lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12851 Commits
131 Branches
446 Tags
325 MiB
 
 
 
 
 
 
Tree: 5f76b24e5e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5f76b24e5e'
${ noResults }
node/deps/openssl/doc/UPGRADING.md

7.4 KiB
Raw Blame History

How to upgrade openssl library in Node.js

This document describes the procedure to upgrade openssl from 1.0.2a to 1.0.2c in Node.js.

Build System and Upgrading Overview

The openssl build system is based on the Configure perl script in deps/openssl/openssl. For example, running Configure linux_x86-64 in the openssl repository generates Makefile and opensslconf.h for the linux_x86_64 target architecture.

The Makefile contains the list of asm files which are generated by perl scripts during build so that we can get the most of use of the hardware performance according to the type of cpus.

Configure TABLE shows various build parameters that depend on each os and arch.

In Node.js, build target is defined as --dest-os and --dest-cpu in configure options which are different from the one that is defined in openssl and it's build system is gyp that is based on python, therefore we cannot use the openssl build system directly.

In order to build openssl with gyp in node, files of opensslconf.h and asm are generated in advance for several supported platforms.

Here is a map table to show conf(opensslconf.h) and asm between the openssl target and configuration parameters of os and cpu in node. The tested platform in CI are also listed.

--dest-os --dest-cpu conf asm openssl target CI
linux ia32 o o linux-elf o
linux x32 o x(*2) linux-x32 x
linux x64 o o linux-x86_64 o
linux arm o o linux-arm o
linux arm64 o o linux-aarch64 o
mac ia32 o o darwin-i386-cc -
mac x64 o o darwin64-x86_64-cc o
win ia32 o o(*3) VC-WIN32 x
win x64 o o VC-WIN64A o
solaris ia32 o o solaris-x86-gcc o
solaris x64 o o solaris64-x86_64-gcc o
freebsd ia32 o o BSD-x86 o
freebsd x64 o o BSD-x86_64 o
openbsd ia32 o o BSD-x86 x
openbsd x64 o o BSD-x86_64 x
others ia32 x(*1) o - x
others x64 x(*1) o - x
others arm x(*1) o - x
others arm64 x(*1) o - x
others others x(*1) x(*2) - x
  • (*1) use linux-elf as a fallback configuration
  • (*2) no-asm used
  • (*3) currently masm (Microsoft Macro Assembler) is used but it's no longer supported in openssl. We need to move to use nasm or yasm.

All parameters such as sources, defines, cflags and others generated in openssl Makefile are written down into deps/openssl/openssl.gypi.

The header file of deps/openssl/openssl/crypto/opensslconf.h are generated by Configure and varies on each os and arch so that we made a new deps/openssl/config/opensslconf.h, where it includes each conf file from deps/openssl/config/archs/*/opensslconf.h by using pre-defined compiler macros. This procedure can be processed automatically with deps/openssl/config/Makefile

Assembler support is one of the key features in openssl, but asm files are dynamically generated with deps/openssl/openssl/crypto/*/asm/*.pl by perl during build. Furthermore, these perl scripts check the version of assembler and generate asm files according to the supported instructions in each compiler.

Since perl is not a build requirement in node, they all should be generated in advance and statically stored in the repository. We provide two sets of asm files, one is asm_latest(avx2 and addx supported) in deps/openssl/asm and the other asm_obsolete(without avx1/2 and addx) in deps/openssl/asm_obsolute, which depends on supported features in assemblers. Each directory has a Makefile to generate asm files with perl scripts in openssl sources.

configure and gyp check the version of assemblers such as gnu as(gas), llvm and Visual Studio. deps/openssl/openssl.gypi determines what asm files should be used, in which the asm_latest needs the version of gas >= 2.23, llvm >= 3.3 or MSVS_VERSION>='2012' (ml64 >= 12) as defined in https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/sha/asm/sha512-x86_64.pl#L112-L129, otherwise asm_obsolete are used.

The following is the detail instruction steps how to upgrade openssl version from 1.0.2a to 1.0.2c in node.

1. Replace openssl source in deps/openssl/openssl

Remove old openssl sources in deps/openssl/openssl . Get original openssl sources from https://www.openssl.org/source/openssl-1.0.2c.tar.gz and extract all files into deps/openssl/openssl .

2. Apply private patches

There are three kinds of private patches to be applied in openssl-1.0.2c.

  • The two fixes of assembly error on ia32 win32. masm is no longer supported in openssl. We should move to use nasm or yasm in future version of node.

  • The fix of openssl-cli built on win. Key press requirement of openssl-cli in win causes timeout failures of several tests.

  • A new -no_rand_screen option to openssl s_client. This makes test time of test-tls-server-verify be much faster.

3. Replace openssl header files in deps/openssl/openssl/include/openssl

all header files in deps/openssl/openssl/include/openssl/*.h are symbolic links in the distributed release tar.gz. They cause issues in Windows. They are copied from the real files of symlink origin into the include directory. During installation, they also copied into PREFIX/node/include by tools/install.py.

4. Change opensslconf.h so as to fit each platform.

No change.

5. Update openssl.gyp and openssl.gypi

No change.

6. ASM files for openssl

We provide two sets of asm files. One is for the latest assembler and the other is the older one.

6.1. asm files for the latest compiler

This was made in deps/openssl/asm/Makefile

  • Updated asm files for each platforms which are required in openssl-1.0.2c.
  • Some perl files need CC and ASM envs. Added a check if these envs exist. Followed asm files are to be generated with CC=gcc and ASM=nasm on Linux. See deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl
  • Added new 32bit targets/rules with a sse2 flag (OPENSSL_IA32_SSE2) to generate asm for use SSE2.
  • Generating sha512 asm files in x86_64 need output filename which has 512. Added new rules so as not to use stdout for outputs.
  • PERLASM_SCHEME of linux-armv4 is void as defined in openssl Configure. Changed its target/rule and all directories are moved from arm-elf-gas to arm-void-gas.
  • add a new rule for armv8 asm generation

With export environments of CC=gcc and ASM=nasm, then type make command and check if new asm files are generated.

6.2.asm files for the older compiler

For older assembler, the version check of CC and ASM should be skipped in generating asm file with perl scripts. Copy files from deps/openssl/asm into deps/openssl/asm/asm_obsolete and change rules to generate asm files into this directories and remove the check of CC and ASM envs.

Without environments of CC and ASM, then type make command and check if new asm files for older compilers are generated.