-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to OpenSSL-1.1.0h #19794
Upgrade to OpenSSL-1.1.0h #19794
Conversation
cea6e02
to
d4ab4a0
Compare
doc/api/tls.md
Outdated
[SSL_CTX_set_timeout]: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_timeout.html | ||
[SSL_METHODS]: https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS | ||
[SSL_CTX_set_timeout]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_timeout.html | ||
[SSL_METHODS]: https://www.openssl.org/docs/man1.1.0/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems the new hash needs to be #Dealing-with-Protocol-Methods
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed the hash link. I resolved some conflicts but it needs a more fix . Fixed in 9cf8473b2c75f043f81cf82785d43b4e03dda967
BUILDING.md
Outdated
@@ -88,6 +88,23 @@ Depending on host platform, the selection of toolchains may vary. | |||
|
|||
* Visual Studio 2017 or the Build Tools thereof | |||
|
|||
#### OpenSSL asm support | |||
|
|||
OpenSSL-1.1.0 requires the following asssember version for use of asm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
asssember
-> assembler
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in 07d5ac52ee66ada4e4a716edb0d4880360b122d6.
BUILDING.md
Outdated
|
||
Otherwise, `--openssl-no-asm` is added with warning in configure. | ||
|
||
*Note:* The forthcoming OpenSSL-1.1.1 will require more higher |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
more higher
-> higher
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto.
deps/openssl/README.md
Outdated
@@ -0,0 +1,76 @@ | |||
This has a new binding scheme in builing OpenSSL-1.1.0 library with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
builing
-> building
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in cb6aee5a3d8201fb656a8e971b3741d85976a9d0.
deps/openssl/README.md
Outdated
@@ -0,0 +1,76 @@ | |||
This has a new binding scheme in builing OpenSSL-1.1.0 library with | |||
Node.js. OpenSSL-1.1.0 uses a new build system with perl for various |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
perl
-> Perl
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto.
deps/openssl/README.md
Outdated
`openssl/Configurations/README.design` in the OpenSSL source for | ||
details. | ||
|
||
In order to build OpenSSL library without perl in the build of Node.js |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
perl
-> Perl
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto.
deps/openssl/README.md
Outdated
|
||
`openssl.gyp` has two targets of openssl and openssl-cli referred | ||
from `node.gyp`. They includes asm and no_asm gypi files with arch | ||
dependent gypi according to its build options and platforms . The |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
platforms .
-> platforms.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
deps/openssl/README.md
Outdated
from `node.gyp`. They includes asm and no_asm gypi files with arch | ||
dependent gypi according to its build options and platforms . The | ||
gyp data which is common with asm and no_asm are stored in | ||
openssl_common.gypi. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
openssl_common.gypi
-> `openssl_common.gypi`
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
deps/openssl/README.md
Outdated
`bn_conf.h`, `dso_conf.h` and `opensslconf.h` are platform dependent | ||
in the OpenSSL sources. They are replaced with `config/*.h.tmpl` | ||
files to include the file in the `../../../config/` and referred to | ||
each arch files that depends on asm and no-asm option. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
each arch files
-> each arch file
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
deps/openssl/README.md
Outdated
| linux | arm64 | linux-aarch64 | o | | ||
| linux | ppc | linux-ppc | o | | ||
| linux | ppc64 | linux-ppc64 | o | | ||
| linux | ppc64 | linux-ppc64le | o | (node_byteoder: little) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not see (node_byteoder: little)
in the rendered table. Should it be there? Is it parsed as a hidden comment?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a note. I fixed it as a footnote.
deps/openssl/README.md
Outdated
|
||
### Upgrading OpenSSL | ||
|
||
Please refer [config/README.md](config/README.md) . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
) .
