Commit 2ced6fc8 authored by Jérémy Lal's avatar Jérémy Lal

Refresh patches

parent 45bae7c1
......@@ -39,7 +39,7 @@ Last-Update: 2013-03-16
fs.writeFileSync(pkgPath, `exports.string = '${expectedString}';`);
--- a/lib/module.js
+++ b/lib/module.js
@@ -630,7 +630,7 @@
@@ -697,7 +697,7 @@
} else {
prefixDir = path.resolve(process.execPath, '..', '..');
}
......
......@@ -18,7 +18,7 @@ a bundled (and older) version of libnghttp2 statically linked into
--- a/configure
+++ b/configure
@@ -182,6 +182,27 @@
@@ -193,6 +193,27 @@
dest='shared_http_parser_libpath',
help='a directory to search for the shared http_parser DLL')
......@@ -46,7 +46,7 @@ a bundled (and older) version of libnghttp2 statically linked into
shared_optgroup.add_option('--shared-libuv',
action='store_true',
dest='shared_libuv',
@@ -1360,6 +1381,7 @@
@@ -1405,6 +1426,7 @@
configure_node(output)
configure_library('zlib', output)
configure_library('http_parser', output)
......@@ -64,7 +64,7 @@ a bundled (and older) version of libnghttp2 statically linked into
'node_shared_cares%': 'false',
'node_shared_libuv%': 'false',
'node_use_openssl%': 'true',
@@ -149,8 +150,15 @@
@@ -161,8 +162,15 @@
'type': '<(node_target_type)',
'dependencies': [
......@@ -82,28 +82,17 @@ a bundled (and older) version of libnghttp2 statically linked into
],
'includes': [
@@ -161,8 +169,7 @@
@@ -172,8 +180,7 @@
'include_dirs': [
'src',
'tools/msvs/genfiles',
'deps/uv/src/ares',
- '<(SHARED_INTERMEDIATE_DIR)', # for node_natives.h
- 'deps/nghttp2/lib/includes'
+ '<(SHARED_INTERMEDIATE_DIR)' # for node_natives.h
],
'sources': [
@@ -275,9 +282,7 @@
'NODE_PLATFORM="<(OS)"',
'NODE_WANT_INTERNALS=1',
# Warn when using deprecated V8 APIs.
- 'V8_DEPRECATION_WARNINGS=1',
- # We're using the nghttp2 static lib
- 'NGHTTP2_STATICLIB'
+ 'V8_DEPRECATION_WARNINGS=1'
],
},
{
@@ -687,6 +692,15 @@
@@ -705,6 +712,15 @@
'deps/http_parser/http_parser.gyp:http_parser'
]
}],
......@@ -121,7 +110,7 @@ a bundled (and older) version of libnghttp2 statically linked into
'deps/uv/uv.gyp:libuv'
--- a/node.gypi
+++ b/node.gypi
@@ -251,6 +251,10 @@
@@ -252,6 +252,10 @@
'dependencies': [ 'deps/http_parser/http_parser.gyp:http_parser' ],
}],
......
......@@ -24,7 +24,7 @@ Forwarded: not-needed
if (added) {
--- a/tools/doc/html.js
+++ b/tools/doc/html.js
@@ -434,10 +434,7 @@
@@ -495,10 +495,7 @@
}
if (tok.type !== 'heading') return;
......@@ -50,30 +50,17 @@ Forwarded: not-needed
// Sometimes we have two headings with a single
--- a/Makefile
+++ b/Makefile
@@ -491,26 +491,12 @@
# check if ./node is actually set, else use user pre-installed binary
gen-json = tools/doc/generate.js --format=json $< > $@
out/doc/api/%.json: doc/api/%.md
- @[ -e tools/doc/node_modules/js-yaml/package.json ] || \
- [ -e tools/eslint/node_modules/js-yaml/package.json ] || \
- if [ -x $(NODE) ]; then \
- cd tools/doc && ../../$(NODE) ../../$(NPM) install; \
- else \
- cd tools/doc && node ../../$(NPM) install; \
- fi
[ -x $(NODE) ] && $(NODE) $(gen-json) || node $(gen-json)
# check if ./node is actually set, else use user pre-installed binary
gen-html = tools/doc/generate.js --node-version=$(FULLVERSION) --format=html \
@@ -560,13 +560,6 @@
--template=doc/template.html --analytics=$(DOCS_ANALYTICS) $< > $@
out/doc/api/%.html: doc/api/%.md
- @[ -e tools/doc/node_modules/js-yaml/package.json ] || \
gen-doc = \
- [ -e tools/doc/node_modules/js-yaml/package.json ] || \
- [ -e tools/eslint/node_modules/js-yaml/package.json ] || \
- if [ -x $(NODE) ]; then \
- cd tools/doc && ../../$(NODE) ../../$(NPM) install; \
- else \
- cd tools/doc && node ../../$(NPM) install; \
- fi
[ -x $(NODE) ] && $(NODE) $(gen-html) || node $(gen-html)
- fi;\
[ -x $(NODE) ] && $(NODE) $(1) || node $(1)
docopen: $(apidocs_html)
out/doc/api/%.json: doc/api/%.md
......@@ -17,7 +17,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/test/parallel/test-crypto.js
+++ b/test/parallel/test-crypto.js
@@ -101,12 +101,12 @@
@@ -129,12 +129,12 @@
assert(tlsCiphers.every((value) => noCapitals.test(value)));
validateList(tlsCiphers);
......
