Skip to content

Commit 362d4c7

Browse files
RafaelGSSRafaelGSS
committed
deps: upgrade openssl sources to OpenSSL_1_1_1v
This updates all sources in deps/openssl/openssl by: $ git clone https://github.com/quictls/openssl $ cd openssl $ git checkout OpenSSL_1_1_1v+quic $ cd ../node/deps/openssl $ rm -rf openssl $ cp -R ../openssl openssl $ rm -rf openssl/.git* openssl/.travis* $ git add --all openssl $ git commit openssl PR-URL: nodejs#49043
1 parent 7447de2 commit 362d4c7

File tree

15,175 files changed

+21007
-17
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

15,175 files changed

+21007
-17
lines changed

deps/openssl/openssl/.gitattributes

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
*.der binary
2+
/fuzz/corpora/** binary
3+
*.pfx binary
4+
5+
# For git archive
6+
fuzz/corpora/** export-ignore
7+
Configurations/*.norelease.conf export-ignore
8+
.* export-ignore
9+
util/mktar.sh export-ignore
10+
boringssl export-ignore
11+
krb5 export-ignore
12+
pyca-cryptography export-ignore

deps/openssl/openssl/.github/PULL_REQUEST_TEMPLATE.md

+14
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
<!--
2+
Thank you for your pull request. Please review these requirements:
3+
4+
Contributors guide: https://github.com/openssl/openssl/blob/master/CONTRIBUTING
5+
6+
Other than that, provide a description above this comment if there isn't one already
7+
8+
If this fixes a github issue, make sure to have a line saying 'Fixes #XXXX' (without quotes) in the commit message.
9+
-->
10+
11+
##### Checklist
12+
<!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->
13+
- [ ] documentation is added or updated
14+
- [ ] tests are added or updated

deps/openssl/openssl/.github/workflows/README.md

+40
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
## Rationale about our design for the GitHub Actions CI
2+
3+
The balance is between the time taken and the number of jobs.
4+
We're allowed 180 concurrent jobs in total across the entire project.
5+
Currently we're running about 60 on pull_request, a few more on push and
6+
a pile per day.
7+
So three simultaneous PRs should finish quickly enough.
8+
Given that most jobs run quickly, this could scale up to 5 or 6 without
9+
problem.
10+
11+
Moving more jobs into the `pull_request` category will limit the number
12+
of parallel builds (from different PRs) we can handle.
13+
We got into quite some strife over this with our older CI hosts
14+
-- remember builds taking the best part of a day to run.
15+
We really want to avoid that again.
16+
17+
I've been trying to limit total job time per job to around 20-30 minutes
18+
(there are some longer ones I know of), with most jobs running in the
19+
sub 5 minute range.
20+
There are some longer lived CIs -- up to an hour and I try to delegate
21+
these to push or daily rather than pull_request.
22+
23+
Still, there is no hard and fast rule about what runs when or where.
24+
Make a suggestion about bettering the CIs -- Ideally I'd like the
25+
`pull_request` jobs to be the ones catching most of the problems and the
26+
push and daily being predictably boring successes.
27+
Just make an effort to rationally justify the inclusions/changes.
28+
29+
Things like the sanitiser builds, we know catch problems often.
30+
So even though they are slow they are worthwhile on `pull_request`.
31+
A lot of the daily builds are unlikely to catch much since they are
32+
checking options can be turned off and on, so they are fine not running
33+
as much.
34+
The demarkation between `pull_request` and `pull_request + push` is the
35+
difficult choice.
36+
I believe we should do all pull_request jobs as part of push too.
37+
The question is how many more should there be.
38+
39+
I don't have a good answer but I think we're converging on a practical
40+
number and we should get better as we gain experience.

