From b2803b89cbf1e1a9cc368cadef5e569d83db4099 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sep 30 2019 23:11:34 +0000 Subject: import rh-nodejs10-nodejs-10.16.3-3.el7 --- diff --git a/.gitignore b/.gitignore index af630c4..4fff4ab 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/node-v10.10.0-stripped.tar.gz +SOURCES/node-v10.16.3-stripped.tar.gz diff --git a/.rh-nodejs10-nodejs.metadata b/.rh-nodejs10-nodejs.metadata index f9b396a..b84c956 100644 --- a/.rh-nodejs10-nodejs.metadata +++ b/.rh-nodejs10-nodejs.metadata @@ -1 +1 @@ -91e8d4b727b13a52760ee1f75d9f7e3c82d7e193 SOURCES/node-v10.10.0-stripped.tar.gz +062d8a0b0eb924216765d3e6ea66a9250e1afb44 SOURCES/node-v10.16.3-stripped.tar.gz diff --git a/SOURCES/0001-Remove-OpenSSL-1.0.2-features.patch b/SOURCES/0001-Remove-OpenSSL-1.0.2-features.patch deleted file mode 100644 index f42e347..0000000 --- a/SOURCES/0001-Remove-OpenSSL-1.0.2-features.patch +++ /dev/null @@ -1,560 +0,0 @@ -From e7f1280d006dc5e50f0d3844b63b7c746ced3cb9 Mon Sep 17 00:00:00 2001 -From: Your Name -Date: Thu, 13 Sep 2018 13:55:29 +0000 -Subject: [PATCH 1/2] Rebase 10.1 - ---- - src/node_constants.cc | 12 +- - src/node_crypto.cc | 294 ++++++++++++++++++--- - src/node_crypto.h | 2 + - .../test-tls-client-getephemeralkeyinfo.js | 6 +- - 4 files changed, 271 insertions(+), 43 deletions(-) - -diff --git a/src/node_constants.cc b/src/node_constants.cc -index b6c7bf3..28ca346 100644 ---- a/src/node_constants.cc -+++ b/src/node_constants.cc -@@ -951,8 +951,12 @@ void DefineOpenSSLConstants(Local target) { - NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_RAND); - # endif - --# ifdef ENGINE_METHOD_EC -- NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_EC); -+# ifdef ENGINE_METHOD_ECDH -+ NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_ECDH); -+# endif -+ -+# ifdef ENGINE_METHOD_ECDSA -+ NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_ECDSA); - # endif - - # ifdef ENGINE_METHOD_CIPHERS -@@ -963,6 +967,10 @@ void DefineOpenSSLConstants(Local target) { - NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_DIGESTS); - # endif - -+# ifdef ENGINE_METHOD_STORE -+ NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_STORE); -+# endif -+ - # ifdef ENGINE_METHOD_PKEY_METHS - NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_PKEY_METHS); - # endif -diff --git a/src/node_crypto.cc b/src/node_crypto.cc -index 203d6b4..7bdb1b1 100644 ---- a/src/node_crypto.cc -+++ b/src/node_crypto.cc -@@ -109,6 +109,119 @@ struct OpenSSLBufferDeleter { - }; - using OpenSSLBuffer = std::unique_ptr; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+static void RSA_get0_key(const RSA* r, const BIGNUM** n, const BIGNUM** e, -+ const BIGNUM** d) { -+ if (n != nullptr) { -+ *n = r->n; -+ } -+ if (e != nullptr) { -+ *e = r->e; -+ } -+ if (d != nullptr) { -+ *d = r->d; -+ } -+} -+ -+static void DH_get0_pqg(const DH* dh, const BIGNUM** p, const BIGNUM** q, -+ const BIGNUM** g) { -+ if (p != nullptr) { -+ *p = dh->p; -+ } -+ if (q != nullptr) { -+ *q = dh->q; -+ } -+ if (g != nullptr) { -+ *g = dh->g; -+ } -+} -+ -+static int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) { -+ if ((dh->p == nullptr && p == nullptr) || -+ (dh->g == nullptr && g == nullptr)) { -+ return 0; -+ } -+ -+ if (p != nullptr) { -+ BN_free(dh->p); -+ dh->p = p; -+ } -+ if (q != nullptr) { -+ BN_free(dh->q); -+ dh->q = q; -+ } -+ if (g != nullptr) { -+ BN_free(dh->g); -+ dh->g = g; -+ } -+ -+ return 1; -+} -+ -+static void DH_get0_key(const DH* dh, const BIGNUM** pub_key, -+ const BIGNUM** priv_key) { -+ if (pub_key != nullptr) { -+ *pub_key = dh->pub_key; -+ } -+ if (priv_key != nullptr) { -+ *priv_key = dh->priv_key; -+ } -+} -+ -+static int DH_set0_key(DH* dh, BIGNUM* pub_key, BIGNUM* priv_key) { -+ if (pub_key != nullptr) { -+ BN_free(dh->pub_key); -+ dh->pub_key = pub_key; -+ } -+ if (priv_key != nullptr) { -+ BN_free(dh->priv_key); -+ dh->priv_key = priv_key; -+ } -+ -+ return 1; -+} -+ -+static const SSL_METHOD* TLS_method() { return SSLv23_method(); } -+ -+static void SSL_SESSION_get0_ticket(const SSL_SESSION* s, -+ const unsigned char** tick, size_t* len) { -+ *len = s->tlsext_ticklen; -+ if (tick != nullptr) { -+ *tick = s->tlsext_tick; -+ } -+} -+ -+#define SSL_get_tlsext_status_type(ssl) (ssl->tlsext_status_type) -+ -+static int X509_STORE_up_ref(X509_STORE* store) { -+ CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE); -+ return 1; -+} -+ -+static int X509_up_ref(X509* cert) { -+ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); -+ return 1; -+} -+ -+#define EVP_MD_CTX_new EVP_MD_CTX_create -+#define EVP_MD_CTX_free EVP_MD_CTX_destroy -+ -+HMAC_CTX* HMAC_CTX_new() { -+ HMAC_CTX* ctx = Malloc(1); -+ HMAC_CTX_init(ctx); -+ return ctx; -+} -+ -+void HMAC_CTX_free(HMAC_CTX* ctx) { -+ if (ctx == nullptr) { -+ return; -+ } -+ HMAC_CTX_cleanup(ctx); -+ free(ctx); -+} -+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L -+ -+ - static const char* const root_certs[] = { - #include "node_root_certs.h" // NOLINT(build/include_order) - }; -@@ -125,11 +238,19 @@ template void SSLWrap::AddMethods(Environment* env, - template void SSLWrap::ConfigureSecureContext(SecureContext* sc); - template void SSLWrap::SetSNIContext(SecureContext* sc); - template int SSLWrap::SetCACerts(SecureContext* sc); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+template SSL_SESSION* SSLWrap::GetSessionCallback( -+ SSL* s, -+ unsigned char* key, -+ int len, -+ int* copy); -+#else - template SSL_SESSION* SSLWrap::GetSessionCallback( - SSL* s, - const unsigned char* key, - int len, - int* copy); -+#endif - template int SSLWrap::NewSessionCallback(SSL* s, - SSL_SESSION* sess); - template void SSLWrap::OnClientHello( -@@ -148,6 +269,34 @@ template int SSLWrap::SelectALPNCallback( - void* arg); - - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+static Mutex* mutexes; -+ -+static void crypto_threadid_cb(CRYPTO_THREADID* tid) { -+ static_assert(sizeof(uv_thread_t) <= sizeof(void*), -+ "uv_thread_t does not fit in a pointer"); -+ CRYPTO_THREADID_set_pointer(tid, reinterpret_cast(uv_thread_self())); -+} -+ -+ -+static void crypto_lock_init(void) { -+ mutexes = new Mutex[CRYPTO_num_locks()]; -+} -+ -+ -+static void crypto_lock_cb(int mode, int n, const char* file, int line) { -+ CHECK(!(mode & CRYPTO_LOCK) ^ !(mode & CRYPTO_UNLOCK)); -+ CHECK(!(mode & CRYPTO_READ) ^ !(mode & CRYPTO_WRITE)); -+ -+ auto mutex = &mutexes[n]; -+ if (mode & CRYPTO_LOCK) -+ mutex->Lock(); -+ else -+ mutex->Unlock(); -+} -+#endif -+ -+ - static int PasswordCallback(char* buf, int size, int rwflag, void* u) { - if (u) { - size_t buflen = static_cast(size); -@@ -381,8 +530,8 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { - ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder()); - Environment* env = sc->env(); - -- int min_version = 0; -- int max_version = 0; -+ // int min_version = 0; -+ // int max_version = 0; - const SSL_METHOD* method = TLS_method(); - - if (args.Length() == 1 && args[0]->IsString()) { -@@ -405,47 +554,47 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { - } else if (strcmp(*sslmethod, "SSLv3_client_method") == 0) { - return env->ThrowError("SSLv3 methods disabled"); - } else if (strcmp(*sslmethod, "SSLv23_method") == 0) { -- method = TLS_method(); -+ method = SSLv23_method(); - } else if (strcmp(*sslmethod, "SSLv23_server_method") == 0) { -- method = TLS_server_method(); -+ method = SSLv23_server_method(); - } else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { -- method = TLS_client_method(); -+ method = SSLv23_client_method(); - } else if (strcmp(*sslmethod, "TLSv1_method") == 0) { -- min_version = TLS1_VERSION; -- max_version = TLS1_VERSION; -- method = TLS_method(); -+ // min_version = TLS1_VERSION; -+ // max_version = TLS1_VERSION; -+ method = TLSv1_method(); - } else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { -- min_version = TLS1_VERSION; -- max_version = TLS1_VERSION; -- method = TLS_server_method(); -+ // min_version = TLS1_VERSION; -+ // max_version = TLS1_VERSION; -+ method = TLSv1_server_method(); - } else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { -- min_version = TLS1_VERSION; -- max_version = TLS1_VERSION; -- method = TLS_client_method(); -+ // min_version = TLS1_VERSION; -+ // max_version = TLS1_VERSION; -+ method = TLSv1_client_method(); - } else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { -- min_version = TLS1_1_VERSION; -- max_version = TLS1_1_VERSION; -- method = TLS_method(); -+ // min_version = TLS1_1_VERSION; -+ // max_version = TLS1_1_VERSION; -+ method = TLSv1_1_method(); - } else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { -- min_version = TLS1_1_VERSION; -- max_version = TLS1_1_VERSION; -- method = TLS_server_method(); -+ // min_version = TLS1_1_VERSION; -+ // max_version = TLS1_1_VERSION; -+ method = TLSv1_1_server_method(); - } else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { -- min_version = TLS1_1_VERSION; -- max_version = TLS1_1_VERSION; -- method = TLS_client_method(); -+ // min_version = TLS1_1_VERSION; -+ // max_version = TLS1_1_VERSION; -+ method = TLSv1_1_client_method(); - } else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { -- min_version = TLS1_2_VERSION; -- max_version = TLS1_2_VERSION; -- method = TLS_method(); -+ // min_version = TLS1_2_VERSION; -+ // max_version = TLS1_2_VERSION; -+ method = TLSv1_2_method(); - } else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { -- min_version = TLS1_2_VERSION; -- max_version = TLS1_2_VERSION; -- method = TLS_server_method(); -+ // min_version = TLS1_2_VERSION; -+ // max_version = TLS1_2_VERSION; -+ method = TLSv1_2_server_method(); - } else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { -- min_version = TLS1_2_VERSION; -- max_version = TLS1_2_VERSION; -- method = TLS_client_method(); -+ // min_version = TLS1_2_VERSION; -+ // max_version = TLS1_2_VERSION; -+ method = TLSv1_2_client_method(); - } else { - return env->ThrowError("Unknown method"); - } -@@ -467,6 +616,7 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { - SSL_SESS_CACHE_NO_INTERNAL | - SSL_SESS_CACHE_NO_AUTO_CLEAR); - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L - SSL_CTX_set_min_proto_version(sc->ctx_.get(), min_version); - SSL_CTX_set_max_proto_version(sc->ctx_.get(), max_version); - // OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was -@@ -478,6 +628,7 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { - return env->ThrowError("Error generating ticket keys"); - } - SSL_CTX_set_tlsext_ticket_key_cb(sc->ctx_.get(), TicketCompatibilityCallback); -+#endif - } - - -@@ -925,6 +1076,11 @@ void SecureContext::SetECDHCurve(const FunctionCallbackInfo& args) { - - node::Utf8Value curve(env->isolate(), args[0]); - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE); -+ SSL_CTX_set_ecdh_auto(sc->ctx_, 1); -+#endif -+ - if (strcmp(*curve, "auto") == 0) - return; - -@@ -1179,9 +1335,17 @@ void