......@@ -16,7 +16,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -616,7 +616,6 @@
@@ -667,7 +667,6 @@
x = PEM_read_bio_X509_AUX(in, nullptr, NoPasswordCallback, nullptr);
if (x == nullptr) {
......@@ -24,7 +24,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
return 0;
}
@@ -627,7 +626,6 @@
@@ -678,7 +677,6 @@
// Read extra certs
STACK_OF(X509)* extra_certs = sk_X509_new_null();
if (extra_certs == nullptr) {
......
......@@ -17,7 +17,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -3415,7 +3415,7 @@
@@ -3457,7 +3457,7 @@
}
#endif // NODE_FIPS_MODE
......@@ -26,7 +26,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
const EVP_CIPHER* const cipher = EVP_get_cipherbyname(cipher_type);
if (cipher == nullptr) {
return env()->ThrowError("Unknown cipher");
@@ -3433,21 +3433,20 @@
@@ -3475,11 +3475,11 @@
key,
iv);
......@@ -34,14 +34,23 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
+ ctx_ = EVP_CIPHER_CTX_new();
const bool encrypt = (kind_ == kCipher);
- EVP_CipherInit_ex(&ctx_, cipher, nullptr, nullptr, nullptr, encrypt);
- if (!EVP_CIPHER_CTX_set_key_length(&ctx_, key_len)) {
- EVP_CIPHER_CTX_cleanup(&ctx_);
+ EVP_CipherInit_ex(ctx_, cipher, nullptr, nullptr, nullptr, encrypt);
+ if (!EVP_CIPHER_CTX_set_key_length(ctx_, key_len)) {
+ EVP_CIPHER_CTX_free(ctx_);
return env()->ThrowError("Invalid key length");
- int mode = EVP_CIPHER_CTX_mode(&ctx_);
+ int mode = EVP_CIPHER_CTX_mode(ctx_);
if (encrypt && (mode == EVP_CIPH_CTR_MODE || mode == EVP_CIPH_GCM_MODE ||
mode == EVP_CIPH_CCM_MODE)) {
ProcessEmitWarning(env(), "Use Cipheriv for counter mode of %s",
@@ -3487,17 +3487,16 @@
}
if (mode == EVP_CIPH_WRAP_MODE)
- EVP_CIPHER_CTX_set_flags(&ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+ EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
- CHECK_EQ(1, EVP_CIPHER_CTX_set_key_length(&ctx_, key_len));
+ CHECK_EQ(1, EVP_CIPHER_CTX_set_key_length(ctx_, key_len));
- EVP_CipherInit_ex(&ctx_,
+ EVP_CipherInit_ex(ctx_,
nullptr,
......@@ -53,12 +62,17 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
}
@@ -3489,28 +3488,27 @@
@@ -3540,32 +3539,31 @@
return env()->ThrowError("Invalid IV length");
}
- EVP_CIPHER_CTX_init(&ctx_);
+ ctx_ = EVP_CIPHER_CTX_new();
if (mode == EVP_CIPH_WRAP_MODE)
- EVP_CIPHER_CTX_set_flags(&ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+ EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
const bool encrypt = (kind_ == kCipher);
- EVP_CipherInit_ex(&ctx_, cipher, nullptr, nullptr, nullptr, encrypt);
+ EVP_CipherInit_ex(ctx_, cipher, nullptr, nullptr, nullptr, encrypt);
......@@ -89,7 +103,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
}
@@ -3538,8 +3536,8 @@
@@ -3593,8 +3591,8 @@
bool CipherBase::IsAuthenticatedMode() const {
// Check if this cipher operates in an AEAD mode that we support.
