Commit Graph

142 Commits (d5d301f3032a0723f5a29cfbe0d95ac4ad205d42)

Author SHA1 Message Date
Shigeki Ohtsu bdd37e1fac deps: add -no_rand_screen to openssl s_client
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: https://github.com/nodejs/node/issues/1461
PR-URL: https://github.com/nodejs/node/pull/1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2016-01-31 15:11:17 +09:00
Myles Borins 1f434787fc deps: upgrade openssl sources to 1.0.2f
This replaces all sources of openssl-1.0.2f.tar.gz
into deps/openssl/openssl

Fix: https://github.com/nodejs/node/issues/4857
PR-URL: https://github.com/nodejs/node/pull/4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: copy openssl header files to include dir

All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows.
Two files of opensslconf.h in crypto and include dir are replaced to
refer config/opensslconf.h.

Fix: https://github.com/nodejs/node/issues/4857
PR-URL: https://github.com/nodejs/node/pull/4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix openssl assembly error on ia32 win32

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: https://github.com/nodejs/node/issues/589
PR-URL: https://github.com/nodejs/node/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix asm build error of openssl in x86_win32

See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: https://github.com/nodejs/node/issues/589
PR-URL: https://github.com/nodejs/node/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

openssl: fix keypress requirement in apps on win32

Reapply b910613792 .

Fixes: https://github.com/nodejs/node/issues/589
PR-URL: https://github.com/nodejs/node/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

docs: update openssl UPDATING guide

the guide is now current with the steps taken to update
openssl to v1.0.2f

PR-URL: https://github.com/nodejs/node/pull/4961
Reviewed-By: Myles Borins <mborins@us.ibm.com>
2016-01-31 15:07:12 +09:00
Shigeki Ohtsu ff4f16b7dd deps: upgrade openssl sources to 1.0.2e
This just replaces all sources of openssl-1.0.2e.tar.gz into
deps/openssl/openssl

deps: copy all openssl header files to include dir

All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.

deps: fix openssl assembly error on ia32 win32

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

deps: fix asm build error of openssl in x86_win32

See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

node needs to stop using masm and move to nasm or yasm on Win32.

openssl: fix keypress requirement in apps on win32

Reapply b910613792 .

deps: add -no_rand_screen to openssl s_client

In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

deps: update openssl config files

Regenrate config files for supported platforms with Makefile.

deps: update openssl asm and asm_obsolete files

Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-4.8.4. Also asm files in asm_obsolete dir to support old compiler
and assmebler are regenerated without CC and ASM envs.

PR-URL: https://github.com/nodejs/node/pull/4134
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2015-12-04 03:56:12 +09:00
Michael Dawson 2a17c7f65e build: Updates to enable AIX support
These are the core changes that allow AIX to compile.  There
are still some test failures as there are some patches needed for
libuv and npm that we'll need to contribute through those
communities but this set allows node to be built on AIX and
pass most of the core tests

The change in js2c is because AIX does not support $ in
identifier names.  See the discussion/agreement in
https://github.com/nodejs/node/issues/2272

PR-URL: https://github.com/nodejs/node/pull/2364
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
Reviewed-By: Rod Vagg <r@va.gg>
2015-09-15 13:17:28 -04:00
cjihrig a69ab27ab4 node: rename from io.js to node
This commit replaces instances of io.js with Node.js, based on the
recent convergence. There are some remaining instances of io.js,
related to build and the installer.

Fixes: https://github.com/nodejs/node/issues/2361
PR-URL: https://github.com/nodejs/node/pull/2367
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: João Reis <reis@janeasystems.com>
2015-08-23 17:59:43 -04:00
Michael Dawson b4226e797a build: first set of updates to enable PPC support
These are the core changes that allow pLinux BE/LE compile. They
don't include all of the changes needed for AIX which will follow
once we have pLinux up and running in the builds

PR-URL: https://github.com/nodejs/io.js/pull/2124
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
Reviewed-By: Johan Bergstrom <bugs@bergstroem.nu>
2015-08-04 11:56:16 -07:00
Shigeki Ohtsu c70e68fa32 deps: update deps/openssl/conf/arch/*/opensslconf.h
They should be updated according to the fix at
b4f0d1a4a8