SecureContext::GetTicketKeys(const FunctionCallbackInfo& args) { - ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); - - Local buff = Buffer::New(wrap->env(), 48).ToLocalChecked(); -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L - memcpy(Buffer::Data(buff), wrap->ticket_key_name_, 16); - memcpy(Buffer::Data(buff) + 16, wrap->ticket_key_hmac_, 16); - memcpy(Buffer::Data(buff) + 32, wrap->ticket_key_aes_, 16); -+#else -+ if (SSL_CTX_get_tlsext_ticket_keys(wrap->ctx_, -+ Buffer::Data(buff), -+ Buffer::Length(buff)) != 1) { -+ return wrap->env()->ThrowError("Failed to fetch tls ticket keys"); -+ } -+#endif - - args.GetReturnValue().Set(buff); - #endif // !def(OPENSSL_NO_TLSEXT) && def(SSL_CTX_get_tlsext_ticket_keys) -@@ -1205,9 +1369,17 @@ void SecureContext::SetTicketKeys(const FunctionCallbackInfo& args) { - env, "Ticket keys length must be 48 bytes"); - } - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L - memcpy(wrap->ticket_key_name_, Buffer::Data(args[0]), 16); - memcpy(wrap->ticket_key_hmac_, Buffer::Data(args[0]) + 16, 16); - memcpy(wrap->ticket_key_aes_, Buffer::Data(args[0]) + 32, 16); -+#else -+ if (SSL_CTX_set_tlsext_ticket_keys(wrap->ctx_, -+ Buffer::Data(args[0]), -+ Buffer::Length(args[0])) != 1) { -+ return env->ThrowError("Failed to fetch tls ticket keys"); -+ } -+#endif - - args.GetReturnValue().Set(true); - #endif // !def(OPENSSL_NO_TLSEXT) && def(SSL_CTX_get_tlsext_ticket_keys) -@@ -1215,6 +1387,14 @@ void SecureContext::SetTicketKeys(const FunctionCallbackInfo& args) { - - - void SecureContext::SetFreeListLength(const FunctionCallbackInfo& args) { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ // |freelist_max_len| was removed in OpenSSL 1.1.0. In that version OpenSSL -+ // mallocs and frees buffers directly, without the use of a freelist. -+ SecureContext* wrap; -+ ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); -+ -+ wrap->ctx_->freelist_max_len = args[0]->Int32Value(); -+#endif - } - - -@@ -1311,6 +1491,7 @@ int SecureContext::TicketKeyCallback(SSL* ssl, - } - - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L - int SecureContext::TicketCompatibilityCallback(SSL* ssl, - unsigned char* name, - unsigned char* iv, -@@ -1345,6 +1526,7 @@ int SecureContext::TicketCompatibilityCallback(SSL* ssl, - } - return 1; - } -+#endif - - - template -@@ -1413,11 +1595,19 @@ void SSLWrap::ConfigureSecureContext(SecureContext* sc) { - } - - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+template -+SSL_SESSION* SSLWrap::GetSessionCallback(SSL* s, -+ unsigned char* key, -+ int len, -+ int* copy) { -+#else - template - SSL_SESSION* SSLWrap::GetSessionCallback(SSL* s, - const unsigned char* key, - int len, - int* copy) { -+#endif - Base* w = static_cast(SSL_get_app_data(s)); - - *copy = 0; -@@ -2077,6 +2267,7 @@ void SSLWrap::GetEphemeralKeyInfo( - Integer::New(env->isolate(), EVP_PKEY_bits(key))).FromJust(); - break; - case EVP_PKEY_EC: -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L - // TODO(shigeki) Change this to EVP_PKEY_X25519 and add EVP_PKEY_X448 - // after upgrading to 1.1.1. - case NID_X25519: -@@ -2097,9 +2288,24 @@ void SSLWrap::GetEphemeralKeyInfo( - curve_name)).FromJust(); - info->Set(context, env->size_string(), - Integer::New(env->isolate(), -- EVP_PKEY_bits(key))).FromJust(); -+ EVP_PKEY_bits(key))).FromJust(); - } - break; -+#else -+ { -+ EC_KEY* ec = EVP_PKEY_get1_EC_KEY(key); -+ int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); -+ EC_KEY_free(ec); -+ info->Set(context, env->type_string(), -+ FIXED_ONE_BYTE_STRING(env->isolate(), "ECDH")).FromJust(); -+ info->Set(context, env->name_string(), -+ OneByteString(args.GetIsolate(), -+ OBJ_nid2sn(nid))).FromJust(); -+ info->Set(context, env->size_string(), -+ Integer::New(env->isolate(), -+ EVP_PKEY_bits(key))).FromJust(); -+ } -+#endif - } - EVP_PKEY_free(key); - } -@@ -2778,10 +2984,10 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len, - CHECK(IsAuthenticatedMode()); - MarkPopErrorOnReturn mark_pop_error_on_return; - -- if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), -- EVP_CTRL_AEAD_SET_IVLEN, -- iv_len, -- nullptr)) { -+ // TODO(tniessen) Use EVP_CTRL_AEAD_SET_IVLEN when migrating to OpenSSL 1.1.0 -+ static_assert(EVP_CTRL_CCM_SET_IVLEN == EVP_CTRL_GCM_SET_IVLEN, -+ "OpenSSL constants differ between GCM and CCM"); -+ if (!EVP_CIPHER_CTX_ctrl(ctx_, EVP_CTRL_GCM_SET_IVLEN, iv_len, nullptr)) { - env()->ThrowError("Invalid IV length"); - return false; - } -@@ -3137,8 +3343,10 @@ bool CipherBase::Final(unsigned char** out, int* out_len) { - CHECK(mode == EVP_CIPH_GCM_MODE); - auth_tag_len_ = sizeof(auth_tag_); - } -- CHECK_EQ(1, EVP_CIPHER_CTX_ctrl(ctx_.get(), EVP_CTRL_AEAD_GET_TAG, -- auth_tag_len_, -+ // TOOD(tniessen) Use EVP_CTRL_AEAP_GET_TAG in OpenSSL 1.1.0 -+ static_assert(EVP_CTRL_CCM_GET_TAG == EVP_CTRL_GCM_GET_TAG, -+ "OpenSSL constants differ between GCM and CCM"); -+ CHECK_EQ(1, EVP_CIPHER_CTX_ctrl(ctx_, EVP_CTRL_GCM_GET_TAG, auth_tag_len_, - reinterpret_cast(auth_tag_))); - } - } -@@ -3414,12 +3622,14 @@ void Hash::HashDigest(const FunctionCallbackInfo& args) { - - SignBase::Error SignBase::Init(const char* sign_type) { - CHECK_NULL(mdctx_); -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L - // Historically, "dss1" and "DSS1" were DSA aliases for SHA-1 - // exposed through the public API. - if (strcmp(sign_type, "dss1") == 0 || - strcmp(sign_type, "DSS1") == 0) { - sign_type = "SHA1"; - } -+#endif - const EVP_MD* md = EVP_get_digestbyname(sign_type); - if (md == nullptr) - return kSignUnknownDigest; -@@ -5124,6 +5334,12 @@ void InitCryptoOnce() { - SSL_library_init(); - OpenSSL_add_all_algorithms(); - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ crypto_lock_init(); -+ CRYPTO_set_locking_callback(crypto_lock_cb); -+ CRYPTO_THREADID_set_callback(crypto_threadid_cb); -+#endif -+ - #ifdef NODE_FIPS_MODE - /* Override FIPS settings in cnf file, if needed. */ - unsigned long err = 0; // NOLINT(runtime/int) -diff --git a/src/node_crypto.h b/src/node_crypto.h -index 86aa3ba..e850358 100644 ---- a/src/node_crypto.h -+++ b/src/node_crypto.h -@@ -44,8 +44,10 @@ - #endif // !OPENSSL_NO_ENGINE - #include - #include -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L - // TODO(shigeki) Remove this after upgrading to 1.1.1 - #include -+#endif - #include - #include - #include -diff --git a/test/parallel/test-tls-client-getephemeralkeyinfo.js b/test/parallel/test-tls-client-getephemeralkeyinfo.js -index 9432a27..411fdc7 100644 ---- a/test/parallel/test-tls-client-getephemeralkeyinfo.js -+++ b/test/parallel/test-tls-client-getephemeralkeyinfo.js -@@ -82,18 +82,20 @@ function testECDHE256() { - } - - function testECDHE512() { -- test(521, 'ECDH', 'secp521r1', testX25519); -+ test(521, 'ECDH', 'secp521r1', null); - ntests++; - } - -+/* - function testX25519() { - test(253, 'ECDH', 'X25519', null); - ntests++; - } -+*/ - - testNOT_PFS(); - - process.on('exit', function() { - assert.strictEqual(ntests, nsuccess); -- assert.strictEqual(ntests, 6); -+ assert.strictEqual(ntests, 5); - }); --- -1.8.3.1 - diff --git a/SOURCES/0001-Remove-or-backport-OpenSSL-features.patch b/SOURCES/0001-Remove-or-backport-OpenSSL-features.patch new file mode 100644 index 0000000..e66edb5 --- /dev/null +++ b/SOURCES/0001-Remove-or-backport-OpenSSL-features.patch @@ -0,0 +1,681 @@ +From 3b512b3127b2ad733460d30bf8def2b5553bc648 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 29 Aug 2019 14:28:57 +0200 +Subject: [PATCH] Remove or backport OpenSSL features + +Signed-off-by: rpm-build +--- + src/node_constants.cc | 12 +- + src/node_crypto.cc | 268 ++++++++++++++++-- + src/node_crypto.h | 22 ++ + test/parallel/test-crypto-authenticated.js | 4 +- + test/parallel/test-crypto-keygen.js | 8 +- + test/parallel/test-crypto-pbkdf2.js | 18 -- + .../test-tls-client-getephemeralkeyinfo.js | 1 - + test/parallel/test-tls-passphrase.js | 2 +- + 8 files changed, 291 insertions(+), 44 deletions(-) + +diff --git a/src/node_constants.cc b/src/node_constants.cc +index 9cd50fe..65f3159 100644 +--- a/src/node_constants.cc ++++ b/src/node_constants.cc +@@ -951,8 +951,12 @@ void DefineOpenSSLConstants(Local target) { + NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_RAND); + # endif + +-# ifdef ENGINE_METHOD_EC +- NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_EC); ++# ifdef ENGINE_METHOD_ECDH ++ NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_ECDH); ++# endif ++ ++# ifdef ENGINE_METHOD_ECDSA ++ NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_ECDSA); + # endif + + # ifdef ENGINE_METHOD_CIPHERS +@@ -963,6 +967,10 @@ void DefineOpenSSLConstants(Local target) { + NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_DIGESTS); + # endif + ++# ifdef ENGINE_METHOD_STORE ++ NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_STORE); ++# endif ++ + # ifdef ENGINE_METHOD_PKEY_METHS + NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_PKEY_METHS); + # endif +diff --git a/src/node_crypto.cc b/src/node_crypto.cc +index 1d9214f..17c6d77 100644 +--- a/src/node_crypto.cc ++++ b/src/node_crypto.cc +@@ -109,6 +109,137 @@ struct OpenSSLBufferDeleter { + }; + using OpenSSLBuffer = std::unique_ptr; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++static void RSA_get0_key(const RSA* r, const BIGNUM** n, const BIGNUM** e, ++ const BIGNUM** d) { ++ if (n != nullptr) { ++ *n = r->n; ++ } ++ if (e != nullptr) { ++ *e = r->e; ++ } ++ if (d != nullptr) { ++ *d = r->d; ++ } ++} ++ ++static void DH_get0_pqg(const DH* dh, const BIGNUM** p, const BIGNUM** q, ++ const BIGNUM** g) { ++ if (p != nullptr) { ++ *p = dh->p; ++ } ++ if (q != nullptr) { ++ *q = dh->q; ++ } ++ if (g != nullptr) { ++ *g = dh->g; ++ } ++} ++ ++static int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) { ++ if ((dh->p == nullptr && p == nullptr) || ++ (dh->g == nullptr && g == nullptr)) { ++ return 0; ++ } ++ ++ if (p != nullptr) { ++ BN_free(dh->p); ++ dh->p = p; ++ } ++ if (q != nullptr) { ++ BN_free(dh->q); ++ dh->q = q; ++ } ++ if (g != nullptr) { ++ BN_free(dh->g); ++ dh->g = g; ++ } ++ ++ return 1; ++} ++ ++static void DH_get0_key(const DH* dh, const BIGNUM** pub_key, ++ const BIGNUM** priv_key) { ++ if (pub_key != nullptr) { ++ *pub_key = dh->pub_key; ++ } ++ if (priv_key != nullptr) { ++ *priv_key = dh->priv_key; ++ } ++} ++ ++static int DH_set0_key(DH* dh, BIGNUM* pub_key, BIGNUM* priv_key) { ++ if (pub_key != nullptr) { ++ BN_free(dh->pub_key); ++ dh->pub_key = pub_key; ++ } ++ if (priv_key != nullptr) { ++ BN_free(dh->priv_key); ++ dh->priv_key = priv_key; ++ } ++ ++ return 1; ++} ++ ++static const SSL_METHOD* TLS_method() { return SSLv23_method(); } ++ ++static void SSL_SESSION_get0_ticket(const SSL_SESSION* s, ++ const unsigned char** tick, size_t* len) { ++ *len = s->tlsext_ticklen; ++ if (tick != nullptr) { ++ *tick = s->tlsext_tick; ++ } ++} ++ ++#define SSL_get_tlsext_status_type(ssl) (ssl->tlsext_status_type) ++ ++static int X509_STORE_up_ref(X509_STORE* store) { ++ CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE); ++ return 1; ++} ++ ++static int X509_up_ref(X509* cert) { ++ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); ++ return 1; ++} ++ ++HMAC_CTX* HMAC_CTX_new() { ++ HMAC_CTX* ctx = Malloc(1); ++ HMAC_CTX_init(ctx); ++ return ctx; ++} ++ ++// Disable all TLS version lower than the version argument ++int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version) { ++ switch (version) { ++ [[gnu::fallthrough]] case TLS1_2_VERSION: ++ SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_1); ++ [[gnu::fallthrough]] case TLS1_1_VERSION: ++ SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1); ++ [[gnu::fallthrough]] case TLS1_VERSION: ++ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); ++ return 1; ++ default: ++ return 0; // unsupported ++ } ++} ++// Disable all TLS version higher than the version argument ++int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version) { ++ switch (version) { ++ [[gnu::fallthrough]] case TLS1_VERSION: ++ SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_1); ++ [[gnu::fallthrough]] case TLS1_1_VERSION: ++ SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2); ++ [[gnu::fallthrough]] case TLS1_2_VERSION: ++ return 1; ++ default: ++ return 0; // unsupported ++ } ++} ++ ++#endif // OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++ + static const char* const root_certs[] = { + #include "node_root_certs.h" // NOLINT(build/include_order) + }; +@@ -125,11 +256,19 @@ template void SSLWrap::AddMethods(Environment* env, + template void SSLWrap::ConfigureSecureContext(SecureContext* sc); + template void SSLWrap::SetSNIContext(SecureContext* sc); + template int SSLWrap::SetCACerts(SecureContext* sc); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++template SSL_SESSION* SSLWrap::GetSessionCallback( ++ SSL* s, ++ unsigned char* key, ++ int len, ++ int* copy); ++#else + template SSL_SESSION* SSLWrap::GetSessionCallback( + SSL* s, + const unsigned char* key, + int len, + int* copy); ++#endif + template int SSLWrap::NewSessionCallback(SSL* s, + SSL_SESSION* sess); + template void SSLWrap::OnClientHello( +@@ -148,6 +287,34 @@ template int SSLWrap::SelectALPNCallback( + void* arg); + + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++static Mutex* mutexes; ++ ++static void crypto_threadid_cb(CRYPTO_THREADID* tid) { ++ static_assert(sizeof(uv_thread_t) <= sizeof(void*), ++ "uv_thread_t does not fit in a pointer"); ++ CRYPTO_THREADID_set_pointer(tid, reinterpret_cast(uv_thread_self())); ++} ++ ++ ++static void crypto_lock_init(void) { ++ mutexes = new Mutex[CRYPTO_num_locks()]; ++} ++ ++ ++static void crypto_lock_cb(int mode, int n, const char* file, int line) { ++ CHECK(!(mode & CRYPTO_LOCK) ^ !(mode & CRYPTO_UNLOCK)); ++ CHECK(!(mode & CRYPTO_READ) ^ !(mode & CRYPTO_WRITE)); ++ ++ auto mutex = &mutexes[n]; ++ if (mode & CRYPTO_LOCK) ++ mutex->Lock(); ++ else ++ mutex->Unlock(); ++} ++#endif ++ ++ + static int PasswordCallback(char* buf, int size, int rwflag, void* u) { + if (u) { + size_t buflen = static_cast(size); +@@ -401,7 +568,7 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { + + int min_version = args[1].As()->Value(); + int max_version = args[2].As()->Value(); +- const SSL_METHOD* method = TLS_method(); ++ const SSL_METHOD* method = SSLv23_method(); + + if (args[0]->IsString()) { + const node::Utf8Value sslmethod(env->isolate(), args[0]); +@@ -425,9 +592,9 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { + } else if (strcmp(*sslmethod, "SSLv23_method") == 0) { + // noop + } else if (strcmp(*sslmethod, "SSLv23_server_method") == 0) { +- method = TLS_server_method(); ++ method = SSLv23_server_method(); + } else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { +- method = TLS_client_method(); ++ method = SSLv23_client_method(); + } else if (strcmp(*sslmethod, "TLS_method") == 0) { + min_version = 0; + max_version = 0; +@@ -437,33 +604,33 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { + } else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { + min_version = TLS1_VERSION; + max_version = TLS1_VERSION; +- method = TLS_server_method(); ++ method = SSLv23_server_method(); + } else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { + min_version = TLS1_VERSION; + max_version = TLS1_VERSION; +- method = TLS_client_method(); ++ method = SSLv23_client_method(); + } else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { + min_version = TLS1_1_VERSION; + max_version = TLS1_1_VERSION; + } else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { + min_version = TLS1_1_VERSION; + max_version = TLS1_1_VERSION; +- method = TLS_server_method(); ++ method = SSLv23_server_method(); + } else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { + min_version = TLS1_1_VERSION; + max_version = TLS1_1_VERSION; +- method = TLS_client_method(); ++ method = SSLv23_client_method(); + } else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { + min_version = TLS1_2_VERSION; + max_version = TLS1_2_VERSION; + } else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { + min_version = TLS1_2_VERSION; + max_version = TLS1_2_VERSION; +- method = TLS_server_method(); ++ method = SSLv23_server_method(); + } else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { + min_version = TLS1_2_VERSION; + max_version = TLS1_2_VERSION; +- method = TLS_client_method(); ++ method = SSLv23_client_method(); + } else { + return env->ThrowError("Unknown method"); + } +@@ -498,6 +665,7 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { + max_version = TLS1_2_VERSION; + } + SSL_CTX_set_max_proto_version(sc->ctx_.get(), max_version); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + // OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was + // exposed in the public API. To retain compatibility, install a callback + // which restores the old algorithm. +@@ -507,6 +675,7 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { + return env->ThrowError("Error generating ticket keys"); + } + SSL_CTX_set_tlsext_ticket_key_cb(sc->ctx_.get(), TicketCompatibilityCallback); ++#endif + } + + +@@ -937,6 +1106,11 @@ void SecureContext::SetECDHCurve(const FunctionCallbackInfo& args) { + + node::Utf8Value curve(env->isolate(), args[0]); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ SSL_CTX_set_options(sc->ctx_.get(), SSL_OP_SINGLE_ECDH_USE); ++ SSL_CTX_set_ecdh_auto(sc->ctx_.get(), 1); ++#endif ++ + if (strcmp(*curve, "auto") == 0) + return; + +@@ -1191,9 +1365,17 @@ void SecureContext::GetTicketKeys(const FunctionCallbackInfo& args) { + ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); + + Local buff = Buffer::New(wrap->env(), 48).ToLocalChecked(); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + memcpy(Buffer::Data(buff), wrap->ticket_key_name_, 16); + memcpy(Buffer::Data(buff) + 16, wrap->ticket_key_hmac_, 16); + memcpy(Buffer::Data(buff) + 32, wrap->ticket_key_aes_, 16); ++#else ++ if (SSL_CTX_get_tlsext_ticket_keys(wrap->ctx_.get(), ++ Buffer::Data(buff), ++ Buffer::Length(buff)) != 1) { ++ return wrap->env()->ThrowError("Failed to fetch tls ticket keys"); ++ } ++#endif + + args.GetReturnValue().Set(buff); + #endif // !def(OPENSSL_NO_TLSEXT) && def(SSL_CTX_get_tlsext_ticket_keys) +@@ -1217,9 +1399,17 @@ void SecureContext::SetTicketKeys(const FunctionCallbackInfo& args) { + env, "Ticket keys length must be 48 bytes"); + } + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + memcpy(wrap->ticket_key_name_, Buffer::Data(args[0]), 16); + memcpy(wrap->ticket_key_hmac_, Buffer::Data(args[0]) + 16, 16); + memcpy(wrap->ticket_key_aes_, Buffer::Data(args[0]) + 32, 16); ++#else ++ if (SSL_CTX_set_tlsext_ticket_keys(wrap->ctx_.get(), ++ Buffer::Data(args[0]), ++ Buffer::Length(args[0])) != 1) { ++ return env->ThrowError("Failed to fetch tls ticket keys"); ++ } ++#endif + + args.GetReturnValue().Set(true); + #endif // !def(OPENSSL_NO_TLSEXT) && def(SSL_CTX_get_tlsext_ticket_keys) +@@ -1227,6 +1417,14 @@ void SecureContext::SetTicketKeys(const FunctionCallbackInfo& args) { + + + void SecureContext::SetFreeListLength(const FunctionCallbackInfo& args) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ // |freelist_max_len| was removed in OpenSSL 1.1.0. In that version OpenSSL ++ // mallocs and frees buffers directly, without the use of a freelist. ++ SecureContext* wrap; ++ ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); ++ ++ wrap->ctx_->freelist_max_len = args[0]->Int32Value(); ++#endif + } + + +@@ -1323,6 +1521,7 @@ int SecureContext::TicketKeyCallback(SSL* ssl, + } + + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + int SecureContext::TicketCompatibilityCallback(SSL* ssl, + unsigned char* name, + unsigned char* iv, +@@ -1357,6 +1556,7 @@ int SecureContext::TicketCompatibilityCallback(SSL* ssl, + } + return 1; + } ++#endif + + + void SecureContext::CtxGetter(const FunctionCallbackInfo& info) { +@@ -1433,11 +1633,19 @@ void SSLWrap::ConfigureSecureContext(SecureContext* sc) { + } + + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++template ++SSL_SESSION* SSLWrap::GetSessionCallback(SSL* s, ++ unsigned char* key, ++ int len, ++ int* copy) { ++#else + template + SSL_SESSION* SSLWrap::GetSessionCallback(SSL* s, + const unsigned char* key, + int len, + int* copy) { ++#endif + Base* w = static_cast(SSL_get_app_data(s)); + + *copy = 0; +@@ -2094,6 +2302,7 @@ void SSLWrap::GetEphemeralKeyInfo( + Integer::New(env->isolate(), EVP_PKEY_bits(key))).FromJust(); + break; + case EVP_PKEY_EC: ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + // TODO(shigeki) Change this to EVP_PKEY_X25519 and add EVP_PKEY_X448 + // after upgrading to 1.1.1. + case NID_X25519: +@@ -2114,9 +2323,24 @@ void SSLWrap::GetEphemeralKeyInfo( + curve_name)).FromJust(); + info->Set(context, env->size_string(), + Integer::New(env->isolate(), +- EVP_PKEY_bits(key))).FromJust(); ++ EVP_PKEY_bits(key))).FromJust(); + } + break; ++#else ++ { ++ EC_KEY* ec = EVP_PKEY_get1_EC_KEY(key); ++ int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); ++ EC_KEY_free(ec); ++ info->Set(context, env->type_string(), ++ FIXED_ONE_BYTE_STRING(env->isolate(), "ECDH")).FromJust(); ++ info->Set(context, env->name_string(), ++ OneByteString(args.GetIsolate(), ++ OBJ_nid2sn(nid))).FromJust(); ++ info->Set(context, env->size_string(), ++ Integer::New(env->isolate(), ++ EVP_PKEY_bits(key))).FromJust(); ++ } ++#endif + } + EVP_PKEY_free(key); + } +@@ -2776,10 +3000,10 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len, + CHECK(IsAuthenticatedMode()); + MarkPopErrorOnReturn mark_pop_error_on_return; + +- if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), +- EVP_CTRL_AEAD_SET_IVLEN, +- iv_len, +- nullptr)) { ++ // TODO(tniessen) Use EVP_CTRL_AEAD_SET_IVLEN when migrating to OpenSSL 1.1.0 ++ static_assert(EVP_CTRL_CCM_SET_IVLEN == EVP_CTRL_GCM_SET_IVLEN, ++ "OpenSSL constants differ between GCM and CCM"); ++ if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), EVP_CTRL_GCM_SET_IVLEN, iv_len, nullptr)) { + env()->ThrowError("Invalid IV length"); + return false; + } +@@ -2910,6 +3134,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo& args) { + "Valid GCM tag lengths are 4, 8, 12, 13, 14, 15, 16.", tag_len); + ProcessEmitDeprecationWarning(cipher->env(), msg, "DEP0090"); + } ++#ifndef OPENSSL_NO_OCB + } else if (mode == EVP_CIPH_OCB_MODE) { + // At this point, the tag length is already known and must match the + // length of the given authentication tag. +@@ -2921,6 +3146,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo& args) { + "Invalid authentication tag length: %u", tag_len); + return cipher->env()->ThrowError(msg); + } ++#endif // OPENSSL_NO_OCB + } + + // Note: we don't use std::min() here to work around a header conflict. +@@ -3140,8 +3366,10 @@ bool CipherBase::Final(unsigned char** out, int* out_len) { + CHECK(mode == EVP_CIPH_GCM_MODE); + auth_tag_len_ = sizeof(auth_tag_); + } +- CHECK_EQ(1, EVP_CIPHER_CTX_ctrl(ctx_.get(), EVP_CTRL_AEAD_GET_TAG, +- auth_tag_len_, ++ // TOOD(tniessen) Use EVP_CTRL_AEAP_GET_TAG in OpenSSL 1.1.0 ++ static_assert(EVP_CTRL_CCM_GET_TAG == EVP_CTRL_GCM_GET_TAG, ++ "OpenSSL constants differ between GCM and CCM"); ++ CHECK_EQ(1, EVP_CIPHER_CTX_ctrl(ctx_.get(), EVP_CTRL_GCM_GET_TAG, auth_tag_len_, + reinterpret_cast(auth_tag_))); + } + } +@@ -3417,12 +3645,14 @@ void Hash::HashDigest(const FunctionCallbackInfo& args) { + + SignBase::Error SignBase::Init(const char* sign_type) { + CHECK_NULL(mdctx_); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + // Historically, "dss1" and "DSS1" were DSA aliases for SHA-1 + // exposed through the public API. + if (strcmp(sign_type, "dss1") == 0 || + strcmp(sign_type, "DSS1") == 0) { + sign_type = "SHA1"; + } ++#endif + const EVP_MD* md = EVP_get_digestbyname(sign_type); + if (md == nullptr) + return kSignUnknownDigest; +@@ -5587,6 +5817,12 @@ void InitCryptoOnce() { + SSL_library_init(); + OpenSSL_add_all_algorithms(); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ crypto_lock_init(); ++ CRYPTO_set_locking_callback(crypto_lock_cb); ++ CRYPTO_THREADID_set_callback(crypto_threadid_cb); ++#endif ++ + #ifdef NODE_FIPS_MODE + /* Override FIPS settings in cnf file, if needed. */ + unsigned long err = 0; // NOLINT(runtime/int) +diff --git a/src/node_crypto.h b/src/node_crypto.h +index b64a8c2..2e6042f 100644 +--- a/src/node_crypto.h ++++ b/src/node_crypto.h +@@ -44,8 +44,10 @@ + #endif // !OPENSSL_NO_ENGINE + #include + #include ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + // TODO(shigeki) Remove this after upgrading to 1.1.1 + #include ++#endif + #include + #include + #include +@@ -53,6 +55,26 @@ + #include + #include + ++// OpenSSL backport shims ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_CCM_SET_TAG ++#define EVP_MD_CTX_free EVP_MD_CTX_destroy ++#define EVP_MD_CTX_new EVP_MD_CTX_create ++ ++#define OPENSSL_EC_EXPLICIT_CURVE 0x0 ++ ++inline void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX* ctx) { EVP_CIPHER_CTX_cleanup(ctx); } ++inline void HMAC_CTX_free(HMAC_CTX* ctx) { if (ctx == nullptr) { return; } HMAC_CTX_cleanup(ctx); free(ctx); } ++inline void OPENSSL_clear_free(void* ptr, size_t len) { OPENSSL_cleanse(ptr, len); OPENSSL_free(ptr); } ++ ++inline int BN_bn2binpad(const BIGNUM* a, unsigned char *to, int tolen) { ++ if (tolen < 0) { return -1; } ++ OPENSSL_cleanse(to, tolen); ++ return BN_bn2bin(a, to); ++} ++#endif // OPENSSL_VERSION_NUMBER < 0x10100000L ++ + namespace node { + namespace crypto { + +diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js +index dc19a7b..5e94d41 100644 +--- a/test/parallel/test-crypto-authenticated.js ++++ b/test/parallel/test-crypto-authenticated.js +@@ -425,7 +425,7 @@ for (const test of TEST_CASES) { + // Test that create(De|C)ipher(iv)? throws if the mode is CCM or OCB and no + // authentication tag has been specified. + { +- for (const mode of ['ccm', 'ocb']) { ++ for (const mode of ['ccm']) { + assert.throws(() => { + crypto.createCipheriv(`aes-256-${mode}`, + 'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8', +@@ -585,7 +585,7 @@ for (const test of TEST_CASES) { + const key = Buffer.from('0123456789abcdef', 'utf8'); + const iv = Buffer.from('0123456789ab', 'utf8'); + +- for (const mode of ['gcm', 'ocb']) { ++ for (const mode of ['gcm']) { + for (const authTagLength of mode === 'gcm' ? [undefined, 8] : [8]) { + const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, { + authTagLength +diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js +index 0ffaa1c..7c567f3 100644 +--- a/test/parallel/test-crypto-keygen.js ++++ b/test/parallel/test-crypto-keygen.js +@@ -171,7 +171,7 @@ function convertDERToPEM(label, der) { + // Since the private key is encrypted, signing shouldn't work anymore. + assert.throws(() => { + testSignVerify(publicKey, privateKey); +- }, /bad decrypt|asn1 encoding routines/); ++ }, /bad decrypt|bad password read|asn1 encoding routines/); + + const key = { key: privateKey, passphrase: 'secret' }; + testEncryptDecrypt(publicKey, key); +@@ -209,7 +209,7 @@ function convertDERToPEM(label, der) { + // Since the private key is encrypted, signing shouldn't work anymore. + assert.throws(() => { + testSignVerify(publicKey, privateKey); +- }, /bad decrypt|asn1 encoding routines/); ++ }, /bad decrypt|bad password read|asn1 encoding routines/); + + // Signing should work with the correct password. + testSignVerify(publicKey, { +@@ -269,7 +269,7 @@ function convertDERToPEM(label, der) { + // Since the private key is encrypted, signing shouldn't work anymore. + assert.throws(() => { + testSignVerify(publicKey, privateKey); +- }, /bad decrypt|asn1 encoding routines/); ++ }, /bad decrypt|bad password read|asn1 encoding routines/); + + testSignVerify(publicKey, { key: privateKey, passphrase: 'secret' }); + })); +@@ -302,7 +302,7 @@ function convertDERToPEM(label, der) { + // Since the private key is encrypted, signing shouldn't work anymore. + assert.throws(() => { + testSignVerify(publicKey, privateKey); +- }, /bad decrypt|asn1 encoding routines/); ++ }, /bad decrypt|bad password read|asn1 encoding routines/); + + testSignVerify(publicKey, { + key: privateKey, +diff --git a/test/parallel/test-crypto-pbkdf2.js b/test/parallel/test-crypto-pbkdf2.js +index 0f5d461..8701d10 100644 +--- a/test/parallel/test-crypto-pbkdf2.js ++++ b/test/parallel/test-crypto-pbkdf2.js +@@ -216,21 +216,3 @@ crypto.pbkdf2Sync(new Float32Array(10), 'salt', 8, 8, 'sha256'); + crypto.pbkdf2Sync('pass', new Float32Array(10), 8, 8, 'sha256'); + crypto.pbkdf2Sync(new Float64Array(10), 'salt', 8, 8, 'sha256'); + crypto.pbkdf2Sync('pass', new Float64Array(10), 8, 8, 'sha256'); +- +-assert.throws( +- () => crypto.pbkdf2('pass', 'salt', 8, 8, 'md55', common.mustNotCall()), +- { +- code: 'ERR_CRYPTO_INVALID_DIGEST', +- name: 'TypeError [ERR_CRYPTO_INVALID_DIGEST]', +- message: 'Invalid digest: md55' +- } +-); +- +-assert.throws( +- () => crypto.pbkdf2Sync('pass', 'salt', 8, 8, 'md55'), +- { +- code: 'ERR_CRYPTO_INVALID_DIGEST', +- name: 'TypeError [ERR_CRYPTO_INVALID_DIGEST]', +- message: 'Invalid digest: md55' +- } +-); +diff --git a/test/parallel/test-tls-client-getephemeralkeyinfo.js b/test/parallel/test-tls-client-getephemeralkeyinfo.js +index a5db18a..277d36c 100644 +--- a/test/parallel/test-tls-client-getephemeralkeyinfo.js ++++ b/test/parallel/test-tls-client-getephemeralkeyinfo.js +@@ -55,4 +55,3 @@ test(1024, 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256'); + test(2048, 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256'); + test(256, 'ECDH', 'prime256v1', 'ECDHE-RSA-AES128-GCM-SHA256'); + test(521, 'ECDH', 'secp521r1', 'ECDHE-RSA-AES128-GCM-SHA256'); +-test(253, 'ECDH', 'X25519', 'ECDHE-RSA-AES128-GCM-SHA256'); +diff --git a/test/parallel/test-tls-passphrase.js b/test/parallel/test-tls-passphrase.js +index 6ed19c7..b183309 100644 +--- a/test/parallel/test-tls-passphrase.js ++++ b/test/parallel/test-tls-passphrase.js +@@ -221,7 +221,7 @@ server.listen(0, common.mustCall(function() { + }, common.mustCall()); + })).unref(); + +-const errMessagePassword = /bad decrypt/; ++const errMessagePassword = /bad password read/; + + // Missing passphrase + assert.throws(function() { +-- +2.21.0 + diff --git a/SOURCES/0002-Remove-OpenSSL-1.0.2-features.patch b/SOURCES/0002-Remove-OpenSSL-1.0.2-features.patch deleted file mode 100644 index 7e120ec..0000000 --- a/SOURCES/0002-Remove-OpenSSL-1.0.2-features.patch +++ /dev/null @@ -1,642 +0,0 @@ -From 356ece933457ff7216658236ec5cf05f906e8f69 Mon Sep 17 00:00:00 2001 -From: Your Name -Date: Fri, 14 Sep 2018 13:39:05 +0000 -Subject: [PATCH 2/2] Remove OpenSSL 1.0.2 features - ---- - src/node_crypto.cc | 150 ++++++++++++++++++++--------- - src/node_crypto.h | 28 ++++-- - test/parallel/test-crypto-authenticated.js | 6 +- - 3 files changed, 128 insertions(+), 56 deletions(-) - -diff --git a/src/node_crypto.cc b/src/node_crypto.cc -index 7bdb1b1..6111e2e 100644 ---- a/src/node_crypto.cc -+++ b/src/node_crypto.cc -@@ -1077,8 +1077,8 @@ void SecureContext::SetECDHCurve(const FunctionCallbackInfo& args) { - node::Utf8Value curve(env->isolate(), args[0]); - - #if OPENSSL_VERSION_NUMBER < 0x10100000L -- SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE); -- SSL_CTX_set_ecdh_auto(sc->ctx_, 1); -+ SSL_CTX_set_options(sc->ctx_.get(), SSL_OP_SINGLE_ECDH_USE); -+ SSL_CTX_set_ecdh_auto(sc->ctx_.get(), 1); - #endif - - if (strcmp(*curve, "auto") == 0) -@@ -1340,7 +1340,7 @@ void SecureContext::GetTicketKeys(const FunctionCallbackInfo& args) { - memcpy(Buffer::Data(buff) + 16, wrap->ticket_key_hmac_, 16); - memcpy(Buffer::Data(buff) + 32, wrap->ticket_key_aes_, 16); - #else -- if (SSL_CTX_get_tlsext_ticket_keys(wrap->ctx_, -+ if (SSL_CTX_get_tlsext_ticket_keys(wrap->ctx_.get(), - Buffer::Data(buff), - Buffer::Length(buff)) != 1) { - return wrap->env()->ThrowError("Failed to fetch tls ticket keys"); -@@ -1374,7 +1374,7 @@ void SecureContext::SetTicketKeys(const FunctionCallbackInfo& args) { - memcpy(wrap->ticket_key_hmac_, Buffer::Data(args[0]) + 16, 16); - memcpy(wrap->ticket_key_aes_, Buffer::Data(args[0]) + 32, 16); - #else -- if (SSL_CTX_set_tlsext_ticket_keys(wrap->ctx_, -+ if (SSL_CTX_set_tlsext_ticket_keys(wrap->ctx_.get(), - Buffer::Data(args[0]), - Buffer::Length(args[0])) != 1) { - return env->ThrowError("Failed to fetch tls ticket keys"); -@@ -2804,14 +2804,14 @@ void CipherBase::Init(const char* cipher_type, - iv); - CHECK_NE(key_len, 0); - -- ctx_.reset(EVP_CIPHER_CTX_new()); -+ ctx_ = EVP_CIPHER_CTX_new(); - - const int mode = EVP_CIPHER_mode(cipher); - if (mode == EVP_CIPH_WRAP_MODE) -- EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); -+ EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - - const bool encrypt = (kind_ == kCipher); -- if (1 != EVP_CipherInit_ex(ctx_.get(), cipher, nullptr, -+ if (1 != EVP_CipherInit_ex(ctx_, cipher, nullptr, - nullptr, nullptr, encrypt)) { - return