From b7ff3c0e0417e7f5a9f9b358fbe311459392e988 Mon Sep 17 00:00:00 2001 From: Gibson Fahnestock Date: Sun, 26 Nov 2017 13:30:08 +0000 Subject: [PATCH 1/7] build: allow running configure from any directory PR-URL: https://github.com/nodejs/node/pull/17321 Reviewed-By: Richard Lau Reviewed-By: Jon Moss Reviewed-By: Ben Noordhuis Reviewed-By: James M Snell Reviewed-By: Colin Ihrig Reviewed-By: Anna Henningsen Reviewed-By: Refael Ackermann Reviewed-By: Ruben Bridgewater --- configure | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/configure b/configure index ddcc37df54b..a27af226dc0 100755 --- a/configure +++ b/configure @@ -35,21 +35,23 @@ import subprocess import shutil import string +# If not run from node/, cd to node/. +os.chdir(os.path.dirname(__file__) or '.') + # gcc and g++ as defaults matches what GYP's Makefile generator does, # except on OS X. CC = os.environ.get('CC', 'cc' if sys.platform == 'darwin' else 'gcc') CXX = os.environ.get('CXX', 'c++' if sys.platform == 'darwin' else 'g++') -root_dir = os.path.dirname(__file__) -sys.path.insert(0, os.path.join(root_dir, 'tools', 'gyp', 'pylib')) +sys.path.insert(0, os.path.join('tools', 'gyp', 'pylib')) from gyp.common import GetFlavor # imports in tools/configure.d -sys.path.insert(0, os.path.join(root_dir, 'tools', 'configure.d')) +sys.path.insert(0, os.path.join('tools', 'configure.d')) import nodedownload # imports in tools/ -sys.path.insert(0, os.path.join(root_dir, 'tools')) +sys.path.insert(0, 'tools') import getmoduleversion from gyp_node import run_gyp @@ -432,7 +434,7 @@ intl_optgroup.add_option('--download', intl_optgroup.add_option('--download-path', action='store', dest='download_path', - default=os.path.join(root_dir, 'deps'), + default='deps', help='Download directory [default: %default]') parser.add_option_group(intl_optgroup) @@ -1050,7 +1052,7 @@ def configure_openssl(o): o['defines'] += ['NODE_WITHOUT_NODE_OPTIONS'] if options.openssl_fips: o['variables']['openssl_fips'] = options.openssl_fips - fips_dir = os.path.join(root_dir, 'deps', 'openssl', 'fips') + fips_dir = os.path.join('deps', 'openssl', 'fips') fips_ld = os.path.abspath(os.path.join(fips_dir, 'fipsld')) # LINK is for Makefiles, LD/LDXX is for ninja o['make_fips_settings'] = [ @@ -1095,7 +1097,7 @@ def configure_static(o): def write(filename, data): - filename = os.path.join(root_dir, filename) + filename = filename print('creating %s' % filename) f = open(filename, 'w+') f.write(data) @@ -1217,7 +1219,7 @@ def configure_intl(o): return # this is just the 'deps' dir. Used for unpacking. - icu_parent_path = os.path.join(root_dir, 'deps') + icu_parent_path = 'deps' # The full path to the ICU source directory. Should not include './'. icu_full_path = 'deps/icu' From f373a1d8145785b03aa535c739984d832fa0000a Mon Sep 17 00:00:00 2001 From: Federico Kauffman Date: Thu, 7 Dec 2017 19:20:54 -0300 Subject: [PATCH 2/7] test: use Countdown in http-agent test PR-URL: https://github.com/nodejs/node/pull/17537 Reviewed-By: Anatoli Papirovski --- test/parallel/test-http-agent.js | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/test/parallel/test-http-agent.js b/test/parallel/test-http-agent.js index 106f641db72..6dc7f75ce0b 100644 --- a/test/parallel/test-http-agent.js +++ b/test/parallel/test-http-agent.js @@ -21,6 +21,7 @@ 'use strict'; const common = require('../common'); +const Countdown = require('../common/countdown'); const assert = require('assert'); const http = require('http'); common.crashOnUnhandledRejection(); @@ -33,14 +34,17 @@ const server = http.Server(common.mustCall(function(req, res) { }, (N * M))); // N * M = good requests (the errors will not be counted) function makeRequests(outCount, inCount, shouldFail) { - let responseCount = outCount * inCount; + const countdown = new Countdown( + outCount * inCount, + common.mustCall(() => server.close()) + ); let onRequest = common.mustNotCall(); // Temporary const p = new Promise((resolve) => { onRequest = common.mustCall((res) => { - if (--responseCount === 0) { - server.close(); + if (countdown.dec() === 0) { resolve(); } + if (!shouldFail) res.resume(); }, outCount * inCount); From 9f55eac346dea4fba6ace9becc1e01d893f56c5c Mon Sep 17 00:00:00 2001 From: Rich Trott Date: Wed, 29 Nov 2017 18:37:09 -0800 Subject: [PATCH 3/7] http: simplify checkIsHttpToken() Replace code optimized for older versions of V8 with more straightforward code in checkIsHttpToken(). PR-URL: https://github.com/nodejs/node/pull/17399 Reviewed-By: Colin Ihrig Reviewed-By: Anna Henningsen Reviewed-By: Anatoli Papirovski Reviewed-By: Timothy Gu --- lib/_http_common.js | 62 +++------------------------------------------ 1 file changed, 3 insertions(+), 59 deletions(-) diff --git a/lib/_http_common.js b/lib/_http_common.js index ad0dec520d1..cf37bbebe36 100644 --- a/lib/_http_common.js +++ b/lib/_http_common.js @@ -233,70 +233,14 @@ function httpSocketSetup(socket) { socket.on('drain', ondrain); } +const tokenRegExp = /^[\^_`a-zA-Z\-0-9!#$%&'*+.|~]+$/; /** * Verifies that the given val is a valid HTTP token * per the rules defined in RFC 7230 * See https://tools.ietf.org/html/rfc7230#section-3.2.6 - * - * Allowed characters in an HTTP token: - * ^_`a-z 94-122 - * A-Z 65-90 - * - 45 - * 0-9 48-57 - * ! 33 - * #$%&' 35-39 - * *+ 42-43 - * . 46 - * | 124 - * ~ 126 - * - * This implementation of checkIsHttpToken() loops over the string instead of - * using a regular expression since the former is up to 180% faster with v8 4.9 - * depending on the string length (the shorter the string, the larger the - * performance difference) - * - * Additionally, checkIsHttpToken() is currently designed to be inlinable by v8, - * so take care when making changes to the implementation so that the source - * code size does not exceed v8's default max_inlined_source_size setting. - **/ -var validTokens = [ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0 - 15 - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 16 - 31 - 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, // 32 - 47 - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, // 48 - 63 - 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 64 - 79 - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, // 80 - 95 - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 96 - 111 - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, // 112 - 127 - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 128 ... - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 // ... 255 -]; +**/ function checkIsHttpToken(val) { - if (!validTokens[val.charCodeAt(0)]) - return false; - if (val.length < 2) - return true; - if (!validTokens[val.charCodeAt(1)]) - return false; - if (val.length < 3) - return true; - if (!validTokens[val.charCodeAt(2)]) - return false; - if (val.length < 4) - return true; - if (!validTokens[val.charCodeAt(3)]) - return false; - for (var i = 4; i < val.length; ++i) { - if (!validTokens[val.charCodeAt(i)]) - return false; - } - return true; + return tokenRegExp.test(val); } /** From 4426d75ede638aaeb6961c22ab1cfc78ccb12056 Mon Sep 17 00:00:00 2001 From: Rich Trott Date: Thu, 7 Dec 2017 14:49:57 -0800 Subject: [PATCH 4/7] doc: simplify and clarify FIPS text in BUILDING.md PR-URL: https://github.com/nodejs/node/pull/17538 Fixes: https://github.com/nodejs/node/issues/17536 Reviewed-By: Luigi Pinca Reviewed-By: Michael Dawson Reviewed-By: Jon Moss --- BUILDING.md | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/BUILDING.md b/BUILDING.md index a1e7afc8c68..c459a867ba6 100644 --- a/BUILDING.md +++ b/BUILDING.md @@ -347,17 +347,13 @@ as `deps/icu` (You'll have: `deps/icu/source/...