Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to OpenSSL-1.0.2l for Node-v6 #13695

Closed
wants to merge 10 commits into from

Conversation

shigeki
Copy link
Contributor

@shigeki shigeki commented Jun 15, 2017

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)

deps/openssl

This PR is upgrading to OpenSSL-1.0.2l agains Node-v6. It includes a series of cherry-picks as 72785dd..d63ff23 in the master for upgrading OpenSSL-1.0.2l of #13233 and doc fix of #13234. It also fixes #12691.

CC @MylesBorins @gibfahn

danbev and others added 10 commits June 15, 2017 19:17
When upgrading OpenSSL, Step 6 in upgrading guide explains the steps
that need to be taken if asm files need updating. This might not
always be the case and something that needs to be checked from
release to release.

This commit adds an example of using github to manually compare two tags
to see if any changes were made to asm files.

PR-URL: nodejs#13234
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
This replaces all sources of openssl-1.0.2l.tar.gz into
deps/openssl/openssl

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows. Two
files of opensslconf.h in crypto and include dir are replaced to refer
config/opensslconf.h.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reapply b910613 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: nodejs#1461
PR-URL: nodejs#1836
Reviewed-By: Ben Noordhuis <[email protected]>
Regenerate config files for supported platforms with Makefile.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Regenerate asm files with Makefile and CC=gcc and ASM=nasm where gcc
version was 5.4.0 and nasm version was 2.11.08.

Also asm files in asm_obsolete dir to support old compiler and
assembler are regenerated without CC and ASM envs.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Added the missing make command in steps 6.3 when building
asm_obsolete.

Also updated the commit message to include the version nasm in
addition to the gcc version.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
@shigeki shigeki added the openssl Issues and PRs related to the OpenSSL dependency. label Jun 15, 2017
@nodejs-github-bot nodejs-github-bot added openssl Issues and PRs related to the OpenSSL dependency. v6.x labels Jun 15, 2017
@shigeki
Copy link
Contributor Author

shigeki commented Jun 15, 2017

Copy link
Member

@tniessen tniessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assuming CI is green. AFAIK there were no changes in the OpenSSL API, right?

@shigeki
Copy link
Contributor Author

shigeki commented Jun 15, 2017

AFAIK there were no changes in the OpenSSL API, right?

No. This includes only bug fixes and no API/ABIs are changed.

Copy link
Contributor

@cjihrig cjihrig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubberstamp LGTM

Copy link
Member

@jasnell jasnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubber stamp LGTM

gibfahn pushed a commit to gibfahn/node that referenced this pull request Jun 17, 2017
When upgrading OpenSSL, Step 6 in upgrading guide explains the steps
that need to be taken if asm files need updating. This might not
always be the case and something that needs to be checked from
release to release.

This commit adds an example of using github to manually compare two tags
to see if any changes were made to asm files.

PR-URL: nodejs#13234
Backport-PR-URL: nodejs#13695
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
gibfahn pushed a commit to gibfahn/node that referenced this pull request Jun 17, 2017
This replaces all sources of openssl-1.0.2l.tar.gz into
deps/openssl/openssl

Fixes: nodejs#13161
PR-URL: nodejs#13233
Backport-PR-URL: nodejs#13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
gibfahn pushed a commit to gibfahn/node that referenced this pull request Jun 17, 2017
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows. Two
files of opensslconf.h in crypto and include dir are replaced to refer
config/opensslconf.h.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Backport-PR-URL: nodejs#13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
gibfahn pushed a commit to gibfahn/node that referenced this pull request Jun 17, 2017
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Backport-PR-URL: nodejs#13695
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
gibfahn pushed a commit to gibfahn/node that referenced this pull request Jun 17, 2017
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: nodejs#589
PR-URL: nodejs#1389
Backport-PR-URL: nodejs#13695
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
gibfahn pushed a commit to gibfahn/node that referenced this pull request Jun 17, 2017
Reapply b910613 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Backport-PR-URL: nodejs#13695
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
gibfahn pushed a commit to gibfahn/node that referenced this pull request Jun 17, 2017
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: nodejs#1461
PR-URL: nodejs#1836
Backport-PR-URL: nodejs#13695
Reviewed-By: Ben Noordhuis <[email protected]>
gibfahn pushed a commit to gibfahn/node that referenced this pull request Jun 17, 2017
Regenerate config files for supported platforms with Makefile.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Backport-PR-URL: nodejs#13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
gibfahn pushed a commit to gibfahn/node that referenced this pull request Jun 17, 2017
Regenerate asm files with Makefile and CC=gcc and ASM=nasm where gcc
version was 5.4.0 and nasm version was 2.11.08.

Also asm files in asm_obsolete dir to support old compiler and
assembler are regenerated without CC and ASM envs.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Backport-PR-URL: nodejs#13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
gibfahn pushed a commit to gibfahn/node that referenced this pull request Jun 17, 2017
Added the missing make command in steps 6.3 when building
asm_obsolete.

Also updated the commit message to include the version nasm in
addition to the gcc version.

