This pull request updates the OpenSSL version that is statically
linked with Node.js from OpenSSl 1.1.1 to quictls OpenSSL 3.0.0+quic.
This pull request will replace the OpenSSL version that is currently
in the deps directory and when performing a normal build
OpenSSL 3.0+quic will be statically linked to the Node.js executable.
We will still be able to dynamically link to OpenSSL 1.1.1 and we have
a CI job which dynamically links to OpenSSL 1.1.1 which is run for
every pull request to make sure that we maintain backward compatibility.
PR-URL: https://github.com/nodejs/node/pull/38512
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Currently there are a number of deprecation warnings generated when
linking with OpenSSL 3.0, for example:
In file included from ../src/crypto/crypto_scrypt.h:6,
from ../src/crypto/crypto_scrypt.cc:1:
../src/crypto/crypto_util.h:64:37: warning:
‘void RSA_free(RSA*)’ is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
64 | using RSAPointer = DeleteFnPtr<RSA, RSA_free>;
The reason for this is that I had placed the macro OPENSSL_API_COMPAT
inside of the node_shared_openssl="false" clause, but that was a
mistake and this macro should have gone into the else clause instead.
PR-URL: https://github.com/nodejs/node/pull/38126
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reintroduces the ngtcp2 and nghttp3 dependencies, building those by
default if the vendored-in openssl (with QUIC support) is used or the
shared openssl defines `OPENSSL_INFO_QUIC`.
Upates the version metadata to reflect whether ngtcp2 and nghttp3 are
present.
ngtcp2 as of
2381f7f7b6
nghttp3 as of
66ad30f0a8
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/37682
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
This commit enables node to dynamically link against OpenSSL 3.0.
The motivation for opening this PR even though OpenSSL 3.0 has not been
released yet is to allow a nightly CI job to be created. This will
allow us stay on top of changes required for OpenSSL 3.0, and also to
make sure that changes to node crypto do not cause issues when linking
to OpenSSL 3.0.
PR-URL: https://github.com/nodejs/node/pull/37669
Refs: https://github.com/nodejs/node/issues/29817
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
There is no reason to hide FIPS functionality behind build flags.
OpenSSL always provide the information about FIPS availability via
`FIPS_mode()` function.
This makes the user experience more consistent, because the OpenSSL
library is always queried and the `crypto.getFips()` always returns
OpenSSL settings.
Fixes#34903
PR-URL: https://github.com/nodejs/node/pull/36341
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Building Node.js with `--debug` takes a long time and generates
binaries that can be hard to work with due to their size, in
particular because debug builds of V8 are large.
Sometimes, it’s sufficient to build the Node.js parts with native
debugging options enabled. Add an option for that.
PR-URL: https://github.com/nodejs/node/pull/31644
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
`__executable_start` is provided by GNU's and LLVM's default linker
scripts, obviating the need to plug in a custom linker script.
The problem with our bespoke linker script is that it works with ld.bfd
but not ld.gold and cannot easily be ported because the latter linker
doesn't understand the `INSERT BEFORE` directive.
The /proc/self/maps scanner is updated to account for the fact that
there are a number of sections between `&__executable_start` and
the start of the .text section.
Fortunately, those sections are all mapped into the same memory segment
so we only need to look at the next line to find the start of our text
segment.
Fixes: https://github.com/nodejs/node/issues/31520
PR-URL: https://github.com/nodejs/node/pull/31547
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
When compiled with `--with-intl=small` and
`--with-icu-default-data-dir=PATH`, Node.js will use PATH as a
fallback location for the ICU data.
We will first perform an access check using fopen(PATH, 'r') to
ensure that the file is readable. If it is, we'll set the
icu_data_directory and proceed. There's a slight overhead for the
fopen() check, but it should be barely measurable.
This will be useful for Linux distribution packagers who want to
be able to ship a minimal node binary in a container image but
also be able to add on the full i18n support where needed. With
this patch, it becomes possible to ship the interpreter as
/usr/bin/node in one package for the distribution and to ship the
data files in another package (without a strict dependency
between the two). This means that users of the distribution will
not need to explicitly direct Node.js to locate the ICU data. It
also means that in environments where full internationalization is
not required, they do not need to carry the extra content (with
the associated storage costs).
Refs: https://github.com/nodejs/node/issues/3460
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/30825
Reviewed-By: Steven R Loomis <srloomis@us.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
The custom linker script is compatible with GNU ld only.
As such, providin a new expliciting option to redirect to
a different one. lld seems unable to migrate this
large section w/o segfaulting so providing only the
base address anchor for now.
PR-URL: https://github.com/nodejs/node/pull/28938
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit introduces a new configuration flag named
--openssl-is-fips which is intended to be used when linking against
an OpenSSL library that is FIPS compatible.
The motivation for this is that Red Hat Enterprise Linux 8 (RHEL8)
comes with OpenSSL 1.1.1 and includes FIPS support, and we would
like to be able to dynamically link against this version and also have
FIPS features enabled in node, like would be done when statically
linking and using the --openssl-fips flag.
The suggestion here is to introduce a new flag:
$ ./configure --help
...
--openssl-is-fips specifies that the shared OpenSSL version is FIPS
compatible
This flag could be used in combination with the shared-openssl flag:
$ ./configure --shared-openssl ---openssl-is-fips
This will enable FIPS support in node and the runtime flags will be
availalbe to enable FIPS (--enable-fips, --force-fips).
PR-URL: https://github.com/nodejs/node/pull/25412
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Run `node_js2c` and `mkssldef` as actions and not as targets makes sure
they are run only once, just before processing the rest of `node_lib`.
This helps `make` based dependency change detection be more accurate.
Add comments with tagrget names for readability.
Use `process_outputs_as_sources` for automatic inclution of outputs.
PR-URL: https://github.com/nodejs/node/pull/23156
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Remove `--debug-http2` as a compile-time feature and
make all debug statements available using `NODE_DEBUG_NATIVE=http2`
at runtime.
This probably makes the debugging-enabled case a bit slower due to
additional string concatenations, but switching to a runtime-checking
system makes debugging more flexible and can be applied more easily
to other parts of the source code as well.
PR-URL: https://github.com/nodejs/node/pull/20987
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
I mistakenly introduced user defined variables using uppercase
characters, reading the gyp documentation they state:
"Predefined variables. By convention, these are named with
CAPITAL_LETTERS. Predefined variables are set automatically by GYP"
and also "By convention, user-defined variables are named with
lowercase_letters."
This commit renames the user defined variables to lowercase to follow
the above mentioned convention.
PR-URL: https://github.com/nodejs/node/pull/16238
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
