daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: fix native module compilation with FIPS 

Prevent OpenSSL's fipsld from being used to link native modules
because this requires the original OpenSSL source to be
available after Node's installation.

Fixes: https://github.com/nodejs/node/issues/3815
PR-URL: https://github.com/nodejs/node/pull/4023
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
pull/2020/merge
Stefan Budeanu 2015-11-24 19:17:49 -05:00 committed by Shigeki Ohtsu
parent a40b9cab0a
commit 181816ea16
4 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -44,6 +44,7 @@ ipch/
/config.mk
/config.gypi
/config_fips.gypi
*-nodegyp*
/gyp-mac-tool
/dist-osx

2
Makefile
View File

@ -74,7 +74,7 @@ clean:
distclean:
-rm -rf out
-rm -f config.gypi icu_config.gypi
-rm -f config.gypi icu_config.gypi config_fips.gypi
-rm -f config.mk
-rm -rf $(NODE_EXE) $(NODE_G_EXE)
-rm -rf node_modules

11
configure vendored
View File

@ -804,7 +804,7 @@ def configure_openssl(o):
o['variables']['openssl_fips'] = options.openssl_fips
fips_dir = os.path.join(root_dir, 'deps', 'openssl', 'fips')
fips_ld = os.path.abspath(os.path.join(fips_dir, 'fipsld'))
o['make_global_settings'] = [
o['make_fips_settings'] = [
['LINK', fips_ld + ' <(openssl_fips)/bin/fipsld'],
]
else:
@ -1126,6 +1126,15 @@ configure_fullystatic(output)
variables = output['variables']
del output['variables']
# make_global_settings for special FIPS linking
# should not be used to compile modules in node-gyp
config_fips = { 'make_global_settings' : [] }
if 'make_fips_settings' in output:
config_fips['make_global_settings'] = output['make_fips_settings']
del output['make_fips_settings']
write('config_fips.gypi', do_not_edit +
pprint.pformat(config_fips, indent=2) + '\n')
# make_global_settings should be a root level element too
if 'make_global_settings' in output:
make_global_settings = output['make_global_settings']

5
tools/gyp_node.py
View File

@ -30,10 +30,12 @@ if __name__ == '__main__':
args.append(os.path.join(node_root, 'node.gyp'))
common_fn = os.path.join(node_root, 'common.gypi')
options_fn = os.path.join(node_root, 'config.gypi')
options_fips_fn = os.path.join(node_root, 'config_fips.gypi')
else:
args.append(os.path.join(os.path.abspath(node_root), 'node.gyp'))
common_fn = os.path.join(os.path.abspath(node_root), 'common.gypi')
options_fn = os.path.join(os.path.abspath(node_root), 'config.gypi')
options_fips_fn = os.path.join(os.path.abspath(node_root), 'config_fips.gypi')
if os.path.exists(common_fn):
args.extend(['-I', common_fn])
@ -41,6 +43,9 @@ if __name__ == '__main__':
if os.path.exists(options_fn):
args.extend(['-I', options_fn])
if os.path.exists(options_fips_fn):
args.extend(['-I', options_fips_fn])
args.append('--depth=' + node_root)
# There's a bug with windows which doesn't allow this feature.