deps/openssl/openssl/.github/workflows/ci.yml

+284
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,284 @@
1+
---
2+
name: GitHub CI for 1.1.1
3+
4+
on: [pull_request, push]
5+
6+
# for some reason, this does not work:
7+
# variables:
8+
# BUILDOPTS: "-j4"
9+
10+
# not implemented for v1.1.1: HARNESS_JOBS: "${HARNESS_JOBS:-4}"
11+
12+
# for some reason, this does not work:
13+
# before_script:
14+
# - make="make -s"
15+
16+
permissions:
17+
contents: read
18+
19+
jobs:
20+
check_update:
21+
runs-on: ubuntu-latest
22+
steps:
23+
- uses: actions/checkout@v3
24+
with:
25+
fetch-depth: 0
26+
- name: config
27+
run: ./config --strict-warnings && perl configdata.pm --dump
28+
- name: make build_generated
29+
run: make -s build_generated
30+
- name: make update
31+
run: make update
32+
- name: git diff
33+
run: git diff --exit-code
34+
35+
check_docs:
36+
runs-on: ubuntu-latest
37+
steps:
38+
- uses: actions/checkout@v3
39+
- name: config
40+
run: ./config --strict-warnings && perl configdata.pm --dump
41+
- name: make build_generated
42+
run: make -s build_generated
43+
- name: make doc-nits
44+
run: make doc-nits
45+
46+
# This checks that we use ANSI C language syntax and semantics.
47+
# We are not as strict with libraries, but rather adapt to what's
48+
# expected to be available in a certain version of each platform.
49+
check-ansi:
50+
runs-on: ubuntu-latest
51+
steps:
52+
- uses: actions/checkout@v3
53+
- name: config
54+
run: CPPFLAGS=-ansi ./config no-asm no-makedepend enable-buildtest-c++ --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
55+
- name: make
56+
run: make -s -j4
57+
58+
basic_gcc:
59+
runs-on: ubuntu-latest
60+
steps:
61+
- uses: actions/checkout@v3
62+
- name: config
63+
run: CC=gcc ./config --strict-warnings && perl configdata.pm --dump
64+
- name: make
65+
run: make -s -j4
66+
- name: make test
67+
run: make test
68+
69+
basic_clang:
70+
runs-on: ubuntu-latest
71+
steps:
72+
- uses: actions/checkout@v3
73+
- name: config
74+
run: CC=clang ./config --strict-warnings && perl configdata.pm --dump
75+
- name: make
76+
run: make -s -j4
77+
- name: make test
78+
run: make test
79+
80+
minimal:
81+
runs-on: ubuntu-latest
82+
steps:
83+
- uses: actions/checkout@v3
84+
- name: config
85+
run: ./config --strict-warnings no-shared no-dso no-pic no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
86+
- name: make
87+
run: make -j4 # verbose, so no -s here
88+
- name: make test
89+
run: make test
90+
91+
no-deprecated:
92+
runs-on: ubuntu-latest
93+
steps:
94+
- uses: actions/checkout@v3
95+
- name: config
96+
run: ./config --strict-warnings no-deprecated && perl configdata.pm --dump
97+
- name: make
98+
run: make -s -j4
99+
- name: make test
100+
run: make test
101+
102+
no-shared:
103+
strategy:
104+
matrix:
105+
os: [ ubuntu-latest, macos-latest ]
106+
runs-on: ${{matrix.os}}
107+
steps:
108+
- uses: actions/checkout@v3
109+
- name: config
110+
run: ./config --strict-warnings no-shared && perl configdata.pm --dump
111+
- name: make
112+
run: make -s -j4
113+
- name: make test
114+
run: make test
115+
116+
address_ub_sanitizer:
117+
runs-on: ubuntu-latest
118+
steps:
119+
- uses: actions/checkout@v3
120+
- name: config
121+
run: ./config --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
122+
- name: make
123+
run: make -s -j4
124+
- name: make test
125+
run: make test OPENSSL_TEST_RAND_ORDER=0
126+
127+
# The memory sanitizer build is temporarily disabled as in 1.1.1 we do
128+
# not support running tests in parallel and this build configuration
129+
# requires more than 3h to run all tests sequentially.
130+
# memory_sanitizer:
131+
# runs-on: ubuntu-latest
132+
# steps:
133+
# - uses: actions/checkout@v3
134+
# - name: config
135+
# # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
136+
# run: CC=clang ./config --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump
137+
# - name: make
138+
# run: make -s -j4
139+
# - name: make test
140+
# run: make test
141+
142+
threads_sanitizer:
143+
runs-on: ubuntu-latest
144+
steps:
145+
- uses: actions/checkout@v3
146+
- name: config
147+
run: CC=clang ./config --strict-warnings -fsanitize=thread && perl configdata.pm --dump
148+