Fixes: nodejs#13161
PR-URL: nodejs#13233
Backport-PR-URL: nodejs#13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
@gibfahn
Copy link
Member

gibfahn commented Jun 17, 2017

@gibfahn gibfahn closed this Jun 17, 2017
@gibfahn
Copy link
Member

gibfahn commented Jun 17, 2017

@shigeki can you confirm that I've applied this correctly? I'm a bit confused, as some of the commits like 22d74c4 are very old, and 02a04cf is empty.

gibfahn pushed a commit that referenced this pull request Jun 20, 2017
When upgrading OpenSSL, Step 6 in upgrading guide explains the steps
that need to be taken if asm files need updating. This might not
always be the case and something that needs to be checked from
release to release.

This commit adds an example of using github to manually compare two tags
to see if any changes were made to asm files.

PR-URL: #13234
Backport-PR-URL: #13695
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
gibfahn pushed a commit that referenced this pull request Jun 20, 2017
This replaces all sources of openssl-1.0.2l.tar.gz into
deps/openssl/openssl

Fixes: #13161
PR-URL: #13233
Backport-PR-URL: #13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
gibfahn pushed a commit that referenced this pull request Jun 20, 2017
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows. Two
files of opensslconf.h in crypto and include dir are replaced to refer
config/opensslconf.h.

Fixes: #13161
PR-URL: #13233
Backport-PR-URL: #13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
gibfahn pushed a commit that referenced this pull request Jun 20, 2017
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: #589
PR-URL: #1389
Backport-PR-URL: #13695
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
gibfahn pushed a commit that referenced this pull request Jun 20, 2017
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: #589
PR-URL: #1389
Backport-PR-URL: #13695
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
gibfahn pushed a commit that referenced this pull request Jun 20, 2017
Reapply b910613 .

Fixes: #589
PR-URL: #1389
Backport-PR-URL: #13695
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
gibfahn pushed a commit that referenced this pull request Jun 20, 2017
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: #1461
PR-URL: #1836
Backport-PR-URL: #13695
Reviewed-By: Ben Noordhuis <[email protected]>
gibfahn pushed a commit that referenced this pull request Jun 20, 2017
Regenerate config files for supported platforms with Makefile.

Fixes: #13161
PR-URL: #13233
Backport-PR-URL: #13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
gibfahn pushed a commit that referenced this pull request Jun 20, 2017
Regenerate asm files with Makefile and CC=gcc and ASM=nasm where gcc
version was 5.4.0 and nasm version was 2.11.08.

Also asm files in asm_obsolete dir to support old compiler and
assembler are regenerated without CC and ASM envs.

Fixes: #13161
PR-URL: #13233
Backport-PR-URL: #13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
gibfahn pushed a commit that referenced this pull request Jun 20, 2017
Added the missing make command in steps 6.3 when building
asm_obsolete.

Also updated the commit message to include the version nasm in
addition to the gcc version.

Fixes: #13161
PR-URL: #13233
Backport-PR-URL: #13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
@gibfahn
Copy link
Member

gibfahn commented Jun 20, 2017

Okay, the issue is that I was fixing whitespace while landing.

Landed in: 3a34e66...2783d2d

(a.k.a.
3a34e66 a162048 f495032 a4a740f d0b0685 345378d a187100 4411ac1 0a04418 2783d2d )

@shigeki
Copy link
Contributor Author

shigeki commented Jun 22, 2017

@gibfahn Yes, that's caused by whitespace fix. We would not have it in the future upgrades. Thanks for landing.

MylesBorins pushed a commit that referenced this pull request Jul 11, 2017
When upgrading OpenSSL, Step 6 in upgrading guide explains the steps
that need to be taken if asm files need updating. This might not
always be the case and something that needs to be checked from
release to release.

This commit adds an example of using github to manually compare two tags
to see if any changes were made to asm files.

PR-URL: #13234
Backport-PR-URL: #13695
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 11, 2017
This replaces all sources of openssl-1.0.2l.tar.gz into
deps/openssl/openssl

Fixes: #13161
PR-URL: #13233
Backport-PR-URL: #13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 11, 2017
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows. Two
files of opensslconf.h in crypto and include dir are replaced to refer
config/opensslconf.h.

Fixes: #13161
PR-URL: #13233
Backport-PR-URL: #13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 11, 2017
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: #589
PR-URL: #1389
Backport-PR-URL: #13695
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 11, 2017
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: #589
PR-URL: #1389
Backport-PR-URL: #13695
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 11, 2017
Reapply b910613 .

Fixes: #589
PR-URL: #1389
Backport-PR-URL: #13695
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 11, 2017
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: #1461
PR-URL: #1836
Backport-PR-URL: #13695
Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 11, 2017
Regenerate config files for supported platforms with Makefile.

Fixes: #13161
PR-URL: #13233
Backport-PR-URL: #13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 11, 2017
Regenerate asm files with Makefile and CC=gcc and ASM=nasm where gcc
version was 5.4.0 and nasm version was 2.11.08.

Also asm files in asm_obsolete dir to support old compiler and
assembler are regenerated without CC and ASM envs.

Fixes: #13161
PR-URL: #13233
Backport-PR-URL: #13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 11, 2017
Added the missing make command in steps 6.3 when building
asm_obsolete.

Also updated the commit message to include the version nasm in
addition to the gcc version.

Fixes: #13161
PR-URL: #13233
Backport-PR-URL: #13695
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants