From 894a9dd230ed1cae54193f9dc1cd5d0600a1150b Mon Sep 17 00:00:00 2001 From: Ali Ijaz Sheikh Date: Mon, 5 Aug 2019 10:03:41 -0700 Subject: [PATCH 1/2] deps: cherry-pick c19c5a6 from openssl upstream Original commit message: Revert the DEVRANDOM_WAIT feature The DEVRANDOM_WAIT feature added a select() call to wait for the `/dev/random` device to become readable before reading from the `/dev/urandom` device. It was introduced in commit 38023b8 in order to mitigate the fact that the `/dev/urandom` device does not block until the initial seeding of the kernel CSPRNG has completed, contrary to the behaviour of the `getrandom()` system call. It turned out that this change had negative side effects on the performance which were not acceptable. After some discussion it was decided to revert this feature and leave it up to the OS resp. the platform maintainer to ensure a proper initialization during early boot time. Fixes 9078 This partially reverts commit 38023b8. Refs: https://github.com/openssl/openssl/pull/9084 Fixes: https://github.com/nodejs/node/issues/28932 PR-URL: https://github.com/nodejs/node/pull/28983 Reviewed-By: Shigeki Ohtsu Reviewed-By: Anna Henningsen Reviewed-By: Beth Griggs Reviewed-By: Ben Noordhuis Reviewed-By: Colin Ihrig --- deps/openssl/openssl/crypto/rand/rand_unix.c | 23 -------------------- deps/openssl/openssl/e_os.h | 3 --- 2 files changed, 26 deletions(-) diff --git a/deps/openssl/openssl/crypto/rand/rand_unix.c b/deps/openssl/openssl/crypto/rand/rand_unix.c index 4710dbb2d1019a..4b91903f20d69b 100644 --- a/deps/openssl/openssl/crypto/rand/rand_unix.c +++ b/deps/openssl/openssl/crypto/rand/rand_unix.c @@ -510,29 +510,6 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); { size_t i; -#ifdef DEVRANDOM_WAIT - static int wait_done = 0; - - /* - * On some implementations reading from /dev/urandom is possible - * before it is initialized. Therefore we wait for /dev/random - * to be readable to make sure /dev/urandom is initialized. - */ - if (!wait_done && bytes_needed > 0) { - int f = open(DEVRANDOM_WAIT, O_RDONLY); - - if (f >= 0) { - fd_set fds; - - FD_ZERO(&fds); - FD_SET(f, &fds); - while (select(f+1, &fds, NULL, NULL, NULL) < 0 - && errno == EINTR); - close(f); - } - wait_done = 1; - } -#endif for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); i++) { ssize_t bytes = 0; diff --git a/deps/openssl/openssl/e_os.h b/deps/openssl/openssl/e_os.h index e9ce6c9cc8b9b0..513ea2dfe47200 100644 --- a/deps/openssl/openssl/e_os.h +++ b/deps/openssl/openssl/e_os.h @@ -28,9 +28,6 @@ * default, we will try to read at least one of these files */ # define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom" -# ifdef __linux -# define DEVRANDOM_WAIT "/dev/random" -# endif # endif # if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD) /* From 47c891d3d292183f78ec87720a0e8cb441190be5 Mon Sep 17 00:00:00 2001 From: Beth Griggs Date: Tue, 6 Aug 2019 16:26:31 +0100 Subject: [PATCH 2/2] 2019-08-06, Version 10.16.2 'Dubnium' (LTS) Notable changes: This release patches a regression in the OpenSSL upgrade to 1.1.1c that causes intermittent hangs in machines that have low entropy. Refs: https://github.com/nodejs/node/issues/28932 PR-URL: https://github.com/nodejs/node/pull/29021 --- CHANGELOG.md | 3 ++- doc/changelogs/CHANGELOG_V10.md | 12 ++++++++++++ src/node_version.h | 2 +- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0d09fc92b07ed2..e3d15e48b47155 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,7 +33,8 @@ release. 12.0.0
-10.16.1
+10.16.2
+10.16.1
10.16.0
10.15.3
10.15.2
diff --git a/doc/changelogs/CHANGELOG_V10.md b/doc/changelogs/CHANGELOG_V10.md index c9107dd7299fe7..4f635b4b09cb73 100644 --- a/doc/changelogs/CHANGELOG_V10.md +++ b/doc/changelogs/CHANGELOG_V10.md @@ -10,6 +10,7 @@ +10.16.2
10.16.1
10.16.0
10.15.3
@@ -53,6 +54,17 @@ * [io.js](CHANGELOG_IOJS.md) * [Archive](CHANGELOG_ARCHIVE.md) + +## 2019-08-06, Version 10.16.2 'Dubnium' (LTS), @BethGriggs + +### Notable changes + +This release patches a [regression](https://github.com/nodejs/node/issues/28932) in the OpenSSL upgrade to 1.1.1c that causes intermittent hangs in machines that have low entropy. + +### Commits + +* [[`894a9dd230`](https://github.com/nodejs/node/commit/894a9dd230)] - **deps**: cherry-pick c19c5a6 from openssl upstream (Ali Ijaz Sheikh) [#28983](https://github.com/nodejs/node/pull/28983) + ## 2019-07-31, Version 10.16.1 'Dubnium' (LTS), @BethGriggs diff --git a/src/node_version.h b/src/node_version.h index a490faf490b17c..5885a1615036b3 100644 --- a/src/node_version.h +++ b/src/node_version.h @@ -29,7 +29,7 @@ #define NODE_VERSION_IS_LTS 1 #define NODE_VERSION_LTS_CODENAME "Dubnium" -#define NODE_VERSION_IS_RELEASE 0 +#define NODE_VERSION_IS_RELEASE 1 #ifndef NODE_STRINGIFY #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n)