Skip to content
Permalink
Branch: master
Commits on Aug 5, 2016
  1. build: windows sharedlib support

    stefanmb committed Jun 29, 2016
    Added "dll" option to vcbuild.bat
    Insure that Unix SO name is not used on Windows (i.e. produce a .dll file)
    Insure that Node and its V8 dependency link against the Visual C++ Runtime
    dynamically.
    Requires backported V8 patch, see PR 7802.
    
    Ref: #7802
    
    PR-URL: #7487
    Reviewed-By: Alexis Campailla <alexis@janeasystems.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Commits on Aug 4, 2016
  1. deps: cherry-pick 6f68f30 from v8 upstream

    stefanmb authored and mhdawson committed Jul 20, 2016
    Original commit message:
    
    [build] Add force_dynamic_crt option to build a static library with /…
    …MD on windows
    
    Adds option to build a V8 library statically, but with the options on
    windows that allows it to be subsequently included in another DLL. On
    Windows this is required for it to correclty link against the correct
    C++ runtime. Require for our Node.js shared library build.
    
    Reference:  #7487
    
    BUG=
    R=machenbach@chromium.org, michael_dawson@ca.ibm.com
    
    Committed: https://crrev.com/9cf88c1c364cf76c1e745aa63196768435e8ef5d
    Review-Url: https://codereview.chromium.org/2149963002
    Cr-Original-Commit-Position: refs/heads/master@{#37814}
    Cr-Commit-Position: refs/heads/master@{#37856}
    
    PR-URL: #7802
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Commits on Jun 28, 2016
  1. build: configure --shared

    stefanmb committed Mar 27, 2016
    Add configure flag for building a shared library that can be
    embedded in other applications (like Electron). Add flags
    --without-bundled-v8 and --without-v8-platform to control V8
    dependencies used.
    
    PR-URL: #6994
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
    Reviewed-By: Fedor Indutny <fedor@indutny.com>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Commits on May 4, 2016
  1. test: avoid test-cluster-master-* flakiness

    stefanmb committed May 2, 2016
    Removed reliance on worker exit before arbitrary timeout. Instead of failing
    the test after 200 or 1000 ms wait indefinitely for child process exit. If
    the test hangs the test harness global timeout will kick in and fail the test.
    
    Note that if the orphaned children are not reaped correctly (in the absence
    of init, e.g. Docker) the test will hang and the harness will fail it.
    
    PR-URL: #6531
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Reviewed-By: Andreas Madsen <amwebdk@gmail.com>
    Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Commits on Apr 26, 2016
  1. crypto: Read OpenSSL config before init

    stefanmb authored and jasnell committed Apr 25, 2016
    The OpenSSL configuration file allows custom crypto engines but those
    directives will not be respected if the config file is loaded after
    initializing all crypto subsystems. This patch reads the configuration
    file first.
    
    PR-URL: #6374
    Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Reviewed-By: James M Snell <jasnell@gmail.com>
Commits on Apr 15, 2016
  1. doc: add stefanmb to collaborators

    stefanmb authored and Trott committed Apr 15, 2016
    PR-URL: #6227
    Reviewed-By: Evan Lucas <evanlucas@me.com>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
    Reviewed-By: Myles Borins <myles.borins@gmail.com>
Commits on Feb 26, 2016
  1. test: fix test runner arg regression

    stefanmb authored and mhdawson committed Feb 26, 2016
    Append --node-args to existing list, don't overwrite arg list.
    
    Fixes: #5442
    PR-URL: #5446
    Reviewed-By: Ben Noorhduis <info@bnoordhuis.nl>
    Reviewed-by: Michael Dawson <michael_dawson@ca.ibm.com>
Commits on Feb 25, 2016
  1. crypto: Improve control of FIPS mode

    stefanmb authored and mhdawson committed Jan 22, 2016
    Default to FIPS off even in FIPS builds.
    Add JS API to check and control FIPS mode.
    Add command line arguments to force FIPS on/off.
    Respect OPENSSL_CONF variable and read the config.
    Add testing for new features.
    
    Fixes: #3819
    PR-URL: #5181
    Reviewed-By: Fedor Indutny <fedor@indutny.com>
    Reviewed-by: Michael Dawson <michael_dawson@ca.ibm.com>
  2. test: allow passing args to executable

    stefanmb authored and mhdawson committed Feb 23, 2016
    Add --node-args option that will pass arguments.
    
    PR-URL: #5376
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
    Reviewed-By: Rich Trott <rtrott@gmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Commits on Jan 21, 2016
  1. build: Add VARIATION variable to binary target

    stefanmb authored and jbergstroem committed Jan 11, 2016
    If the VARIATION variable is present, then make binary will produce archives
    named node-$(FULLVERSION)-$(PLATFORM)-$(ARCH)-$(VARIATION).
    
    PR-URL: #4631
    Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Rod Vagg <rod@vagg.org>
Commits on Dec 3, 2015
  1. crypto: fix native module compilation with FIPS

    stefanmb authored and Shigeki Ohtsu committed Nov 25, 2015
    Prevent OpenSSL's fipsld from being used to link native modules
    because this requires the original OpenSSL source to be
    available after Node's installation.
    