......@@ -100,7 +114,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
int mode = EVP_CIPHER_mode(cipher);
return mode == EVP_CIPH_GCM_MODE;
}
@@ -3551,7 +3549,7 @@
@@ -3606,7 +3604,7 @@
ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder());
// Only callable after Final and if encrypting.
......@@ -109,7 +123,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
cipher->kind_ != kCipher ||
cipher->auth_tag_len_ == 0) {
return env->ThrowError("Attempting to get auth tag in unsupported state");
@@ -3572,7 +3570,7 @@
@@ -3627,7 +3625,7 @@
CipherBase* cipher;
ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder());
......@@ -118,7 +132,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
!cipher->IsAuthenticatedMode() ||
cipher->kind_ != kDecipher) {
return env->ThrowError("Attempting to set auth tag in unsupported state");
@@ -3590,10 +3588,10 @@
@@ -3645,10 +3643,10 @@
bool CipherBase::SetAAD(const char* data, unsigned int len) {
......@@ -131,7 +145,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
nullptr,
&outlen,
reinterpret_cast<const unsigned char*>(data),
@@ -3621,21 +3619,21 @@
@@ -3676,21 +3674,21 @@
int len,
unsigned char** out,
int* out_len) {
......@@ -157,7 +171,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
*out,
out_len,
reinterpret_cast<const unsigned char*>(data),
@@ -3683,9 +3681,9 @@
@@ -3738,9 +3736,9 @@
bool CipherBase::SetAutoPadding(bool auto_padding) {
......@@ -169,7 +183,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
}
@@ -3701,22 +3699,22 @@
@@ -3756,22 +3754,22 @@
bool CipherBase::Final(unsigned char** out, int *out_len) {
......@@ -198,7 +212,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
return r == 1;
}
@@ -3727,7 +3725,7 @@
@@ -3782,7 +3780,7 @@
CipherBase* cipher;
ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder());
......@@ -209,7 +223,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
int out_len = -1;
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -53,8 +53,6 @@
@@ -51,8 +51,6 @@
#include <openssl/rand.h>
#include <openssl/pkcs12.h>
......@@ -218,7 +232,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb)
# define NODE__HAVE_TLSEXT_STATUS_CB
#endif // !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb)
@@ -444,9 +442,7 @@
@@ -442,9 +440,7 @@
class CipherBase : public BaseObject {
public:
~CipherBase() override {
......@@ -229,7 +243,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
}
static void Initialize(Environment* env, v8::Local<v8::Object> target);
@@ -485,15 +481,14 @@
@@ -483,15 +479,14 @@
v8::Local<v8::Object> wrap,
CipherKind kind)
: BaseObject(env, wrap),
......
......@@ -15,7 +15,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -207,6 +207,9 @@
@@ -205,6 +205,9 @@
CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
return 1;
}
......@@ -25,7 +25,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
// Subject DER of CNNIC ROOT CA and CNNIC EV ROOT CA are taken from
@@ -3890,6 +3893,11 @@
@@ -3945,6 +3948,11 @@
}
......@@ -37,7 +37,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
void Hash::Initialize(Environment* env, v8::Local<v8::Object> target) {
Local<FunctionTemplate> t = env->NewFunctionTemplate(New);
@@ -3924,20 +3932,22 @@
@@ -3979,20 +3987,22 @@
const EVP_MD* md = EVP_get_digestbyname(hash_type);
if (md == nullptr)
return false;
......@@ -65,7 +65,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
return true;
}
@@ -4002,8 +4012,7 @@
@@ -4057,8 +4067,7 @@
unsigned char md_value[EVP_MAX_MD_SIZE];
unsigned int md_len;
......@@ -77,7 +77,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
Local<Value> error;
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -526,11 +526,7 @@
@@ -524,11 +524,7 @@
class Hash : public BaseObject {
public:
......@@ -90,7 +90,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
static void Initialize(Environment* env, v8::Local<v8::Object> target);
@@ -544,13 +540,13 @@
@@ -542,13 +538,13 @@
Hash(Environment* env, v8::Local<v8::Object> wrap)
: BaseObject(env, wrap),
......
