-
Notifications
You must be signed in to change notification settings - Fork 29.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v11.x backport] Update openssl to 1.1.1a #25688
[v11.x backport] Update openssl to 1.1.1a #25688
Commits on Jan 24, 2019
-
deps: upgrade openssl sources to 1.1.1a
This updates all sources in deps/openssl/openssl with openssl-1.1.1a. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Configuration menu - View commit details
-
Copy full SHA for 2d0fc10 - Browse repository at this point
Copy the full SHA 2d0fc10View commit details -
deps: fix gyp/gypi for openssl-1.1.1
Some of defines and cppflags in the build config of OpenSSL-1.1.1 were moved to new attributes. Gyp and gypi file generations are needed to be fixed to include them. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Configuration menu - View commit details
-
Copy full SHA for e78e4c0 - Browse repository at this point
Copy the full SHA e78e4c0View commit details -
deps: fix MacOS and Win build for OpenSSL-1.1.1
Because llvm on MacOS does not support AVX-512, asm files need to be limited to AVX-2 support even when they are generated on Linux. fake_gcc.pl returns the fake llvm banner version for MacOS as if the assembler supports upto AVX-2. For Windows, makefiles for nmake were updated in OpenSSL-1.1.1 and they are rewritten into GNU makefile format by hand. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Configuration menu - View commit details
-
Copy full SHA for bc7caaf - Browse repository at this point
Copy the full SHA bc7caafView commit details -
deps: add s390 asm rules for OpenSSL-1.1.1
This is a floating patch against OpenSSL-1.1.1 to generate asm files with Makefile rules. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Configuration menu - View commit details
-
Copy full SHA for 6c0417e - Browse repository at this point
Copy the full SHA 6c0417eView commit details -
deps: add only avx2 configs for OpenSSL-1.1.1
OpenSSL-1.1.1 has new support of AVX-512 but AVX-2 asm files still need to be generated for the older assembler support to keep backward compatibilities. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Configuration menu - View commit details
-
Copy full SHA for 706deb5 - Browse repository at this point
Copy the full SHA 706deb5View commit details -
deps: fix for non GNU assembler in AIX
AIX has own assembler not GNU as that does not support --noexecstack. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Configuration menu - View commit details
-
Copy full SHA for 580dc0f - Browse repository at this point
Copy the full SHA 580dc0fView commit details -
doc: fix assembler requirement for OpenSSL-1.1.1
Add new requirements of assembler version for AVX-512 support in OpenSSL-1.1.1. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Configuration menu - View commit details
-
Copy full SHA for 1a00628 - Browse repository at this point
Copy the full SHA 1a00628View commit details -
deps: update archs files for OpenSSL-1.1.1a
`cd deps/openssl/config; make` updates all archs dependant files. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Configuration menu - View commit details
-
Copy full SHA for 9cd76e6 - Browse repository at this point
Copy the full SHA 9cd76e6View commit details -
tls: make ossl 1.1.1 cipher list throw error
Make OpenSSL 1.1.1 error during cipher list setting if it would have errored with OpenSSL 1.1.0. Can be dropped after our OpenSSL fixes this upstream. See: openssl/openssl#7759 PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Configuration menu - View commit details
-
Copy full SHA for 45e0616 - Browse repository at this point
Copy the full SHA 45e0616View commit details -
tls: workaround handshakedone in renegotiation
`SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Configuration menu - View commit details
-
Copy full SHA for 839f177 - Browse repository at this point
Copy the full SHA 839f177View commit details -
test: assert on client and server side seperately
This gets better coverage of the codes, and is more explicit. It also works around ordering differences in the errors produced by openssl. The approach was tested with 1.1.0 and 1.1.1, as well as TLSv1.2 vs TLSv1.3. OpenSSL 1.1.0 is relevant when node is built against a shared openssl. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Configuration menu - View commit details
-
Copy full SHA for 8ecdc03 - Browse repository at this point
Copy the full SHA 8ecdc03View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6fe20ec - Browse repository at this point
Copy the full SHA 6fe20ecView commit details
Commits on Jan 25, 2019
-
Configuration menu - View commit details
-
Copy full SHA for dffd719 - Browse repository at this point
Copy the full SHA dffd719View commit details