831821bcf5
Pending OpenSSL 1.1.0i release. Refs: https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/ PR-URL: https://github.com/nodejs/node/pull/21345 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Reviewed-By: James M Snell <jasnell@gmail.com> Upstream: https://github.com/openssl/openssl/commit/0c27d793 Original commit message: Add blinding to an ECDSA signature Keegan Ryan (NCC Group) has demonstrated a side channel attack on an ECDSA signature operation. During signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order The addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. Reviewed-by: Rich Salz <rsalz@openssl.org>
This has a new binding scheme in building OpenSSL-1.1.0 library with
Node.js. OpenSSL-1.1.0 uses a new build system with Perl for various
supported platforms. See openssl/Configurations/README and
openssl/Configurations/README.design in the OpenSSL source for
details.
In order to build OpenSSL library without Perl in the build of Node.js
for various supported platforms, platform dependent files (e.g. asm
and header files ) are pre-generated and stored into the
config/archs directory.
-
config/Makefileandconfig/generate_gypi.plMakefile has supported platform list and generates and copies platform dependent files (e.g. asm files) into arch directory with
generate_gypi.pl. Platform dependent gypi files also created obtaining build information fromconfigdata.pmthat is generated withConfigurein the OpenSSL build system.For Windows,
Configuregeneratesmakefilethat is only available tonmakecommand.config/Makefile_VC-WIN32andconfig/Makefile_VC-WIN64Aare made by hand for the use of GNU make. Ifmakefilerules or targets are changed in the version up of OpenSSL, they should be also updated. -
gyp and gypi files (
openssl*.{gyp,gypi})openssl.gyphas two targets of openssl and openssl-cli referred fromnode.gyp. They include asm and no_asm gypi files with arch dependent gypi according to its build options and platforms. The gyp data which is common with asm and no_asm are stored inopenssl_common.gypi. -
header files (
config/*.{h,h.tmpl})bn_conf.h,dso_conf.handopensslconf.hare platform dependent in the OpenSSL sources. They are replaced withconfig/*.h.tmplfiles to include the file in the../../../config/and referred to each arch file that depends on asm and no-asm option.
Supported architectures for use of ASM
Here is a list of supported architectures for use of ASM in OpenSSL.
| --dest-os | --dest-cpu | OpenSSL target arch | CI |
|---|---|---|---|
| aix | ppc | aix-gcc | o |
| aix | ppc64 | aix64-gcc | o |
| linux | ia32 | linux-elf | o |
| linux | x32 | linux-x32 | - |
| linux | x64 | linux-x86_64 | o |
| linux | arm | linux-armv4 | o |
| linux | arm64 | linux-aarch64 | o |
| linux | ppc | linux-ppc | o |
| linux | ppc64 | linux-ppc64 | o |
| linux | ppc64(*1) | linux-ppc64le | o |
| linux | s390 | linux32-s390x | o |
| linux | s390x | linux64-s390x | o |
| mac | ia32 | darwin-i386-cc | - |
| mac | x64 | darwin64-x86-cc | o |
| win | ia32 | VC-WIN32 | - |
| win | x64 | VC-WIN64A | o |
| solaris | ia32 | solaris-x86-gcc | o |
| solaris | x64 | solaris64-x86_64-gcc | o |
| freebsd | ia32 | BSD-x86 | - |
| freebsd | x64 | BSD-x86_64 | o |
| openbsd | ia32 | BSD-x86 | - |
| openbsd | x64 | BSD-x86_64 | - |
| others | others | linux-elf | - |
(*1: This needs to be configured with the variable of node_byteorder: little)
These are listed in config/Makefile. Please refer config/opensslconf_asm.h for details.
Upgrading OpenSSL
Please refer config/README.md.