This Makefile executes ../openssl/Configure {target} and copy
generated `../openssl/crypto/opensslconf.h` into
`archs/{target}/opensslconf.h`. with the target list that is defined
in ARCS. Several files are copied for backup and cleared so as not to
change the files in `../openssl`.
This also applies four fixes as below by using perl script so as to
meet iojs build requirements.
- all architectures
Remove define of OPENSSL_CPUID_OBJ because it is defined in
openssl.gypi so as to avoid build error with --openssl-no-asm
- VC-WIN32 and VC-WIN64A
OPENSSL_NO_DYNAMIC_ENGINE is needed for building static
library. OPENSSL_NO_CAPIENG is needed to avoid build errors on
Win. See the comments in `deps/openssl/openssl/engines/e_capi.c` for
detail.
- linux-x32
This fix was made by comparing define values of opensslconf.h which
was generated `Configure linux-x32' in openssl-1.0.2a
- darwin64-x86_64-cc
The current openssl release does not use RC4 asm since it explicitly
specified as `$asm=~s/rc4\-[^:]+//;` in
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/Configure#L584
But iojs has used RC4 asm on MacOS for long time. Fix type of RC4_INT
into `unsigned int` in opensslconf.h of darwin64-x86_64-cc to work on
the RC4 asm.
PR-URL: https://github.com/iojs/io.js/pull/1377
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
In OpenSSL, opensslconf.h was generated by Configure script with
specifying a target argument, where it includes several defines that
depend on OS and architecture platform.
In iojs, we statically mapped --dest-os and --dest-cpu options in
configure to the target of Configure in OpenSSL and make
`deps/openssl/conf/openssconf.h` so as to include each file
according to its target by checking pre-defined compiler macros.
Included opnesslconf.h files for supported target architectures can
be generated by `Makefile` and stored under
`archs/{target}/opensslconf.h`. The Makefile alos fixes several
defines to meet iojs build requirements.
Here is a map table of configure options in iojs, target arch of
Configure in OpenSSL and CI support.
| --dest-os | --dest-cpu | OpenSSL target arch | CI |
| --------- | ---------- | -------------------- | --- |
| linux | ia32 | linux-elf | o |
| linux | x32 | patched linux-x86_64 | - |
| linux | x64 | linux-x86_64 | o |
| linux | arm | linux-armv4 | o |
| linux | arm64 | N/A | - |
| mac | ia32 | darwin-i386-cc | o |
| mac | x64 | darwin64-x86-cc | o |
| win | ia32 | VC-WIN32 | - |
| win | x64 | VC-WIN64A | o |
| solaris | ia32 | solaris-x86-gcc | o |
| solaris | x64 | solaris64-x86_64-gcc | o |
| freebsd | ia32 | BSD-x86 | o |
| freebsd | x64 | BSD-x86_64 | o |
| openbsd | ia32 | BSD-x86 | - |
| openbsd | x64 | BSD-x86_64 | - |
| others | others | linux-elf | - |
--dest-os and --dest-cpu are mapped to pre-defined macros.
| --dest-os | pre-defined macro |
| ------------------ | ------------------------- |
| win | _WIN32 |
| win(64bit) | _WIN64 |
| mac | __APPLE__ && __MACH__ |
| solaris | __sun |
| freebsd | __FreeBSD__ |
| openbsd | __OpenBSD__ |
| linux (not andorid)| __linux__ && !__ANDROID__ |
| android | __ANDROID__ |
| --dest-cpu | pre-defined macro |
| ---------- | ----------------- |
| arm | __arm__ |
| arm64 | __aarch64__ |
| ia32 | __i386__ |
| ia32(win) | _M_IX86 |
| mips | __mips__ |
| mipsel | __MIPSEL__ |
| x32 | __ILP32__ |
| x64 | __x86_64__ |
| x64(win) | _M_X64 |
These are the list which is not implemented yet.
| --dest-os | --dest-cpu | OpenSSL target arch | CI |
| --------- | ---------- | -------------------- | --- |
| linux | mips | linux-mips32,linux-mips64,linux64-mips64? | --- |
| linux | mipsel | ? | --- |
| android | ia32 | android-x86 | --- |
| android | arm | android-armv7 | --- |
| android | mips | android-mips | --- |
| android | mipsel | ? | --- |
Supported target arch list in OpenSSL can be obtained by typing
`deps/openssl/openssl/Configure LIST`.
