Skip to content

Upgrade to OpenSSL-1.0.2o #19638

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
wants to merge 6 commits into from
Closed

Upgrade to OpenSSL-1.0.2o #19638

wants to merge 6 commits into from

Conversation

shigeki
Copy link
Contributor

@shigeki shigeki commented Mar 27, 2018

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • commit message follows commit guidelines

This upgrades OpenSSL-1.0.2o. No asm and header files were changed in this upgrade so that diffs are only in deps/openssl/openssl which come from the openssl source updates.

shigeki and others added 6 commits March 27, 2018 23:34
@shigeki
deps: upgrade openssl sources to 1.0.2o
14f0fe7 
This replaces all sources of openssl-1.0.2o.tar.gz into
deps/openssl/openssl
@shigeki
deps: copy all openssl header files to include dir
cd1b3ff 
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.
@indutny @shigeki
deps: fix openssl assembly error on ia32 win32
be68494 
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
@shigeki
deps: fix asm build error of openssl in x86_win32
9da3a2b 
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
@shigeki
openssl: fix keypress requirement in apps on win32
941fe6a 
Reapply b910613 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
@shigeki
deps: add -no_rand_screen to openssl s_client
6e9278e 
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: nodejs#1461
PR-URL: nodejs#1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
@nodejs-github-bot nodejs-github-bot added the openssl Issues and PRs related to the OpenSSL dependency. label Mar 27, 2018
@shigeki
Copy link
Contributor Author

shigeki commented Mar 27, 2018

CI is running on https://ci.nodejs.org/job/node-test-pull-request/13892/.

CC: @nodejs/crypto

@shigeki
Copy link
Contributor Author

shigeki commented Mar 27, 2018

@rvagg Here is my quick assessment on this security fix of https://www.openssl.org/news/secadv/20180327.txt. Only CVE-2018-0739 is fixed in 1.0.2o and I think that it does not affect Node.js because PKCS#7 is not supported and SSL/TLS are safe as described in the advisory.

bnoordhuis
bnoordhuis approved these changes Mar 27, 2018
View reviewed changes
Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubber-stamp LGTM. Looks like 1.0.2o alright.

@rvagg
Copy link
Member

rvagg commented Mar 27, 2018

good news, and nice quick work @shigeki! thanks

@rvagg
Copy link
Member

rvagg commented Mar 27, 2018

we should get this landed and backported as a matter of priority btw, I think the signoffs in here are enough to approve that

@MylesBorins
Copy link
Contributor

Landed in df62e69...1a85328

MylesBorins pushed a commit that referenced this pull request Mar 28, 2018
@shigeki @MylesBorins
deps: upgrade openssl sources to 1.0.2o
d10b7f1 
This replaces all sources of openssl-1.0.2o.tar.gz into
deps/openssl/openssl

PR-URL: #19638
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Rod Vagg <rod@vagg.org>
MylesBorins pushed a commit that referenced this pull request Mar 28, 2018
@shigeki @MylesBorins
deps: copy all openssl header files to include dir
a5bd474 
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.

PR-URL: #19638
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Rod Vagg <rod@vagg.org>
MylesBorins pushed a commit that referenced this pull request Mar 28, 2018
@indutny @MylesBorins
deps: fix openssl assembly error on ia32 win32
9bf1357 
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Backport-PR-URL: #19638
Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
MylesBorins pushed a commit that referenced this pull request Mar 28, 2018
@MylesBorins
deps: fix asm build error of openssl in x86_win32
aee5fbf 
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Backport-PR-URL: #19638
Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins pushed a commit that referenced this pull request Mar 28, 2018
@MylesBorins
openssl: fix keypress requirement in apps on win32
5aa53cb 
Reapply b910613 .

Backport-PR-URL: #19638
Fixes: #589
PR-URL: #1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
MylesBorins pushed a commit that referenced this pull request Mar 28, 2018
@MylesBorins
deps: add -no_rand_screen to openssl s_client
1a85328 
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Backport-PR-URL: #19638
Fixes: #1461
PR-URL: #1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
@Trott Trott mentioned this pull request Apr 6, 2018
Closed
Pranay180420 pushed a commit to Pranay180420/Node.jsforme that referenced this pull request Feb 17, 2025
@shigeki @MylesBorins
deps: upgrade openssl sources to 1.0.2o
0cd883f 
This replaces all sources of openssl-1.0.2o.tar.gz into
deps/openssl/openssl

PR-URL: nodejs/node#19638
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Rod Vagg <rod@vagg.org>
Pranay180420 pushed a commit to Pranay180420/Node.jsforme that referenced this pull request Feb 17, 2025
@shigeki @MylesBorins
deps: copy all openssl header files to include dir
d908169 
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.

PR-URL: nodejs/node#19638
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Rod Vagg <rod@vagg.org>
Pranay180420 pushed a commit to Pranay180420/Node.jsforme that referenced this pull request Feb 17, 2025
@indutny @MylesBorins
deps: fix openssl assembly error on ia32 win32
ddcb3fc 
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Backport-PR-URL: nodejs/node#19638
Fixes: nodejs/node#589
PR-URL: nodejs/node#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Pranay180420 pushed a commit to Pranay180420/Node.jsforme that referenced this pull request Feb 17, 2025
@MylesBorins
deps: fix asm build error of openssl in x86_win32
f5eb182 
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Backport-PR-URL: nodejs/node#19638
Fixes: nodejs/node#589
PR-URL: nodejs/node#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Pranay180420 pushed a commit to Pranay180420/Node.jsforme that referenced this pull request Feb 17, 2025
@MylesBorins
openssl: fix keypress requirement in apps on win32
223b426 
Reapply b910613 .

Backport-PR-URL: nodejs/node#19638
Fixes: nodejs/node#589
PR-URL: nodejs/node#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Pranay180420 pushed a commit to Pranay180420/Node.jsforme that referenced this pull request Feb 17, 2025
@MylesBorins
deps: add -no_rand_screen to openssl s_client
f5d9324 
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Backport-PR-URL: nodejs/node#19638
Fixes: nodejs/node#1461
PR-URL: nodejs/node#1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@bnoordhuis bnoordhuis bnoordhuis approved these changes

@rvagg rvagg rvagg approved these changes

@cjihrig cjihrig cjihrig approved these changes

@tniessen tniessen tniessen approved these changes

Assignees
No one assigned
Labels
openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@shigeki @rvagg @MylesBorins @bnoordhuis @cjihrig @tniessen @nodejs-github-bot @indutny