`) ## Building Node.js with FIPS-compliant OpenSSL -NOTE: Windows is not yet supported +It is possible to build Node.js with the +[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html) on POSIX +systems. Windows is not supported. -It is possible to build Node.js with -[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html). - -**Note**: building in this way does **not** allow you to claim that the -runtime is FIPS 140-2 validated. Instead you can indicate that the runtime -uses a validated module. See the -[security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf) -page 60 for more details. In addition, the validation for the underlying module -is only valid if it is deployed in accordance with its +Building in this way does not mean the runtime is FIPS 140-2 validated, but +rather that the runtime uses a validated module. In addition, the validation for +the underlying module is only valid if it is deployed in accordance with its [security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf). If you need FIPS validated cryptography it is recommended that you read both the [security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf) From b36d4e752868741865edbc19b6a9f97a3f9221b9 Mon Sep 17 00:00:00 2001 From: Daniel Bevenius Date: Thu, 7 Dec 2017 15:35:53 +0100 Subject: [PATCH 5/7] crypto: remove BIO_set_shutdown I've not been able to find any reason for calling BIO_set_shutdown(bio, 1). This is done by default for the following versions of OpenSSL: https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/ crypto/bio/bio_lib.c#L26 https://github.com/openssl/openssl/blob/OpenSSL_1_0_1/ crypto/bio/bio_lib.c#L90 https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ crypto/bio/bio_lib.c#L88 https://github.com/openssl/openssl/blob/OpenSSL_1_0_0/ crypto/bio/bio_lib.c#L90 This commit removes the call and the comment. PR-URL: https://github.com/nodejs/node/pull/17542 Reviewed-By: Ben Noordhuis Reviewed-By: Colin Ihrig --- src/node_crypto_bio.cc | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/node_crypto_bio.cc b/src/node_crypto_bio.cc index eb0500952b1..526d0d4ae56 100644 --- a/src/node_crypto_bio.cc +++ b/src/node_crypto_bio.cc @@ -68,8 +68,6 @@ void NodeBIO::AssignEnvironment(Environment* env) { int NodeBIO::New(BIO* bio) { BIO_set_data(bio, new NodeBIO()); - // XXX Why am I doing it?! - BIO_set_shutdown(bio, 1); BIO_set_init(bio, 1); return 1; From 7bb2cc43c690592673bb47096fcc8bad53ac028a Mon Sep 17 00:00:00 2001 From: Daniel Bevenius Date: Fri, 8 Dec 2017 15:17:53 +0100 Subject: [PATCH 6/7] src: remove unused include node_crypto_clienthello This commit removes the include of node.h which does not seem to be used. PR-URL: https://github.com/nodejs/node/pull/17546 Reviewed-By: Ben Noordhuis Reviewed-By: Colin Ihrig --- src/node_crypto_clienthello.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/node_crypto_clienthello.h b/src/node_crypto_clienthello.h index 3ae5452de38..70f082b2c2a 100644 --- a/src/node_crypto_clienthello.h +++ b/src/node_crypto_clienthello.h @@ -24,9 +24,8 @@ #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS -#include "node.h" - #include // size_t +#include #include // nullptr namespace node { From 51a7d97625f601d8d4b32784739eaad757ebc73e Mon Sep 17 00:00:00 2001 From: Refael Ackermann Date: Thu, 7 Dec 2017 11:52:11 -0500 Subject: [PATCH 7/7] tools: don't lint-md as part of main lint target PR-URL: https://github.com/nodejs/node/pull/17587 Reviewed-By: Colin Ihrig Reviewed-By: Myles Borins Reviewed-By: Ruben Bridgewater --- Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile b/Makefile index 6f89255f4ba..992af027687 100644 --- a/Makefile +++ b/Makefile @@ -1120,7 +1120,6 @@ lint: ## Run JS, C++, MD and doc linters. @EXIT_STATUS=0 ; \ $(MAKE) lint-js || EXIT_STATUS=$$? ; \ $(MAKE) lint-cpp || EXIT_STATUS=$$? ; \ - $(MAKE) lint-md || EXIT_STATUS=$$? ; \ $(MAKE) lint-addon-docs || EXIT_STATUS=$$? ; \ exit $$EXIT_STATUS CONFLICT_RE=^>>>>>>> [0-9A-Fa-f]+|^<<<<<<< [A-Za-z]+