PR-URL: https://github.com/nodejs/io.js/pull/2141
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-07-09 18:24:26 +02:00
Shigeki Ohtsu ca93f7f2e6 deps: upgrade openssl sources to 1.0.2d
This just replaces all sources of openssl-1.0.2d.tar.gz
into deps/openssl/openssl

deps: copy all openssl header files to include dir

All symlink files in `deps/openssl/openssl/include/openssl/`
 are removed and replaced with real header files to avoid
issues on Windows.

deps: fix openssl assembly error on ia32 win32

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix asm build error of openssl in x86_win32

See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

openssl: fix keypress requirement in apps on win32

Reapply b910613792 .

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

deps: add -no_rand_screen to openssl s_client

In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: https://github.com/nodejs/io.js/issues/1461
PR-URL: https://github.com/nodejs/io.js/pull/1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

PR-URL: https://github.com/nodejs/io.js/pull/2141
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-07-09 17:57:34 +02:00
Shigeki Ohtsu 1f371e3988 deps: copy all openssl header files to include dir
On upgrading openssl, all symlinks in pulic header files are replaced
with nested include files. The issue was raised that installing them
leads to lost its references to real header files.
To avoid this, all public header files are copied into the
`deps/openssl/openssl/include/openssl/` directory.
As a result, we have duplicated header files under
`deps/openssl/openssl/` but copied files are refereed in build as
specified to include path in openssl.gyp.

Fixes: https://github.com/nodejs/io.js/pull/1975
PR-URL: https://github.com/nodejs/io.js/pull/2016
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
2015-06-25 19:17:41 +10:00
Shigeki Ohtsu 2a7fd0ad32 deps: update UPGRADING.md doc to openssl-1.0.2c
PR-URL: https://github.com/nodejs/io.js/pull/1958
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2015-06-13 02:25:30 +09:00
Shigeki Ohtsu 6b3df929e0 deps: replace all headers in openssl
Change all openssl/include/openssl/*.h to include resolved symbolic
links and openssl/crypto/opensslconf.h to refer config/opensslconf.h

PR-URL: https://github.com/nodejs/io.js/pull/1958
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2015-06-13 02:25:24 +09:00
Shigeki Ohtsu 664a659696 deps: add -no_rand_screen to openssl s_client
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: https://github.com/nodejs/io.js/issues/1461
PR-URL: https://github.com/nodejs/io.js/pull/1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-06-13 02:25:24 +09:00
Shigeki Ohtsu 2eb170874a openssl: fix keypress requirement in apps on win32
Reapply b910613792 .

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-06-13 02:25:24 +09:00
Shigeki Ohtsu 42a8de2ac6 deps: fix asm build error of openssl in x86_win32
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-06-13 02:25:24 +09:00
Fedor Indutny c66c3d9fa3 deps: fix openssl assembly error on ia32 win32
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
2015-06-13 02:25:23 +09:00
Shigeki Ohtsu 86737cf0a0 deps: upgrade openssl sources to 1.0.2c
This just replaces all sources of openssl-1.0.2c.tar.gz
into deps/openssl/openssl

PR-URL: https://github.com/nodejs/io.js/pull/1958
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2015-06-13 02:24:36 +09:00
Shigeki Ohtsu 94804969b7 deps: update asm files for openssl-1.0.2b
asm files are generated as
  - In `deps/openssl/asm/`, make with CC=gcc and ASM=nasm
  - In `deps/openssl/asm_obsolute/`, make with no envs for compilers

Fixes: https://github.com/nodejs/io.js/issues/1921
PR-URL: https://github.com/nodejs/io.js/pull/1950
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-06-12 09:47:45 +09:00
Shigeki Ohtsu 38444915e0 deps: replace all headers in openssl
Change all openssl/include/openssl/*.h to include resolved symbolic
links and openssl/crypto/opensslconf.h to refer config/opensslconf.h

Fixes: https://github.com/nodejs/io.js/issues/1921
PR-URL: https://github.com/nodejs/io.js/pull/1950
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-06-12 09:47:45 +09:00
Shigeki Ohtsu f62b613252 deps: add -no_rand_screen to openssl s_client
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: https://github.com/nodejs/io.js/issues/1461
PR-URL: https://github.com/nodejs/io.js/pull/1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-06-12 09:47:45 +09:00
Shigeki Ohtsu a130132c8f openssl: fix keypress requirement in apps on win32
Reapply b910613792 .

