[v11.x backport] Update openssl to 1.1.1a by sam-github · Pull Request #25688 · nodejs/node
and others added 11 commits
This updates all sources in deps/openssl/openssl with openssl-1.1.1a. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Some of defines and cppflags in the build config of OpenSSL-1.1.1 were moved to new attributes. Gyp and gypi file generations are needed to be fixed to include them. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Because llvm on MacOS does not support AVX-512, asm files need to be limited to AVX-2 support even when they are generated on Linux. fake_gcc.pl returns the fake llvm banner version for MacOS as if the assembler supports upto AVX-2. For Windows, makefiles for nmake were updated in OpenSSL-1.1.1 and they are rewritten into GNU makefile format by hand. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
This is a floating patch against OpenSSL-1.1.1 to generate asm files with Makefile rules. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
OpenSSL-1.1.1 has new support of AVX-512 but AVX-2 asm files still need to be generated for the older assembler support to keep backward compatibilities. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
AIX has own assembler not GNU as that does not support --noexecstack. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Add new requirements of assembler version for AVX-512 support in OpenSSL-1.1.1. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
`cd deps/openssl/config; make` updates all archs dependant files. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Make OpenSSL 1.1.1 error during cipher list setting if it would have errored with OpenSSL 1.1.0. Can be dropped after our OpenSSL fixes this upstream. See: openssl/openssl#7759 PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
`SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
This gets better coverage of the codes, and is more explicit. It also works around ordering differences in the errors produced by openssl. The approach was tested with 1.1.0 and 1.1.1, as well as TLSv1.2 vs TLSv1.3. OpenSSL 1.1.0 is relevant when node is built against a shared openssl. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
labels
targos pushed a commit that referenced this pull request
targos pushed a commit that referenced this pull request
Some of defines and cppflags in the build config of OpenSSL-1.1.1 were moved to new attributes. Gyp and gypi file generations are needed to be fixed to include them. PR-URL: #25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: #25688
targos pushed a commit that referenced this pull request
Because llvm on MacOS does not support AVX-512, asm files need to be limited to AVX-2 support even when they are generated on Linux. fake_gcc.pl returns the fake llvm banner version for MacOS as if the assembler supports upto AVX-2. For Windows, makefiles for nmake were updated in OpenSSL-1.1.1 and they are rewritten into GNU makefile format by hand. PR-URL: #25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: #25688
sam-github added a commit to sam-github/node that referenced this pull request
This updates all sources in deps/openssl/openssl with openssl-1.1.1a. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: nodejs#25688
sam-github pushed a commit to sam-github/node that referenced this pull request
Some of defines and cppflags in the build config of OpenSSL-1.1.1 were moved to new attributes. Gyp and gypi file generations are needed to be fixed to include them. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: nodejs#25688
sam-github pushed a commit to sam-github/node that referenced this pull request
Because llvm on MacOS does not support AVX-512, asm files need to be limited to AVX-2 support even when they are generated on Linux. fake_gcc.pl returns the fake llvm banner version for MacOS as if the assembler supports upto AVX-2. For Windows, makefiles for nmake were updated in OpenSSL-1.1.1 and they are rewritten into GNU makefile format by hand. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: nodejs#25688
sam-github pushed a commit to sam-github/node that referenced this pull request
This is a floating patch against OpenSSL-1.1.1 to generate asm files with Makefile rules. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: nodejs#25688
sam-github pushed a commit to sam-github/node that referenced this pull request
OpenSSL-1.1.1 has new support of AVX-512 but AVX-2 asm files still need to be generated for the older assembler support to keep backward compatibilities. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: nodejs#25688
sam-github pushed a commit to sam-github/node that referenced this pull request
AIX has own assembler not GNU as that does not support --noexecstack. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: nodejs#25688
sam-github pushed a commit to sam-github/node that referenced this pull request
Add new requirements of assembler version for AVX-512 support in OpenSSL-1.1.1. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: nodejs#25688
sam-github added a commit to sam-github/node that referenced this pull request
`cd deps/openssl/config; make` updates all archs dependant files. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: nodejs#25688
sam-github pushed a commit to sam-github/node that referenced this pull request
`SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: nodejs#25688
sam-github added a commit to sam-github/node that referenced this pull request
This gets better coverage of the codes, and is more explicit. It also works around ordering differences in the errors produced by openssl. The approach was tested with 1.1.0 and 1.1.1, as well as TLSv1.2 vs TLSv1.3. OpenSSL 1.1.0 is relevant when node is built against a shared openssl. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: nodejs#25688
sam-github pushed a commit to sam-github/node that referenced this pull request
This is a floating patch against OpenSSL-1.1.1 to generate asm files with Makefile rules. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: nodejs#25688
sam-github pushed a commit to sam-github/node that referenced this pull request
This is a floating patch against OpenSSL-1.1.1 to generate asm files with Makefile rules. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: nodejs#25688
MylesBorins pushed a commit that referenced this pull request
MylesBorins pushed a commit that referenced this pull request