-> ).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
Are there any more docs to review except Should |
@vsemozhetbyt Thanks for fixing my English. Please review |
CI of https://ci.nodejs.org/job/node-test-pull-request/14044/ will be fine except |
deps/openssl/README.md
Outdated
@@ -53,7 +53,7 @@ Here is a list of supported architectures for use of ASM in OpenSSL. | |||
| linux | arm64 | linux-aarch64 | o | | |||
| linux | ppc | linux-ppc | o | | |||
| linux | ppc64 | linux-ppc64 | o | | |||
| linux | ppc64 | linux-ppc64le | o | (node_byteoder: little) | |||
| linux | ppc64 | linux-ppc64le | o |(*1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is not in the table still:
Maybe it should be placed in a cell or its own column should be added?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I missed to view and check markdown. Fixed to include it in the cell as f8cdc0f.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for nits)
deps/openssl/config/README.md
Outdated
## Upgrading OpenSSL-1.1.0 | ||
|
||
### Requirements | ||
- Linux enviroment (Only CentOS7.1 and Ubuntu16 are tested) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
enviroment
-> environment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
deps/openssl/config/README.md
Outdated
- Linux enviroment (Only CentOS7.1 and Ubuntu16 are tested) | ||
- perl5 | ||
- nasm (http://www.nasm.us/) The version of 2.11 or higher is needed. | ||
- GNU as in binutils. The version of 2.26 or higher is needed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as
-> `as`
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
deps/openssl/config/README.md
Outdated
$ nasm -v | ||
NASM version 2.11.08 | ||
``` | ||
### 1. Obtain and extract new OpenSS sources. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sources.
-> sources
for consistency with other headings?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
deps/openssl/config/README.md
Outdated
``` | ||
### 1. Obtain and extract new OpenSS sources. | ||
|
||
Get a new source from https://www.openssl.org/source/ and extract |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Get a new source... and extract them
-> Get a new source... and extract all files
?
or
-> Get new source files... and extract them
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed. My choice is the former.
deps/openssl/config/README.md
Outdated
$ nasm -v | ||
NASM version 2.11.08 | ||
``` | ||
### 1. Obtain and extract new OpenSS sources. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OpenSS
-> OpenSSL
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
deps/openssl/config/README.md
Outdated
*Note*: On Windows, OpenSSL Configure generate `makefile` that can be | ||
used for `nmake` command. The `make` command in the step 2 above uses | ||
`Makefile_VC-WIN64A` and `Makefile_VC-WIN32` that is manually | ||
created. When sources files or build options are updated in Windows, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sources files
-> source files
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
deps/openssl/config/README.md
Outdated
used for `nmake` command. The `make` command in the step 2 above uses | ||
`Makefile_VC-WIN64A` and `Makefile_VC-WIN32` that is manually | ||
created. When sources files or build options are updated in Windows, | ||
it needs to change the these two Makefiles by hand. If you are not |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the these
-> these
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
deps/openssl/config/README.md
Outdated
created. When sources files or build options are updated in Windows, | ||
it needs to change the these two Makefiles by hand. If you are not | ||
sure, please ask @shigeki for details. | ||
### 4. Commits and make test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
4.
-> 5.
Commits
-> Commit
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
deps/openssl/config/README.md
Outdated
sure, please ask @shigeki for details. | ||
### 4. Commits and make test | ||
|
||
Updates all architecture dependent files. Do not forget to git add or remove |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updates
-> Update
or This updates
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed. My choice is the former.
