diff options
author | Kelsey Schubert <kelsey@mongodb.com> | 2018-02-07 14:16:37 -0500 |
---|---|---|
committer | Kelsey Schubert <kelsey@mongodb.com> | 2018-02-07 14:16:37 -0500 |
commit | 34d2da2cfb93244818ecb55843f58d359151198d (patch) | |
tree | d5520718f44919689ee27f9902f0d49c32a77448 /src/mongo/gotools | |
parent | 8630f685156c7515c59ce071e59d9d6ec200f2e4 (diff) | |
download | mongo-34d2da2cfb93244818ecb55843f58d359151198d.tar.gz |
Import tools: 217a4963272b01dbdc951f626eaccb4ec9d09f59 from branch master
ref: 4ec067b2ad..217a496327
for: 3.7.2
TOOLS-1905 Need to update spacemonkeygo/openssl fork to support newer OpenSSL libraries
TOOLS-1938 Rationalize Evergreen build variants
TOOLS-1940 Build/test Tools on s390x with Go 1.7 and Go 1.8
TOOLS-1944 Add Amazon Linux to Evergreen build variants
TOOLS-1945 Update openssl wrapper for Amazon Linux compatibility
Diffstat (limited to 'src/mongo/gotools')
19 files changed, 553 insertions, 141 deletions
diff --git a/src/mongo/gotools/Godeps b/src/mongo/gotools/Godeps index 42f56e7f8c0..d7baaf77f01 100644 --- a/src/mongo/gotools/Godeps +++ b/src/mongo/gotools/Godeps @@ -6,7 +6,7 @@ github.com/smartystreets/assertions 287b4346dc4e71a038c346375a9d572453bc469b github.com/smartystreets/goconvey bf58a9a1291224109919756b4dcc469c670cc7e4 github.com/jessevdk/go-flags 97448c91aac742cbca3d020b3e769013a420a06f github.com/3rf/mongo-lint 3550fdcf1f43b89aaeabaa4559eaae6dc4407e42 -github.com/10gen/openssl e5c6dda7b7f225dfdfe0ebb966789017457e6afe +github.com/10gen/openssl cbe9e82b6ddfb1d9958d328877404157d313c649 github.com/spacemonkeygo/spacelog f936fb050dc6b5fe4a96b485a6f069e8bdc59aeb github.com/howeyc/gopass 44476384cd4721b68705e72f19e95d1a3a504370 github.com/nsf/termbox-go 0723e7c3d0a317dea811f0fbe4d6edd81908c971 diff --git a/src/mongo/gotools/common.yml b/src/mongo/gotools/common.yml index 0c51c8ca668..d801ac00efb 100644 --- a/src/mongo/gotools/common.yml +++ b/src/mongo/gotools/common.yml @@ -16,8 +16,9 @@ mongo_tools_variables: - name: dist - name: integration - name: integration-auth - - name: legacy28 - - name: legacy26 + - name: legacy30 +# No SSL on 2.6 for osx +# - name: legacy26 - name: qa-tests - name: qa-tests-3.2 - name: qa-tests-3.4 @@ -43,8 +44,7 @@ mongo_tools_variables: - name: dist - name: integration - name: integration-auth - - name: legacy28 - - name: legacy28-wt + - name: legacy30 - name: lint-go - name: lint-js - name: qa-tests @@ -68,7 +68,7 @@ mongo_tools_variables: - name: dist - name: integration - name: integration-auth - - name: legacy28 + - name: legacy30 - name: qa-tests - name: qa-tests-unstable - name: native-cert-ssl @@ -78,7 +78,7 @@ mongo_tools_variables: - name: integration - name: integration-auth - name: kerberos - - name: legacy28 + - name: legacy30 - name: legacy26 - name: qa-tests - name: native-cert-ssl @@ -94,8 +94,7 @@ mongo_tools_variables: - name: dist - name: integration - name: integration-auth - - name: legacy28 - - name: legacy28-wt + - name: legacy30 - name: legacy26 - name: qa-tests - name: unit @@ -111,7 +110,7 @@ mongo_tools_variables: - name: dist - name: integration - name: integration-auth - - name: legacy28 + - name: legacy30 distros: - windows-64-vs2013-test - name: qa-tests @@ -141,7 +140,7 @@ mongo_tools_variables: - name: dist - name: integration - name: integration-auth - - name: legacy28 + - name: legacy30 - name: qa-tests - name: native-cert-ssl windows_64_enterprise_task_list: &windows_64_enterprise_tasks @@ -150,7 +149,7 @@ mongo_tools_variables: - name: integration - name: integration-auth - name: kerberos - - name: legacy28 + - name: legacy30 distros: - windows-64-vs2013-test - name: qa-tests @@ -288,6 +287,8 @@ functions: sed -i.bak "s/built-without-git-spec/$(git rev-parse HEAD)/" common/options/options.go . ./set_gopath.sh + ${gorootvars} go version + ${gorootvars} env | grep ^GO ${gorootvars} go build ${args} -tags "failpoints ${build_tags}" -o bin/${tool} ${tool}/main/${tool}.go ./bin/${tool} --version @@ -940,7 +941,7 @@ tasks: - func: "setup integration test" - func: "run tool integration tests" -- name: legacy28 +- name: legacy30 depends_on: - name: dist commands: @@ -970,42 +971,9 @@ tasks: tool: mongofiles - func: "run legacy tests" vars: - test_path: "test/legacy28" + test_path: "test/legacy30" smoke_args: "--authMechanism SCRAM-SHA-1" -- name: legacy28-wt - depends_on: - - name: dist - commands: - - func: "fetch source" - - func: "get buildnumber" - - func: "setup credentials" - - func: "download mongod" - vars: - mongo_version: "3.0" - - func: "fetch tool" - vars: - tool: mongoimport - - func: "fetch tool" - vars: - tool: mongoexport - - func: "fetch tool" - vars: - tool: mongodump - - func: "fetch tool" - vars: - tool: mongostat - - func: "fetch tool" - vars: - tool: mongorestore - - func: "fetch tool" - vars: - tool: mongofiles - - func: "run legacy tests" - vars: - test_path: "test/legacy28" - smoke_args: "--authMechanism SCRAM-SHA-1 --storageEngine=wiredTiger" - - name: legacy26 depends_on: - name: dist @@ -1597,6 +1565,19 @@ tasks: buildvariants: ####################################### +# Amazon Buildvariants # +####################################### + +- name: amazonlinux64 + display_name: Amazon Linux 64 + run_on: + - linux-64-amzn-test + expansions: + build_tags: "sasl ssl" + tasks: + - name: dist + +####################################### # Debian Buildvariants # ####################################### @@ -1903,6 +1884,52 @@ buildvariants: integration_test_args: integration tasks: *rhel72_enterprise_tasks +- name: rhel72-s390x-enterprise-go1.7 + display_name: ZAP s390x RHEL 7.2 Enterprise (Go 1.7) + run_on: + - rhel72-zseries-test + expansions: + <<: *mongod_default_startup_args + <<: *mongo_default_startup_args + mongo_os: "rhel72" + mongo_edition: "enterprise" + mongo_arch: "s390x" + args: -gccgoflags "$(pkg-config --libs --cflags libssl libsasl2)" + build_tags: "sasl ssl" + resmoke_use_ssl: _ssl + gorootvars: 'PATH="/opt/go1.7/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.7/go CC=/opt/mongodbtoolchain/v2/bin/s390x-mongodb-linux-gcc' + excludes: requires_mmap_available,requires_mongo_24,requires_mongo_26,requires_mongo_30 + resmoke_args: -j 2 + multiversion_override: "skip" + arch: "linux/s390x" + edition: enterprise + run_kinit: true + integration_test_args: integration + tasks: *rhel72_enterprise_tasks + +- name: rhel72-s390x-enterprise-go1.8 + display_name: ZAP s390x RHEL 7.2 Enterprise (Go 1.8) + run_on: + - rhel72-zseries-test + expansions: + <<: *mongod_default_startup_args + <<: *mongo_default_startup_args + mongo_os: "rhel72" + mongo_edition: "enterprise" + mongo_arch: "s390x" + args: -gccgoflags "$(pkg-config --libs --cflags libssl libsasl2)" + build_tags: "sasl ssl" + resmoke_use_ssl: _ssl + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go CC=/opt/mongodbtoolchain/v2/bin/s390x-mongodb-linux-gcc' + excludes: requires_mmap_available,requires_mongo_24,requires_mongo_26,requires_mongo_30 + resmoke_args: -j 2 + multiversion_override: "skip" + arch: "linux/s390x" + edition: enterprise + run_kinit: true + integration_test_args: integration + tasks: *rhel72_enterprise_tasks + - name: ubuntu1604-arm64 display_name: ZAP ARM64 Ubuntu 16.04 SSL run_on: diff --git a/src/mongo/gotools/common/db/connector_sasl_test.go b/src/mongo/gotools/common/db/connector_sasl_test.go index 9d45b9a1f25..ddf75dcc7b8 100644 --- a/src/mongo/gotools/common/db/connector_sasl_test.go +++ b/src/mongo/gotools/common/db/connector_sasl_test.go @@ -4,11 +4,9 @@ // not use this file except in compliance with the License. You may obtain // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -// +build sasl - package db -// This file runs Kerberos tests if build with sasl is enabled +// This file runs Kerberos tests if the test.types includes 'kerberos' import ( "fmt" @@ -28,6 +26,8 @@ var ( ) func TestKerberosAuthMechanism(t *testing.T) { + testutil.VerifyTestType(t, testutil.KerberosTestType) + Convey("should be able to successfully connect", t, func() { connector := &VanillaDBConnector{} diff --git a/src/mongo/gotools/import.data b/src/mongo/gotools/import.data index 2e8a9a3eb69..9ab7a82fe22 100644 --- a/src/mongo/gotools/import.data +++ b/src/mongo/gotools/import.data @@ -1,5 +1,5 @@ { - "commit": "4ec067b2ad33ffc54a558270f8506f8405382379", + "commit": "217a4963272b01dbdc951f626eaccb4ec9d09f59", "github": "mongodb/mongo-tools.git", "vendor": "tools", "branch": "master" diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/.evergreen/config.yml b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/.evergreen/config.yml new file mode 100644 index 00000000000..4b2e7c348fc --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/.evergreen/config.yml @@ -0,0 +1,330 @@ +# default command type +command_type: system + +# run the same task in the previous revision if the current task fails +stepback: true + +functions: + + "set shell vars": + - command: shell.exec + params: + script: | + set -o errexit + set -o xtrace + export RAWGOPATH="$(pwd)/gopath" + export GOPATH="$RAWGOPATH" + if [ "Windows_NT" = "$OS" ]; then + set -o igncr + export GOPATH=$(echo $GOPATH | sed -e 's|/cygdrive/c|c:|') + fi + cat <<EOT > expansion.yml + rawgopath: $RAWGOPATH + repopath: $RAWGOPATH/src/github.com/10gen/openssl + prepare_shell: | + export GOPATH="$GOPATH" + set -o errexit + set -o xtrace + EOT + cat expansion.yml + exit 0 + - command: expansions.update + params: + file: expansion.yml + + "setup gopath" : + - command: shell.exec + params: + silent: false + script: | + ${prepare_shell} + ${gorootvars} go get github.com/spacemonkeygo/spacelog + exit 0 + + "fetch source" : + - command: git.get_project + params: + directory: src + - command: shell.exec + params: + script: | + ${prepare_shell} + mkdir -p $(dirname "${repopath}") + mv src "${repopath}" + exit 0 + + "go build" : + - command: shell.exec + type: test + params: + script: | + ${prepare_shell} + cd ${repopath} + ${gorootvars} go build ${args} -v -x -tags '${build_tags}' + exit 0 + + "go test" : + - command: shell.exec + type: test + params: + script: | + ${prepare_shell} + cd ${repopath} + ${gorootvars} go test ${args} -v -x -tags '${build_tags}' + exit 0 + +post: + - command: shell.exec + params: + silent: true + script: | + ${prepare_shell} + rm -rf "${rawgopath}" + exit 0 + +tasks: + +- name: "build" + commands: + - func: "set shell vars" + - func: "setup gopath" + - func: "fetch source" + - func: "go build" + +- name: "test" + depends_on: + - name: "build" + commands: + - func: "set shell vars" + - func: "setup gopath" + - func: "fetch source" + - func: "go test" + +buildvariants: + +####################################### +# Amazon Buildvariants # +####################################### + +- name: amazonlinux64 + display_name: Amazon Linux 64 + run_on: + - linux-64-amzn-test + expansions: + gorootvars: "" + build_tags: "" + tasks: + - name: build + - name: test + +####################################### +# Debian Buildvariants # +####################################### + +- name: debian71 + display_name: Debian 7.1 + run_on: + - debian71-test + expansions: + gorootvars: PATH="/opt/go/bin:$PATH" + build_tags: "" + tasks: + - name: build + - name: test + +- name: debian81 + display_name: Debian 8.1 + run_on: + - debian81-test + expansions: + gorootvars: PATH="/opt/go/bin:$PATH" + build_tags: "" + tasks: + - name: build + - name: test + +- name: debian92 + display_name: Debian 9.2 + run_on: + - debian92-test + expansions: + gorootvars: PATH="/opt/go/bin:$PATH" + build_tags: "" + tasks: + - name: build + - name: test + +####################################### +# macOS Buildvariant # +####################################### + +- name: macOS-1012 + display_name: MacOS 10.12 + run_on: + - macos-1012 + expansions: + gorootvars: CGO_CPPFLAGS=-I/opt/mongodbtoolchain/v2/include CGO_CFLAGS=-mmacosx-version-min=10.10 