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-06-12 09:47:45 +09:00
Shigeki Ohtsu f624d0122c deps: fix asm build error of openssl in x86_win32
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-06-12 09:47:45 +09:00
Fedor Indutny dcd67cc8d7 deps: fix openssl assembly error on ia32 win32
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
2015-06-12 09:47:45 +09:00
Shigeki Ohtsu c21b24decf deps: upgrade openssl sources to 1.0.2b
This just replaces all sources of openssl-1.0.2b.tar.gz
into deps/openssl/openssl

Fixes: https://github.com/nodejs/io.js/issues/1921
PR-URL: https://github.com/nodejs/io.js/pull/1950
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-06-12 09:47:44 +09:00
Fedor Indutny 0f68377f69 crypto: support FIPS mode of OpenSSL
Support building and running with FIPS-compliant OpenSSL. The process is
following:

1. Download and verify `openssl-fips-x.x.x.tar.gz` from
   https://www.openssl.org/source/
2. Extract source to `openssl-fips` folder
3. ``cd openssl-fips && ./config fipscanisterbuild --prefix=`pwd`/out``
   (NOTE: On OS X, you may want to run
    ``./Configure darwin64-x86_64-cc --prefix=`pwd`/out`` if you are going to
    build x64-mode io.js)
4. `make -j && make install`
5. Get into io.js checkout folder
6. `./configure --openssl-fips=/path/to/openssl-fips/out`
7. Build io.js with `make -j`
8. Verify with `node -p "process.versions.openssl"` (`1.0.2a-fips`)

Fix: https://github.com/joyent/node/issues/25463
PR-URL: https://github.com/nodejs/io.js/pull/1890
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
2015-06-11 01:49:20 +02:00
Shigeki Ohtsu 0ee497f0b4 deps: add -no_rand_screen to openssl s_client
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: https://github.com/nodejs/io.js/issues/1461
PR-URL: https://github.com/nodejs/io.js/pull/1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-06-03 19:11:22 +02:00
Shigeki Ohtsu 4830b4bce8 deps: add docs to upgrade openssl
This document is intended to describe the procedure to upgrade openssl
from 1.0.1m to 1.0.2a in io.js.

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-15 00:39:19 +09:00
Shigeki Ohtsu 11bec72c87 deps: update asm files for openssl-1.0.2a
asm files are generated as
- In `deps/openssl/asm/`, make with CC=gcc and ASM=nasm
- In `deps/openssl/asm_obsolute/`, make with no envs for compilers

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-15 00:39:04 +09:00
Shigeki Ohtsu a1c9ef3142 deps, build: add support older assembler
Asm files for OpenSSL depends on the version of assembler.
We provide two sets of asm files, one is asm_latest(avx2 and addx
supported) and the other asm_obsolute(without avx1/2 and addx)

The asm_latest needs the version of gas >= 2.23, llvm >= 3.3
or ml64 >= 12 as defined in
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/sha/asm/sha512-x86_64.pl#L112-L129
, otherwise asm_obsolute are used.

We take MSVS_VERSION in gyp as a version check of assembler on
Windows because the path to ml64.exe was set after configure in
vcbuild.bat and executing ml64.exe was failed in configure.