......@@ -18,7 +18,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/doc/api/deprecations.md
+++ b/doc/api/deprecations.md
@@ -694,3 +694,14 @@
@@ -729,3 +729,14 @@
[alloc_unsafe_size]: buffer.html#buffer_class_method_buffer_allocunsafe_size
[from_arraybuffer]: buffer.html#buffer_class_method_buffer_from_arraybuffer_byteoffset_length
[from_string_encoding]: buffer.html#buffer_class_method_buffer_from_string_encoding
......@@ -35,7 +35,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
+
--- a/lib/_tls_common.js
+++ b/lib/_tls_common.js
@@ -55,6 +55,16 @@
@@ -54,6 +54,16 @@
exports.SecureContext = SecureContext;
......@@ -52,7 +52,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
exports.createSecureContext = function createSecureContext(options, context) {
if (!options) options = {};
@@ -115,6 +125,8 @@
@@ -114,6 +124,8 @@
c.context.setECDHCurve(tls.DEFAULT_ECDH_CURVE);
else if (options.ecdhCurve)
c.context.setECDHCurve(options.ecdhCurve);
......@@ -63,7 +63,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
const warning = c.context.setDHParam(options.dhparam);
--- a/test/parallel/test-tls-ecdh-disable.js
+++ b/test/parallel/test-tls-ecdh-disable.js
@@ -27,6 +27,11 @@
@@ -31,6 +31,11 @@
if (!common.opensslCli)
common.skip('missing openssl-cli');
......@@ -75,7 +75,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
const assert = require('assert');
const tls = require('tls');
const exec = require('child_process').exec;
@@ -39,6 +44,9 @@
@@ -42,6 +47,9 @@
ecdhCurve: false
};
......
......@@ -15,7 +15,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -4059,6 +4059,14 @@
@@ -4114,6 +4114,14 @@
SignBase::Error SignBase::Init(const char* sign_type) {
CHECK_EQ(mdctx_, nullptr);
......
......@@ -19,7 +19,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -108,7 +108,13 @@
@@ -106,7 +106,13 @@
static const int kTicketKeyIVIndex = 4;
protected:
......@@ -33,7 +33,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
@@ -222,11 +228,17 @@
@@ -220,11 +226,17 @@
protected:
typedef void (*CertCb)(void* arg);
......
......@@ -44,7 +44,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -573,12 +573,12 @@
@@ -558,12 +558,12 @@
added: v0.11.4
-->
......@@ -62,7 +62,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -2219,9 +2219,8 @@
@@ -2261,9 +2261,8 @@
Local<Object> info = Object::New(env->isolate());
const char* cipher_name = SSL_CIPHER_get_name(c);
info->Set(env->name_string(), OneByteString(args.GetIsolate(), cipher_name));
......
......@@ -31,7 +31,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -2463,20 +2463,12 @@
@@ -2505,20 +2505,12 @@
unsigned alpn_protos_len = Buffer::Length(alpn_buffer);
int status = SSL_select_next_proto(const_cast<unsigned char**>(out), outlen,
alpn_protos, alpn_protos_len, in, inlen);
......
......@@ -15,7 +15,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -188,6 +188,8 @@
@@ -186,6 +186,8 @@
return 1;
}
......@@ -24,7 +24,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
static void SSL_SESSION_get0_ticket(const SSL_SESSION* s,
const unsigned char** tick, size_t* len) {
*len = s->tlsext_ticklen;
@@ -496,12 +498,12 @@
@@ -547,12 +549,12 @@
ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
Environment* env = sc->env();
......@@ -39,7 +39,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
// are still accepted. They are OpenSSL's way of saying that all known
// protocols are supported unless explicitly disabled (which we do below
// for SSLv2 and SSLv3.)
@@ -549,7 +551,7 @@
@@ -600,7 +602,7 @@
sc->ctx_ = SSL_CTX_new(method);
SSL_CTX_set_app_data(sc->ctx_, sc);
......@@ -48,7 +48,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
// cipher list contains SSLv2 ciphers (not the default, should be rare.)