deps/openssl/config/README.md
Outdated
deps: update archs files for OpenSSL-1.1.0 | ||
``` | ||
|
||
Finally, build Node and run test it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
run test it
-> run tests
or test it
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed. My choice is the former.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rubber-stamp LGTM
@shigeki so I take it from nodejs/build#1210 that you're not able to maintain backward compatibility with 1.0.2? As per nodejs/TSC#479 the hope was that we would maintain the ability to still compile against 1.0.2 in the same way that Node 8/9 can compile against 1.1.0 now. The problem is going to be with Linux distros that insist on dynamically compiling OpenSSL against what they ship, so if they don't ship OpenSSL 1.1.0 then they won't be able to ship Node 10. I'm not sure which distros, if any, that is actually going to impact, however. |
@rvagg It can be possible to be compatible between 1.0.2 and 1.1.0 at this moment. But I am pessimistic to maintain it until the EOLS of 1.0.2 at the end of 2019 unless we keep freezing new features of OpenSSL-1.1.x. Node8/9 could do it since we did not add no new crypto/tls features specific to 1.1.0. I'm fearing that we lose a chance to remove the support of 1.0.2 in Node10 in the future. If it needs a large discussion, I can make back compatibilities with 1.0.2 in this PR and submit a separated PR or issues to remove 1.0.2 support. |
If it's not too much work I'd like to see 1.0.2 support maintained @shigeki. I think liberal use of "this feature is not supported by 1.0.2" runtime errors is fine so we can move forward embracing 1.1.x features and just make them not available to builds against 1.0.2, similar to how we've handled FIPS and how others have handled LibreSSL support. @bnoordhuis @indutny could either of you weigh in on this? Perhaps it's just not worth it and we should make a clean break? @kapouer are you available to offer an opinion here since you have a foot in the dynamic linking camp? If Node 10 goes out with no ability to compile against 1.0.2 how many yelps are we going to hear? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vsemozhetbyt Thanks for reviewing my English. I fixed in 9a62a0c.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Docs LGTM)
9a62a0c
to
53a63ef
Compare
Btw, if the plan is for this to go in to 10.0.0, it should land no later than April 10th. After that, I'll only pull in tsc approved semver-majors |
OK, no response to my 1.0.2 proposition so how about this: let's just land pure 1.1.0 support and ditch 1.0.2 support. It's something that could be added in afterward, during 10.x Current if enough people yelp. I'll go ahead and pull 1.0.2 out of CI for 10+ and I'll update nodejs/TSC#479 to change the plan and get that in front of the TSC. @shigeki anything else we need to get this landed? |
configure
Outdated
o['variables']['node_use_openssl'] = b(not options.without_ssl) | ||
o['variables']['node_shared_openssl'] = b(options.shared_openssl) | ||
o['variables']['openssl_no_asm'] = 1 if options.openssl_no_asm else 0 | ||
variables = o['variables']; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
semicolon probably should go
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed. Thanks.
a near perfect CI run @ https://ci.nodejs.org/job/node-test-commit/17482/, one failure, a known Raspberry Pi problem unrelated to this 👍 great work @shigeki |
I will wait for anyone's reviews until the next Monday night in JST. |
Notable changes: * deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](#19794) * src: add .code and SSL specific error properties (Sam Roberts) [#25093](#25093) * tls: * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](#26951) * supported shared openssl 1.1.0 (Sam Roberts) [#26951](#26951) * revert default max toTLSv1.2 (Sam Roberts) [#26951](#26951) * revert change to invalid protocol error type (Sam Roberts) [#26951](#26951) * support TLSv1.3 (Sam Roberts) [#26209](#26209) * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](#24729) PR-URL: #27314