- name: make
149+
run: make -s -j4
150+
- name: make test
151+
run: make TESTS=test_threads test
152+
153+
enable_non-default_options:
154+
runs-on: ubuntu-latest
155+
steps:
156+
- uses: actions/checkout@v3
157+
- name: config
158+
run: ./config --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd && perl configdata.pm --dump
159+
- name: make
160+
run: make -s -j4
161+
- name: make test
162+
run: make test
163+
164+
legacy:
165+
runs-on: ubuntu-latest
166+
steps:
167+
- uses: actions/checkout@v3
168+
- name: config
169+
run: ./config -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump
170+
- name: make
171+
run: make -s -j4
172+
- name: make test
173+
run: make test
174+
175+
buildtest:
176+
runs-on: ubuntu-latest
177+
steps:
178+
- uses: actions/checkout@v3
179+
- name: config
180+
run: ./config no-asm no-makedepend enable-buildtest-c++ --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
181+
- name: make
182+
run: make -s -j4
183+
- name: make test
184+
run: make test
185+
186+
out-of-tree_build:
187+
runs-on: ubuntu-latest
188+
steps:
189+
- uses: actions/checkout@v3
190+
- name: setup build dir
191+
run: |
192+
set -eux
193+
mkdir -p ${myblddir:=../_build/nest/a/little/more}
194+
echo "mysrcdir=$(realpath .)" | tee -a $GITHUB_ENV
195+
echo "myblddir=$(realpath $myblddir)" | tee -a $GITHUB_ENV
196+
- name: config
197+
run: set -eux ; cd ${{ env.myblddir }} && ${{ env.mysrcdir }}/config --strict-warnings && perl configdata.pm --dump
198+
- name: make build_generated
199+
run: set -eux; cd ${{ env.myblddir }} && make -s build_generated
200+
- name: make update
201+
run: set -eux; cd ${{ env.myblddir }} && make update
202+
- name: make
203+
run: set -eux; cd ${{ env.myblddir }} && make -s -j4
204+
- name: make test (minimal subset)
205+
run: set -eux; cd ${{ env.myblddir }} && make test TESTS='0[0-9]'
206+
207+
out-of-source-and-install:
208+
strategy:
209+
matrix:
210+
os: [ubuntu-latest, macos-latest ]
211+
runs-on: ${{matrix.os}}
212+
steps:
213+
- uses: actions/checkout@v3
214+
- name: extra preparations
215+
run: |
216+
mkdir ./build
217+
mkdir ./install_dir
218+
- name: config
219+
run: ../config --strict-warnings --prefix=$(cd ../install_dir; pwd) && perl configdata.pm --dump
220+
working-directory: ./build
221+
- name: make
222+
run: make -s -j4
223+
working-directory: ./build
224+
- name: make test
225+
run: make test
226+
working-directory: ./build
227+
- name: make install
228+
run: make install
229+
working-directory: ./build
230+
231+
external-tests:
232+
runs-on: ubuntu-latest
233+
steps:
234+
- uses: actions/checkout@v3
235+
with:
236+
submodules: recursive
237+
- name: package installs
238+
run: |
239+
sudo apt-get update
240+
sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy
241+
- name: install cpanm and Test2::V0 for gost_engine testing
242+
uses: perl-actions/install-with-cpanm@v1
243+
with:
244+
install: Test2::V0
245+
- name: setup hostname workaround
246+
run: sudo hostname localhost
247+
- name: config
248+
run: ./config --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests && perl configdata.pm --dump
249+
- name: make
250+
run: make -s -j4
251+
- name: test external gost-engine
252+
run: make test TESTS="test_external_gost_engine" VERBOSE=1
253+
# krb5 testing temporarily disabled due to failures to be investigated separately
254+
# - name: test external krb5
255+
# run: make test TESTS="test_external_krb5" VERBOSE=1
256+
257+
external-test-pyca:
258+
runs-on: ubuntu-latest
259+
strategy:
260+
matrix:
261+
RUST:
262+
- 1.51.0
263+
PYTHON:
264+
- 3.9
265+
steps:
266+
- uses: actions/checkout@v3
267+
with:
268+
submodules: recursive
269+
- name: Configure OpenSSL
270+
run: ./config --strict-warnings --debug enable-external-tests && perl configdata.pm --dump
271+
- name: make
272+
run: make -s -j4
273+
- name: Setup Python
274+
uses: actions/[email protected]
275+
with:
276+
python-version: ${{ matrix.PYTHON }}
277+
- uses: actions-rs/toolchain@v1
278+
with:
279+
profile: minimal
280+
toolchain: ${{ matrix.RUST }}
281+
override: true
282+
default: true
283+
- name: test external pyca
284+
run: make test TESTS="test_external_pyca" VERBOSE=1

0 commit comments

Comments
 (0)