ThrowCryptoError(env(), ERR_get_error(), - "Failed to initialize cipher"); -@@ -2832,9 +2832,9 @@ void CipherBase::Init(const char* cipher_type, - return; - } - -- CHECK_EQ(1, EVP_CIPHER_CTX_set_key_length(ctx_.get(), key_len)); -+ CHECK_EQ(1, EVP_CIPHER_CTX_set_key_length(ctx_, key_len)); - -- if (1 != EVP_CipherInit_ex(ctx_.get(), -+ if (1 != EVP_CipherInit_ex(ctx_, - nullptr, - nullptr, - reinterpret_cast(key), -@@ -2871,8 +2871,8 @@ void CipherBase::Init(const FunctionCallbackInfo& args) { - - static bool IsSupportedAuthenticatedMode(int mode) { - return mode == EVP_CIPH_CCM_MODE || -- mode == EVP_CIPH_GCM_MODE || -- mode == EVP_CIPH_OCB_MODE; -+ mode == EVP_CIPH_GCM_MODE; -+ // mode == EVP_CIPH_OCB_MODE; - } - - void CipherBase::InitIv(const char* cipher_type, -@@ -2906,13 +2906,13 @@ void CipherBase::InitIv(const char* cipher_type, - return env()->ThrowError("Invalid IV length"); - } - -- ctx_.reset(EVP_CIPHER_CTX_new()); -+ ctx_ = EVP_CIPHER_CTX_new(); - - if (mode == EVP_CIPH_WRAP_MODE) -- EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); -+ EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - - const bool encrypt = (kind_ == kCipher); -- if (1 != EVP_CipherInit_ex(ctx_.get(), cipher, nullptr, -+ if (1 != EVP_CipherInit_ex(ctx_, cipher, nullptr, - nullptr, nullptr, encrypt)) { - return ThrowCryptoError(env(), ERR_get_error(), - "Failed to initialize cipher"); -@@ -2924,12 +2924,13 @@ void CipherBase::InitIv(const char* cipher_type, - return; - } - -- if (!EVP_CIPHER_CTX_set_key_length(ctx_.get(), key_len)) { -- ctx_.reset(); -+ if (!EVP_CIPHER_CTX_set_key_length(ctx_, key_len)) { -+ EVP_CIPHER_CTX_free(ctx_); -+ ctx_ = nullptr; - return env()->ThrowError("Invalid key length"); - } - -- if (1 != EVP_CipherInit_ex(ctx_.get(), -+ if (1 != EVP_CipherInit_ex(ctx_, - nullptr, - nullptr, - reinterpret_cast(key), -@@ -2992,8 +2993,8 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len, - return false; - } - -- const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); -- if (mode == EVP_CIPH_CCM_MODE || mode == EVP_CIPH_OCB_MODE) { -+ const int mode = EVP_CIPHER_CTX_mode(ctx_); -+ if (mode == EVP_CIPH_CCM_MODE) { - if (auth_tag_len == kNoAuthTagLength) { - char msg[128]; - snprintf(msg, sizeof(msg), "authTagLength required for %s", cipher_type); -@@ -3010,7 +3011,8 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len, - #endif - - // Tell OpenSSL about the desired length. -- if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), EVP_CTRL_AEAD_SET_TAG, auth_tag_len, -+ if (!EVP_CIPHER_CTX_ctrl(ctx_, EVP_CTRL_CCM_SET_TAG, auth_tag_len, -+ // if (!EVP_CIPHER_CTX_ctrl(ctx_, EVP_CTRL_AEAD_SET_TAG, auth_tag_len, - nullptr)) { - env()->ThrowError("Invalid authentication tag length"); - return false; -@@ -3049,7 +3051,7 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len, - - bool CipherBase::CheckCCMMessageLength(int message_len) { - CHECK(ctx_); -- CHECK(EVP_CIPHER_CTX_mode(ctx_.get()) == EVP_CIPH_CCM_MODE); -+ CHECK(EVP_CIPHER_CTX_mode(ctx_) == EVP_CIPH_CCM_MODE); - - if (message_len > max_message_size_) { - env()->ThrowError("Message exceeds maximum size"); -@@ -3063,7 +3065,7 @@ bool CipherBase::CheckCCMMessageLength(int message_len) { - bool CipherBase::IsAuthenticatedMode() const { - // Check if this cipher operates in an AEAD mode that we support. - CHECK(ctx_); -- const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); -+ const int mode = EVP_CIPHER_CTX_mode(ctx_); - return IsSupportedAuthenticatedMode(mode); - } - -@@ -3098,7 +3100,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo& args) { - } - - unsigned int tag_len = Buffer::Length(args[0]); -- const int mode = EVP_CIPHER_CTX_mode(cipher->ctx_.get()); -+ const int mode = EVP_CIPHER_CTX_mode(cipher->ctx_); - if (mode == EVP_CIPH_GCM_MODE) { - if (cipher->auth_tag_len_ != kNoAuthTagLength && - cipher->auth_tag_len_ != tag_len) { -@@ -3114,6 +3116,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo& args) { - "Valid GCM tag lengths are 4, 8, 12, 13, 14, 15, 16.", tag_len); - ProcessEmitDeprecationWarning(cipher->env(), msg, "DEP0090"); - } -+/* - } else if (mode == EVP_CIPH_OCB_MODE) { - // At this point, the tag length is already known and must match the - // length of the given authentication tag. -@@ -3125,6 +3128,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo& args) { - "Invalid authentication tag length: %u", tag_len); - return cipher->env()->ThrowError(msg); - } -+*/ - } - - // Note: we don't use std::min() here to work around a header conflict. -@@ -3141,8 +3145,8 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo& args) { - - bool CipherBase::MaybePassAuthTagToOpenSSL() { - if (!auth_tag_set_ && auth_tag_len_ != kNoAuthTagLength) { -- if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), -- EVP_CTRL_AEAD_SET_TAG, -+ if (!EVP_CIPHER_CTX_ctrl(ctx_, -+ EVP_CTRL_CCM_SET_TAG, - auth_tag_len_, - reinterpret_cast(auth_tag_))) { - return false; -@@ -3159,7 +3163,7 @@ bool CipherBase::SetAAD(const char* data, unsigned int len, int plaintext_len) { - MarkPopErrorOnReturn mark_pop_error_on_return; - - int outlen; -- const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); -+ const int mode = EVP_CIPHER_CTX_mode(ctx_); - - // When in CCM mode, we need to set the authentication tag and the plaintext - // length in advance. -@@ -3178,11 +3182,11 @@ bool CipherBase::SetAAD(const char* data, unsigned int len, int plaintext_len) { - } - - // Specify the plaintext length. -- if (!EVP_CipherUpdate(ctx_.get(), nullptr, &outlen, nullptr, plaintext_len)) -+ if (!EVP_CipherUpdate(ctx_, nullptr, &outlen, nullptr, plaintext_len)) - return false; - } - -- return 1 == EVP_CipherUpdate(ctx_.get(), -+ return 1 == EVP_CipherUpdate(ctx_, - nullptr, - &outlen, - reinterpret_cast(data), -@@ -3212,7 +3216,7 @@ CipherBase::UpdateResult CipherBase::Update(const char* data, - return kErrorState; - MarkPopErrorOnReturn mark_pop_error_on_return; - -- const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); -+ const int mode = EVP_CIPHER_CTX_mode(ctx_); - - if (mode == EVP_CIPH_CCM_MODE) { - if (!CheckCCMMessageLength(len)) -@@ -3226,11 +3230,11 @@ CipherBase::UpdateResult CipherBase::Update(const char* data, - } - - *out_len = 0; -- int buff_len = len + EVP_CIPHER_CTX_block_size(ctx_.get()); -+ int buff_len = len + EVP_CIPHER_CTX_block_size(ctx_); - // For key wrapping algorithms, get output size by calling - // EVP_CipherUpdate() with null output. - if (kind_ == kCipher && mode == EVP_CIPH_WRAP_MODE && -- EVP_CipherUpdate(ctx_.get(), -+ EVP_CipherUpdate(ctx_, - nullptr, - &buff_len, - reinterpret_cast(data), -@@ -3239,7 +3243,7 @@ CipherBase::UpdateResult CipherBase::Update(const char* data, - } - - *out = Malloc(buff_len); -- int r = EVP_CipherUpdate(ctx_.get(), -+ int r = EVP_CipherUpdate(ctx_, - *out, - out_len, - reinterpret_cast(data), -@@ -3301,7 +3305,7 @@ bool CipherBase::SetAutoPadding(bool auto_padding) { - if (!ctx_) - return false; - MarkPopErrorOnReturn mark_pop_error_on_return; -- return EVP_CIPHER_CTX_set_padding(ctx_.get(), auto_padding); -+ return EVP_CIPHER_CTX_set_padding(ctx_, auto_padding); - } - - -@@ -3318,10 +3322,10 @@ bool CipherBase::Final(unsigned char** out, int* out_len) { - if (!ctx_) - return false; - -- const int mode = EVP_CIPHER_CTX_mode(ctx_.get()); -+ const int mode = EVP_CIPHER_CTX_mode(ctx_); - - *out = Malloc( -- static_cast(EVP_CIPHER_CTX_block_size(ctx_.get()))); -+ static_cast(EVP_CIPHER_CTX_block_size(ctx_))); - - if (kind_ == kDecipher && IsSupportedAuthenticatedMode(mode)) { - MaybePassAuthTagToOpenSSL(); -@@ -3333,7 +3337,7 @@ bool CipherBase::Final(unsigned char** out, int* out_len) { - if (kind_ == kDecipher && mode == EVP_CIPH_CCM_MODE) { - ok = !pending_auth_failed_; - } else { -- ok = EVP_CipherFinal_ex(ctx_.get(), *out, out_len) == 1; -+ ok = EVP_CipherFinal_ex(ctx_, *out, out_len) == 1; - - if (ok && kind_ == kCipher && IsAuthenticatedMode()) { - // In GCM mode, the authentication tag length can be specified in advance, -@@ -3351,7 +3355,8 @@ bool CipherBase::Final(unsigned char** out, int* out_len) { - } - } - -- ctx_.reset(); -+ EVP_CIPHER_CTX_free(ctx_); -+ ctx_ = nullptr; - - return ok; - } -@@ -3394,6 +3399,11 @@ void CipherBase::Final(const FunctionCallbackInfo& args) { - } - - -+Hmac::~Hmac() { -+ HMAC_CTX_free(ctx_); -+} -+ -+ - void Hmac::Initialize(Environment* env, v8::Local target) { - Local t = env->NewFunctionTemplate(New); - -@@ -3423,9 +3433,16 @@ void Hmac::HmacInit(const char* hash_type, const char* key, int key_len) { - if (key_len == 0) { - key = ""; - } -+/* - ctx_.reset(HMAC_CTX_new()); - if (!ctx_ || !HMAC_Init_ex(ctx_.get(), key, key_len, md, nullptr)) { - ctx_.reset(); -+*/ -+ ctx_ = HMAC_CTX_new(); -+ if (ctx_ == nullptr || -+ !HMAC_Init_ex(ctx_, key, key_len, md, nullptr)) { -+ HMAC_CTX_free(ctx_); -+ ctx_ = nullptr; - return ThrowCryptoError(env(), ERR_get_error()); - } - } -@@ -3446,7 +3463,7 @@ void Hmac::HmacInit(const FunctionCallbackInfo& args) { - bool Hmac::HmacUpdate(const char* data, int len) { - if (!ctx_) - return false; -- int r = HMAC_Update(ctx_.get(), -+ int r = HMAC_Update(ctx_, - reinterpret_cast(data), - len); - return r == 1; -@@ -3493,10 +3510,17 @@ void Hmac::HmacDigest(const FunctionCallbackInfo& args) { - unsigned char md_value[EVP_MAX_MD_SIZE]; - unsigned int md_len = 0; - -+/* - if (hmac->ctx_) { - HMAC_Final(hmac->ctx_.get(), md_value, &md_len); - hmac->ctx_.reset(); - } -+*/ -+ if (hmac->ctx_ != nullptr) { -+ HMAC_Final(hmac->ctx_, md_value, &md_len); -+ HMAC_CTX_free(hmac->ctx_); -+ hmac->ctx_ = nullptr; -+ } - - Local error; - MaybeLocal rc = -@@ -3514,6 +3538,11 @@ void Hmac::HmacDigest(const FunctionCallbackInfo& args) { - } - - -+Hash::~Hash() { -+ EVP_MD_CTX_free(mdctx_); -+} -+ -+ - void Hash::Initialize(Environment* env, v8::Local target) { - Local t = env->NewFunctionTemplate(New); - -@@ -3543,9 +3572,16 @@ bool Hash::HashInit(const char* hash_type) { - const EVP_MD* md = EVP_get_digestbyname(hash_type); - if (md == nullptr) - return false; -+/* - mdctx_.reset(EVP_MD_CTX_new()); - if (!mdctx_ || EVP_DigestInit_ex(mdctx_.get(), md, nullptr) <= 0) { - mdctx_.reset(); -+*/ -+ mdctx_ = EVP_MD_CTX_new(); -+ if (mdctx_ == nullptr || -+ EVP_DigestInit_ex(mdctx_, md, nullptr) <= 0) { -+ EVP_MD_CTX_free(mdctx_); -+ mdctx_ = nullptr; - return false; - } - finalized_ = false; -@@ -3556,7 +3592,7 @@ bool Hash::HashInit(const char* hash_type) { - bool Hash::HashUpdate(const char* data, int len) { - if (!mdctx_) - return false; -- EVP_DigestUpdate(mdctx_.get(), data, len); -+ EVP_DigestUpdate(mdctx_, data, len); - return true; - } - -@@ -3601,7 +3637,7 @@ void Hash::HashDigest(const FunctionCallbackInfo& args) { - unsigned char md_value[EVP_MAX_MD_SIZE]; - unsigned int md_len; - -- EVP_DigestFinal_ex(hash->mdctx_.get(), md_value, &md_len); -+ EVP_DigestFinal_ex(hash->mdctx_, md_value, &md_len); - hash->finalized_ = true; - - Local error; -@@ -3620,6 +3656,11 @@ void Hash::HashDigest(const