Ported from OpenSUSE:nodejs8-8.17.0-lp152.147.1:openssl_1_1_1.patch Original commit message: Backport OpenSSL 1.1.1 support, mostly be disabling TLS 1.3 Upstream commits: commit 8dd8033 Author: Shigeki Ohtsu <ohtsu@ohtsu.org> Date: Wed Sep 12 17:34:24 2018 +0900 tls: workaround handshakedone in renegotiation `SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. Backport-PR-URL: nodejs#26270 PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> commit 161dca7 Author: Sam Roberts <vieuxtech@gmail.com> Date: Wed Nov 28 14:11:18 2018 -0800 tls: re-define max supported version as 1.2 Several secureProtocol strings allow any supported TLS version as the maximum, but our maximum supported protocol version is TLSv1.2 even if someone configures a build against an OpenSSL that supports TLSv1.3. Fixes: nodejs#24658 PR-URL: nodejs#25024 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Partial port, remain compatible with 1.0.2: commit 970ce14 Author: Shigeki Ohtsu <ohtsu@ohtsu.org> Date: Wed Mar 14 14:26:55 2018 +0900 crypto: remove deperecated methods of TLS version All version-specific methods were deprecated in OpenSSL 1.1.0 and min/max versions explicitly need to be set. This still keeps comptatible with JS and OpenSSL-1.0.2 APIs for now. crypto, constants: add constant of OpenSSL-1.1.0 Several constants for OpenSSL-1.1.0 engine were removed and renamed in OpenSSL-1.1.0. This added one renamed constant in order to have a compatible feature with that of OpenSSL-1.0.2. Other missed or new constants in OpenSSL-1.1.0 are not yet added. crypto,tls,constants: remove OpenSSL1.0.2 support This is semver-majar change so that we need not to have compatibilities with older versions. Fixes: nodejs#4270 PR-URL: nodejs#19794 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Signed-off-by: Su Baocheng <baocheng.su@siemens.com>
Ported from OpenSUSE:nodejs8-8.17.0-lp152.147.1:openssl_1_1_1.patch Original commit message: Backport OpenSSL 1.1.1 support, mostly be disabling TLS 1.3 Upstream commits: commit 8dd8033 Author: Shigeki Ohtsu <ohtsu@ohtsu.org> Date: Wed Sep 12 17:34:24 2018 +0900 tls: workaround handshakedone in renegotiation `SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. Backport-PR-URL: nodejs#26270 PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> commit 161dca7 Author: Sam Roberts <vieuxtech@gmail.com> Date: Wed Nov 28 14:11:18 2018 -0800 tls: re-define max supported version as 1.2 Several secureProtocol strings allow any supported TLS version as the maximum, but our maximum supported protocol version is TLSv1.2 even if someone configures a build against an OpenSSL that supports TLSv1.3. Fixes: nodejs#24658 PR-URL: nodejs#25024 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Partial port, remain compatible with 1.0.2: commit 970ce14 Author: Shigeki Ohtsu <ohtsu@ohtsu.org> Date: Wed Mar 14 14:26:55 2018 +0900 crypto: remove deperecated methods of TLS version All version-specific methods were deprecated in OpenSSL 1.1.0 and min/max versions explicitly need to be set. This still keeps comptatible with JS and OpenSSL-1.0.2 APIs for now. crypto, constants: add constant of OpenSSL-1.1.0 Several constants for OpenSSL-1.1.0 engine were removed and renamed in OpenSSL-1.1.0. This added one renamed constant in order to have a compatible feature with that of OpenSSL-1.0.2. Other missed or new constants in OpenSSL-1.1.0 are not yet added. crypto,tls,constants: remove OpenSSL1.0.2 support This is semver-majar change so that we need not to have compatibilities with older versions. Fixes: nodejs#4270 PR-URL: nodejs#19794 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Signed-off-by: Su Baocheng <baocheng.su@siemens.com>
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: nodejs#1529 Refs: nodejs#10859 Refs: nodejs#19794 Refs: nodejs#38116
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: #1529 Refs: #10859 Refs: #19794 Refs: #38116 PR-URL: #44300 Reviewed-By: Feng Yu <F3n67u@outlook.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: #1529 Refs: #10859 Refs: #19794 Refs: #38116 PR-URL: #44300 Reviewed-By: Feng Yu <F3n67u@outlook.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
These constants have not existed since OpenSSL 1.1.0 reached EOL a few years ago. Refs: nodejs#19794
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: nodejs#1529 Refs: nodejs#10859 Refs: nodejs#19794 Refs: nodejs#38116 PR-URL: nodejs#44300 Reviewed-By: Feng Yu <F3n67u@outlook.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
