Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
116 changes: 116 additions & 0 deletions .github/workflows/stress-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
name: Stress Test (rebase tested branch on main for cache reuse)

on:
workflow_dispatch:
inputs:
test_path:
description: Test path or glob (e.g. test/parallel/test-debugger-break.js or "test/parallel/test-debugger-*")
required: true
type: string
os:
description: Runner to use
required: true
default: macos-15
type: choice
options:
- macos-15
- ubuntu-24.04
- ubuntu-24.04-arm
repeat:
description: Number of times to repeat each test (--repeat)
required: true
default: '1000'
type: string
test_jobs:
description: Number of jobs to run in parallel (-j).
required: true
default: '1'
type: string
test_args:
description: Extra args for tools/test.py, space-separated (e.g. "-t 10 --worker")
required: false
default: ''
type: string

env:
PYTHON_VERSION: '3.14'
XCODE_VERSION: '16.4'
CLANG_VERSION: '19'
RUSTC_VERSION: '1.82'

permissions:
contents: read

jobs:
stress-test:
runs-on: ${{ inputs.os }}
env:
# Linux builds with clang (matching test-linux.yml), macOS with gcc/g++.
CC: ${{ startsWith(inputs.os, 'ubuntu') && 'sccache clang-19' || 'sccache gcc' }}
CXX: ${{ startsWith(inputs.os, 'ubuntu') && 'sccache clang++-19' || 'sccache g++' }}
# Enable sccache - this is okay for a manually-dispatched workflow that is typically used to
# test lib-only or test-only deflaking changes. This should be able to pick up cache from
# test-linux.yml and test-macos.yml running on the main branch.
SCCACHE_GHA_ENABLED: 'true'
SCCACHE_IDLE_TIMEOUT: '0'
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
path: node
- name: Install Clang ${{ env.CLANG_VERSION }}
if: runner.os == 'Linux'
uses: ./node/.github/actions/install-clang
with:
clang-version: ${{ env.CLANG_VERSION }}
- name: Set up Xcode ${{ env.XCODE_VERSION }}
if: runner.os == 'macOS'
run: sudo xcode-select -s /Applications/Xcode_${{ env.XCODE_VERSION }}.app
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: ${{ env.PYTHON_VERSION }}
allow-prereleases: true
- name: Install Rust ${{ env.RUSTC_VERSION }}
run: |
rustup override set "$RUSTC_VERSION"
rustup --version
- name: Set up sccache
uses: Mozilla-Actions/sccache-action@9e7fa8a12102821edf02ca5dbea1acd0f89a2696 # v0.0.10
with:
version: v0.16.0
- name: Environment Information
run: npx envinfo@7.21.0
# This is needed due to https://github.com/nodejs/build/issues/3878
- name: Cleanup
if: runner.os == 'macOS'
run: |
echo "::group::Free space before cleanup"
df -h
echo "::endgroup::"
echo "::group::Cleaned Files"

sudo rm -rf /Users/runner/Library/Android/sdk

echo "::endgroup::"
echo "::group::Free space after cleanup"
df -h
echo "::endgroup::"
- name: Build
run: make -C node build-ci -j"$(getconf _NPROCESSORS_ONLN)" V=1 CONFIG_FLAGS="--error-on-warn --v8-enable-temporal-support"
- name: Stress run ${{ inputs.test_path }} x${{ inputs.repeat }}
shell: bash
env:
REPEAT: ${{ inputs.repeat }}
JOBS: ${{ inputs.test_jobs }}
TEST_ARGS: ${{ inputs.test_args }}
TEST_PATH: ${{ inputs.test_path }}
run: |
cd node
read -ra EXTRA_ARGS <<< "$TEST_ARGS"
python3 tools/test.py \
--repeat "$REPEAT" \
-j "$JOBS" \
-p actions \
"${EXTRA_ARGS[@]}" \
"$TEST_PATH"
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -785,6 +785,8 @@ Primary GPG keys for Node.js Releasers (some Releasers sign with subkeys):
`C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C`
* **Ruy Adorno** <<ruyadorno@hotmail.com>>
`108F52B48DB57BB0CC439B2997B01419BD92F80A`
* **Stewart X Addison** <<sxa@ibm.com>>
`655F3B5C1FB3FA8D1A0CA6BDE4A7D232B936D2FD`
* **Ulises Gascón** <<ulisesgascongonzalez@gmail.com>>
`A363A499291CBBC940DD62E41F10027AF002F8B0`

Expand All @@ -802,6 +804,7 @@ gpg --keyserver hkps://keys.openpgp.org --recv-keys 8FCCA13FEF1D0C2E91008E09770F
gpg --keyserver hkps://keys.openpgp.org --recv-keys 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 # Rafael Gonzaga
gpg --keyserver hkps://keys.openpgp.org --recv-keys C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C # Richard Lau
gpg --keyserver hkps://keys.openpgp.org --recv-keys 108F52B48DB57BB0CC439B2997B01419BD92F80A # Ruy Adorno
gpg --keyserver hkps://keys.openpgp.org --recv-keys 655F3B5C1FB3FA8D1A0CA6BDE4A7D232B936D2FD # Stewart X Addison
gpg --keyserver hkps://keys.openpgp.org --recv-keys A363A499291CBBC940DD62E41F10027AF002F8B0 # Ulises Gascón
```

Expand Down
2 changes: 1 addition & 1 deletion configure.py
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@
valid_mips_float_abi = ('soft', 'hard')
valid_intl_modes = ('none', 'small-icu', 'full-icu', 'system-icu')
icu_versions = json.loads((tools_path / 'icu' / 'icu_versions.json').read_text(encoding='utf-8'))
maglev_enabled_architectures = ('x64', 'arm', 'arm64', 'ppc64', 's390x')
maglev_enabled_architectures = ('x64', 'arm', 'arm64', 'ppc64', 's390x', 'riscv64')

# builtins may be removed later if they have been disabled by options
shareable_builtins = {'undici/undici': 'deps/undici/undici.js',
Expand Down
7 changes: 7 additions & 0 deletions deps/libffi/libffi.gyp
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,13 @@
},
],
'conditions': [
['OS == "win" and clang == 1', {
'msvs_settings': {
'VCCLCompilerTool': {
'AdditionalOptions': ['-Wno-incompatible-pointer-types'],
},
},
}],
['OS == "win" and (target_arch == "x64" or target_arch == "x86_64")', {
'actions': [
{
Expand Down
11 changes: 11 additions & 0 deletions deps/ncrypto/ncrypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -3086,6 +3086,17 @@ EVPKeyPointer SSLPointer::getPeerTempKey() const {
return EVPKeyPointer(raw_key);
}

std::optional<std::string_view> SSLPointer::getNegotiatedGroup() const {
#if OPENSSL_VERSION_PREREQ(3, 5)
if (!ssl_) return std::nullopt;
const char* group = SSL_get0_group_name(get());
if (group == nullptr) return std::nullopt;
return group;
#else
return std::nullopt;
#endif
}

std::optional<std::string_view> SSLPointer::getCipherName() const {
auto cipher = getCipher();
if (cipher == nullptr) return std::nullopt;
Expand Down
1 change: 1 addition & 0 deletions deps/ncrypto/ncrypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -1198,6 +1198,7 @@ class SSLPointer final {
std::optional<const std::string_view> getServerName() const;
X509View getCertificate() const;
EVPKeyPointer getPeerTempKey() const;
std::optional<std::string_view> getNegotiatedGroup() const;
const SSL_CIPHER* getCipher() const;
bool isServer() const;

Expand Down
9 changes: 7 additions & 2 deletions doc/api/ffi.md
Original file line number Diff line number Diff line change
Expand Up @@ -125,8 +125,13 @@ raw pointer `bigint` values. For pointer-like parameters, `null`, `undefined`,
strings, `Buffer`, typed array, `DataView`, and `ArrayBuffer` values are
converted on the JavaScript side before calling the optimized native wrapper.

Optimized Fast FFI calls support at most 8 function arguments. Functions with
more than 7 arguments use the generic FFI call path instead.
Optimized Fast FFI calls support at most 8 function arguments, but the exact
limit depends on the architecture and on the argument types, because each
argument must fit in the registers used by the platform trampoline. Integer
and pointer arguments are limited to 7 on AArch64 and to 6 on x86-64, while
floating-point arguments can use up to 8 on both. Functions that exceed these
limits, including any function with more than 8 arguments, use the generic FFI
call path instead.

## Signature objects

Expand Down
14 changes: 14 additions & 0 deletions doc/api/http.md
Original file line number Diff line number Diff line change
Expand Up @@ -4096,6 +4096,18 @@ changes:
E.G. `'/index.html?page=12'`. An exception is thrown when the request path
contains illegal characters. Currently, only spaces are rejected but that
may change in the future. **Default:** `'/'`.
The content in `path` is sent as the [request target][] in the HTTP 1.1 message.
When `path` is an absolute URL, this means the request target in the message in [absolute form][].
If the receiving server is a proxy, the server typically forwards the request to the
destination specified in the request target, and ignores the `Host` header.
The user needs to make sure that `path`, `host` and the Host headers conform to the
requirement of the [request target][] in the HTTP specification.
When the receiving server is known to be a proxy because the request is routed through
[Built-in Proxy Support][], `http.request` will additionally perform a best-effort
check to see that the `host` option or `Host` in `headers` agrees with the authority
in `path` during the initial construction of the request. It gives up rewriting the
request target for proxying and throws an error if they don't match at request
construction time, though there won't be checks for later header mutations done by the user.
* `port` {number} Port of remote server. **Default:** `defaultPort` if set,
else `80`.
* `protocol` {string} Protocol to use. **Default:** `'http:'`.
Expand Down Expand Up @@ -4792,5 +4804,7 @@ const agent2 = new http.Agent({ proxyEnv: process.env });
[`writable.destroyed`]: stream.md#writabledestroyed
[`writable.uncork()`]: stream.md#writableuncork
[`writable.write()`]: stream.md#writablewritechunk-encoding-callback
[absolute form]: https://datatracker.ietf.org/doc/html/rfc9112#section-3.2.2
[information event]: #event-information
[initial delay]: net.md#socketsetkeepaliveenable-initialdelay-interval-count
[request target]: https://datatracker.ietf.org/doc/html/rfc9112#section-3.2
45 changes: 29 additions & 16 deletions doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,8 @@ the character "E" appended to the traditional abbreviations):

Perfect forward secrecy using ECDHE is enabled by default. The `ecdhCurve`
option can be used when creating a TLS server to customize the list of supported
ECDH curves to use. See [`tls.createServer()`][] for more info.
ECDH curves for TLSv1.2 and below, and the list of supported TLS groups for
TLSv1.3. See [`tls.createServer()`][] for more info.

DHE is disabled by default but can be enabled alongside ECDHE by setting the
`dhparam` option to `'auto'`. Custom DHE parameters are also supported but
Expand Down Expand Up @@ -1196,12 +1197,19 @@ added: v5.0.0

* Returns: {Object}

Returns an object representing the type, name, and size of parameter of
an ephemeral key exchange in [perfect forward secrecy][] on a client
connection. It returns an empty object when the key exchange is not
ephemeral. As this is only supported on a client socket; `null` is returned
if called on a server socket. The supported types are `'DH'` and `'ECDH'`. The
`name` property is available only when type is `'ECDH'`.
Returns an object describing ephemeral key agreement in [perfect forward
secrecy][] on a client connection. It returns an empty object when the key
agreement is not ephemeral. As this is only supported on a client socket;
`null` is returned if called on a server socket. The supported types are `'DH'`,
`'ECDH'`, and `'TLSGroup'`. For `'DH'` and `'ECDH'`, the object describes peer
temporary key parameters. For `'TLSGroup'`, the object identifies the negotiated
TLS Supported Group used for key agreement when a peer temporary key object is
not available.

The `name` property is available only when type is `'ECDH'` or `'TLSGroup'`. The
`size` property is not available when type is `'TLSGroup'`. For `'TLSGroup'`,
`name` is the negotiated TLS Supported Group name. Standardized TLS group names
and code points are listed in the [IANA TLS Supported Groups registry][].

For example: `{ type: 'ECDH', name: 'prime256v1', size: 256 }`.

Expand Down Expand Up @@ -2019,12 +2027,16 @@ changes:
required for non-ECDHE [perfect forward secrecy][]. If omitted or invalid,
the parameters are silently discarded and DHE ciphers will not be available.
[ECDHE][]-based [perfect forward secrecy][] will still be available.
* `ecdhCurve` {string} A string describing a named curve or a colon separated
list of curve NIDs or names, for example `P-521:P-384:P-256`, to use for
ECDH key agreement. Set to `auto` to select the
curve automatically. Use [`crypto.getCurves()`][] to obtain a list of
available curve names. On recent releases, `openssl ecparam -list_curves`
will also display the name and description of each available elliptic curve.
* `ecdhCurve` {string} A string describing a named curve, TLS group, or
colon-separated list of named curves or TLS groups to use for key agreement,
for example `P-521:P-384:P-256`, `X25519`, or `X25519MLKEM768`. The
historical name of this option refers to ECDH key agreement in TLSv1.2 and
below. In TLSv1.3, this option configures the TLS Supported Groups and
key share groups offered or accepted by the TLS stack. Set to `auto` to
select the group automatically. Use [`crypto.getCurves()`][] to obtain a
list of available elliptic curve names. For TLS group names, use
`openssl list -tls-groups` or consult the [IANA TLS Supported Groups
registry][].
**Default:** [`tls.DEFAULT_ECDH_CURVE`][].
* `honorCipherOrder` {boolean} Attempt to use the server's cipher suite
preferences instead of the client's. When `true`, causes
Expand Down Expand Up @@ -2442,9 +2454,9 @@ changes:
description: Default value changed to `'auto'`.
-->

The default curve name to use for ECDH key agreement in a tls server. The
default value is `'auto'`. See [`tls.createSecureContext()`][] for further
information.
The default named curve or TLS group list to use for key agreement in a TLS
server. The default value is `'auto'`. See [`tls.createSecureContext()`][] for
further information.

## `tls.DEFAULT_MAX_VERSION`

Expand Down Expand Up @@ -2492,6 +2504,7 @@ added: v0.11.3
[Chrome's 'modern cryptography' setting]: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites
[DHE]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
[ECDHE]: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman
[IANA TLS Supported Groups registry]: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
[Modifying the default TLS cipher suite]: #modifying-the-default-tls-cipher-suite
[Mozilla's publicly trusted list of CAs]: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
[OCSP request]: https://en.wikipedia.org/wiki/OCSP_stapling
Expand Down
Loading
Loading