Commit Graph

99 Commits (583a868bcdd9254d597fc459df9fa43c1f313f74)

Author SHA1 Message Date
Ben Noordhuis ca3c50b789 build: add basic arm64 support
This commit adds basic arm64 support to the build.  Building the bundled
openssl is disabled pending an upgrade to openssl 1.2, the currently
bundled version has some hand-rolled assembly that is 32 bits only.

PR-URL: https://github.com/iojs/io.js/pull/1028
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Rod Vagg <rod@vagg.org>
2015-03-03 00:40:49 +01:00
Ben Noordhuis 5165d71048 build,src: remove sslv3 support
SSLv3 is susceptible to downgrade attacks.  Provide secure defaults,
disable v3 protocol support entirely.

PR-URL: https://github.com/iojs/io.js/pull/315
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
2015-01-13 01:59:30 +01:00
Fedor Indutny 7c4a50dd2f gyp: remove vanished masm file from openssl build
PR-URL: https://github.com/iojs/io.js/pull/289
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-01-12 21:31:09 +03:00
Fedor Indutny ced41b07dd openssl: fix build failure on windows
Backport of: https://github.com/openssl/openssl/commit/5c5e7e

Original commit message:

    Fix build failure on Windows due to undefined cflags identifier

    Reviewed-by: Tim Hudson <tjh@openssl.org>

PR-URL: https://github.com/iojs/io.js/pull/289
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2015-01-12 21:31:08 +03:00
Fedor Indutny b910613792 openssl: fix keypress requirement in apps on win32
Original source:

http://openssl.6102.n7.nabble.com/PATCH-s-client-Fix-keypress-requirement-with-redirected-input-on-Windows-td46787.html

Reviewed-By: Fedor Indutny <fedor@indutny.com>
2015-01-12 21:31:08 +03:00
Fedor Indutny eebdf7ac85 deps: update openssl to 1.0.1k
PR-URL: https://github.com/iojs/io.js/pull/289
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-01-12 21:31:08 +03:00
Ben Noordhuis 26dd9e15bb build,src: remove sslv2 support
SSLv2 has been deprecated and known broken for nearly twenty years now.

I made SSLv2 support opt-in well over a year ago in commit 39aa894 and
now this commit removes it entirely.

PR-URL: https://github.com/iojs/io.js/pull/290
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
2015-01-11 16:07:45 +01:00
Bert Belder e70562704c win,openssl: disable some warnings
This patch disables two (categories of) warnings:

  * deprecation of GetVersionExA
  * possible loss of data in implicit conversion of scalar types

These warnings don't seem to point out serious problems, and avoiding
them in openssl is somebody else's business.

PR-URL: https://github.com/iojs/io.js/pull/261
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-01-08 14:17:22 +01:00
Bert Belder 153ce23727 openssl: don't define SIXTY_FOUR_BIT_LONG on Windows
On Windows a long integer is always 32-bits, even when the target
architecture uses 64-bit pointers.

PR-URL: https://github.com/iojs/io.js/pull/124
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2014-12-09 17:57:05 +01:00
Ben Noordhuis 4ccc5a64ce Revert "openssl: don't define SIXTY_FOUR_BIT_LONG on Windows"
This reverts commit 878cc3e532.

Reverted for breaking the x86_64 Linux build:

    In file included from ../deps/openssl/openssl/include/openssl/bn.h:1:0,
                     from ../deps/openssl/openssl/crypto/bn/asm/../bn_lcl.h:115,
                     from ../deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c:1:
    ../deps/openssl/openssl/include/openssl/../../crypto/bn/bn.h:813:20: note: previous declaration of 'bn_add_words' was here
     BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
                        ^
    ../deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c:210:15: error: conflicting types for 'bn_sub_words'
     BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
2014-12-09 17:46:51 +01:00
Bert Belder 878cc3e532 openssl: don't define SIXTY_FOUR_BIT_LONG on Windows
On Windows (and potentially other LP64 platforms), a long integer is
always 32-bits, even when the target architecture uses 64-bit pointers.

