Update openssl1.1.1b

[sam-github]

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• commit message follows commit guidelines

[nodejs-github-bot]

@sam-github sadly an error occured when I tried to trigger a build :(

[sam-github]

ci: https://ci.nodejs.org/job/node-test-pull-request/21039/

[sam-github]

Looks like everything passed, except custom-suites-freestyle, aka test-worker, which failed to git clone.

re-ci: https://ci.nodejs.org/job/node-test-pull-request/21068

[sam-github]

@nodejs/collaborators please take a look - routine OpenSSL patch update, nothing hard to review, and CI is green

I'd like this to hit 10.x on top of #26270 (so from the point of view of users of 10.x it would go straight to 1.1.1b skipping 1.1.1a), and I'm trying to figure out if that's possible . It would have to be in 11.x for a couple weeks until it can land in 10.x. It can't make the 10.16.0-rc of Mar 12th, but it could make the 10.16.0 release date of April 2nd if there is an 11.x in the next couple weeks.

@nodejs/release, the @nodejs/lts release schedule for 10.x is documented on https://github.com/nodejs/Release/wiki (but not 8.x or 6.x), is the 11.x schedule anywhere?

[sam-github]

@mhdawson points out that review-by-file has over 600 file diffs, so questioned my characterization of "not hard to review" :-)

It should be reviewed by looking at https://github.com/nodejs/node/pull/26327/commits:

• Revert "deps: remove OpenSSL git and travis configuration" and deps: openssl-1.1.1b no longer packages .gitignore are trivial updates to the upgrade script, openssl no longer package some dot-files (yay!), so we no longer have to delete them
• deps: upgrade openssl sources to 1.1.1b: result of https://github.com/nodejs/node/blob/master/deps/openssl/config/README.md#1-obtain-and-extract-new-openssl-sources, it is a simple untar of openssl1.1.1b replacing the existing openssl1.1.1a (huge, but doesn't need file-by-file review). I'm going to PR (seperately) a change to the commit message in the upgrade instructions to it is crystal clear what the commit contains.
• deps: add s390 asm rules for OpenSSL-1.1.1 : result of https://github.com/nodejs/node/blob/master/deps/openssl/config/README.md#2-apply-a-floating-patch, it is a cherry pick of a commit that is already on the master, it doesn't need re-review but it needs reapplication because the files it changed got reset to their original state when update to the upstream the 1.1.1b source
• deps: update archs files for OpenSSL-1.1.1b: result of https://github.com/nodejs/node/blob/master/deps/openssl/config/README.md#3-execute-make-in-depsopensslconfig-directory, as the commit message says, while huge, this is a mechanical commit of the cd deps/openssl/config; make. No file-by-file review necessary.

And that's it.

[mhdawson]

RSLGTM

[sam-github]

CI is green

[sam-github]

Green in CI, two approvals, 6 days open... I'll land it tomorrow if no objections, so @nodejs/crypto last chance to review.

[bnoordhuis]

FWIW, this is openssl/openssl@37857e9. That change looks safe to me in the sense of no observable change with TLS <= 1.2 (and TLSv1.3 isn't an issue for us just yet.) Agree/disagree?

[sam-github]

Not just safe for TSL1.3, necessary. I'm floating this on #26209 and can drop it from there once 1.1.1b is merged.

[sam-github]

Landed in fe71629...b348ae7