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-15 00:38:57 +09:00
Shigeki Ohtsu 53924d8ebe deps: update asm Makefile for openssl-1.0.2a
This includes following changes,
 - Updated asm files for each platforms which are required in
 openssl-1.0.2a.
 - Some perl files need CC and ASM envs. Added a check if these envs
 exist. Followed asm files are to be generated with CC=gcc and
 ASM=nasm on Linux. See
 `deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl`
 - Added new 32bit targets/rules with a sse2 flag (OPENSSL_IA32_SSE2)
 to generate asm for use SSE2.
 - Generating sha512 asm files in x86_64 need output filename which
 has 512. Added new rules so as not to use stdout for outputs.
 - PERLASM_SCHEME of linux-armv4 is `void` as defined in openssl
 Configure. Changed its target/rule and all directories are moved from
 arm-elf-gas to arm-void-gas.

deps: add arm64 support in openssl/asm/Makefile

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-15 00:38:49 +09:00
Shigeki Ohtsu 418e839456 deps: update openssl.gyp/gypi for openssl-1.0.2a
Update gyp sources for openssl-1.0.2a. The source list was extracted
from Makefiles in `deps/openssl/openssl/{crypto/ssl/engines}`.

Defines are created by referring the table in
`deps/openssl/doc/openssl_define_list.pdf` that was derived from
Makefile entries and outputs of
`deps/openssl/openssl/Configure TABLE`.

Renamed the variable of openssl_sources_arm_elf_gas to
openssl_sources_arm_void_gas to be consistent with PERLASM_SCHEME.

This also includes arm64 support.

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-15 00:38:44 +09:00
Shigeki Ohtsu 02f12ab666 deps: update opensslconf.h for 1.0.2a
just type `make` in `deps/openssl/conf` then opensslconf.h in all
architectures are updated.

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-15 00:38:39 +09:00
Shigeki Ohtsu eb7a23595f deps: add x32 and arm64 support for opensslconf.h
linux-x32 and linux-aarch64(arm64) are officially supported in
openssl-1.0.2. With this fix opensslconf.h for these new architectures
can be generated by Makefile.

The patch for opensslconf.h of linux-x32 with Makefile was removed.

For the fix of opensslconf.h in WIN32/WIN64, adding defines of
OPENSSL_NO_DYNAMIC_ENGINE and OPENSSL_NO_CAPIENG move to openssl.gypi
so that we no longer need insert a patch with Makefile and removed it.

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-15 00:38:33 +09:00
Shigeki Ohtsu 033a663127 deps: replace all headers in openssl
Change all openssl/include/openssl/*.h to include resolved symbolic
links and openssl/crypto/opensslconf.h to refer config/opensslconf.h

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-15 00:38:25 +09:00
Shigeki Ohtsu 116c54692a openssl: fix keypress requirement in apps on win32
Reapply b910613792 .

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-15 00:38:19 +09:00
Shigeki Ohtsu ae8831f240 deps: backport openssl patch of alt cert chains 1
This a backport of da084a5ec6cebd67ae27f2463ebe4a50bb840fa5 in
https://github.com/openssl/openssl by Matt Caswell <matt@openssl.org> as

In certain situations the server provided certificate chain may no
longer be valid. However the issuer of the leaf, or some intermediate
cert is in fact in the trust store.

When building a trust chain if the first attempt fails, then try to
see if alternate chains could be constructed that are trusted.

deps: backport openssl patch of alt cert chains 2

This a backport of 15dba5be6a4482a9ad7e5b846291f31e97e338ca in
https://github.com/openssl/openssl by Matt Caswell <matt@openssl.org> as

Add flag to inhibit checking for alternate certificate chains. Setting this
behaviour will force behaviour as per previous versions of OpenSSL

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-15 00:38:11 +09:00
Shigeki Ohtsu 71316c46d9 deps: fix asm build error of openssl in x86_win32
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-15 00:38:02 +09:00
Fedor Indutny d293a4f096 deps: fix openssl assembly error on ia32 win32
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
2015-04-15 00:37:24 +09:00
Shigeki Ohtsu e4872d7405 deps: upgrade openssl to 1.0.2a
This just replaces all sources in deps/openssl/openssl to originals in
https://www.openssl.org/source/openssl-1.0.2a.tar.gz

Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-15 00:36:13 +09:00
Shigeki Ohtsu 5b0e5755a0 deps: generate opensslconf.h for architectures
PR-URL: https://github.com/iojs/io.js/pull/1377
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-10 09:54:17 +09:00
Shigeki Ohtsu 7d14aa0222 deps: add Makefile to generate opensslconf.h
This Makefile executes ../openssl/Configure {target} and copy
generated `../openssl/crypto/opensslconf.h` into
`archs/{target}/opensslconf.h`. with the target list that is defined
in ARCS. Several files are copied for backup and cleared so as not to
change the files in `../openssl`.