FunctionCallbackInfo& args) { - } - - -+SignBase::~SignBase() { -+ EVP_MD_CTX_free(mdctx_); -+} -+ -+ - SignBase::Error SignBase::Init(const char* sign_type) { - CHECK_NULL(mdctx_); - #if OPENSSL_VERSION_NUMBER >= 0x10100000L -@@ -3634,9 +3675,16 @@ SignBase::Error SignBase::Init(const char* sign_type) { - if (md == nullptr) - return kSignUnknownDigest; - -+/* - mdctx_.reset(EVP_MD_CTX_new()); - if (!mdctx_ || !EVP_DigestInit_ex(mdctx_.get(), md, nullptr)) { - mdctx_.reset(); -+*/ -+ mdctx_ = EVP_MD_CTX_new(); -+ if (mdctx_ == nullptr || -+ !EVP_DigestInit_ex(mdctx_, md, nullptr)) { -+ EVP_MD_CTX_free(mdctx_); -+ mdctx_ = nullptr; - return kSignInit; - } - -@@ -3647,7 +3695,7 @@ SignBase::Error SignBase::Init(const char* sign_type) { - SignBase::Error SignBase::Update(const char* data, int len) { - if (mdctx_ == nullptr) - return kSignNotInitialised; -- if (!EVP_DigestUpdate(mdctx_.get(), data, len)) -+ if (!EVP_DigestUpdate(mdctx_, data, len)) - return kSignUpdate; - return kSignOk; - } -@@ -3749,7 +3797,8 @@ void Sign::SignUpdate(const FunctionCallbackInfo& args) { - sign->CheckThrow(err); - } - --static int Node_SignFinal(EVPMDPointer&& mdctx, unsigned char* md, -+// static int Node_SignFinal(EVPMDPointer&& mdctx, unsigned char* md, -+static int Node_SignFinal(EVP_MD_CTX* mdctx, unsigned char* md, - unsigned int* sig_len, - const EVPKeyPointer& pkey, int padding, - int pss_salt_len) { -@@ -3757,7 +3806,7 @@ static int Node_SignFinal(EVPMDPointer&& mdctx, unsigned char* md, - unsigned int m_len; - - *sig_len = 0; -- if (!EVP_DigestFinal_ex(mdctx.get(), m, &m_len)) -+ if (!EVP_DigestFinal_ex(mdctx, m, &m_len)) - return 0; - - size_t sltmp = static_cast(EVP_PKEY_size(pkey.get())); -@@ -3766,7 +3815,7 @@ static int Node_SignFinal(EVPMDPointer&& mdctx, unsigned char* md, - EVP_PKEY_sign_init(pkctx.get()) > 0 && - ApplyRSAOptions(pkey, pkctx.get(), padding, pss_salt_len) && - EVP_PKEY_CTX_set_signature_md(pkctx.get(), -- EVP_MD_CTX_md(mdctx.get())) > 0 && -+ EVP_MD_CTX_md(mdctx)) > 0 && - EVP_PKEY_sign(pkctx.get(), md, &sltmp, m, m_len) > 0) { - *sig_len = sltmp; - return 1; -@@ -3784,7 +3833,8 @@ SignBase::Error Sign::SignFinal(const char* key_pem, - if (!mdctx_) - return kSignNotInitialised; - -- EVPMDPointer mdctx = std::move(mdctx_); -+ // EVPMDPointer mdctx = std::move(mdctx_); -+ EVP_MD_CTX* mdctx = std::move(mdctx_); - - BIOPointer bp(BIO_new_mem_buf(const_cast(key_pem), key_pem_len)); - if (!bp) -@@ -3967,12 +4017,12 @@ SignBase::Error Verify::VerifyFinal(const char* key_pem, - unsigned int m_len; - int r = 0; - *verify_result = false; -- EVPMDPointer mdctx = std::move(mdctx_); -+ EVP_MD_CTX* mdctx = std::move(mdctx_); - - if (ParsePublicKey(&pkey, key_pem, key_pem_len) != kParsePublicOk) - return kSignPublicKey; - -- if (!EVP_DigestFinal_ex(mdctx.get(), m, &m_len)) -+ if (!EVP_DigestFinal_ex(mdctx, m, &m_len)) - return kSignPublicKey; - - EVPKeyCtxPointer pkctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); -@@ -3980,7 +4030,7 @@ SignBase::Error Verify::VerifyFinal(const char* key_pem, - EVP_PKEY_verify_init(pkctx.get()) > 0 && - ApplyRSAOptions(pkey, pkctx.get(), padding, saltlen) && - EVP_PKEY_CTX_set_signature_md(pkctx.get(), -- EVP_MD_CTX_md(mdctx.get())) > 0) { -+ EVP_MD_CTX_md(mdctx)) > 0) { - r = EVP_PKEY_verify(pkctx.get(), - reinterpret_cast(sig), - siglen, -@@ -4948,6 +4998,7 @@ inline void PBKDF2(const FunctionCallbackInfo& args) { - } - - -+/* - #ifndef OPENSSL_NO_SCRYPT - struct ScryptJob : public CryptoJob { - unsigned char* keybuf_data; -@@ -5038,6 +5089,7 @@ void Scrypt(const FunctionCallbackInfo& args) { - args.GetReturnValue().Set(job->ToResult()); - } - #endif // OPENSSL_NO_SCRYPT -+*/ - - - void GetSSLCiphers(const FunctionCallbackInfo& args) { -@@ -5478,9 +5530,11 @@ void Initialize(Local target, - PublicKeyCipher::Cipher); -+/* - #ifndef OPENSSL_NO_SCRYPT - env->SetMethod(target, "scrypt", Scrypt); - #endif // OPENSSL_NO_SCRYPT -+*/ - } - - } // namespace crypto -diff --git a/src/node_crypto.h b/src/node_crypto.h -index e850358..49eb078 100644 ---- a/src/node_crypto.h -+++ b/src/node_crypto.h -@@ -81,7 +81,7 @@ using SSLSessionPointer = DeleteFnPtr; - using SSLPointer = DeleteFnPtr; - using EVPKeyPointer = DeleteFnPtr; - using EVPKeyCtxPointer = DeleteFnPtr; --using EVPMDPointer = DeleteFnPtr; -+// using EVPMDPointer = DeleteFnPtr; - using RSAPointer = DeleteFnPtr; - using BignumPointer = DeleteFnPtr; - using NetscapeSPKIPointer = DeleteFnPtr; -@@ -347,6 +347,10 @@ class SSLWrap { - - class CipherBase : public BaseObject { - public: -+// ~CipherBase() override { -+// EVP_CIPHER_CTX_cleanup(ctx_); -+// } -+ - static void Initialize(Environment* env, v8::Local target); - - void MemoryInfo(MemoryTracker* tracker) const override { -@@ -413,7 +417,9 @@ class CipherBase : public BaseObject { - } - - private: -- DeleteFnPtr ctx_; -+ EVP_CIPHER_CTX* ctx_; -+ // DeleteFnPtr ctx_; -+ // DeleteFnPtr ctx_; - const CipherKind kind_; - bool auth_tag_set_; - unsigned int auth_tag_len_; -@@ -424,6 +430,8 @@ class CipherBase : public BaseObject { - - class Hmac : public BaseObject { - public: -+ ~Hmac() override; -+ - static void Initialize(Environment* env, v8::Local target); - - void MemoryInfo(MemoryTracker* tracker) const override { -@@ -448,11 +456,14 @@ class Hmac : public BaseObject { - } - - private: -- DeleteFnPtr ctx_; -+ // DeleteFnPtr ctx_; -+ HMAC_CTX* ctx_; - }; - - class Hash : public BaseObject { - public: -+ ~Hash() override; -+ - static void Initialize(Environment* env, v8::Local target); - - void MemoryInfo(MemoryTracker* tracker) const override { -@@ -477,7 +488,8 @@ class Hash : public BaseObject { - } - - private: -- EVPMDPointer mdctx_; -+ // EVPMDPointer mdctx_; -+ EVP_MD_CTX* mdctx_; - bool finalized_; - }; - -@@ -494,9 +506,12 @@ class SignBase : public BaseObject { - } Error; - - SignBase(Environment* env, v8::Local wrap) -- : BaseObject(env, wrap) { -+ : BaseObject(env, wrap), -+ mdctx_(nullptr) { - } - -+ ~SignBase() override; -+ - Error Init(const char* sign_type); - Error Update(const char* data, int len); - -@@ -509,7 +524,8 @@ class SignBase : public BaseObject { - protected: - void CheckThrow(Error error); - -- EVPMDPointer mdctx_; -+ // EVPMDPointer mdctx_; -+ EVP_MD_CTX* mdctx_; - }; - - class Sign : public SignBase { -diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js -index 4b2d852..cb0bc41 100644 ---- a/test/parallel/test-crypto-authenticated.js -+++ b/test/parallel/test-crypto-authenticated.js -@@ -99,7 +99,8 @@ for (const test of TEST_CASES) { - const isOCB = /^aes-(128|192|256)-ocb$/.test(test.algo); - - let options; -- if (isCCM || isOCB) -+ //if (isCCM || isOCB) -+ if (isCCM) - options = { authTagLength: test.tag.length / 2 }; - - const inputEncoding = test.plainIsHex ? 'hex' : 'ascii'; -@@ -425,7 +426,8 @@ for (const test of TEST_CASES) { - // Test that create(De|C)ipher(iv)? throws if the mode is CCM or OCB and no - // authentication tag has been specified. - { -- for (const mode of ['ccm', 'ocb']) { -+ // for (const mode of ['ccm', 'ocb']) { -+ for (const mode of ['ccm']) { - assert.throws(() => { - crypto.createCipheriv(`aes-256-${mode}`, - 'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8', --- -1.8.3.1 - diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index 233d7df..483a46c 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -19,8 +19,8 @@ # feature releases that are only supported for nine months, which is shorter # than a Fedora release lifecycle. %global nodejs_major 10 -%global nodejs_minor 10 -%global nodejs_patch 0 +%global nodejs_minor 16 +%global nodejs_patch 3 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch} %global nodejs_release 3 @@ -30,14 +30,14 @@ %global v8_major 6 %global v8_minor 8 %global v8_build 275 -%global v8_patch 30 +%global v8_patch 32 # V8 presently breaks ABI at least every x.y release while never bumping SONAME %global v8_abi %{v8_major}.%{v8_minor} %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch} # c-ares - from deps/cares/include/ares_version.h %global c_ares_major 1 -%global c_ares_minor 14 +%global c_ares_minor 15 %global c_ares_patch 0 %global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch} @@ -47,9 +47,9 @@ %global http_parser_patch 0 %global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch} -# libuv - from deps/uv/include/uv-version/h +# libuv - from deps/uv/include/uv/version.h %global libuv_major 1 -%global libuv_minor 23 +%global libuv_minor 28 %global libuv_patch 0 %global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch} @@ -63,8 +63,8 @@ # npm - from deps/npm/package.json %global npm_major 6 -%global npm_minor 4 -%global npm_patch 1 +%global npm_minor 9 +%global npm_patch 0 %global npm_version %{npm_major}.%{npm_minor}.%{npm_patch} # zlib version - from deps/zlib/CMakeLists.txt @@ -81,8 +81,8 @@ %global npm_release %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release} # Filter out the NPM bundled dependencies so we aren't providing them -%global __provides_exclude_from ^%{_prefix}/lib/node_modules/npm/.*$ -%global __requires_exclude_from ^%{_prefix}/lib/node_modules/npm/.*$ +%global __provides_exclude_from ^%{_prefix}/lib/node_modules/npm/node_modules.*$ +%global __requires_exclude_from ^%{_prefix}/lib/node_modules/npm/node_modules.*$ Name: %{?scl_prefix}nodejs @@ -104,21 +104,8 @@ Source100: %{pkg_name}-tarball.sh # nodejs-packaging SRPM. Source7: nodejs_native.attr -# Disable running gyp on bundled deps we don't use -#Patch1: 0001-Disable-running-gyp-files-for-bundled-deps.patch - -#Patch2: 0001-Fix-aarch64-debug.patch - -# npm outputs ugly err when npm ls -g -#Patch3: 0001-fix-minizlib-dependency.patch - -# Disable tests that are failing -# https://github.com/nodejs/help/issues/687 -#Patch3: 0001-Disable-failed-tests.patch - -# This is patch just for v10.1.0, we need to rebase it to later version -Patch1: 0001-Remove-OpenSSL-1.0.2-features.patch -Patch2: 0002-Remove-OpenSSL-1.0.2-features.patch +# This is patch just for v10.16.3, we need to rebase it to later version +Patch1: 0001-Remove-or-backport-OpenSSL-features.patch %{?scl:Requires: %{scl}-runtime} %{?scl:BuildRequires: %{scl}-runtime} @@ -236,380 +223,6 @@ Release: %{npm_release}%{?dist} Provides: %{?scl_prefix}npm = %{npm_version} Requires: %{?scl_prefix}nodejs = %{nodejs_version}-%{nodejs_release}%{?dist} -# Do not add epoch to the virtual NPM provides or it will break -# the automatic dependency-generation script. -Provides: %{?scl_prefix}npm(npm) = %{npm_version} - -# Shipping each npm dependency as rpm is not very handy, so we bundle it now. -# However we still need to provide them in case there is a CVE -Provides: bundled(nodejs-JSONStream) = 1.3.1 -Provides: bundled(nodejs-abbrev) = 1.1.1 -Provides: bundled(nodejs-agent-base) = 4.1.1 -Provides: bundled(nodejs-agent-base) = 4.1.2 -Provides: bundled(nodejs-agentkeepalive) = 3.3.0 -Provides: bundled(nodejs-ajv) = 5.2.3 -Provides: bundled(nodejs-ansi-align) = 