OpenSSL 1.1.1 support

Ported from
OpenSUSE:nodejs8-8.17.0-lp152.147.1:openssl_1_1_1.patch

Original commit message:

Backport OpenSSL 1.1.1 support, mostly be disabling TLS 1.3
Upstream commits:

commit 8dd8033
Author: Shigeki Ohtsu <[email protected]>
Date:   Wed Sep 12 17:34:24 2018 +0900

    tls: workaround handshakedone in renegotiation

    `SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called
    sending HelloRequest in OpenSSL-1.1.1.
    We need to check whether this is in a renegotiation state or not.

    Backport-PR-URL: nodejs#26270
    PR-URL: nodejs#25381
    Reviewed-By: Daniel Bevenius <[email protected]>
    Reviewed-By: Shigeki Ohtsu <[email protected]>

commit 161dca7
Author: Sam Roberts <[email protected]>
Date:   Wed Nov 28 14:11:18 2018 -0800

    tls: re-define max supported version as 1.2

    Several secureProtocol strings allow any supported TLS version as the
    maximum, but our maximum supported protocol version is TLSv1.2 even if
    someone configures a build against an OpenSSL that supports TLSv1.3.

    Fixes: nodejs#24658

    PR-URL: nodejs#25024
    Reviewed-By: Richard Lau <[email protected]>
    Reviewed-By: Ben Noordhuis <[email protected]>
    Reviewed-By: Daniel Bevenius <[email protected]>
    Reviewed-By: Colin Ihrig <[email protected]>

Partial port, remain compatible with 1.0.2:

commit 970ce14
Author: Shigeki Ohtsu <[email protected]>
Date:   Wed Mar 14 14:26:55 2018 +0900

    crypto: remove deperecated methods of TLS version

    All version-specific methods were deprecated in OpenSSL 1.1.0 and
    min/max versions explicitly need to be set.
    This still keeps comptatible with JS and OpenSSL-1.0.2 APIs for now.

    crypto, constants: add constant of OpenSSL-1.1.0

    Several constants for OpenSSL-1.1.0 engine were removed and renamed in
    OpenSSL-1.1.0. This added one renamed constant in order to have a
    compatible feature with that of OpenSSL-1.0.2.
    Other missed or new constants in OpenSSL-1.1.0 are not yet added.

    crypto,tls,constants: remove OpenSSL1.0.2 support

    This is semver-majar change so that we need not to have
    compatibilities with older versions.

    Fixes: nodejs#4270
    PR-URL: nodejs#19794
    Reviewed-By: James M Snell <[email protected]>
    Reviewed-By: Rod Vagg <[email protected]>
    Reviewed-By: Michael Dawson <[email protected]>

Signed-off-by: Su Baocheng <[email protected]>

Author: BaochengSu

src/node_constants.cc

@@ -921,6 +921,10 @@ void DefineOpenSSLConstants(Local<Object> target) {
     NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_ECDSA);
 # endif
 
+# ifdef ENGINE_METHOD_EC
+    NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_EC);
+# endif
+
 # ifdef ENGINE_METHOD_CIPHERS
     NODE_DEFINE_CONSTANT(target, ENGINE_METHOD_CIPHERS);
 # endif

src/node_crypto.cc

@@ -509,6 +509,8 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
   ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
   Environment* env = sc->env();
 
+  int min_version = 0;
+  int max_version = 0;
   const SSL_METHOD* method = TLS_method();
 
   if (args.Length() == 1 && args[0]->IsString()) {
@@ -531,29 +533,95 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
     } else if (strcmp(*sslmethod, "SSLv3_client_method") == 0) {
       return env->ThrowError("SSLv3 methods disabled");
     } else if (strcmp(*sslmethod, "SSLv23_method") == 0) {
+      #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+      method = TLS_method();
+      #else
       method = SSLv23_method();
+      #endif
     } else if (strcmp(*sslmethod, "SSLv23_server_method") == 0) {
+      #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+      method = TLS_server_method();
+      #else
       method = SSLv23_server_method();
+      #endif
     } else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) {
+      #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+      method = TLS_client_method();
+      #else
       method = SSLv23_client_method();
+      #endif
     } else if (strcmp(*sslmethod, "TLSv1_method") == 0) {
+      #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+      min_version = TLS1_VERSION;
+      max_version = TLS1_VERSION;
+      method = TLS_method();
+      #else
       method = TLSv1_method();
+      #endif
     } else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) {
+      #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+      min_version = TLS1_VERSION;
+      max_version = TLS1_VERSION;
+      method = TLS_server_method();
+      #else
       method = TLSv1_server_method();
+      #endif
     } else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) {
+      #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+      min_version = TLS1_VERSION;
+      max_version = TLS1_VERSION;
+      method = TLS_client_method();
+      #else
       method = TLSv1_client_method();
+      #endif
     } else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) {
+      #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+      min_version = TLS1_1_VERSION;
+      max_version = TLS1_1_VERSION;
+      method = TLS_method();
+      #else
       method = TLSv1_1_method();
+      #endif
     } else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) {
+      #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+      min_version = TLS1_1_VERSION;
+      max_version = TLS1_1_VERSION;
+      method = TLS_server_method();
+      #else
       method = TLSv1_1_server_method();
+      #endif
     } else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) {
+      #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+      min_version = TLS1_1_VERSION;
+      max_version = TLS1_1_VERSION;
+      method = TLS_client_method();
+      #else
       method = TLSv1_1_client_method();
+      #endif
     } else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) {
+      #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+      min_version = TLS1_2_VERSION;
+      max_version = TLS1_2_VERSION;
+      method = TLS_method();
+      #else
       method = TLSv1_2_method();
+      #endif
     } else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) {
+      #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+      min_version = TLS1_2_VERSION;
+      max_version = TLS1_2_VERSION;
+      method = TLS_server_method();
+      #else
       method = TLSv1_2_server_method();
+      #endif
     } else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) {
+      #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+      min_version = TLS1_2_VERSION;
+      max_version = TLS1_2_VERSION;
+      method = TLS_client_method();
+      #else
       method = TLSv1_2_client_method();
+      #endif
     } else {
       return env->ThrowError("Unknown method");
     }
@@ -578,6 +646,13 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
   SSL_CTX_sess_set_new_cb(sc->ctx_, SSLWrap<Connection>::NewSessionCallback);
 
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  SSL_CTX_set_min_proto_version(sc->ctx_, min_version);
+  if (max_version == 0) {
+    // Selecting some secureProtocol methods allows the TLS version to be "any
+    // supported", but we don't support TLSv1.3, even if OpenSSL does.
+    max_version = TLS1_2_VERSION;
+  }
+  SSL_CTX_set_max_proto_version(sc->ctx_, max_version);
   // OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was
   // exposed in the public API. To retain compatibility, install a callback
   // which restores the old algorithm.

src/tls_wrap.cc

@@ -277,7 +277,10 @@ void TLSWrap::SSLInfoCallback(const SSL* ssl_, int where, int ret) {
     }
   }
 
-  if (where & SSL_CB_HANDSHAKE_DONE) {
+  // SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE are called
+  // sending HelloRequest in OpenSSL-1.1.1.
+  // We need to check whether this is in a renegotiation state or not.
+  if (where & SSL_CB_HANDSHAKE_DONE && !SSL_renegotiate_pending(ssl)) {
     c->established_ = true;
     Local<Value> callback = object->Get(env->onhandshakedone_string());
     if (callback->IsFunction()) {