Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to OpenSSL-1.0.2l for Node-v4 #13696

Closed
wants to merge 11 commits into from

Conversation

shigeki
Copy link
Contributor

@shigeki shigeki commented Jun 15, 2017

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)

deps/openssl

This PR is upgrading to OpenSSL-1.0.2l agains Node-v4. It includes a series of cherry-picks as 72785dd..d63ff23 in the master for upgrading OpenSSL-1.0.2l of #13233 and doc fix of #13234. It also fixes #12691.

CC @MylesBorins @gibfahn

ArchangeGabriel and others added 11 commits May 30, 2017 12:35
* The following function from <unicode/normlzr.h> is used:
     normalize()

* Until ICU 59, <unicode/normlzr.h> is indirectly included, but this changed with the 59 release. Adding this header has been the right thing to do for many years, so it is backwards compatible and fix compilation with recent ICU.

Refs: nodejs#13022
PR-URL: nodejs#13040
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
When upgrading OpenSSL, Step 6 in upgrading guide explains the steps
that need to be taken if asm files need updating. This might not
always be the case and something that needs to be checked from
release to release.

This commit adds an example of using github to manually compare two tags
to see if any changes were made to asm files.

PR-URL: nodejs#13234
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
This replaces all sources of openssl-1.0.2l.tar.gz into
deps/openssl/openssl

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows. Two
files of opensslconf.h in crypto and include dir are replaced to refer
config/opensslconf.h.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reapply b910613 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: nodejs#1461
PR-URL: nodejs#1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Regenerate config files for supported platforms with Makefile.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Regenerate asm files with Makefile and CC=gcc and ASM=nasm where gcc
version was 5.4.0 and nasm version was 2.11.08.

Also asm files in asm_obsolete dir to support old compiler and
assembler are regenerated without CC and ASM envs.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Added the missing make command in steps 6.3 when building
asm_obsolete.

Also updated the commit message to include the version nasm in
addition to the gcc version.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
@shigeki shigeki added the openssl Issues and PRs related to the OpenSSL dependency. label Jun 15, 2017
@nodejs-github-bot nodejs-github-bot added openssl Issues and PRs related to the OpenSSL dependency. v4.x labels Jun 15, 2017
@shigeki
Copy link
Contributor Author

shigeki commented Jun 15, 2017

@jasnell
Copy link
Member

jasnell commented Jun 15, 2017

@shigeki ... given that v4 is in maintenance mode, would you consider this update to be must-have or just nice-to-have?

@jasnell
Copy link
Member

jasnell commented Jun 15, 2017

ping @nodejs/lts

@MylesBorins
Copy link
Contributor

MylesBorins commented Jun 15, 2017 via email

@gibfahn
Copy link
Member

gibfahn commented Jun 15, 2017

@jasnell see also #12691 (comment)

@shigeki
Copy link
Contributor Author

shigeki commented Jun 16, 2017

I think this update is needed in Node-v4 because #12591 affects all Node running on Windows which have Intel CPUs with SHA-extension feature.
As of the current time, all Goldmont families of Intel CPUs released in April 2016 have this issue and it would get increased if Cannonlake families are released by the end of this year.

The CI results showed that test-child-process-stdio-big-write-end was failed on linux arm64 but it is nothing to do with openssl and the failure still exists in node-daily-v4.x-staging batch.

@BridgeAR
Copy link
Member

This needs a rebase. Otherwise I guess this could land?

MylesBorins pushed a commit that referenced this pull request Sep 19, 2017
When upgrading OpenSSL, Step 6 in upgrading guide explains the steps
that need to be taken if asm files need updating. This might not
always be the case and something that needs to be checked from
release to release.

This commit adds an example of using github to manually compare two tags
to see if any changes were made to asm files.

Backport-PR-URL: #13696
PR-URL: #13234
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
MylesBorins pushed a commit that referenced this pull request Sep 19, 2017
This replaces all sources of openssl-1.0.2l.tar.gz into
deps/openssl/openssl

Fixes: #13161
Backport-PR-URL: #13696
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
MylesBorins pushed a commit that referenced this pull request Sep 19, 2017
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows. Two
files of opensslconf.h in crypto and include dir are replaced to refer
config/opensslconf.h.