// The bundled OpenSSL doesn't have SSLv2 support but the system OpenSSL may.
// SSLv3 is disabled because it's susceptible to downgrade attacks (POODLE.)
@@ -5891,7 +5893,7 @@
@@ -5937,7 +5939,7 @@
void GetSSLCiphers(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);
......
......@@ -17,7 +17,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -4031,6 +4031,38 @@
@@ -4086,6 +4086,38 @@
}
......@@ -56,7 +56,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
void SignBase::CheckThrow(SignBase::Error error) {
HandleScope scope(env()->isolate());
@@ -4103,21 +4135,6 @@
@@ -4159,21 +4191,6 @@
}
......@@ -78,7 +78,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
void Sign::SignInit(const FunctionCallbackInfo<Value>& args) {
Sign* sign;
ASSIGN_OR_RETURN_UNWRAP(&sign, args.Holder());
@@ -4130,16 +4147,7 @@
@@ -4186,16 +4203,7 @@
THROW_AND_RETURN_IF_NOT_STRING(args[0], "Sign type");
const node::Utf8Value sign_type(args.GetIsolate(), args[0]);
......@@ -96,7 +96,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
}
@@ -4157,11 +4165,11 @@
@@ -4213,11 +4221,11 @@
StringBytes::InlineDecoder decoder;
if (!decoder.Decode(env, args[0].As<String>(), args[1], UTF8))
return;
......@@ -110,7 +110,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
}
sign->CheckThrow(err);
@@ -4215,7 +4223,7 @@
@@ -4261,7 +4269,7 @@
unsigned int* sig_len,
int padding,
int salt_len) {
......@@ -119,7 +119,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
return kSignNotInitialised;
BIO* bp = nullptr;
@@ -4260,18 +4268,17 @@
@@ -4306,18 +4314,17 @@
}
#endif // NODE_FIPS_MODE
......@@ -141,7 +141,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
if (fatal)
return kSignPrivateKey;
@@ -4346,21 +4353,6 @@
@@ -4392,21 +4399,6 @@
}
......@@ -163,7 +163,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
void Verify::VerifyInit(const FunctionCallbackInfo<Value>& args) {
Verify* verify;
ASSIGN_OR_RETURN_UNWRAP(&verify, args.Holder());
@@ -4373,18 +4365,7 @@
@@ -4419,18 +4411,7 @@
THROW_AND_RETURN_IF_NOT_STRING(args[0], "Verify type");
const node::Utf8Value verify_type(args.GetIsolate(), args[0]);
......@@ -183,7 +183,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
}
@@ -4402,11 +4383,11 @@
@@ -4448,11 +4429,11 @@
StringBytes::InlineDecoder decoder;
if (!decoder.Decode(env, args[0].As<String>(), args[1], UTF8))
return;
......@@ -197,7 +197,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
}
verify->CheckThrow(err);
@@ -4420,7 +4401,7 @@
@@ -4466,7 +4447,7 @@
int padding,
int saltlen,
bool* verify_result) {
......@@ -205,8 +205,8 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
+ if (!mdctx_)
return kSignNotInitialised;
ClearErrorOnReturn clear_error_on_return;
@@ -4467,7 +4448,7 @@
EVP_PKEY* pkey = nullptr;
@@ -4511,7 +4492,7 @@
goto exit;
}
......@@ -215,7 +215,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
goto exit;
}
@@ -4480,7 +4461,7 @@
@@ -4524,7 +4505,7 @@
goto err;
if (!ApplyRSAOptions(pkey, pkctx, padding, saltlen))
goto err;
......@@ -224,7 +224,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
goto err;
r = EVP_PKEY_verify(pkctx,
reinterpret_cast<const unsigned char*>(sig),
@@ -4499,8 +4480,8 @@
@@ -4543,8 +4524,8 @@
if (x509 != nullptr)
X509_free(x509);
......@@ -237,7 +237,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
return kSignPublicKey;
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -564,28 +564,24 @@
@@ -562,28 +562,24 @@
SignBase(Environment* env, v8::Local<v8::Object> wrap)
: BaseObject(env, wrap),
......@@ -272,7 +272,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
Error SignFinal(const char* key_pem,
int key_pem_len,
const char* passphrase,
@@ -609,8 +605,6 @@
@@ -607,8 +603,6 @@
public:
static void Initialize(Environment* env, v8::Local<v8::Object> target);
......