CGO_LDFLAGS=-mmacosx-version-min=10.10 + build_tags: "openssl_pre_1.0" + tasks: + - name: build + - name: test + +####################################### +# RHEL Buildvariants # +####################################### + +- name: rhel62 + display_name: RHEL 6.2 + run_on: + - rhel62-test + expansions: + gorootvars: PATH="/opt/go/bin:$PATH" + build_tags: "" + tasks: + - name: build + - name: test + +- name: rhel70 + display_name: RHEL 7.0 + run_on: + - rhel70 + expansions: + gorootvars: PATH="/opt/go/bin:$PATH" + build_tags: "" + tasks: + - name: build + - name: test + +####################################### +# SUSE Buildvariants # +####################################### + +- name: suse11 + display_name: SUSE 11 + run_on: + - suse11-test + expansions: + gorootvars: "" + build_tags: "openssl_pre_1.0" + tasks: + - name: build + - name: test + +- name: suse12 + display_name: SUSE 12 + run_on: + - suse12-test + expansions: + gorootvars: "" + build_tags: "" + tasks: + - name: build + - name: test + +####################################### +# Ubuntu Buildvariants # +####################################### + +- name: ubuntu1204 + display_name: Ubuntu 12.04 + run_on: + - ubuntu1204-test + expansions: + gorootvars: "" + build_tags: "" + tasks: + - name: build + - name: test + +- name: ubuntu1404 + display_name: Ubuntu 14.04 + run_on: + - ubuntu1404-test + expansions: + gorootvars: "" + build_tags: "" + tasks: + - name: build + - name: test + +- name: ubuntu1604 + display_name: Ubuntu 16.04 + run_on: + - ubuntu1604-test + expansions: + gorootvars: "" + build_tags: "" + tasks: + - name: build + - name: test + +####################################### +# Windows Buildvariants # +####################################### + +- name: windows-64 + display_name: Windows 64-bit + run_on: + - windows-64-vs2013-test + expansions: + gorootvars: PATH="/cygdrive/c/mingw-w64/x86_64-4.9.1-posix-seh-rt_v3-rev1/mingw64/bin:$PATH" + build_tags: "" + tasks: + - name: build + - name: test + +####################################### +# ZAP Buildvariants # +####################################### + +- name: rhel71-ppc64le-enterprise + display_name: ZAP PPC64LE RHEL 7.1 Enterprise + run_on: + - rhel71-power8-test + stepback: false + batchtime: 604800 + expansions: + gorootvars: PATH="/opt/mongodbtoolchain/v2/bin/:$PATH" + build_tags: "" + tasks: + - name: build + - name: test + +- name: rhel72-s390x-enterprise-go1.8 + display_name: ZAP s390x RHEL 7.2 Enterprise (Go 1.8) + run_on: + - rhel72-zseries-test + stepback: false + batchtime: 604800 + expansions: + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go CC=/opt/mongodbtoolchain/v2/bin/s390x-mongodb-linux-gcc' + build_tags: "" + tasks: + - name: build + - name: test + +- name: rhel72-s390x-enterprise-go1.7 + display_name: ZAP s390x RHEL 7.2 Enterprise (Go 1.7) + run_on: + - rhel72-zseries-test + stepback: false + batchtime: 604800 + expansions: + gorootvars: 'PATH="/opt/go1.7/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.7/go CC=/opt/mongodbtoolchain/v2/bin/s390x-mongodb-linux-gcc' + build_tags: "" + tasks: + - name: build + - name: test + +- name: ubuntu1604-arm64 + display_name: ZAP ARM64 Ubuntu 16.04 SSL + run_on: + - ubuntu1604-arm64-small + stepback: false + batchtime: 604800 + expansions: + gorootvars: PATH="/opt/mongodbtoolchain/v2/bin/:$PATH" + build_tags: "" + tasks: + - name: build + - name: test diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/AUTHORS b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/AUTHORS index ad3a8ae8153..bc88546999e 100644 --- a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/AUTHORS +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/AUTHORS @@ -11,6 +11,7 @@ Giulio <programmatore@ditieri.it> Jakob Unterwurzacher <jakobunt@gmail.com> Juuso Haavisto <juuso@mail.com> kujenga <ataylor0123@gmail.com> +MongoDB, Inc. Phus Lu <phuslu@hotmail.com> Russ Egan <russ@safemonk.com> Ryan Hileman <lunixbochs@gmail.com> @@ -19,4 +20,4 @@ Scott Kidder <skidder@brightcove.com> Space Monkey, Inc <hello@spacemonkey.com> Stephen Gallagher <sgallagh@redhat.com> Viacheslav Biriukov <v.v.biriukov@gmail.com> -Zack Owens <zowens2009@gmail.com>