2.0.0 -Provides: bundled(nodejs-ansi-regex) = 2.1.1 -Provides: bundled(nodejs-ansi-regex) = 3.0.0 -Provides: bundled(nodejs-ansi-styles) = 3.2.0 -Provides: bundled(nodejs-ansicolors) = 0.3.2 -Provides: bundled(nodejs-ansistyles) = 0.1.3 -Provides: bundled(nodejs-aproba) = 1.2.0 -Provides: bundled(nodejs-archy) = 1.0.0 -Provides: bundled(nodejs-are-we-there-yet) = 1.1.4 -Provides: bundled(nodejs-asap) = 2.0.5 -Provides: bundled(nodejs-asn1) = 0.2.3 -Provides: bundled(nodejs-assert-plus) = 1.0.0 -Provides: bundled(nodejs-asynckit) = 0.4.0 -Provides: bundled(nodejs-aws-sign2) = 0.7.0 -Provides: bundled(nodejs-aws4) = 1.6.0 -Provides: bundled(nodejs-balanced-match) = 1.0.0 -Provides: bundled(nodejs-bcrypt-pbkdf) = 1.0.1 -Provides: bundled(nodejs-bin-links) = 1.1.0 -Provides: bundled(nodejs-block-stream) = 0.0.9 -Provides: bundled(nodejs-bluebird) = 3.5.1 -Provides: bundled(nodejs-boom) = 4.3.1 -Provides: bundled(nodejs-boom) = 5.2.0 -Provides: bundled(nodejs-boxen) = 1.2.1 -Provides: bundled(nodejs-brace-expansion) = 1.1.8 -Provides: bundled(nodejs-builtin-modules) = 1.1.1 -Provides: bundled(nodejs-builtins) = 1.0.3 -Provides: bundled(nodejs-byline) = 5.0.0 -Provides: bundled(nodejs-cacache) = 10.0.1 -Provides: bundled(nodejs-cacache) = 9.3.0 -Provides: bundled(nodejs-call-limit) = 1.1.0 -Provides: bundled(nodejs-camelcase) = 4.1.0 -Provides: bundled(nodejs-capture-stack-trace) = 1.0.0 -Provides: bundled(nodejs-caseless) = 0.12.0 -Provides: bundled(nodejs-chalk) = 2.1.0 -Provides: bundled(nodejs-chownr) = 1.0.1 -Provides: bundled(nodejs-cidr-regex) = 1.0.6 -Provides: bundled(nodejs-cli-boxes) = 1.0.0 -Provides: bundled(nodejs-cli-table2) = 0.2.0 -Provides: bundled(nodejs-cliui) = 3.2.0 -Provides: bundled(nodejs-clone) = 1.0.2 -Provides: bundled(nodejs-cmd-shim) = 2.0.2 -Provides: bundled(nodejs-co) = 4.6.0 -Provides: bundled(nodejs-code-point-at) = 1.1.0 -Provides: bundled(nodejs-color-convert) = 1.9.0 -Provides: bundled(nodejs-color-name) = 1.1.3 -Provides: bundled(nodejs-colors) = 1.1.2 -Provides: bundled(nodejs-columnify) = 1.5.4 -Provides: bundled(nodejs-combined-stream) = 1.0.5 -Provides: bundled(nodejs-concat-map) = 0.0.1 -Provides: bundled(nodejs-concat-stream) = 1.6.0 -Provides: bundled(nodejs-config-chain) = 1.1.11 -Provides: bundled(nodejs-configstore) = 3.1.1 -Provides: bundled(nodejs-console-control-strings) = 1.1.0 -Provides: bundled(nodejs-copy-concurrently) = 1.0.5 -Provides: bundled(nodejs-core-util-is) = 1.0.2 -Provides: bundled(nodejs-create-error-class) = 3.0.2 -Provides: bundled(nodejs-cross-spawn) = 5.1.0 -Provides: bundled(nodejs-cryptiles) = 3.1.2 -Provides: bundled(nodejs-crypto-random-string) = 1.0.0 -Provides: bundled(nodejs-cyclist) = 0.2.2 -Provides: bundled(nodejs-dashdash) = 1.14.1 -Provides: bundled(nodejs-debug) = 2.6.9 -Provides: bundled(nodejs-debuglog) = 1.0.1 -Provides: bundled(nodejs-decamelize) = 1.2.0 -Provides: bundled(nodejs-decode-uri-component) = 0.2.0 -Provides: bundled(nodejs-deep-extend) = 0.4.2 -Provides: bundled(nodejs-defaults) = 1.0.3 -Provides: bundled(nodejs-delayed-stream) = 1.0.0 -Provides: bundled(nodejs-delegates) = 1.0.0 -Provides: bundled(nodejs-detect-indent) = 5.0.0 -Provides: bundled(nodejs-dezalgo) = 1.0.3 -Provides: bundled(nodejs-dot-prop) = 4.2.0 -Provides: bundled(nodejs-dotenv) = 4.0.0 -Provides: bundled(nodejs-duplexer3) = 0.1.4 -Provides: bundled(nodejs-duplexify) = 3.5.0 -Provides: bundled(nodejs-ecc-jsbn) = 0.1.1 -Provides: bundled(nodejs-editor) = 1.0.0 -Provides: bundled(nodejs-encoding) = 0.1.12 -Provides: bundled(nodejs-end-of-stream) = 1.0.0 -Provides: bundled(nodejs-end-of-stream) = 1.4.0 -Provides: bundled(nodejs-err-code) = 1.1.2 -Provides: bundled(nodejs-errno) = 0.1.4 -Provides: bundled(nodejs-error-ex) = 1.3.1 -Provides: bundled(nodejs-es6-promise) = 4.1.1 -Provides: bundled(nodejs-es6-promisify) = 5.0.0 -Provides: bundled(nodejs-escape-string-regexp) = 1.0.5 -Provides: bundled(nodejs-execa) = 0.7.0 -Provides: bundled(nodejs-extend) = 3.0.1 -Provides: bundled(nodejs-extsprintf) = 1.3.0 -Provides: bundled(nodejs-fast-deep-equal) = 1.0.0 -Provides: bundled(nodejs-find-npm-prefix) = 1.0.1 -Provides: bundled(nodejs-find-up) = 2.1.0 -Provides: bundled(nodejs-flush-write-stream) = 1.0.2 -Provides: bundled(nodejs-forever-agent) = 0.6.1 -Provides: bundled(nodejs-form-data) = 2.3.1 -Provides: bundled(nodejs-from2) = 1.3.0 -Provides: bundled(nodejs-from2) = 2.3.0 -Provides: bundled(nodejs-fs-vacuum) = 1.2.10 -Provides: bundled(nodejs-fs-write-stream-atomic) = 1.0.10 -Provides: bundled(nodejs-fs.realpath) = 1.0.0 -Provides: bundled(nodejs-fstream) = 1.0.11 -Provides: bundled(nodejs-gauge) = 2.7.4 -Provides: bundled(nodejs-genfun) = 4.0.1 -Provides: bundled(nodejs-gentle-fs) = 2.0.1 -Provides: bundled(nodejs-get-caller-file) = 1.0.2 -Provides: bundled(nodejs-get-stream) = 3.0.0 -Provides: bundled(nodejs-getpass) = 0.1.7 -Provides: bundled(nodejs-glob) = 7.1.2 -Provides: bundled(nodejs-global-dirs) = 0.1.0 -Provides: bundled(nodejs-got) = 6.7.1 -Provides: bundled(nodejs-graceful-fs) = 4.1.11 -Provides: bundled(nodejs-har-schema) = 2.0.0 -Provides: bundled(nodejs-har-validator) = 5.0.3 -Provides: bundled(nodejs-has-flag) = 2.0.0 -Provides: bundled(nodejs-has-unicode) = 2.0.1 -Provides: bundled(nodejs-hawk) = 6.0.2 -Provides: bundled(nodejs-hoek) = 4.2.0 -Provides: bundled(nodejs-hosted-git-info) = 2.5.0 -Provides: bundled(nodejs-http-cache-semantics) = 3.8.0 -Provides: bundled(nodejs-http-proxy-agent) = 2.0.0 -Provides: bundled(nodejs-http-signature) = 1.2.0 -Provides: bundled(nodejs-https-proxy-agent) = 2.1.0 -Provides: bundled(nodejs-humanize-ms) = 1.2.1 -Provides: bundled(nodejs-iconv-lite) = 0.4.19 -Provides: bundled(nodejs-iferr) = 0.1.5 -Provides: bundled(nodejs-ignore-walk) = 3.0.1 -Provides: bundled(nodejs-import-lazy) = 2.1.0 -Provides: bundled(nodejs-imurmurhash) = 0.1.4 -Provides: bundled(nodejs-inflight) = 1.0.6 -Provides: bundled(nodejs-inherits) = 2.0.3 -Provides: bundled(nodejs-ini) = 1.3.4 -Provides: bundled(nodejs-init-package-json) = 1.10.1 -Provides: bundled(nodejs-invert-kv) = 1.0.0 -Provides: bundled(nodejs-ip) = 1.1.5 -Provides: bundled(nodejs-is-arrayish) = 0.2.1 -Provides: bundled(nodejs-is-builtin-module) = 1.0.0 -Provides: bundled(nodejs-is-cidr) = 1.0.0 -Provides: bundled(nodejs-is-fullwidth-code-point) = 1.0.0 -Provides: bundled(nodejs-is-fullwidth-code-point) = 2.0.0 -Provides: bundled(nodejs-is-installed-globally) = 0.1.0 -Provides: bundled(nodejs-is-npm) = 1.0.0 -Provides: bundled(nodejs-is-obj) = 1.0.1 -Provides: bundled(nodejs-is-path-inside) = 1.0.0 -Provides: bundled(nodejs-is-redirect) = 1.0.0 -Provides: bundled(nodejs-is-retry-allowed) = 1.1.0 -Provides: bundled(nodejs-is-stream) = 1.1.0 -Provides: bundled(nodejs-is-typedarray) = 1.0.0 -Provides: bundled(nodejs-isarray) = 0.0.1 -Provides: bundled(nodejs-isarray) = 1.0.0 -Provides: bundled(nodejs-isexe) = 2.0.0 -Provides: bundled(nodejs-isstream) = 0.1.2 -Provides: bundled(nodejs-jsbn) = 0.1.1 -Provides: bundled(nodejs-json-parse-better-errors) = 1.0.1 -Provides: bundled(nodejs-json-schema) = 0.2.3 -Provides: bundled(nodejs-json-schema-traverse) = 0.3.1 -Provides: bundled(nodejs-json-stable-stringify) = 1.0.1 -Provides: bundled(nodejs-json-stringify-safe) = 5.0.1 -Provides: bundled(nodejs-jsonify) = 0.0.0 -Provides: bundled(nodejs-jsonparse) = 1.3.1 -Provides: bundled(nodejs-jsprim) = 1.4.1 -Provides: bundled(nodejs-latest-version) = 3.1.0 -Provides: bundled(nodejs-lazy-property) = 1.0.0 -Provides: bundled(nodejs-lcid) = 1.0.0 -Provides: bundled(nodejs-libnpx) = 9.7.1 -Provides: bundled(nodejs-load-json-file) = 2.0.0 -Provides: bundled(nodejs-locate-path) = 2.0.0 -Provides: bundled(nodejs-lockfile) = 1.0.3 -Provides: bundled(nodejs-lodash) = 3.10.1 -Provides: bundled(nodejs-lodash._baseindexof) = 3.1.0 -Provides: bundled(nodejs-lodash._baseuniq) = 4.6.0 -Provides: bundled(nodejs-lodash._bindcallback) = 3.0.1 -Provides: bundled(nodejs-lodash._cacheindexof) = 3.0.2 -Provides: bundled(nodejs-lodash._createcache) = 3.1.2 -Provides: bundled(nodejs-lodash._createset) = 4.0.3 -Provides: bundled(nodejs-lodash._getnative) = 3.9.1 -Provides: bundled(nodejs-lodash._root) = 3.0.1 -Provides: bundled(nodejs-lodash.clonedeep) = 4.5.0 -Provides: bundled(nodejs-lodash.restparam) = 3.6.1 -Provides: bundled(nodejs-lodash.union) = 4.6.0 -Provides: bundled(nodejs-lodash.uniq) = 4.5.0 -Provides: bundled(nodejs-lodash.without) = 4.4.0 -Provides: bundled(nodejs-lowercase-keys) = 1.0.0 -Provides: bundled(nodejs-lru-cache) = 4.1.1 -Provides: bundled(nodejs-make-dir) = 1.0.0 -Provides: bundled(nodejs-make-fetch-happen) = 2.5.0 -Provides: bundled(nodejs-make-fetch-happen) = 2.6.0 -Provides: bundled(nodejs-meant) = 1.0.1 -Provides: bundled(nodejs-mem) = 1.1.0 -Provides: bundled(nodejs-mime-db) = 1.30.0 -Provides: bundled(nodejs-mime-types) = 2.1.17 -Provides: bundled(nodejs-mimic-fn) = 1.1.0 -Provides: bundled(nodejs-minimatch) = 3.0.4 -Provides: bundled(nodejs-minimist) = 0.0.8 -Provides: bundled(nodejs-minimist) = 1.2.0 -Provides: bundled(nodejs-minipass) = 2.2.1 -Provides: bundled(nodejs-minizlib) = 1.0.4 -Provides: bundled(nodejs-mississippi) = 1.3.0 -Provides: bundled(nodejs-mkdirp) = 0.5.1 -Provides: bundled(nodejs-move-concurrently) = 1.0.1 -Provides: bundled(nodejs-ms) = 2.0.0 -Provides: bundled(nodejs-mute-stream) = 0.0.7 -Provides: bundled(nodejs-node-fetch-npm) = 2.0.2 -Provides: bundled(nodejs-node-gyp) = 3.6.2 -Provides: bundled(nodejs-nopt) = 3.0.6 -Provides: bundled(nodejs-nopt) = 4.0.1 -Provides: bundled(nodejs-normalize-package-data) = 2.4.0 -Provides: bundled(nodejs-npm) = 5.6.0 /root/npm/node_modules/npm -Provides: bundled(nodejs-npm-bundled) = 1.0.3 -Provides: bundled(nodejs-npm-cache-filename) = 1.0.2 -Provides: bundled(nodejs-npm-install-checks) = 3.0.0 -Provides: bundled(nodejs-npm-lifecycle) = 2.0.0 -Provides: bundled(nodejs-npm-package-arg) = 5.1.2 -Provides: bundled(nodejs-npm-package-arg) = 6.0.0 -Provides: bundled(nodejs-npm-packlist) = 1.1.10 -Provides: bundled(nodejs-npm-pick-manifest) = 2.1.0 -Provides: bundled(nodejs-npm-profile) = 2.0.5 -Provides: bundled(nodejs-npm-registry-client) = 8.5.0 -Provides: bundled(nodejs-npm-run-path) = 2.0.2 -Provides: bundled(nodejs-npm-user-validate) = 1.0.0 -Provides: bundled(nodejs-npmlog) = 4.1.2 -Provides: bundled(nodejs-number-is-nan) = 1.0.1 -Provides: bundled(nodejs-oauth-sign) = 0.8.2 -Provides: bundled(nodejs-object-assign) = 4.1.1 -Provides: bundled(nodejs-once) = 1.3.3 -Provides: bundled(nodejs-once) = 1.4.0 -Provides: bundled(nodejs-opener) = 1.4.3 -Provides: bundled(nodejs-os-homedir) = 1.0.2 -Provides: bundled(nodejs-os-locale) = 2.1.0 -Provides: bundled(nodejs-os-tmpdir) = 1.0.2 -Provides: bundled(nodejs-osenv) = 0.1.4 -Provides: bundled(nodejs-p-finally) = 1.0.0 -Provides: bundled(nodejs-p-limit) = 1.1.0 -Provides: bundled(nodejs-p-locate) = 2.0.0 -Provides: bundled(nodejs-package-json) = 4.0.1 -Provides: bundled(nodejs-pacote) = 7.0.2 -Provides: bundled(nodejs-parallel-transform) = 1.1.0 -Provides: bundled(nodejs-parse-json) = 2.2.0 -Provides: bundled(nodejs-path-exists) = 3.0.0 -Provides: bundled(nodejs-path-is-absolute) = 1.0.1 -Provides: bundled(nodejs-path-is-inside) = 1.0.2 -Provides: bundled(nodejs-path-key) = 2.0.1 -Provides: bundled(nodejs-path-type) = 2.0.0 -Provides: bundled(nodejs-performance-now) = 2.1.0 -Provides: bundled(nodejs-pify) = 2.3.0 -Provides: bundled(nodejs-prepend-http) = 1.0.4 -Provides: bundled(nodejs-process-nextick-args) = 1.0.7 -Provides: bundled(nodejs-promise-inflight) = 1.0.1 -Provides: bundled(nodejs-promise-retry) = 1.1.1 -Provides: bundled(nodejs-promzard) = 0.3.0 -Provides: bundled(nodejs-proto-list) = 1.2.4 -Provides: bundled(nodejs-protoduck) = 4.0.0 -Provides: bundled(nodejs-prr) = 0.0.0 -Provides: bundled(nodejs-pseudomap) = 1.0.2 -Provides: bundled(nodejs-pump) = 1.0.2 -Provides: bundled(nodejs-pumpify) = 1.3.5 -Provides: bundled(nodejs-punycode) = 1.4.1 -Provides: bundled(nodejs-qrcode-terminal) = 0.11.0 -Provides: bundled(nodejs-qs) = 6.5.1 -Provides: bundled(nodejs-query-string) = 5.0.1 -Provides: bundled(nodejs-qw) = 1.0.1 -Provides: bundled(nodejs-rc) = 1.2.1 -Provides: bundled(nodejs-read) = 1.0.7 -Provides: bundled(nodejs-read-cmd-shim) = 1.0.1 -Provides: bundled(nodejs-read-installed) = 4.0.3 -Provides: bundled(nodejs-read-package-json) = 2.0.12 -Provides: bundled(nodejs-read-package-tree) = 5.1.6 -Provides: bundled(nodejs-read-pkg) = 2.0.0 -Provides: bundled(nodejs-read-pkg-up) = 2.0.0 -Provides: bundled(nodejs-readable-stream) = 1.1.14 -Provides: bundled(nodejs-readable-stream) = 2.3.3 -Provides: bundled(nodejs-readdir-scoped-modules) = 1.0.2 -Provides: bundled(nodejs-registry-auth-token) = 3.3.1 -Provides: bundled(nodejs-registry-url) = 3.1.0 -Provides: bundled(nodejs-request) = 2.83.0 -Provides: bundled(nodejs-require-directory) = 2.1.1 -Provides: bundled(nodejs-require-main-filename) = 1.0.1 -Provides: bundled(nodejs-resolve-from) = 4.0.0 -Provides: bundled(nodejs-retry) = 0.10.1 -Provides: bundled(nodejs-rimraf) = 2.6.2 -Provides: bundled(nodejs-run-queue) = 1.0.3 -Provides: bundled(nodejs-safe-buffer) = 5.1.1 -Provides: bundled(nodejs-semver) = 5.3.0 -Provides: bundled(nodejs-semver) = 5.4.1 -Provides: bundled(nodejs-semver-diff) = 2.1.0 -Provides: bundled(nodejs-set-blocking) = 2.0.0 -Provides: bundled(nodejs-sha) = 2.0.1 -Provides: bundled(nodejs-shebang-command) = 1.2.0 -Provides: bundled(nodejs-shebang-regex) = 1.0.0 -Provides: bundled(nodejs-signal-exit) = 3.0.2 -Provides: bundled(nodejs-slash) = 1.0.0 -Provides: bundled(nodejs-slide) = 1.1.6 -Provides: bundled(nodejs-smart-buffer) = 1.1.15 -Provides: bundled(nodejs-sntp) = 2.0.2 -Provides: bundled(nodejs-socks) = 1.1.10 -Provides: bundled(nodejs-socks-proxy-agent) = 3.0.1 -Provides: bundled(nodejs-sorted-object) = 2.0.1 -Provides: bundled(nodejs-sorted-union-stream) = 2.1.3 -Provides: bundled(nodejs-spdx-correct) = 1.0.2 -Provides: bundled(nodejs-spdx-expression-parse) = 1.0.4 -Provides: bundled(nodejs-spdx-license-ids) = 1.2.2 -Provides: bundled(nodejs-sshpk) = 1.13.1 -Provides: bundled(nodejs-ssri) = 4.1.6 -Provides: bundled(nodejs-ssri) = 5.0.0 -Provides: bundled(nodejs-stream-each) = 1.2.0 -Provides: bundled(nodejs-stream-iterate) = 1.2.0 -Provides: bundled(nodejs-stream-shift) = 1.0.0 -Provides: bundled(nodejs-strict-uri-encode) = 1.1.0 -Provides: bundled(nodejs-string-width) = 1.0.2 -Provides: bundled(nodejs-string-width) = 2.1.1 -Provides: bundled(nodejs-string_decoder) = 0.10.31 -Provides: bundled(nodejs-string_decoder) = 1.0.3 -Provides: bundled(nodejs-stringstream) = 0.0.5 -Provides: bundled(nodejs-strip-ansi) = 3.0.1 -Provides: bundled(nodejs-strip-ansi) = 4.0.0 -Provides: bundled(nodejs-strip-bom) = 3.0.0 -Provides: bundled(nodejs-strip-eof) = 1.0.0 -Provides: bundled(nodejs-strip-json-comments) = 2.0.1 -Provides: bundled(nodejs-supports-color) = 4.4.0 -Provides: bundled(nodejs-tar) = 2.2.1 -Provides: bundled(nodejs-tar) = 4.0.2 -Provides: bundled(nodejs-term-size) = 1.2.0 -Provides: bundled(nodejs-text-table) = 0.2.0 -Provides: bundled(nodejs-through) = 2.3.8 -Provides: bundled(nodejs-through2) = 2.0.3 -Provides: bundled(nodejs-timed-out) = 4.0.1 -Provides: bundled(nodejs-tough-cookie) = 2.3.3 -Provides: bundled(nodejs-tunnel-agent) = 0.6.0 -Provides: bundled(nodejs-tweetnacl) = 0.14.5 -Provides: bundled(nodejs-typedarray) = 0.0.6 -Provides: bundled(nodejs-uid-number) = 0.0.6 -Provides: bundled(nodejs-umask) = 1.1.0 -Provides: bundled(nodejs-unique-filename) = 1.1.0 -Provides: bundled(nodejs-unique-slug) = 2.0.0 -Provides: bundled(nodejs-unique-string) = 1.0.0 -Provides: bundled(nodejs-unpipe) = 1.0.0 -Provides: bundled(nodejs-unzip-response) = 2.0.1 -Provides: bundled(nodejs-update-notifier) = 2.3.0 -Provides: bundled(nodejs-url-parse-lax) = 1.0.0 -Provides: bundled(nodejs-util-deprecate) = 1.0.2 -Provides: bundled(nodejs-util-extend) = 1.0.3 -Provides: bundled(nodejs-uuid) = 3.1.0 -Provides: bundled(nodejs-validate-npm-package-license) = 3.0.1 -Provides: bundled(nodejs-validate-npm-package-name) = 3.0.0 -Provides: bundled(nodejs-verror) = 1.10.0 -Provides: bundled(nodejs-wcwidth) = 1.0.1 -Provides: bundled(nodejs-which) = 1.3.0 -Provides: bundled(nodejs-which-module) = 2.0.0 -Provides: bundled(nodejs-wide-align) = 1.1.2 -Provides: bundled(nodejs-widest-line) = 1.0.0 -Provides: bundled(nodejs-worker-farm) = 1.5.1 -Provides: bundled(nodejs-wrap-ansi) = 2.1.0 -Provides: bundled(nodejs-wrappy) = 1.0.2 -Provides: bundled(nodejs-write-file-atomic) = 2.1.0 -Provides: bundled(nodejs-xdg-basedir) = 3.0.0 -Provides: bundled(nodejs-xtend) = 4.0.1 -Provides: bundled(nodejs-y18n) = 3.2.1 -Provides: bundled(nodejs-yallist) = 2.1.2 -Provides: bundled(nodejs-yallist) = 3.0.2 -Provides: bundled(nodejs-yargs) = 8.0.2 -Provides: bundled(nodejs-yargs-parser) = 7.0.0 - - %description -n %{?scl_prefix}npm npm is a package manager for node.js. You can use it to install and publish your node programs. It manages dependencies and does other cool stuff. @@ -625,20 +238,9 @@ The API documentation for the Node.js JavaScript runtime. %prep -%setup -q -n node-v%{nodejs_version} - -# remove bundled dependencies that we aren't building -#%patch1 -p1 - -# fix outdated minizlib modules in npm node_modules tree -#%%patch3 -p1 - -# rm -rf deps/zlib - -# OpenSSL patches -%patch1 -p1 -%patch2 -p1 - +%autosetup -p1 -n node-v%{nodejs_version} +# fix file permissions on source and header files +find deps/ -name '*.c' -o -name '*.h' -exec chmod 0644 '{}' + %build @@ -648,20 +250,18 @@ set -ex # build with debugging symbols and add defines from libuv (#892601) # Node's v8 breaks with GCC 6 because of incorrect usage of methods on # NULL objects. We need to pass -fno-delete-null-pointer-checks -export CFLAGS='%{optflags} -g \ - -D_LARGEFILE_SOURCE \ - -D_FILE_OFFSET_BITS=64 \ - -DZLIB_CONST \ - -fno-delete-null-pointer-checks' -export CXXFLAGS='%{optflags} -g \ - -D_LARGEFILE_SOURCE \ - -D_FILE_OFFSET_BITS=64 \ - -DZLIB_CONST \ - -fno-delete-null-pointer-checks' +%global node_cflags %{optflags} \ + -g \ + -D_LARGEFILE_SOURCE \ + -D_FILE_OFFSET_BITS=64 \ + -DZLIB_CONST \ + -DOPENSSL_NO_OCB \ + -DOPENSSL_NO_SCRYPT \ + -fno-delete-null-pointer-checks # Explicit new lines in C(XX)FLAGS can break naive build scripts -export CFLAGS="$(echo ${CFLAGS} | tr '\n\\' ' ')" -export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' ' ')" +%global node_cflags_oneline %(echo '%{node_cflags}'|tr -s '\\\n' ' ') +export CFLAGS='%{node_cflags_oneline}' CXXFLAGS='%{node_cflags_oneline}' %if ! 0%{?bootstrap} ./configure --prefix=%{_prefix} \ @@ -702,16 +302,6 @@ install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g # own the sitelib directory mkdir -p %{buildroot}%{_prefix}/lib/node_modules -# ensure Requires are added to every native module that match the Provides from -# the nodejs build in the buildroot -#install -Dpm0644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/fileattrs/nodejs_native.attr -#cat << EOF > %{buildroot}%{_rpmconfigdir}/nodejs_native.req -#!/bin/sh -#echo 'nodejs(abi%{nodejs_major}) >= %nodejs_abi' -#echo 'nodejs(v8-abi%{v8_major}) >= %v8_abi' -#EOF -#chmod 0755 %{buildroot}%{_rpmconfigdir}/nodejs_native.req - #install documentation mkdir -p %{buildroot}%{_pkgdocdir}/html cp -pr doc/* %{buildroot}%{_pkgdocdir}/html @@ -765,32 +355,37 @@ ln -sf %{_pkgdocdir}/npm/html %{buildroot}%{_prefix}/lib/node_modules/npm/doc %check %{?scl:scl enable %{scl} devtoolset-7 - << \EOF} set -ex -# Fail the build if the versions don't match -#%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')" -#%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8, '%{v8_version}')" -#%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')" -#%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.http_parser, '%{http_parser_version}')" - -# Ensure we have punycode and that the version matches -#%{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')" - # Ensure we have npm and that the version matches NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')" # move test that fails to directory which we do not use to run tests -#mv test/parallel/test-v8-serdes.js test/known_issues +mv test/parallel/test-v8-serdes.js test/known_issues # eslint is not included -> test always fail -#mv test/parallel/test-eslint-* test/known_issues - -#mv test/doctool/test-make-doc.js test/known_issues -#mv test/parallel/test-regress-GH-746.js test/known_issues - -#python tools/test.py --mode=release --verbose \ -#async-hooks doctool inspector message \ -#parallel pseudo-tty sequential - -#make test +mv test/parallel/test-eslint-* test/known_issues + +# Tests for unsupported OpenSSL features +mv test/parallel/test-crypto-aes-wrap.js test/known_issues/ +mv test/parallel/test-crypto-des3-wrap.js test/known_issues/ +mv test/parallel/test-crypto-pbkdf2.js test/known_issues/ +mv test/sequential/test-async-wrap-getasyncid.js test/known_issues/ + +mv test/doctool/test-make-doc.js test/known_issues + +# Only run suites that we are expected to pass +RUN_SUITES=( + abort + async-hooks + cctest + es-module + parallel + sequential +) +%ifarch ppc64le aarch64 +python2 tools/test.py "${RUN_SUITES[@]}" || : +%else +python2 tools/test.py "${RUN_SUITES[@]}" +%endif %{?scl:EOF} @@ -845,9 +440,19 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules %{buildroot}/%{_bindir}/node - %changelog +* Mon Sep 09 2019 Jan Staněk - 10.16.3-3 +- Fix file permission on source/header files + +* Fri Sep 06 2019 Jan Staněk - 10.16.3-2 +- Let RPM automatically generate NPM dependencies (rhbz#1711807) + +* Thu Aug 29 2019 Jan Staněk - 10.16.3-1 +- Rebase to version 10.16.3 +- Resolves: rhbz#1744307 rhbz#1744593 rhbz#1744732 rhbz#1744745 rhbz#1744773 rhbz#1744807 rhbz#1745090 rhbz#1745160 + * Thu Apr 04 2019 Jan Staněk - 10.10.0-3 - Rebuild with bundled zlib -- Resolves: rhbz#1696153 +- Resolves: rhbz#1677710 * Wed Oct 31 2018 Zuzana Svetlikova - 10.10.0-2 - Resolves: RHBZ#1584252