......@@ -16,7 +16,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -237,8 +237,6 @@
@@ -235,8 +235,6 @@
d2i_X509_NAME(nullptr, &cnnic_ev_p,
sizeof(CNNIC_EV_ROOT_CA_SUBJECT_DATA)-1);
......@@ -25,7 +25,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
static const char* const root_certs[] = {
#include "node_root_certs.h" // NOLINT(build/include_order)
};
@@ -305,6 +303,9 @@
@@ -303,6 +301,9 @@
void* arg);
#endif // TLSEXT_TYPE_application_layer_protocol_negotiation
......@@ -35,7 +35,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
static void crypto_threadid_cb(CRYPTO_THREADID* tid) {
static_assert(sizeof(uv_thread_t) <= sizeof(void*),
"uv_thread_t does not fit in a pointer");
@@ -327,6 +328,7 @@
@@ -325,6 +326,7 @@
else
mutex->Unlock();
}
......@@ -43,7 +43,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
static int PasswordCallback(char *buf, int size, int rwflag, void *u) {
@@ -6108,9 +6110,11 @@
@@ -6154,9 +6156,11 @@
SSL_library_init();
OpenSSL_add_all_algorithms();
......
......@@ -15,7 +15,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -520,19 +520,12 @@
@@ -571,19 +571,12 @@
int SSL_CTX_get_issuer(SSL_CTX* ctx, X509* cert, X509** issuer) {
......
......@@ -20,7 +20,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -116,6 +116,28 @@
@@ -114,6 +114,28 @@
using v8::Value;
......@@ -49,7 +49,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
// Subject DER of CNNIC ROOT CA and CNNIC EV ROOT CA are taken from
// https://hg.mozilla.org/mozilla-central/file/98820360ab66/security/
// certverifier/NSSCertDBTrustDomain.cpp#l672
@@ -160,11 +182,19 @@
@@ -158,11 +180,19 @@
template void SSLWrap<TLSWrap>::InitNPN(SecureContext* sc);
template void SSLWrap<TLSWrap>::SetSNIContext(SecureContext* sc);
template int SSLWrap<TLSWrap>::SetCACerts(SecureContext* sc);
......@@ -69,7 +69,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
template int SSLWrap<TLSWrap>::NewSessionCallback(SSL* s,
SSL_SESSION* sess);
template void SSLWrap<TLSWrap>::OnClientHello(
@@ -708,22 +738,6 @@
@@ -759,22 +789,6 @@
}
......@@ -92,7 +92,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
static X509_STORE* NewRootCertStore() {
static std::vector<X509*> root_certs_vector;
if (root_certs_vector.empty()) {
@@ -1176,7 +1190,7 @@
@@ -1221,7 +1235,7 @@
void SecureContext::SetFreeListLength(const FunctionCallbackInfo<Value>& args) {
......@@ -101,7 +101,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
// |freelist_max_len| was removed in OpenSSL 1.1.0. In that version OpenSSL
// mallocs and frees buffers directly, without the use of a freelist.
SecureContext* wrap;
@@ -1383,11 +1397,19 @@
@@ -1428,11 +1442,19 @@
}
......@@ -121,7 +121,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
Base* w = static_cast<Base*>(SSL_get_app_data(s));
*copy = 0;
@@ -1900,13 +1922,18 @@
@@ -1942,13 +1964,18 @@
Environment* env = w->ssl_env();
SSL_SESSION* sess = SSL_get_session(w->ssl_);
......@@ -144,7 +144,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
args.GetReturnValue().Set(buff);
}
@@ -2433,7 +2460,7 @@
@@ -2475,7 +2502,7 @@
bool ocsp = false;
#ifdef NODE__HAVE_TLSEXT_STATUS_CB
......@@ -155,7 +155,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
info->Set(env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp));
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -243,10 +243,17 @@
@@ -241,10 +241,17 @@
static void InitNPN(SecureContext* sc);
static void AddMethods(Environment* env, v8::Local<v8::FunctionTemplate> t);
......
......@@ -16,7 +16,7 @@ Reviewed-By: Rod Vagg <rod@vagg.org>
--- a/src/node_crypto_bio.cc
+++ b/src/node_crypto_bio.cc
@@ -29,24 +29,20 @@
</