This also contains to add two new defines for all platform in the
bottom for GOST and Padlock engines are not included in iojs.
PR-URL: https://github.com/iojs/io.js/pull/1377
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Updated gyp has "else if" syntax in condition. Use this for
target_arch and OS switches. Several sources, defines, rules and
libraries variables moved to gypi files.
PR-URL: https://github.com/iojs/io.js/pull/1325
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
All sources are just extracted from tarball into deps/openssl/openssl.
change all openssl/include/openssl/*.h to include resolved symbolic
links and openssl/crypto/opensslconf.h to refer config/opensslconf.h
sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid`
(and perhaps others) are requiring .686.
removed vpaesni-x86_64.asm in x64-win32-masm - it is no longer used.
Fixes: https://github.com/iojs/io.js/issues/1186
PR-URL: https://github.com/iojs/io.js/pull/1206
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit adds basic arm64 support to the build. Building the bundled
openssl is disabled pending an upgrade to openssl 1.2, the currently
bundled version has some hand-rolled assembly that is 32 bits only.
PR-URL: https://github.com/iojs/io.js/pull/1028
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Rod Vagg <rod@vagg.org>
SSLv2 has been deprecated and known broken for nearly twenty years now.
I made SSLv2 support opt-in well over a year ago in commit 39aa894 and
now this commit removes it entirely.
PR-URL: https://github.com/iojs/io.js/pull/290
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
This patch disables two (categories of) warnings:
* deprecation of GetVersionExA
* possible loss of data in implicit conversion of scalar types
These warnings don't seem to point out serious problems, and avoiding
them in openssl is somebody else's business.
PR-URL: https://github.com/iojs/io.js/pull/261
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
On Windows a long integer is always 32-bits, even when the target
architecture uses 64-bit pointers.
PR-URL: https://github.com/iojs/io.js/pull/124
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This reverts commit 878cc3e532.
Reverted for breaking the x86_64 Linux build:
In file included from ../deps/openssl/openssl/include/openssl/bn.h:1:0,
from ../deps/openssl/openssl/crypto/bn/asm/../bn_lcl.h:115,
from ../deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c:1:
../deps/openssl/openssl/include/openssl/../../crypto/bn/bn.h:813:20: note: previous declaration of 'bn_add_words' was here
BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
^
../deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c:210:15: error: conflicting types for 'bn_sub_words'
BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
On Windows (and potentially other LP64 platforms), a long integer is
always 32-bits, even when the target architecture uses 64-bit pointers.
Signed-off-by: Bert Belder <bertbelder@gmail.com>
After much investigation it turns out that the affected servers are
buggy. user-service.condenastdigital.com:443 in particular seems to
reject large TLS handshake records. Cutting down the number of
advertised ciphers or disabling SNI fixes the issue.
Similarly, passing { secureOptions: constants.SSL_OP_NO_TLSv1_2 }
seems to fix most connection issues with IIS servers.
Having to work around buggy servers is annoying for our users but not
a reason to downgrade OpenSSL. Therefore, revert it.
This reverts commit 4fdb8acdae.
This commit undoes the downgrade from OpenSSL v1.0.1e to v1.0.0f,
effectively upgrading OpenSSL to v1.0.1e again. The reason for the
downgrade was to work around compatibility issues with certain TLS
servers in the stable branch. See the commit log of 4fdb8ac and the
linked issue for details. We're going to revisit that in the master
branch.
This reverts commit 4fdb8acdae.
Several people have reported issues with IIS and Resin servers (or maybe
SSL terminators sitting in front of those servers) that are fixed by
downgrading OpenSSL. The AESNI performance improvements were nice but
stability is more important. Downgrade OpenSSL from 1.0.1e to 1.0.0f.
Fixes#5360 (and others).
Microsoft's IIS doesn't support it, and is not replying with ServerHello
after receiving ClientHello which contains it.
The good way might be allowing to opt-out this at runtime from
javascript-land, but unfortunately OpenSSL doesn't support it right now.
see #5119
Fedor Indutny
Shigeki Ohtsu
Ben Noordhuis
Fedor Indutny
Bert Belder
Alexis Campailla
Andrei Sedoi