

Issues and PRs related to the documentations.

openssl

Issues and PRs related to the OpenSSL dependency.

labels

Jan 7, 2019

This was referenced

Jan 16, 2019

danbev added a commit to danbev/node that referenced this pull request

Jan 16, 2019 
This commit updates option ciphers from 'RC4' to 'missing' in
test/parallel/test-tls-handshake-error.js.

The motivation for this change is that this test is verifying that a
'no ciphers match' error be thrown, but 'RC4' might be among the ciphers
supported by the OpenSSL version when dynamically linking. I ran into
this specific issue when dynamically linking against OpenSSL 1.1.1 on
RHEL8 using nodejs#25381.

@sam-github sam-github added the semver-minor

PRs that contain new features and should be released in the next minor version.

label

Jan 17, 2019

danbev added a commit that referenced this pull request

Jan 21, 2019 
This commit updates option ciphers from 'RC4' to 'no-such-cipher' in
test/parallel/test-tls-handshake-error.js.

The motivation for this change is that this test is verifying that a
'no ciphers match' error be thrown, but 'RC4' might be among the ciphers
supported by the OpenSSL version when dynamically linking. I ran into
this specific issue when dynamically linking against OpenSSL 1.1.1 on
RHEL8 using #25381.

PR-URL: #25534
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
This updates all sources in deps/openssl/openssl with openssl-1.1.1a.
Some of defines and cppflags in the build config of OpenSSL-1.1.1 were
moved to new attributes. Gyp and gypi file generations are needed to be
fixed to include them.
Because llvm on MacOS does not support AVX-512, asm files need to be limited to
AVX-2 support even when they are generated on Linux.  fake_gcc.pl returns the
fake llvm banner version for MacOS as if the assembler supports upto AVX-2.

For Windows, makefiles for nmake were updated in OpenSSL-1.1.1 and they are
rewritten into GNU makefile format by hand.
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.
OpenSSL-1.1.1 has new support of AVX-512 but AVX-2 asm files still need
to be generated for the older assembler support to keep backward
compatibilities.

targos pushed a commit that referenced this pull request

Jan 28, 2019 
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

PR-URL: #25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Backport-PR-URL: #25688

targos pushed a commit that referenced this pull request

Jan 28, 2019 
OpenSSL-1.1.1 has new support of AVX-512 but AVX-2 asm files still need
to be generated for the older assembler support to keep backward
compatibilities.

PR-URL: #25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Backport-PR-URL: #25688

targos pushed a commit that referenced this pull request

Jan 28, 2019 
AIX has own assembler not GNU as that does not support --noexecstack.

PR-URL: #25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Backport-PR-URL: #25688

targos pushed a commit that referenced this pull request

Jan 28, 2019 
Add new requirements of assembler version for AVX-512 support
in OpenSSL-1.1.1.

PR-URL: #25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Backport-PR-URL: #25688

targos pushed a commit that referenced this pull request

Jan 28, 2019 
`cd deps/openssl/config; make` updates all archs dependant files.

PR-URL: #25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Backport-PR-URL: #25688

targos pushed a commit that referenced this pull request

Jan 28, 2019 
Make OpenSSL 1.1.1 error during cipher list setting if it would have
errored with OpenSSL 1.1.0.

Can be dropped after our OpenSSL fixes this upstream.

See: openssl/openssl#7759

PR-URL: #25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Backport-PR-URL: #25688

targos pushed a commit that referenced this pull request

Jan 28, 2019 
`SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called
sending HelloRequest in OpenSSL-1.1.1.
We need to check whether this is in a renegotiation state or not.

PR-URL: #25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Backport-PR-URL: #25688

targos pushed a commit that referenced this pull request

Jan 28, 2019 
This gets better coverage of the codes, and is more explicit. It also
works around ordering differences in the errors produced by openssl.
The approach was tested with 1.1.0 and 1.1.1, as well as TLSv1.2 vs
TLSv1.3. OpenSSL 1.1.0 is relevant when node is built against a shared
openssl.

PR-URL: #25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Backport-PR-URL: #25688

sam-github pushed a commit to sam-github/node that referenced this pull request

Feb 26, 2019 
This is a floating patch against OpenSSL-1.1.1 to generate asm files
with Makefile rules.

PR-URL: nodejs#25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>

This was referenced

May 29, 2019