    Fixes: #3815
    PR-URL: #4023
    Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Commits on Nov 20, 2015
  1. crypto: disable crypto.createCipher in FIPS mode

    stefanmb authored and jasnell committed Nov 9, 2015
    FIPS 140-2 disallows use of MD5, which is used to derive the
    initialization vector and key for createCipher(). Modify
    all tests to expect exceptions in FIPS mode when disallowed
    API is used, or to avoid testing such API in FIPS Mode.
    
    PR-URL: #3754
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
    Reviewed-By: James M Snell <jasnell@gmail.com>
Commits on Nov 19, 2015
  1. test: skip/replace weak crypto tests in FIPS mode

    stefanmb authored and mhdawson committed Nov 10, 2015
    FIPS 140-2 does not permit the use of MD5 and RC4, skip or tests
    that use them, or substitute with stronger crypto where applicable.
    
    PR-URL: #3757
    Reviewed-By: Fedor Indutny <fedor@indutny.com>
    Reviewed-By: James Snell <jasnell@gmail.com>
    Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Commits on Nov 18, 2015
  1. test: avoid test timeouts on rpi

    stefanmb authored and jasnell committed Nov 18, 2015
    Generating 1024-bit primes on rpi test machines sometimes
    causes timeouts. Avoid this situation by using 256-bit
    primes when not running in FIPS mode.
    
    Fixes: #3881
    PR-URL: #3902
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Brian White <mscdex@mscdex.net>
    Reviewed-By: Ben Noordhuis <ben@strongloop.com>
Commits on Nov 16, 2015
  1. tls: use SHA1 for sessionIdContext

    stefanmb authored and indutny committed Nov 9, 2015
    FIPS 140-2 disallows use of MD5, which is used to derive the
    default sessionIdContext for tls.createServer().
    
    PR-URL: #3866
    Reviewed-By: Fedor Indutny <fedor@indutny.com>
    Reviewed-By: James M Snell <jasnell@gmail.com>
  2. tls: Use SHA1 for sessionIdContext in FIPS mode

    stefanmb authored and indutny committed Nov 9, 2015
    FIPS 140-2 disallows use of MD5, which is used to derive the
    default sessionIdContext for tls.createServer().
    
    PR-URL: #3755
    Reviewed-By: Fedor Indutny <fedor@indutny.com>
Commits on Nov 14, 2015
  1. test: increase crypto strength for FIPS standard

    stefanmb authored and jasnell committed Nov 10, 2015
    Use stronger crypto (larger keys, etc.) for arbitrary tests so
    they will pass in both FIPS and non-FIPS mode without altering
    the original intent of the test cases.
    
    PR-URL: #3758
    Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
    Reviewed-By: James M Snell <jasnell@gmail.com>
  2. test: add hasFipsCrypto to test/common.js

    stefanmb authored and jasnell committed Nov 12, 2015
    Utility function for tests to check if OpenSSL is using
    a FIPS verified cryptographic provider.
    
    PR-URL: #3756
    Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
    Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
    Reviewed-By: James M Snell <jasnell@gmail.com>
  3. test: add test for invalid DSA key size

    stefanmb authored and jasnell committed Nov 13, 2015
    Check that invalid DSA key sizes are rejected in FIPS mode.
    
    PR-URL: #3756
    Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
    Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
    Reviewed-By: James M Snell <jasnell@gmail.com>
  4. crypto: DSA parameter validation in FIPS mode

    stefanmb authored and jasnell committed Nov 10, 2015
    FIPS 180-4 requires specific (L,N) values. OpenSSL will crash if an
    invalid combination is used, so we must check the input sanity first.
    
    PR-URL: #3756
    Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
    Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
    Reviewed-By: James M Snell <jasnell@gmail.com>
Commits on Nov 13, 2015
  1. test: stronger crypto in test fixtures

    stefanmb authored and jasnell committed Nov 10, 2015
    Several test fixtures use use weak crypto (e.g. RC4 or MD5).
    Rgenerated the test fixtures to be compatible with FIPS mode.
    
    PR-URL: #3759
    Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Commits on Nov 12, 2015
  1. crypto: Improve error checking and reporting

    stefanmb authored and mhdawson committed Nov 9, 2015
    Added checks where necessary to prevent hard crashes and gave
    precedence to returning the OpenSSL error strings instead of generic
    error strings.
    
    PR-URL: #3753
    Reviewed-By: Fedor Indutny <fedor@indutny.com>
    Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
  2. doc: Describe FIPSDIR environment variable

    stefanmb authored and mhdawson committed Nov 6, 2015
    As per the OpenSSL User Guide, it is possible to use the FIPSDIR
    environment variable to specify a custom install path for the
    validated cryptographic module.
    
    PR-URL: #3752
    Reviewed-By: Michael Dawsson <michael_dawson@ca.ibm.com>
    Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
    Reviewed-By: Fedor Indutny <fedor@indutny.com>
Commits on Oct 28, 2015
  1. test: use port number from env in tls socket test

    stefanmb authored and bnoordhuis committed Oct 28, 2015
    Tests normally use common.PORT to allow the user to select which port
    number to listen on. Hardcoding the port number will cause parallel
    instances of the test to fail.
    
    PR-URL: #3557
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
    Reviewed-By: Fedor Indutny <fedor@indutny.com>
    Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
You can’t perform that action at this time.