This reverts commit 1c88c3b3b5.
It breaks the "read a password from stdin" functionality that OpenSSL provides.
Fixes#4059, #4143.
Conflicts:
deps/openssl/openssl.gyp
When perlasm generates MASM code it sets the assembler target to 468.
In this mode MASM refuses to assemble the CPUID instruction. Bumping
the target to 586 solves this problem.
Removed NO_CAST, NO_MD2 and NO_STORE because otherwise there were build errors.
Added NO_CAMELLIA, NO_MDC2, and NO_CMS because otherwise there were linker errors.
ASN1_STRING_to_UTF8() passes an ASN1_STRING to ASN1_STRING_set() but forgot to
initialize the `length` field.
Fixes the following valgrind error:
$ valgrind -q --track-origins=yes --num-callers=19 \
out/Debug/node test/simple/test-tls-client-abort.js
==2690== Conditional jump or move depends on uninitialised value(s)
==2690== at 0x784B69: ASN1_STRING_set (asn1_lib.c:382)
==2690== by 0x809564: ASN1_mbstring_ncopy (a_mbstr.c:204)
==2690== by 0x8090F0: ASN1_mbstring_copy (a_mbstr.c:86)
==2690== by 0x782F1F: ASN1_STRING_to_UTF8 (a_strex.c:570)
==2690== by 0x78F090: asn1_string_canon (x_name.c:409)
==2690== by 0x78EF17: x509_name_canon (x_name.c:354)
==2690== by 0x78EA7D: x509_name_ex_d2i (x_name.c:210)
==2690== by 0x788058: ASN1_item_ex_d2i (tasn_dec.c:239)
==2690== by 0x7890D4: asn1_template_noexp_d2i (tasn_dec.c:746)
==2690== by 0x788CB6: asn1_template_ex_d2i (tasn_dec.c:607)
==2690== by 0x78877A: ASN1_item_ex_d2i (tasn_dec.c:448)
==2690== by 0x7890D4: asn1_template_noexp_d2i (tasn_dec.c:746)
==2690== by 0x788CB6: asn1_template_ex_d2i (tasn_dec.c:607)
==2690== by 0x78877A: ASN1_item_ex_d2i (tasn_dec.c:448)
==2690== by 0x787C93: ASN1_item_d2i (tasn_dec.c:136)
==2690== by 0x78F5E4: d2i_X509 (x_x509.c:141)
==2690== by 0x7C9B91: PEM_ASN1_read_bio (pem_oth.c:81)
==2690== by 0x7CA506: PEM_read_bio_X509 (pem_x509.c:67)
==2690== by 0x703C9A: node::crypto::SecureContext::AddRootCerts(v8::Arguments const&) (node_crypto.cc:497)
==2690== Uninitialised value was created by a stack allocation
==2690== at 0x782E89: ASN1_STRING_to_UTF8 (a_strex.c:560)
Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Taken from OpenSSL CVS. Addresses CVE-2012-2110.
The OPENSSL_NO_SOCK macro in OpenSSL missed a couple of networking functions
that called other functions that OPENSSL_NO_SOCK *had* filtered out. None of
the functions (filtered or not) were actually used but it was enough to trip
up the Solaris linker.
* compile with -DOPENSSL_NO_SOCK and -DOPENSSL_NO_DGRAM, we don't need it
* compile with -DOPENSSL_NO_GOST and -DOPENSSL_NO_HW_PADLOCK, works around the
brain dead linker on solaris and maybe others
* compile with -DTERMIOS, OS X doesn't have <termio.h>
* compile with -D__EXTENSIONS__ on solaris, makes siginfo_t available
* compile without -ansi on linux, it hides a number of POSIX declarations
(sigaction, NI_MAXHOST, etc.)
Fixes linker error "undefined reference to `OPENSSL_ia32_cpuid'". This is
sub-optimal and needs to be revisited, the plain C implementations are often
much slower.
Bert Belder
Ben Noordhuis
Nathan Rajlich
Igor Zinkovsky
Evan Martin
Peter Bright
Ryan Dahl