meta: merge node/master into node-chakracore/master

Merge 51a7d97 as of 2017-12-11 This commit was automatically generated. For any problems, please contact jackhorton Reviewed-By: Taylor Woll <tawoll@ntdev.microsoft.com>
nodejs · Jan 17, 2018 · bc073bf · bc073bf
2 parents d48f231 + 51a7d97
commit bc073bf
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 85 deletions.
diff --git a/BUILDING.md b/BUILDING.md
@@ -347,17 +347,13 @@ as `deps/icu` (You'll have: `deps/icu/source/...`)
 
 ## Building Node.js with FIPS-compliant OpenSSL
 
-NOTE: Windows is not yet supported
+It is possible to build Node.js with the
+[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html) on POSIX
+systems. Windows is not supported.
 
-It is possible to build Node.js with
-[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html).
-
-**Note**: building in this way does **not** allow you to claim that the
-runtime is FIPS 140-2 validated. Instead you can indicate that the runtime
-uses a validated module. See the
-[security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf)
-page 60 for more details. In addition, the validation for the underlying module
-is only valid if it is deployed in accordance with its
+Building in this way does not mean the runtime is FIPS 140-2 validated, but
+rather that the runtime uses a validated module. In addition, the validation for
+the underlying module is only valid if it is deployed in accordance with its
 [security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf).
 If you need FIPS validated cryptography it is recommended that you read both
 the [security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf)

diff --git a/Makefile b/Makefile
@@ -1120,7 +1120,6 @@ lint: ## Run JS, C++, MD and doc linters.
 	@EXIT_STATUS=0 ; \
 	$(MAKE) lint-js || EXIT_STATUS=$$? ; \
 	$(MAKE) lint-cpp || EXIT_STATUS=$$? ; \
-	$(MAKE) lint-md || EXIT_STATUS=$$? ; \
 	$(MAKE) lint-addon-docs || EXIT_STATUS=$$? ; \
 	exit $$EXIT_STATUS
 CONFLICT_RE=^>>>>>>> [0-9A-Fa-f]+|^<<<<<<< [A-Za-z]+

diff --git a/configure b/configure
@@ -35,21 +35,23 @@ import subprocess
 import shutil
 import string
 
+# If not run from node/, cd to node/.
+os.chdir(os.path.dirname(__file__) or '.')
+
 # gcc and g++ as defaults matches what GYP's Makefile generator does,
 # except on OS X.
 CC = os.environ.get('CC', 'cc' if sys.platform == 'darwin' else 'gcc')
 CXX = os.environ.get('CXX', 'c++' if sys.platform == 'darwin' else 'g++')
 
-root_dir = os.path.dirname(__file__)
-sys.path.insert(0, os.path.join(root_dir, 'tools', 'gyp', 'pylib'))
+sys.path.insert(0, os.path.join('tools', 'gyp', 'pylib'))
 from gyp.common import GetFlavor
 
 # imports in tools/configure.d
-sys.path.insert(0, os.path.join(root_dir, 'tools', 'configure.d'))
+sys.path.insert(0, os.path.join('tools', 'configure.d'))
 import nodedownload
 
 # imports in tools/
-sys.path.insert(0, os.path.join(root_dir, 'tools'))
+sys.path.insert(0, 'tools')
 import getmoduleversion
 from gyp_node import run_gyp
 
@@ -432,7 +434,7 @@ intl_optgroup.add_option('--download',
 intl_optgroup.add_option('--download-path',
     action='store',
     dest='download_path',
-    default=os.path.join(root_dir, 'deps'),
+    default='deps',
     help='Download directory [default: %default]')
 
 parser.add_option_group(intl_optgroup)
@@ -1080,7 +1082,7 @@ def configure_openssl(o):
       o['defines'] += ['NODE_WITHOUT_NODE_OPTIONS']
   if options.openssl_fips:
     o['variables']['openssl_fips'] = options.openssl_fips
-    fips_dir = os.path.join(root_dir, 'deps', 'openssl', 'fips')
+    fips_dir = os.path.join('deps', 'openssl', 'fips')
     fips_ld = os.path.abspath(os.path.join(fips_dir, 'fipsld'))
     # LINK is for Makefiles, LD/LDXX is for ninja
     o['make_fips_settings'] = [
@@ -1125,7 +1127,7 @@ def configure_static(o):
 
 
 def write(filename, data):
-  filename = os.path.join(root_dir, filename)
+  filename = filename
   print('creating %s' % filename)
   f = open(filename, 'w+')
   f.write(data)
@@ -1247,7 +1249,7 @@ def configure_intl(o):
     return
 
   # this is just the 'deps' dir. Used for unpacking.
-  icu_parent_path = os.path.join(root_dir, 'deps')
+  icu_parent_path = 'deps'
 
   # The full path to the ICU source directory. Should not include './'.
   icu_full_path = 'deps/icu'

diff --git a/lib/_http_common.js b/lib/_http_common.js
@@ -233,70 +233,14 @@ function httpSocketSetup(socket) {
   socket.on('drain', ondrain);
 }
 
+const tokenRegExp = /^[\^_`a-zA-Z\-0-9!#$%&'*+.|~]+$/;
 /**
  * Verifies that the given val is a valid HTTP token
  * per the rules defined in RFC 7230
  * See https://tools.ietf.org/html/rfc7230#section-3.2.6
- *
- * Allowed characters in an HTTP token:
- * ^_`a-z  94-122
- * A-Z     65-90
- * -       45
- * 0-9     48-57
- * !       33
- * #$%&'   35-39
- * *+      42-43
- * .       46
- * |       124
- * ~       126
- *
- * This implementation of checkIsHttpToken() loops over the string instead of
- * using a regular expression since the former is up to 180% faster with v8 4.9
- * depending on the string length (the shorter the string, the larger the
- * performance difference)
- *
- * Additionally, checkIsHttpToken() is currently designed to be inlinable by v8,
- * so take care when making changes to the implementation so that the source
- * code size does not exceed v8's default max_inlined_source_size setting.
- **/
-var validTokens = [
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0 - 15
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 16 - 31
-  0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, // 32 - 47
-  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, // 48 - 63
-  0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 64 - 79
-  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, // 80 - 95
-  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 96 - 111
-  1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, // 112 - 127
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 128 ...
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0  // ... 255
-];
+**/
 function checkIsHttpToken(val) {
-  if (!validTokens[val.charCodeAt(0)])
-    return false;
-  if (val.length < 2)
-    return true;
-  if (!validTokens[val.charCodeAt(1)])
-    return false;
-  if (val.length < 3)
-    return true;
-  if (!validTokens[val.charCodeAt(2)])
-    return false;
-  if (val.length < 4)
-    return true;
-  if (!validTokens[val.charCodeAt(3)])
-    return false;
-  for (var i = 4; i < val.length; ++i) {
-    if (!validTokens[val.charCodeAt(i)])
-      return false;
-  }
-  return true;
+  return tokenRegExp.test(val);
 }
 
 /**

diff --git a/src/node_crypto_bio.cc b/src/node_crypto_bio.cc
@@ -68,8 +68,6 @@ void NodeBIO::AssignEnvironment(Environment* env) {
 int NodeBIO::New(BIO* bio) {
   BIO_set_data(bio, new NodeBIO());
 
-  // XXX Why am I doing it?!
-  BIO_set_shutdown(bio, 1);
   BIO_set_init(bio, 1);
 
   return 1;

diff --git a/src/node_crypto_clienthello.h b/src/node_crypto_clienthello.h
@@ -24,9 +24,8 @@
 
 #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
 
-#include "node.h"
-
 #include <stddef.h>  // size_t
+#include <stdint.h>
 #include <stdlib.h>  // nullptr
 
 namespace node {

diff --git a/test/parallel/test-http-agent.js b/test/parallel/test-http-agent.js
@@ -21,6 +21,7 @@
 
 'use strict';
 const common = require('../common');
+const Countdown = require('../common/countdown');
 const assert = require('assert');
 const http = require('http');
 common.crashOnUnhandledRejection();
@@ -33,14 +34,17 @@ const server = http.Server(common.mustCall(function(req, res) {
 }, (N * M))); // N * M = good requests (the errors will not be counted)
 
 function makeRequests(outCount, inCount, shouldFail) {
-  let responseCount = outCount * inCount;
+  const countdown = new Countdown(
+    outCount * inCount,
+    common.mustCall(() => server.close())
+  );
   let onRequest = common.mustNotCall(); // Temporary
   const p = new Promise((resolve) => {
     onRequest = common.mustCall((res) => {
-      if (--responseCount === 0) {
-        server.close();
+      if (countdown.dec() === 0) {
         resolve();
       }
+
       if (!shouldFail)
         res.resume();
     }, outCount * inCount);