Make `distutils.version.StrictVersion` available as a helper to
gyp expressions so they can do proper version checks and update
the gyp files accordingly.
Caveat emptor: `StrictVersion` does *not* like empty strings so
this commit adds truthiness guards. The helper could deal with
those but I felt it better to make it explicit.
Fixes: https://github.com/nodejs/node/issues/29927
PR-URL: https://github.com/nodejs/node/pull/29931
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Compile out hardware engines. Most are stubs that dynamically load
the real driver but that poses a security liability when an attacker
is able to create a malicious DLL in one of the default search paths.
PR-URL: https://github.com/nodejs/node-private/pull/73
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
PURIFY makes OpenSSL zero out some buffers. It also stops RAND_bytes()
from using the existing contents of the destination buffer as a source
of entropy, which according to some papers, is a possible attack vector
for reducing the overall entropy.
PR-URL: https://github.com/nodejs/node/pull/6582
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
SSL compression was first disabled at runtime in March 2011 in commit
e83c6959 ("Disable compression with OpenSSL.") for performance reasons
and was later shown to be vulnerable to information leakage (CRIME.)
Let's stop compiling it in altogether.
This commit removes a broken CHECK from src/node_crypto.cc; broken
because sk_SSL_COMP_num() returns -1 for a NULL stack, not 0. As a
result, node.js would abort when linked to an OPENSSL_NO_COMP build
of openssl.
PR-URL: https://github.com/nodejs/node/pull/6582
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Use the "Apple LLVM" version number since the banner has changed in
newer versions of Mac OS X, resulting in the obsolete assembler path
being used to compile OpenSSL.
PR-URL: https://github.com/nodejs/node/pull/5553
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
These are the core changes that allow pLinux BE/LE compile. They
don't include all of the changes needed for AIX which will follow
once we have pLinux up and running in the builds
PR-URL: https://github.com/nodejs/io.js/pull/2124
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
Reviewed-By: Johan Bergstrom <bugs@bergstroem.nu>
Asm files for OpenSSL depends on the version of assembler.
We provide two sets of asm files, one is asm_latest(avx2 and addx
supported) and the other asm_obsolute(without avx1/2 and addx)
The asm_latest needs the version of gas >= 2.23, llvm >= 3.3
or ml64 >= 12 as defined in
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/sha/asm/sha512-x86_64.pl#L112-L129
, otherwise asm_obsolute are used.
We take MSVS_VERSION in gyp as a version check of assembler on
Windows because the path to ml64.exe was set after configure in
vcbuild.bat and executing ml64.exe was failed in configure.
Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Update gyp sources for openssl-1.0.2a. The source list was extracted
from Makefiles in `deps/openssl/openssl/{crypto/ssl/engines}`.
Defines are created by referring the table in
`deps/openssl/doc/openssl_define_list.pdf` that was derived from
Makefile entries and outputs of
`deps/openssl/openssl/Configure TABLE`.
Renamed the variable of openssl_sources_arm_elf_gas to
openssl_sources_arm_void_gas to be consistent with PERLASM_SCHEME.
This also includes arm64 support.
Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Updated gyp has "else if" syntax in condition. Use this for
target_arch and OS switches. Several sources, defines, rules and
libraries variables moved to gypi files.
PR-URL: https://github.com/iojs/io.js/pull/1325
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
