diff options
| author | Daniel Bevenius <daniel.bevenius@gmail.com> | 2021-04-14 12:19:54 +0300 |
|---|---|---|
| committer | Daniel Bevenius <daniel.bevenius@gmail.com> | 2021-10-11 07:28:08 +0300 |
| commit | 66da32c045035cf2710a48773dc6f55f00e20c40 (patch) | |
| tree | 5476a5263442f875b4117c2e57d795105e63a02c /node.gyp | |
| parent | 49b7ec96a431a3e0ba0989d6b41db813aefe878a (diff) | |
deps,test,src,doc,tools: update to OpenSSL 3.0
This pull request updates the OpenSSL version that is statically
linked with Node.js from OpenSSl 1.1.1 to quictls OpenSSL 3.0.0+quic.
This pull request will replace the OpenSSL version that is currently
in the deps directory and when performing a normal build
OpenSSL 3.0+quic will be statically linked to the Node.js executable.
We will still be able to dynamically link to OpenSSL 1.1.1 and we have
a CI job which dynamically links to OpenSSL 1.1.1 which is run for
every pull request to make sure that we maintain backward compatibility.
PR-URL: https://github.com/nodejs/node/pull/38512
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Diffstat (limited to 'node.gyp')
| -rw-r--r-- | node.gyp | 78 |
1 files changed, 77 insertions, 1 deletions
@@ -342,6 +342,82 @@ '<(obj_dir)/<(node_text_start_object_path)' ] }], + + ['node_fipsinstall=="true"', { + 'variables': { + 'openssl-cli': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)openssl-cli<(EXECUTABLE_SUFFIX)', + 'provider_name': 'libopenssl-fipsmodule', + 'fipsmodule_internal': '<(obj_dir)/deps/openssl/<(provider_name).so', + 'fipsmodule': '<(obj_dir)/deps/openssl/lib/openssl-modules/fips.so', + 'fipsconfig': '<(obj_dir)/deps/openssl/fipsmodule.cnf', + 'opensslconfig_internal': '<(obj_dir)/deps/openssl/openssl.cnf', + 'opensslconfig': './deps/openssl/openssl/apps/openssl.cnf', + }, + #'dependencies': [ + #'./deps/openssl/openssl.gyp:openssl-fipsmodule' + #], + 'actions': [ + { + 'action_name': 'fipsinstall', + 'process_outputs_as_sources': 1, + 'inputs': [ + '<(fipsmodule_internal)', + ], + 'outputs': [ + '<(fipsconfig)', + ], + 'action': [ + '<(openssl-cli)', 'fipsinstall', + '-provider_name', '<(provider_name)', + '-module', '<(fipsmodule_internal)', + '-out', '<(fipsconfig)', + #'-quiet', + ], + }, + { + 'action_name': 'copy_fips_module', + 'inputs': [ + '<(fipsmodule_internal)', + ], + 'outputs': [ + '<(fipsmodule)', + ], + 'action': [ + 'python', 'tools/copyfile.py', + '<(fipsmodule_internal)', + '<(fipsmodule)', + ], + }, + { + 'action_name': 'copy_openssl_cnf_and_include_fips_cnf', + 'inputs': [ '<(opensslconfig)', ], + 'outputs': [ '<(opensslconfig_internal)', ], + 'action': [ + 'python', 'tools/enable_fips_include.py', + '<(opensslconfig)', + '<(opensslconfig_internal)', + '<(fipsconfig)', + ], + }, + ], + }, { + 'variables': { + 'opensslconfig_internal': '<(obj_dir)/deps/openssl/openssl.cnf', + 'opensslconfig': './deps/openssl/openssl/apps/openssl.cnf', + }, + 'actions': [ + { + 'action_name': 'reset_openssl_cnf', + 'inputs': [ '<(opensslconfig)', ], + 'outputs': [ '<(opensslconfig_internal)', ], + 'action': [ + 'python', 'tools/copyfile.py', + './deps/openssl/openssl/apps/openssl.cnf', + '<(obj_dir)/deps/openssl/openssl.cnf', + ], + }, + ], + }], ], }, # node_core_target_name { @@ -789,7 +865,7 @@ ], }, 'conditions': [ - ['openssl_fips!=""', { + ['openssl_is_fips!=""', { 'variables': { 'mkssldef_flags': ['-DOPENSSL_FIPS'] }, }], ], |