Signed-off-by: Bert Belder <bertbelder@gmail.com>
2014-12-09 15:46:59 +01:00
Ben Noordhuis e05dff1e60 deps: openssl - add x32 support
This commit adds preliminary x32 support.  Configure with:

    $ ./configure --dest-cpu=x32

PR-URL: https://github.com/node-forward/node/pull/24
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2014-11-29 14:36:50 +03:00
Fedor Indutny ab71223e47 openssl: fix keypress requirement in apps on win32
Original source:

http://openssl.6102.n7.nabble.com/PATCH-s-client-Fix-keypress-requirement-with-redirected-input-on-Windows-td46787.html

Reviewed-By: Fedor Indutny <fedor@indutny.com>
2014-11-29 14:35:29 +03:00
Fedor Indutny 574407a67f deps: update openssl to 1.0.1j
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/iojs/io.js/pull/1
2014-11-27 19:56:41 +03:00
Ben Noordhuis a08f8e28ca build: add x32 support
This commit adds preliminary x32 support.  Configure with:

    $ ./configure --dest-cpu=x32

PR-URL: https://github.com/node-forward/node/pull/24
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2014-10-16 22:39:17 +02:00
Fedor Indutny 627c1a92eb configure: add --openssl-no-asm flag
see #8062

Reviewed-By: Trevor Norris <trev.norris@gmail.com>
2014-09-03 17:35:18 +04:00
Fedor Indutny ada85d7307 deps: enable ARM assembly for OpenSSL
fix #8062
2014-08-27 00:18:55 +04:00
Fedor Indutny ffd0116eda Revert "gyp: preserve v8dbg syms on freebsd too"
This reverts commit 181b8a5d3a.
2014-08-18 17:57:26 +04:00
Fedor Indutny 181b8a5d3a gyp: preserve v8dbg syms on freebsd too 2014-08-17 14:19:14 +04:00
Fedor Indutny 6b97c2e986 openssl: fix keypress requirement in apps on win32
Original source:

http://openssl.6102.n7.nabble.com/PATCH-s-client-Fix-keypress-requirement-with-redirected-input-on-Windows-td46787.html

Reviewed-By: Fedor Indutny <fedor@indutny.com>
2014-08-13 09:26:53 -07:00
Fedor Indutny 5d824c89c9 deps: update openssl to v1.0.1i 2014-08-13 09:26:42 -07:00
Fedor Indutny 93390ffc20 test: fix test-tls-server-verify
fix #7963
2014-07-23 23:51:14 +04:00
Fedor Indutny 11337db35f deps: cherry-pick eca441b2 from OpenSSL
Original commit message:

    bn_exp.c: fix x86_64-specific crash with one-word modulus.

    PR: #3397

Signed-off-by: Fedor Indutny <fedor@indutny.com>
2014-07-03 00:46:17 +04:00
Fedor Indutny a7dd0e51f3 deps: update openssl to 1.0.1h 2014-06-05 07:11:23 -07:00
Fedor Indutny d6fd118727 deps: update openssl to 1.0.1g 2014-04-08 00:58:37 +04:00
Andrei Sedoi 884b25356f openssl: add missing configuration pieces for MIPS 2013-06-13 13:27:58 +02:00
Ben Noordhuis 2cf7e5de6f Revert "deps: downgrade openssl to v1.0.0f"
After much investigation it turns out that the affected servers are
buggy.  user-service.condenastdigital.com:443 in particular seems to
reject large TLS handshake records. Cutting down the number of
advertised ciphers or disabling SNI fixes the issue.

Similarly, passing { secureOptions: constants.SSL_OP_NO_TLSv1_2 }
seems to fix most connection issues with IIS servers.

Having to work around buggy servers is annoying for our users but not
a reason to downgrade OpenSSL. Therefore, revert it.