\ No newline at end of file +Zack Owens <zowens2009@gmail.com> diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/README.md b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/README.md index 854df05ae92..2785366f5e1 100644 --- a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/README.md +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/README.md @@ -18,13 +18,33 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -### Using on macOS -1. Install [homebrew](http://brew.sh/) -2. `$ brew install openssl` or `$ brew install openssl@1.1` - -### Using on Windows -1. Install [mingw-w64](http://mingw-w64.sourceforge.net/) -2. Install [pkg-config-lite](http://sourceforge.net/projects/pkgconfiglite) -3. Build (or install precompiled) openssl for mingw32-w64 -4. Set __PKG\_CONFIG\_PATH__ to the directory containing openssl.pc - (i.e. c:\mingw64\mingw64\lib\pkgconfig) +### Installing on a Unix-ish system with pkg-config + +1. (If necessary) install the openssl C library with a package manager + that provides an openssl.pc file OR install openssl manually and create + an openssl.pc file. + +2. Ensure that `pkg-config --cflags --libs openssl` finds your openssl + library. If it doesn't, try setting `PKG_CONFIG_PATH` to the directory + containing your openssl.pc file. E.g. for darwin: with MacPorts, + `PKG_CONFIG_PATH=/opt/local/lib/pkgconfig` or for Homebrew, + `PKG_CONFIG_PATH=/usr/local/Cellar/openssl/1.0.2l/lib/pkgconfig` + +### Installing on a Unix-ish system without pkg-config + +1. (If necessary) install the openssl C library in your customary way + +2. Set the `CGO_CPP_FLAGS`, `CGO_CFLAGS` and `CGO_LDFLAGS` as necessary to + provide `-I`, `-L` and other options to the compiler. E.g. on darwin, + MongoDB's darwin build servers use the native libssl, but provide the + missing headers in a custom directory, so it the build hosts set + `CGO_CPPFLAGS=-I/opt/mongodbtoolchain/v2/include` + +### Installing on Windows + +1. Install [mingw-w64](http://mingw-w64.sourceforge.net/) and add it to + your `PATH` + +2. Install the C openssl into `C:\openssl`. (Unfortunately, this is still + hard-coded.) You should have directories like `C:\openssl\include` and + `C:\openssl\bin`. diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_test.go index 96b16817f9d..463b30dfe55 100644 --- a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_test.go @@ -90,6 +90,10 @@ func doDecryption(key, iv, aad, ciphertext, tag []byte, blocksize, if err != nil { return nil, fmt.Errorf("Failed making GCM decryption ctx: %s", err) } + err = dctx.SetTag(tag) + if err != nil { + return nil, fmt.Errorf("Failed to set expected GCM tag: %s", err) + } aadbuf := bytes.NewBuffer(aad) for aadbuf.Len() > 0 { err = dctx.ExtraData(aadbuf.Next(bufsize)) @@ -106,10 +110,6 @@ func doDecryption(key, iv, aad, ciphertext, tag []byte, blocksize, } plainb.Write(moar) } - err = dctx.SetTag(tag) - if err != nil { - return nil, fmt.Errorf("Failed to set expected GCM tag: %s", err) - } moar, err := dctx.DecryptFinal() if err != nil { return nil, fmt.Errorf("Failed to finalize decryption: %s", err) diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dh_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dh_test.go index ce8e644940c..e6b5ae59905 100644 --- a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dh_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dh_test.go @@ -23,6 +23,9 @@ import ( func TestECDH(t *testing.T) { t.Parallel() + if !HasECDH() { + t.Skip("ECDH not available") + } myKey, err := GenerateECKey(Prime256v1) if err != nil { diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/features.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/features.go new file mode 100644 index 00000000000..c091f0644e8 --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/features.go @@ -0,0 +1,22 @@ +// Copyright (C) 2017. See AUTHORS. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package openssl + +// #include "shim.h" +import "C" + +func HasECDH() bool { + return C.X_OPENSSL_NO_ECDH() == 0 +} diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips_test.go index 7c8ec3a8c40..31218edb33b 100644 --- a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips_test.go @@ -8,11 +8,11 @@ import ( func TestSetFIPSMode(t *testing.T) { if !openssl.FIPSModeDefined() { - t.Skip() + t.Skip("OPENSSL_FIPS not defined in headers") } if openssl.FIPSMode() { - t.Fatal("Expected FIPS mode to be disabled, but was enabled") + t.Skip("FIPS mode already enabled") } err := openssl.FIPSModeSet(true) @@ -24,12 +24,4 @@ func TestSetFIPSMode(t *testing.T) { t.Fatal("Expected FIPS mode to be enabled, but was disabled") } - err = openssl.FIPSModeSet(false) - if err != nil { - t.Fatal(err) - } - - if openssl.FIPSMode() { - t.Fatal("Expected FIPS mode to be disabled, but was enabled") - } } diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init.go index 17dc6f38751..ac2aa04327b 100644 --- a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init.go @@ -15,44 +15,8 @@ /* Package openssl is a light wrapper around OpenSSL for Go. -It strives to provide a near-drop-in replacement for the Go standard library -tls package, while allowing for: - -Performance - -OpenSSL is battle-tested and optimized C. While Go's built-in library shows -great promise, it is still young and in some places, inefficient. This simple -OpenSSL wrapper can often do at least 2x with the same cipher and protocol. - -On my lappytop, I get the following benchmarking speeds: - BenchmarkSHA1Large_openssl 1000 2611282 ns/op 401.56 MB/s - BenchmarkSHA1Large_stdlib 500 3963983 ns/op 264.53 MB/s - BenchmarkSHA1Small_openssl 1000000 3476 ns/op 0.29 MB/s - BenchmarkSHA1Small_stdlib 5000000 550 ns/op 1.82 MB/s - BenchmarkSHA256Large_openssl 200 8085314 ns/op 129.69 MB/s - BenchmarkSHA256Large_stdlib 100 18948189 ns/op 55.34 MB/s - BenchmarkSHA256Small_openssl 1000000 4262 ns/op 0.23 MB/s - BenchmarkSHA256Small_stdlib 1000000 1444 ns/op 0.69 MB/s - BenchmarkOpenSSLThroughput 100000 21634 ns/op 47.33 MB/s - BenchmarkStdlibThroughput 50000 58974 ns/op 17.36 MB/s - -Interoperability - -Many systems support OpenSSL with a variety of plugins and modules for things, -such as hardware acceleration in embedded devices. - -Greater flexibility and configuration - -OpenSSL allows for far greater configuration of corner cases and backwards -compatibility (such as support of SSLv2). You shouldn't be using SSLv2 if you -can help but, but sometimes you can't help it. - -Security - -Yeah yeah, Heartbleed. But according to the author of the standard library's -TLS implementation, Go's TLS library is vulnerable to timing attacks. And -whether or not OpenSSL received the appropriate amount of scrutiny -pre-Heartbleed, it sure is receiving it now. +This version has been forked from https://github.com/spacemonkeygo/openssl +for greater back-compatibility to older openssl libraries. Usage @@ -78,9 +42,6 @@ Making a client connection is straightforward too: } conn, err := openssl.Dial("tcp", "localhost:7777", ctx, 0) -Help wanted: To get this library to work with net/http's client, we -had to fork net/http. It would be nice if an alternate http client library -supported the generality needed to use OpenSSL instead of crypto/tls. */ package openssl @@ -88,7 +49,6 @@ package openssl import "C" import ( - "errors" "fmt" "strings" ) @@ -100,7 +60,8 @@ func init() { } // errorFromErrorQueue needs to run in the same OS thread as the operation -// that caused the possible error +// that caused the possible error. In some circumstances, ERR_get_error +// returns 0 when it shouldn't so we provide a message in that case. func errorFromErrorQueue() error { var errs []string for { @@ -108,10 +69,14 @@ func errorFromErrorQueue() error { if err == 0 { break } - errs = append(errs, fmt.Sprintf("%s:%s:%s", + errs = append(errs, fmt.Sprintf("%x:%s:%s:%s", + err, C.GoString(C.ERR_lib_error_string(err)), C.GoString(C.ERR_func_error_string(err)), C.GoString(C.ERR_reason_error_string(err)))) } - return errors.New(fmt.Sprintf("SSL errors: %s", strings.Join(errs, "\n"))) + if len(errs) == 0 { + errs = append(errs, "0:Error unavailable") + } + return fmt.Errorf("SSL errors: %s", strings.Join(errs, "\n")) } diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_posix.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_posix.go index d485893bb6e..9e52b4e00be 100644 --- a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_posix.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_posix.go @@ -18,6 +18,7 @@ package openssl /* +#if OPENSSL_VERSION_NUMBER < 0x10100000L #include <errno.h> #include <openssl/crypto.h> #include <pthread.h> @@ -52,7 +53,6 @@ int go_init_locks() { return rc; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L void go_thread_locking_callback(int mode, int n, const char *file, int line) { if (mode & CRYPTO_LOCK) { @@ -61,6 +61,7 @@ void go_thread_locking_callback(int mode, int n, const char *file, pthread_mutex_unlock(&goopenssl_locks[n]); } } + unsigned long go_thread_id_callback() { return (unsigned long) pthread_self(); } diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_windows.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_windows.go index 55079a271cd..4a096899074 100644 --- a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_windows.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_windows.go @@ -17,6 +17,7 @@ package openssl /* +#if OPENSSL_VERSION_NUMBER < 0x10100000L #include <errno.h> #include <openssl/crypto.h> #include <windows.h> @@ -49,7 +50,7 @@ void go_thread_locking_callback(int mode, int n, const char *file, LeaveCriticalSection(&goopenssl_locks[n]); } } -#if OPENSSL_VERSION_NUMBER < 0x10100000L + unsigned long go_thread_id_callback() { return (unsigned long) GetCurrentThreadId(); } diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_1_0_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_1_0_test.go index c7987d9156f..2a2eda887b7 100644 --- a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_1_0_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_1_0_test.go @@ -28,6 +28,10 @@ import ( ) func TestMarshalEC(t *testing.T) { + if !HasECDH() { + t.Skip("ECDH not available") + } + key, err := LoadPrivateKeyFromPEM(prime256v1KeyBytes) if err != nil { t.Fatal(err) diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.c b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.c index f26d75e211c..26765043af9 100644 --- a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.c +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.c @@ -32,6 +32,17 @@ static int go_write_bio_puts(BIO *b, const char *str) { } /* + * Functions to convey openssl feature defines at runtime + */ +int X_OPENSSL_NO_ECDH() { +#ifdef OPENSSL_NO_ECDH + return 1; +#else + return 0; +#endif +} + +/* ************************************************ * v1.1.X and later implementation ************************************************ @@ -322,18 +333,16 @@ int X_shim_init() { SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_algorithms(); - // - // Set up OPENSSL thread safety callbacks. We only set the locking - // callback because the default id callback implementation is good - // enough for us. + +#if OPENSSL_VERSION_NUMBER < 0x1010000fL + // Set up OPENSSL thread safety callbacks. rc = go_init_locks(); if (rc != 0) { return rc; } CRYPTO_set_locking_callback(go_thread_locking_callback); - CRYPTO_set_id_callback(go_thread_id_callback); - +#endif rc = x_bio_init_methods(); if (rc != 0) { return rc; @@ -466,10 +475,6 @@ long X_SSL_CTX_add_extra_chain_cert(SSL_CTX* ctx, X509 *cert) { return SSL_CTX_add_extra_chain_cert(ctx, cert); } -long