This also applies four fixes as below by using perl script so as to
meet iojs build requirements.

- all architectures
Remove define of OPENSSL_CPUID_OBJ because it is defined in
openssl.gypi so as to avoid build error with --openssl-no-asm

- VC-WIN32 and VC-WIN64A
OPENSSL_NO_DYNAMIC_ENGINE is needed for building static
library. OPENSSL_NO_CAPIENG is needed to avoid build errors on
Win. See the comments in `deps/openssl/openssl/engines/e_capi.c` for
detail.

- linux-x32
This fix was made by comparing define values of opensslconf.h which
was generated `Configure linux-x32' in openssl-1.0.2a

- darwin64-x86_64-cc
The current openssl release does not use RC4 asm since it explicitly
specified as `$asm=~s/rc4\-[^:]+//;` in
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/Configure#L584
But iojs has used RC4 asm on MacOS for long time. Fix type of RC4_INT
into `unsigned int` in opensslconf.h of darwin64-x86_64-cc to work on
the RC4 asm.

PR-URL: https://github.com/iojs/io.js/pull/1377
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-10 09:53:56 +09:00
Shigeki Ohtsu 29a3301461 deps: make opensslconf.h include each target arch
In OpenSSL, opensslconf.h was generated by Configure script with
specifying a target argument, where it includes several defines that
depend on OS and architecture platform.

In iojs, we statically mapped --dest-os and --dest-cpu options in
configure to the target of Configure in OpenSSL and make
`deps/openssl/conf/openssconf.h` so as to include each file
according to its target by checking pre-defined compiler macros.

Included opnesslconf.h files for supported target architectures can
be generated by `Makefile` and stored under
`archs/{target}/opensslconf.h`. The Makefile alos fixes several
defines to meet iojs build requirements.

Here is a map table of configure options in iojs, target arch of
Configure in OpenSSL and CI support.

| --dest-os | --dest-cpu | OpenSSL target arch  | CI  |
| --------- | ---------- | -------------------- | --- |
| linux     | ia32       | linux-elf            | o   |
| linux     | x32        | patched linux-x86_64 | -   |
| linux     | x64        | linux-x86_64         | o   |
| linux     | arm        | linux-armv4          | o   |
| linux     | arm64      | N/A                  | -   |
| mac       | ia32       | darwin-i386-cc       | o   |
| mac       | x64        | darwin64-x86-cc      | o   |
| win       | ia32       | VC-WIN32             | -   |
| win       | x64        | VC-WIN64A            | o   |
| solaris   | ia32       | solaris-x86-gcc      | o   |
| solaris   | x64        | solaris64-x86_64-gcc | o   |
| freebsd   | ia32       | BSD-x86              | o   |
| freebsd   | x64        | BSD-x86_64           | o   |
| openbsd   | ia32       | BSD-x86              | -   |
| openbsd   | x64        | BSD-x86_64           | -   |
| others    | others     | linux-elf            | -   |

 --dest-os and --dest-cpu are mapped to pre-defined macros.

| --dest-os          | pre-defined macro         |
| ------------------ | ------------------------- |
| win                | _WIN32                    |
| win(64bit)         | _WIN64                    |
| mac                | __APPLE__ && __MACH__     |
| solaris            | __sun                     |
| freebsd            | __FreeBSD__               |
| openbsd            | __OpenBSD__               |
| linux (not andorid)| __linux__ && !__ANDROID__ |
| android            | __ANDROID__               |

| --dest-cpu | pre-defined macro |
| ---------- | ----------------- |
| arm        | __arm__           |
| arm64      | __aarch64__       |
| ia32       | __i386__          |
| ia32(win)  | _M_IX86           |
| mips       | __mips__          |
| mipsel     | __MIPSEL__        |
| x32        | __ILP32__         |
| x64        | __x86_64__        |
| x64(win)   | _M_X64            |

