deps: update openssl to quictls/openssl 3.0.0+quic #38512

When building/linking against OpenSSL 3.0.0alpha17 the following compilation error occurs: In file included from ../src/inspector_socket.cc:7: ../src/inspector_socket.cc: In function ‘void node::inspector::{anonymous}::generate_accept_string( const string&, char (*)[28])’: ../src/inspector_socket.cc:150:8: error: second operand of conditional expression has no effect [-Werror=unused-value] 150 | reinterpret_cast<unsigned char*>(hash)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../deps/openssl/openssl/include/openssl/sha.h:57:57: note: in definition of macro ‘SHA1’ 57 | (EVP_Q_digest(NULL, "SHA1", NULL, d, n, md, NULL) ? md : NULL) | ^~ ../src/inspector_socket.cc:150:47: error: third operand of conditional expression has no effect [-Werror=unused-value] 150 | reinterpret_cast<unsigned char*>(hash)); | ^ This commit suppresses this warning for OpenSSL 3.0.

When statically linking quictls/openssl 3.0.0alpha17 there are a number of architectures that error with the following message: execvp: printf: Argument list too long This commit adds a patch provided in nodejs#9137 to see if this will address this issue. Refs: nodejs#9137 (comment)

This commit adds an architecture named aix64-gcc-as which can generate assembler source code compatible with AIX assembler (as) instead of the GNU Assembler (gas). This architecture name is then used in a callback for the .p2align directive which is not available in AIX as. The motivation for this addition came out of an issue we ran into when working on upgrading OpenSSL in Node.js. We ran into the following compilation error on one of the CI machines that uses AIX: 05:39:05 Assembler: 05:39:05 crypto/bn/ppc64-mont-fixed.s: line 4: Error In Syntax This machine is using AIX Version 7.2 and does not have gas installed and the .p2align directive is causing this error. After asking around if it would be possible to install GAS on this machine I learned that AIX GNU utils are not maintained as well as the native AIX ones and we (Red Hat/IBM) have run into issues with the GNU utils in the past and if possible it would be preferable to be able to use the AIX native assembler. Refs: nodejs#38512 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#15638)

This commit adds an action to build and install the FIPS module and also run the fipsinstall action to generate the FIPS configuration file. The fipsinstall action also copies the openssl.cnf and updates the FIPS include to have the correct path, and also enables the FIPS section.

This commit adds a default variable named PRODUCT_DIR_ABS which contains the absolute path to the configured output and buildtype (Release/Debug) directory. The motivation for adding this instead of using PRODUCT_DIR is that the value of PRODUCT_DIR is a ${builddir} variable which is fine in most situations. The use case we ran into was where we wanted to add a defines for OpenSSL 3.0 MODULESDIR macro. I this case we want the value would ${builddir} would be escaped into $${builddir} which would not be resolved when passed with -DMODULEDIR, so the actual value would contain the variable ${buildtype} instead of an actual path.

This commit updates the MODULESDIR value to be the absolute path to the modules directoy in the build output directory. The motivation for this that it allows us to not have to specify the environment variable OPENSSL_MODULES when running node and enabling FIPS.

This commit sets OPENSSLDIR to point to the build directory so that OPENSSL_CONF does not have to be set as an environment variable.

This commit adds an action that is run when openssl-is-fips is not specified and overwrites openssl.cnf as this would otherwise cause and error if the fips configuration is left from an earlier configuration.

This commit sets the modulus size to be 512 instead of 1024 for OpenSSL3 as this causes centos7-64-gcc8 CI job to timeout when running this test.

This commit fixes an issue which involves the no-asm include template and the generate_headers.pl script. This issue was that the no-asm template was not being used so and this would cause build issues. Also the template itself needed to be updated to include VC-WIN64-ARM.

This commit removes the configuration option openssl_fips and also the gyp file which was used with earlier versions of OpenSSL and FIPS.

This commit adds a section with information about enabling FIPS support when statically linking.

This commit updates the node_metadata.{cc,h} to include openssl/quic.h which was recently added in quictls/openssl. Previously this was part of the generated openssl/crypto.h but has been moved out in Commit 5517e642fc2a531666c909aae0180e9d258d539e ("QUIC: Don't muck with FIPS checksums")

This updates all sources in deps/openssl/openssl by: $ git clone git@github.com:quictls/openssl.git $ cd node/deps/openssl $ rm -rf openssl $ cp -R ../openssl openssl $ rm -rf openssl/.git* openssl/.travis* $ git add --all openssl $ git commit openssl

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl $ git commit

This commit updates the linux64-riscv64 arch files by running make linux64-riscv64 followed by a make generate_headers so that these files are generated for OpenSSL 3.0.

Remove semicolon.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps: update openssl to quictls/openssl 3.0.0+quic #38512

deps: update openssl to quictls/openssl 3.0.0+quic #38512

Commits on Oct 10, 2021