X_SSL_CTX_set_tmp_ecdh(SSL_CTX* ctx, EC_KEY *key) { - return SSL_CTX_set_tmp_ecdh(ctx, key); -} - long X_SSL_CTX_set_tlsext_servername_callback( SSL_CTX* ctx, int (*cb)(SSL *con, int *ad, void *args)) { return SSL_CTX_set_tlsext_servername_callback(ctx, cb); @@ -673,9 +678,15 @@ const EVP_CIPHER *X_EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx) { } #if OPENSSL_VERSION_NUMBER > 0x10000000L +#ifndef OPENSSL_NO_EC int X_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid) { return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); } +#else +int X_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid) { + return -2; // not supported +} +#endif #endif // END HERE @@ -720,18 +731,18 @@ X509 *X_sk_X509_value(STACK_OF(X509)* sk, int i) { return sk_X509_value(sk, i); } -#if OPENSSL_VERSION_NUMBER < 0x10000000L +#ifdef OPENSSL_FIPS int X_FIPS_mode(void) { - return 0; + return FIPS_mode(); } int X_FIPS_mode_set(int r) { - return 0; + return FIPS_mode_set(r); } #else int X_FIPS_mode(void) { - return FIPS_mode(); + return 0; } int X_FIPS_mode_set(int r) { - return FIPS_mode_set(r); + return 0; } #endif diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.h b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.h index 2dc2f5c8b0a..ecb71a74486 100644 --- a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.h +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.h @@ -24,7 +24,6 @@ #include <openssl/conf.h> #include <openssl/crypto.h> #include <openssl/dh.h> -#include <openssl/ec.h> #include <openssl/engine.h> #include <openssl/err.h> #include <openssl/evp.h> @@ -44,6 +43,9 @@ /* shim methods */ extern int X_shim_init(); +/* Feature detection methods */ +extern int X_OPENSSL_NO_ECDH(); + /* Library methods */ extern void X_OPENSSL_free(void *ref); extern void *X_OPENSSL_malloc(size_t size); @@ -81,7 +83,6 @@ extern long X_SSL_CTX_sess_get_cache_size(SSL_CTX* ctx); extern long X_SSL_CTX_set_timeout(SSL_CTX* ctx, long t); extern long X_SSL_CTX_get_timeout(SSL_CTX* ctx); extern long X_SSL_CTX_add_extra_chain_cert(SSL_CTX* ctx, X509 *cert); -extern long X_SSL_CTX_set_tmp_ecdh(SSL_CTX* ctx, EC_KEY *key); extern long X_SSL_CTX_set_tlsext_servername_callback(SSL_CTX* ctx, int (*cb)(SSL *con, int *ad, void *args)); extern int X_SSL_CTX_verify_cb(int ok, X509_STORE_CTX* store); extern long X_SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh); diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/version.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/version.go index 8f3d392cde8..86501c696d6 100644 --- a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/version.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/version.go @@ -17,6 +17,11 @@ package openssl // #include <openssl/opensslv.h> +// #include <openssl/crypto.h> import "C" -const Version string = C.OPENSSL_VERSION_TEXT +const BuildVersion string = C.OPENSSL_VERSION_TEXT + +var Version string = C.GoString(C.SSLeay_version(C.SSLEAY_VERSION)) + +var VersionNumber uint32 = uint32(C.SSLeay()) diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/version_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/version_test.go new file mode 100644 index 00000000000..9877fb9c7dd --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/version_test.go @@ -0,0 +1,29 @@ +// Copyright (C) MongoDB, Inc. 2018-present. +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. You may obtain +// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + +package openssl + +import ( + "testing" +) + +func TestVersion(t *testing.T) { + v := Version + b := BuildVersion + x := VersionNumber + if len(v) == 0 { + t.Fatal("Version string is empty") + } + if len(b) == 0 { + t.Fatal("BuildVersion string is empty") + } + if x == 0 { + t.Fatal("VersionNumber is zero") + } + t.Logf("Built with headers from: %s", BuildVersion) + t.Logf(" Tests linked against: %s", Version) + t.Logf(" Linked hex version is: %x", VersionNumber) +} |