These are the list which is not implemented yet.

| --dest-os | --dest-cpu | OpenSSL target arch  | CI  |
| --------- | ---------- | -------------------- | --- |
| linux     | mips       | linux-mips32,linux-mips64,linux64-mips64? | --- |
| linux     | mipsel     | ?                    | --- |
| android   | ia32       | android-x86          | --- |
| android   | arm        | android-armv7        | --- |
| android   | mips       | android-mips         | --- |
| android   | mipsel     | ?                    | --- |

Supported target arch list in OpenSSL can be obtained by typing
`deps/openssl/openssl/Configure LIST`.

This also contains to add two new defines for all platform in the
bottom for GOST and Padlock engines are not included in iojs.

PR-URL: https://github.com/iojs/io.js/pull/1377
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-10 09:53:48 +09:00
Shigeki Ohtsu f782824d48 deps: refactor openssl.gyp
Updated gyp has "else if" syntax in condition. Use this for
target_arch and OS switches. Several sources, defines, rules and
libraries variables moved to gypi files.

PR-URL: https://github.com/iojs/io.js/pull/1325
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-04-04 12:37:26 +09:00
Shigeki Ohtsu a84ea66b35 deps: upgrade to openssl-1.0.1m
All sources are just extracted from tarball into deps/openssl/openssl.

change all openssl/include/openssl/*.h to include resolved symbolic
links and openssl/crypto/opensslconf.h to refer config/opensslconf.h

sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid`
(and perhaps others) are requiring .686.

removed vpaesni-x86_64.asm in x64-win32-masm - it is no longer used.

Fixes: https://github.com/iojs/io.js/issues/1186
PR-URL: https://github.com/iojs/io.js/pull/1206
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-03-19 10:08:13 -07:00
Ben Noordhuis ca3c50b789 build: add basic arm64 support
This commit adds basic arm64 support to the build.  Building the bundled
openssl is disabled pending an upgrade to openssl 1.2, the currently
bundled version has some hand-rolled assembly that is 32 bits only.

PR-URL: https://github.com/iojs/io.js/pull/1028
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Rod Vagg <rod@vagg.org>
2015-03-03 00:40:49 +01:00
Ben Noordhuis 5165d71048 build,src: remove sslv3 support
SSLv3 is susceptible to downgrade attacks.  Provide secure defaults,
disable v3 protocol support entirely.

PR-URL: https://github.com/iojs/io.js/pull/315
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
2015-01-13 01:59:30 +01:00
Fedor Indutny 7c4a50dd2f gyp: remove vanished masm file from openssl build
PR-URL: https://github.com/iojs/io.js/pull/289
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-01-12 21:31:09 +03:00
Fedor Indutny ced41b07dd openssl: fix build failure on windows
Backport of: https://github.com/openssl/openssl/commit/5c5e7e

Original commit message:

    Fix build failure on Windows due to undefined cflags identifier

    Reviewed-by: Tim Hudson <tjh@openssl.org>

PR-URL: https://github.com/iojs/io.js/pull/289
Reviewed-By: Fedor Indutny <fedor@indutny.com>
2015-01-12 21:31:08 +03:00
Fedor Indutny b910613792 openssl: fix keypress requirement in apps on win32
Original source:

http://openssl.6102.n7.nabble.com/PATCH-s-client-Fix-keypress-requirement-with-redirected-input-on-Windows-td46787.html

Reviewed-By: Fedor Indutny <fedor@indutny.com>
2015-01-12 21:31:08 +03:00
Fedor Indutny eebdf7ac85 deps: update openssl to 1.0.1k
PR-URL: https://github.com/iojs/io.js/pull/289
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2015-01-12 21:31:08 +03:00
Ben Noordhuis 26dd9e15bb build,src: remove sslv2 support
SSLv2 has been deprecated and known broken for nearly twenty years now.

I made SSLv2 support opt-in well over a year ago in commit 39aa894 and
now this commit removes it entirely.

PR-URL: https://github.com/iojs/io.js/pull/290
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
2015-01-11 16:07:45 +01:00