Fixes: #13161
Backport-PR-URL: #13696
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
MylesBorins pushed a commit that referenced this pull request Sep 19, 2017
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: #589
Backport-PR-URL: #13696
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
MylesBorins pushed a commit that referenced this pull request Sep 19, 2017
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: #589
Backport-PR-URL: #13696
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins pushed a commit that referenced this pull request Sep 19, 2017
Reapply b910613 .

Fixes: #589
Backport-PR-URL: #13696
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins pushed a commit that referenced this pull request Sep 19, 2017
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: #1461
Backport-PR-URL: #13696
PR-URL: #1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins pushed a commit that referenced this pull request Sep 19, 2017
Regenerate config files for supported platforms with Makefile.

Fixes: #13161
Backport-PR-URL: #13696
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
MylesBorins pushed a commit that referenced this pull request Sep 19, 2017
Regenerate asm files with Makefile and CC=gcc and ASM=nasm where gcc
version was 5.4.0 and nasm version was 2.11.08.

Also asm files in asm_obsolete dir to support old compiler and
assembler are regenerated without CC and ASM envs.

Fixes: #13161
Backport-PR-URL: #13696
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
MylesBorins pushed a commit that referenced this pull request Sep 19, 2017
Added the missing make command in steps 6.3 when building
asm_obsolete.

Also updated the commit message to include the version nasm in
addition to the gcc version.

Fixes: #13161
Backport-PR-URL: #13696
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
@MylesBorins
Copy link
Contributor

landed in 5d7f68a...273e02d

MylesBorins pushed a commit that referenced this pull request Oct 25, 2017
When upgrading OpenSSL, Step 6 in upgrading guide explains the steps
that need to be taken if asm files need updating. This might not
always be the case and something that needs to be checked from
release to release.

This commit adds an example of using github to manually compare two tags
to see if any changes were made to asm files.

Backport-PR-URL: #13696
PR-URL: #13234
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
MylesBorins pushed a commit that referenced this pull request Oct 25, 2017
This replaces all sources of openssl-1.0.2l.tar.gz into
deps/openssl/openssl

Fixes: #13161
Backport-PR-URL: #13696
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
MylesBorins pushed a commit that referenced this pull request Oct 25, 2017
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows. Two
files of opensslconf.h in crypto and include dir are replaced to refer
config/opensslconf.h.

Fixes: #13161
Backport-PR-URL: #13696
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
MylesBorins pushed a commit that referenced this pull request Oct 25, 2017
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: #589
Backport-PR-URL: #13696
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
MylesBorins pushed a commit that referenced this pull request Oct 25, 2017
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: #589
Backport-PR-URL: #13696
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins pushed a commit that referenced this pull request Oct 25, 2017
Reapply b910613 .

Fixes: #589
Backport-PR-URL: #13696
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins pushed a commit that referenced this pull request Oct 25, 2017
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: #1461
Backport-PR-URL: #13696
PR-URL: #1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins pushed a commit that referenced this pull request Oct 25, 2017
Regenerate config files for supported platforms with Makefile.

Fixes: #13161
Backport-PR-URL: #13696
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
MylesBorins pushed a commit that referenced this pull request Oct 25, 2017
Regenerate asm files with Makefile and CC=gcc and ASM=nasm where gcc
version was 5.4.0 and nasm version was 2.11.08.

Also asm files in asm_obsolete dir to support old compiler and
assembler are regenerated without CC and ASM envs.

Fixes: #13161
Backport-PR-URL: #13696
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
MylesBorins pushed a commit that referenced this pull request Oct 25, 2017
Added the missing make command in steps 6.3 when building
asm_obsolete.

Also updated the commit message to include the version nasm in
addition to the gcc version.

Fixes: #13161
Backport-PR-URL: #13696
PR-URL: #13233
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants