Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v10.x backport]: Update OpenSSL 1.1.1b #27419

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
19 changes: 12 additions & 7 deletions deps/openssl/config/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,14 @@ endif
PERL = perl

# Supported architecture list
ARCHS = aix-gcc aix64-gcc BSD-x86_64 \
ASM_ARCHS = aix-gcc aix64-gcc BSD-x86_64 \
darwin64-x86_64-cc darwin-i386-cc linux-aarch64 \
linux-armv4 linux-elf linux-x32 linux-x86_64 linux-ppc \
linux-ppc64 linux-ppc64le linux32-s390x linux64-s390x \
solaris-x86-gcc solaris64-x86_64-gcc VC-WIN64A VC-WIN32

NO_ASM_ARCHS = VC-WIN64-ARM

CC = gcc
FAKE_GCC = ../config/fake_gcc.pl

Expand All @@ -27,7 +29,6 @@ COPTS = no-comp no-shared no-afalgeng
# disable platform check in Configure
NO_WARN_ENV = CONFIGURE_CHECKER_WARN=1

GITIGNORE = $(OPSSL_SRC)/.gitignore
GENERATE = ./generate_gypi.pl

OPSSL_SRC = ../openssl
Expand All @@ -41,19 +42,23 @@ INT_CFG_DIR = $(OPSSL_SRC)/crypto/include/internal
PHONY = all clean replace
.PHONY: $(PHONY)

all: $(ARCHS) replace
all: $(ASM_ARCHS) $(NO_ASM_ARCHS) replace

# Configure and generate openssl asm files for each archs
$(ARCHS):
# Remove openssl .gitignore to follow nodejs .gitignore
if [ -e $(GITIGNORE) ]; then rm $(GITIGNORE); fi
$(ASM_ARCHS):
cd $(OPSSL_SRC); $(NO_WARN_ENV) CC=$(CC) $(PERL) $(CONFIGURE) $(COPTS) $@;
$(PERL) -w -I$(OPSSL_SRC) $(GENERATE) asm $@
# Confgure asm_avx2 and generate upto avx2 support
cd $(OPSSL_SRC); $(NO_WARN_ENV) CC=$(FAKE_GCC) $(PERL) $(CONFIGURE) \
$(COPTS) $@;
$(PERL) -w -I$(OPSSL_SRC) $(GENERATE) asm_avx2 $@
# Confgure no-asm and generate no-asm sources
# Configure no-asm and generate no-asm sources
cd $(OPSSL_SRC); $(NO_WARN_ENV) $(PERL) $(CONFIGURE) $(COPTS) \
no-asm $@;
$(PERL) -w -I$(OPSSL_SRC) $(GENERATE) no-asm $@

$(NO_ASM_ARCHS):
# Configure no-asm and generate no-asm sources
cd $(OPSSL_SRC); $(NO_WARN_ENV) $(PERL) $(CONFIGURE) $(COPTS) \
no-asm $@;
$(PERL) -w -I$(OPSSL_SRC) $(GENERATE) no-asm $@
Expand Down
147 changes: 147 additions & 0 deletions deps/openssl/config/Makefile_VC-WIN64-ARM
Original file line number Diff line number Diff line change
@@ -0,0 +1,147 @@

##
## Makefile for OpenSSL
##
## WARNING: do not edit!
## Generated by Configure from Configurations/common0.tmpl, Configurations/windows-makefile.tmpl, Configurations/common.tmpl


PLATFORM=VC-WIN64-ARM
SRCDIR=.
BLDDIR=.

VERSION=1.1.1a
MAJOR=1
MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

GENERATED_MANDATORY=crypto/include/internal/bn_conf.h crypto/include/internal/dso_conf.h include/openssl/opensslconf.h

INSTALL_LIBS="libcrypto.lib" "libssl.lib"
INSTALL_SHLIBS="libcrypto-1_1-arm64.dll" "libssl-1_1-arm64.dll"
INSTALL_SHLIBPDBS="libcrypto-1_1-arm64.pdb" "libssl-1_1-arm64.pdb"
INSTALL_ENGINES="engines/capi.dll" "engines/padlock.dll"
INSTALL_ENGINEPDBS="engines/capi.pdb" "engines/padlock.pdb"
INSTALL_PROGRAMS="apps/openssl.exe"
INSTALL_PROGRAMPDBS="apps/openssl.pdb"

BIN_SCRIPTS="$(BLDDIR)\tools\c_rehash.pl"
MISC_SCRIPTS="$(BLDDIR)\apps\CA.pl" "$(BLDDIR)\apps\tsget.pl"


APPS_OPENSSL="apps/openssl"

# Do not edit these manually. Use Configure with --prefix or --openssldir
# to change this! Short explanation in the top comment in Configure
INSTALLTOP_dev=
INSTALLTOP_dir=\OpenSSL
OPENSSLDIR_dev=
OPENSSLDIR_dir=\SSL
LIBDIR=lib
ENGINESDIR_dev=
ENGINESDIR_dir=\OpenSSL/lib/engines-1_1
INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir)
OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir)
ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir)

# $(libdir) is chosen to be compatible with the GNU coding standards
libdir=$(INSTALLTOP)\$(LIBDIR)

##### User defined commands and flags ################################

CC=cl
CPP=$(CC) /EP /C
CPPFLAGS=
CFLAGS=/W3 /wd4090 /nologo /O2
LD=link
LDFLAGS=/nologo /debug
EX_LIBS=

PERL=/usr/bin/perl

AR=lib
ARFLAGS= /nologo

MT=mt
MTFLAGS= -nologo

AS=
ASFLAGS=

RC=rc

ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl"

##### Special command flags ##########################################

COUTFLAG=/Fo$(OSSL_EMPTY)
LDOUTFLAG=/out:$(OSSL_EMPTY)
AROUTFLAG=/out:$(OSSL_EMPTY)
MTINFLAG=-manifest $(OSSL_EMPTY)
MTOUTFLAG=-outputresource:$(OSSL_EMPTY)
ASOUTFLAG=$(OSSL_EMPTY)
RCOUTFLAG=/fo$(OSSL_EMPTY)

##### Project flags ##################################################

# Variables starting with CNF_ are common variables for all product types

CNF_ASFLAGS=
CNF_CPPFLAGS=-D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE" -D"OPENSSL_SYS_WIN_CORE" -D"NDEBUG"
CNF_CFLAGS=/Gs0 /GF /Gy /MD
CNF_CXXFLAGS=
CNF_LDFLAGS=/NODEFAULTLIB:kernel32.lib
CNF_EX_LIBS=onecore.lib

# Variables starting with LIB_ are used to build library object files
# and shared libraries.
# Variables starting with DSO_ are used to build DSOs and their object files.
# Variables starting with BIN_ are used to build programs and their object
# files.

LIB_ASFLAGS=$(CNF_ASFLAGS) $(ASFLAGS)
LIB_CPPFLAGS=-D"L_ENDIAN" -D"OPENSSL_PIC" -D"OPENSSLDIR=\"\\SSL\"" -D"ENGINESDIR=\"\\OpenSSL/lib/engines-1_1\"" $(CNF_CPPFLAGS) $(CPPFLAGS)
LIB_CFLAGS=/Zi /Fdossl_static.pdb $(CNF_CFLAGS) $(CFLAGS)
LIB_LDFLAGS=/dll $(CNF_LDFLAGS) $(LDFLAGS)
LIB_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
DSO_ASFLAGS=$(CNF_ASFLAGS) $(ASFLAGS)
DSO_CPPFLAGS=$(CNF_CPPFLAGS) $(CPPFLAGS)
DSO_CFLAGS=/Zi /Fddso.pdb $(CNF_CFLAGS) $(CFLAGS)
DSO_LDFLAGS=/dll $(CNF_LDFLAGS) $(LDFLAGS)
DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
BIN_ASFLAGS=$(CNF_ASFLAGS) $(ASFLAGS)
BIN_CPPFLAGS=$(CNF_CPPFLAGS) $(CPPFLAGS)
BIN_CFLAGS=/Zi /Fdapp.pdb $(CNF_CFLAGS) $(CFLAGS)
BIN_LDFLAGS=/subsystem:console /opt:ref $(CNF_LDFLAGS) $(LDFLAGS)
BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)

# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
CPPFLAGS_Q=-D"L_ENDIAN" -D"OPENSSL_PIC"

PERLASM_SCHEME=

PROCESSOR=

build_generated: $(GENERATED_MANDATORY)

crypto/buildinf.h:
"$(PERL)" "util/mkbuildinf.pl" "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" > $@

apps/progs.h:
"$(PERL)" "apps/progs.pl" $(APPS_OPENSSL) > $@

crypto/include/internal/bn_conf.h:
"$(PERL)" "-I$(BLDDIR)" -Mconfigdata "util/dofile.pl" \
"-omakefile" "crypto/include/internal/bn_conf.h.in" > $@
crypto/include/internal/dso_conf.h:
"$(PERL)" "-I$(BLDDIR)" -Mconfigdata "util/dofile.pl" \
"-omakefile" "crypto/include/internal/dso_conf.h.in" > $@
include/openssl/opensslconf.h:
"$(PERL)" "-I$(BLDDIR)" -Mconfigdata "util/dofile.pl" \
"-omakefile" "include/openssl/opensslconf.h.in" > $@

distclean:
$(RM) $(GENERATED)
$(RM) /Q /F configdata.pm
$(RM) /Q /F makefile
73 changes: 49 additions & 24 deletions deps/openssl/config/README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
## Upgrading OpenSSL-1.1.0
## Upgrading OpenSSL

### Requirements
- Linux environment (Only CentOS7.1 and Ubuntu16 are tested)
Expand All @@ -22,12 +22,12 @@ Copyright (C) 2015 Free Software Foundation, Inc.
$ nasm -v
NASM version 2.11.08
```

### 1. Obtain and extract new OpenSSL sources

Get a new source from https://www.openssl.org/source/ and extract
all files into `deps/openssl/openssl`. Then add all files and commit
them.

```sh
$ cd deps/openssl/
$ rm -rf openssl
Expand All @@ -36,36 +36,58 @@ $ mv openssl-1.1.0h openssl
$ git add --all openssl
$ git commit openssl
````
The commit message can be

The commit message can be (with the openssl version set to the relevant value):
```
deps: upgrade openssl sources to 1.1.0h

This updates all sources in deps/openssl/openssl with openssl-1.1.0h.
This updates all sources in deps/openssl/openssl by:
$ cd deps/openssl/
$ rm -rf openssl
$ tar zxf ~/tmp/openssl-1.1.0h.tar.gz
$ mv openssl-1.1.0h openssl
$ git add --all openssl
$ git commit openssl
```

### 2. Apply a floating patch

Currently, one floating patch is needed to build S390 asm files.
Currently, one floating patch is needed to build S390 asm files:
```
commit 094465362758ebf967b33c84d5c96230b46a34b3
Author: Shigeki Ohtsu <[email protected]>
Date: Wed Mar 7 23:52:52 2018 +0900
Author: Shigeki Ohtsu <[email protected]>
Date: Wed Mar 7 23:52:52 2018 +0900

deps: add s390 asm rules for OpenSSL-1.1.0

deps: add s390 asm rules for OpenSSL-1.1.0
This is a floating patch against OpenSSL-1.1.0 to generate asm files
with Makefile rules and it is to be submitted to the upstream.

This is a floating patch against OpenSSL-1.1.0 to generate asm files
with Makefile rules and it is to be submitted to the upstream.
Fixes: https://github.com/nodejs/node/issues/4270
PR-URL: https://github.com/nodejs/node/pull/19794
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Rod Vagg <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>

deps/openssl/openssl/crypto/poly1305/build.info | 2 ++
```

Cherry pick it from the previous commit.
Find the SHA of the previous commit of this patch:
```sh
$ git log -n1 --oneline -- deps/openssl/openssl/crypto/poly1305/build.info
```

Using the SHA found in the previous step, cherry pick it from the previous
commit (with the openssl version in the commit message set to the relevant
value):
```sh
$ git cherry-pick 45b9f5df6ff1548f01ed646ebee75e3f0873cefd
```
### 3. Execute `make` in `deps/openssl/config` directory

Just type `make` then it generates all platform dependent files into
`deps/openssl/config/archs` directory.

### 3. Execute `make` in `deps/openssl/config` directory

Use `make` to regenerate all platform dependent files in
`deps/openssl/config/archs/`:
```sh
$ cd deps/openssl/config; make
```
Expand Down Expand Up @@ -96,19 +118,22 @@ $ git add deps/openssl/config/archs
$ git add deps/openssl/openssl/crypto/include/internal/bn_conf.h
$ git add deps/openssl/openssl/crypto/include/internal/dso_conf.h
$ git add deps/openssl/openssl/include/openssl/opensslconf.h
$ git add deps/openssl/openssl/.gitignore
$ git commit
```

The commit message can be
The commit message can be (with the openssl version set to the relevant value):
```
commit 8cb1de45c60f2d520551166610115531db673518
Author: Shigeki Ohtsu <[email protected]>
Date: Thu Mar 29 16:46:11 2018 +0900

deps: update archs files for OpenSSL-1.1.0

`cd deps/openssl/config; make` updates all archs dependant files.
deps: update archs files for OpenSSL-1.1.0

After an OpenSSL source update, all the config files need to be regenerated and
comitted by:
$ cd deps/openssl/config
$ make
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl/crypto/include/internal/bn_conf.h
$ git add deps/openssl/openssl/crypto/include/internal/dso_conf.h
$ git add deps/openssl/openssl/include/openssl/opensslconf.h
$ git commit
```

Finally, build Node and run tests.
Loading