This reverts commit 4fdb8acdae.
2013-05-01 16:45:31 +02:00
Ben Noordhuis 4fdb8acdae deps: downgrade openssl to v1.0.0f
Several people have reported issues with IIS and Resin servers (or maybe
SSL terminators sitting in front of those servers) that are fixed by
downgrading OpenSSL. The AESNI performance improvements were nice but
stability is more important. Downgrade OpenSSL from 1.0.1e to 1.0.0f.

Fixes #5360 (and others).
2013-04-29 12:12:33 +02:00
Fedor Indutny 28c6e42ee7 openssl: disable HEARTBEAT TLS extension
Microsoft's IIS doesn't support it, and is not replying with ServerHello
after receiving ClientHello which contains it.

The good way might be allowing to opt-out this at runtime from
javascript-land, but unfortunately OpenSSL doesn't support it right now.

see #5119
2013-03-27 11:41:23 +04:00
Ben Noordhuis 690a8cce41 deps: fix openssl build on windows
Commit 8632af3 ("tools: update gyp to r1601") broke the Windows build.

Older versions of GYP link to kernel32.lib, user32.lib, etc. but that
was changed in r1584. See https://codereview.chromium.org/12256017

Fix the build by explicitly linking to the required libraries.
2013-03-24 22:53:11 +01:00
Bert Belder 01fa5ee21d win/openssl: mark assembled object files as seh safe
There are no unsafe structured exception handlers in object files
generated from hand-crafted assembly - because they contain no exception
handlers at all.
2013-03-05 19:39:45 +01:00
Scott Blomquist f054fec535 openssl: regenerate asm files for openssl 1.0.1e 2013-02-26 22:56:54 -08:00
Andrei Sedoi 17c6fe2e22 mips: fix openssl build 2013-02-26 17:03:07 +01:00
Ben Noordhuis 0dcbecd32b crypto: fix uninitialized memory access in openssl
ASN1_STRING_to_UTF8() passes an ASN1_STRING to ASN1_STRING_set() but forgot to
initialize the `length` field.

Fixes the following valgrind error:

  $ valgrind -q --track-origins=yes --num-callers=19 \
      out/Debug/node test/simple/test-tls-client-abort.js
  ==2690== Conditional jump or move depends on uninitialised value(s)
  ==2690==    at 0x784B69: ASN1_STRING_set (asn1_lib.c:382)
  ==2690==    by 0x809564: ASN1_mbstring_ncopy (a_mbstr.c:204)
  ==2690==    by 0x8090F0: ASN1_mbstring_copy (a_mbstr.c:86)
  ==2690==    by 0x782F1F: ASN1_STRING_to_UTF8 (a_strex.c:570)
  ==2690==    by 0x78F090: asn1_string_canon (x_name.c:409)
  ==2690==    by 0x78EF17: x509_name_canon (x_name.c:354)
  ==2690==    by 0x78EA7D: x509_name_ex_d2i (x_name.c:210)
  ==2690==    by 0x788058: ASN1_item_ex_d2i (tasn_dec.c:239)
  ==2690==    by 0x7890D4: asn1_template_noexp_d2i (tasn_dec.c:746)
  ==2690==    by 0x788CB6: asn1_template_ex_d2i (tasn_dec.c:607)
  ==2690==    by 0x78877A: ASN1_item_ex_d2i (tasn_dec.c:448)
  ==2690==    by 0x7890D4: asn1_template_noexp_d2i (tasn_dec.c:746)
  ==2690==    by 0x788CB6: asn1_template_ex_d2i (tasn_dec.c:607)
  ==2690==    by 0x78877A: ASN1_item_ex_d2i (tasn_dec.c:448)
  ==2690==    by 0x787C93: ASN1_item_d2i (tasn_dec.c:136)
  ==2690==    by 0x78F5E4: d2i_X509 (x_x509.c:141)
  ==2690==    by 0x7C9B91: PEM_ASN1_read_bio (pem_oth.c:81)
  ==2690==    by 0x7CA506: PEM_read_bio_X509 (pem_x509.c:67)
  ==2690==    by 0x703C9A: node::crypto::SecureContext::AddRootCerts(v8::Arguments const&) (node_crypto.cc:497)
  ==2690==  Uninitialised value was created by a stack allocation
  ==2690==    at 0x782E89: ASN1_STRING_to_UTF8 (a_strex.c:560)
2013-02-20 17:01:47 +04:00
Bert Belder da945a7376 openssl: make perlasm target pentium or newer for masm outputs
When perlasm generates MASM code it sets the assembler target to 468.
In this mode MASM refuses to assemble a couple of instructions. Bumping
the target to 686 solves this problem.
2013-02-20 17:00:29 +04:00
Bert Belder eb29c4b2e6 openssl: disable HT sidechannel attack mitigation
It used to be off before. It's extremely unlikely that such an attack
would be a viable attack against node. And it makes AES much slower.
2013-02-20 16:49:03 +04:00
Fedor Indutny f317f5aee9 openssl: update to 1.0.1e 2013-02-20 16:48:20 +04:00
Ben Noordhuis 6ecb0cd65d openssl: clean up openssl.gyp
Remove obsolete build configuration that escaped the purge in 7eaea7f.
2012-12-24 16:02:13 +01:00
Bert Belder 7475982801 openssl: enable optimized asm code on x86 and x64 2012-12-20 15:02:59 +01:00
Bert Belder 5edbb53c45 openssl: regenerate asm files for openssl 1.0.1 2012-12-20 15:02:59 +01:00
Bert Belder 1b5c5b137d openssl: update makefile for asm files to work with openssl 1.0.1 2012-12-20 15:02:58 +01:00
Bert Belder 1d97db5acf openssl: disable HT sidechannel attack mitigation
It used to be off before. It's extremely unlikely that such an attack
would be a viable attack against node. And it makes AES much slower.
2012-12-20 15:02:57 +01:00
Bert Belder aeae22cbb2 openssl: revert empty_OPENSSL_cpuid_setup.patch 2012-12-20 15:02:57 +01:00
Bert Belder 2e6180a62a openssl: make perlasm target pentium or newer for masm outputs
When perlasm generates MASM code it sets the assembler target to 468.
In this mode MASM refuses to assemble a couple of instructions. Bumping
the target to 686 solves this problem.
2012-12-20 15:02:56 +01:00
Bert Belder 7eaea7f9e5 openssl: clean up and merge configuration files
This patch brings the openssl library that is built with gyp closer
to what the standard build system produces.

All opensslconf.h versions are now merged into a single file, which
makes it easier for compiled addons to locate this file.
2012-12-20 15:02:56 +01:00
isaacs 77ed12fe7a Merge remote-tracking branch 'ry/v0.8' into master
Conflicts:
	AUTHORS
	ChangeLog
	deps/uv/test/test-spawn.c
	deps/uv/uv.gyp
	src/cares_wrap.cc
	src/node.cc
	src/node_version.h
	test/simple/test-buffer.js
	tools/gyp/pylib/gyp/common.py
	tools/install.py
2012-12-13 16:57:58 -08:00
Ben Noordhuis f8999da514 build: avoid -Wno-old-style-declaration with gcc 4.2
Fixes the build on FreeBSD <= 9 with the default compiler.

Fixes #4186.
2012-12-03 02:21:32 +01:00
Bert Belder 9b22944b68 windows: fix the x64 debug build 2012-11-08 23:54:53 +01:00
Ben Noordhuis d0227b0308 Merge remote-tracking branch 'origin/v0.8'
Conflicts:
	deps/openssl/openssl.gyp
2012-10-21 23:06:48 +02:00
Ben Noordhuis 28b0cc08b8 Revert "Disable OpenSSL UI"
This reverts commit 1c88c3b3b5.

It breaks the "read a password from stdin" functionality that OpenSSL provides.

Fixes #4059, #4143.

Conflicts:

	deps/openssl/openssl.gyp
2012-10-15 23:40:15 +02:00