These constants have not existed since OpenSSL 1.1.0 reached EOL a few years ago. Refs: nodejs#19794 PR-URL: nodejs#44589 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: #1529 Refs: #10859 Refs: #19794 Refs: #38116 PR-URL: #44300 Reviewed-By: Feng Yu <F3n67u@outlook.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: #1529 Refs: #10859 Refs: #19794 Refs: #38116 PR-URL: #44300 Reviewed-By: Feng Yu <F3n67u@outlook.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: #1529 Refs: #10859 Refs: #19794 Refs: #38116 PR-URL: #44300 Reviewed-By: Feng Yu <F3n67u@outlook.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: #1529 Refs: #10859 Refs: #19794 Refs: #38116 PR-URL: #44300 Reviewed-By: Feng Yu <F3n67u@outlook.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: #1529 Refs: #10859 Refs: #19794 Refs: #38116 PR-URL: #44300 Reviewed-By: Feng Yu <F3n67u@outlook.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: nodejs/node#1529 Refs: nodejs/node#10859 Refs: nodejs/node#19794 Refs: nodejs/node#38116 PR-URL: nodejs/node#44300 Reviewed-By: Feng Yu <F3n67u@outlook.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
These constants have not existed since OpenSSL 1.1.0 reached EOL a few years ago. Refs: nodejs/node#19794 PR-URL: nodejs/node#44589 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: nodejs/node#1529 Refs: nodejs/node#10859 Refs: nodejs/node#19794 Refs: nodejs/node#38116 PR-URL: nodejs/node#44300 Reviewed-By: Feng Yu <F3n67u@outlook.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
These constants have not existed since OpenSSL 1.1.0 reached EOL a few years ago. Refs: nodejs/node#19794 PR-URL: nodejs/node#44589 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesThis has very big patches due to the source updates from OpenSSL-1.0.2o to 1.1.0h and generated asm files which are not necessary to be reviewed in this PR.
In order to see the differences easily for reviewers, I made two branches in which those changes are removed. Please refer the branch diffs as below in reviewing for it has just several thousands kb diffs.
shigeki/node@raw_upgrade_openssl110h...shigeki:no_archfiles_upgrade_openssl110h
Note that this has a new build requirement of assembler for asm support. Especially nasm is needed to build Windows that is required by OpenSSL. Please refer 9e38498 for details.
CC @nodejs/crypto @nodejs/tsc
The following is the description written in
deps/openssl/README.md
This has a new binding scheme in builing OpenSSL-1.1.0 library with
Node.js. OpenSSL-1.1.0 uses a new build system with perl for various
supported platforms. See
openssl/Configurations/README
andopenssl/Configurations/README.design
in the OpenSSL source fordetails.
In order to build OpenSSL library without perl in the build of Node.js
for various supported platforms, platform dependent files (e.g. asm
and header files ) are pre-generated and stored into the
config/archs
directory.config/Makefile
andconfig/generate_gypi.pl
Makefile has supported platform list and generates and copies
platform dependent files (e.g. asm files) into arch directory with
generate.pl. Platform dependent gypi files also created obtaining
build information from
configdata.pm
that is generated withConfigure
in the OpenSSL build system.For Windows,
Configure
generates makefile that is only available tonmake command.
config/Makefile_VC-WIN32
andconfig/Makefile_VC-WIN64A
are made created by hand for the use ofGNU make. If make rules or targets are changed in the version up of
OpenSSL, they should be also updated.
gyp and gypi files (
openssl*.{gyp,gypi}
)openssl.gyp
has two targets of openssl and openssl-cli referredfrom
node.gyp
. They includes asm and no_asm gypi files with archdependent gypi according to its build options and platforms . The
gyp data which is common with asm and no_asm are stored in
openssl_common.gypi.
header files (
config/*.{h,h.tmpl}
)bn_conf.h
,dso_conf.h
andopensslconf.h
are platform dependentin the OpenSSL sources. They are replaced with
config/*.h.tmpl
files to include the file in the
../../../config/
and referred toeach arch files that depends on asm and no-asm option.
Supported architectures for use of ASM
Here is a list of supported architectures for use of ASM in OpenSSL.
These are listed in config/Makefile.
Please refer config/opensslconf_asm.h for details.
Upgrading OpenSSL
Please refer config/README.md .