OpenSSL 3.0 has a number of header files that are generated, and
currently these headers are copied into the architecture specific
directories. This is done for each asm type, 'asm', 'asm_avx2', and
'no-asm' which has takes up quite a lot of disk space and also becomes
an issue with the headers.tar file which has increased due to this.
This commit adds copies the headers to a common directory for the
architecture, for example with linux-x86_64 there will be a directory
named deps/openssl/config/archs/linux-x86_64/common/include where the
headers will be copied (into subdirectories 'openssl' and 'crypto'.
And in the original locations a header file with the same name will be
generated which points (includes) the common header file.
PR-URL: https://github.com/nodejs/node/pull/42616
Fixes: https://github.com/nodejs/node/issues/42081
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Currently using the --openssl-is-fips configuration option in
combination with --ninja is broken.
This commit fixes two issues, one being an issue with the linker/version
script path variable. The second is that the locations of built
artifacts that differ for ninja and make.
ninja:
$ ./configure --openssl-is-fips --ninja
$ ninja -C out/Release
$ ./node --enable-fips -p 'crypto.getFips()'
1
make:
$ ./configure --openssl-is-fips
$ make -j8
$ ./node --enable-fips -p 'crypto.getFips()'
1
PR-URL: https://github.com/nodejs/node/pull/40518
Refs: https://github.com/nodejs/node/issues/40509
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
This commit add the missing legacy provider source code which is
requried for statically linking the OpenSSL legacy provider.
Co-authored-by: Richard Lau <rlau@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/40478
Refs: https://github.com/nodejs/node/issues/40455
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
This pull request updates the OpenSSL version that is statically
linked with Node.js from OpenSSl 1.1.1 to quictls OpenSSL 3.0.0+quic.
This pull request will replace the OpenSSL version that is currently
in the deps directory and when performing a normal build
OpenSSL 3.0+quic will be statically linked to the Node.js executable.
We will still be able to dynamically link to OpenSSL 1.1.1 and we have
a CI job which dynamically links to OpenSSL 1.1.1 which is run for
every pull request to make sure that we maintain backward compatibility.
PR-URL: https://github.com/nodejs/node/pull/38512
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
The scripts used by make were modified to correctly reference the source
files that were originially in crypto/include/internal, but got moved to
include/crypto. The base path has been left unaltered since that would
require too many changes
PR-URL: https://github.com/nodejs/node/pull/32328
Fixes: https://github.com/nodejs/node/issues/32210
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This change adds a clean target to the VC-WIN* Makefiles, then adjusts
the config generation script to call it before config file generation
as well as after. This prevents files from previous configurations from
causing make to incorrectly assume the files are up to date.
PR-URL: https://github.com/nodejs/node/pull/27543
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
AIX has own assembler not GNU as that does not support --noexecstack.
PR-URL: https://github.com/nodejs/node/pull/25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
OpenSSL-1.1.1 has new support of AVX-512 but AVX-2 asm files still need
to be generated for the older assembler support to keep backward
compatibilities.
PR-URL: https://github.com/nodejs/node/pull/25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Because llvm on MacOS does not support AVX-512, asm files need to be limited to
AVX-2 support even when they are generated on Linux. fake_gcc.pl returns the
fake llvm banner version for MacOS as if the assembler supports upto AVX-2.
For Windows, makefiles for nmake were updated in OpenSSL-1.1.1 and they are
rewritten into GNU makefile format by hand.
PR-URL: https://github.com/nodejs/node/pull/25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Some of defines and cppflags in the build config of OpenSSL-1.1.1 were
moved to new attributes. Gyp and gypi file generations are needed to be
fixed to include them.
PR-URL: https://github.com/nodejs/node/pull/25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
This commit has a new binding scheme in builing OpenSSL-1.1.0 library
with Node. OpenSSL-1.1.0 uses a new build system with perl for various
supported platforms. See `Configurations/README` and
`Configurations/README.design` in the OpenSSL source for details.
In order to build OpenSSL library without perl in the build of Node
for various supported platforms, platform dependent files (e.g. asm
and header files ) are pre-generated and stored into the `config/arch`
directory.
- Makefile and generate_gypi.pl
Makefile has supported platform list and generates and copies platform
dependent files (e.g. asm files) into arch directory with
generate_gypi.pl. Platform dependent gypi files also created obtaining
build information from `configdata.pm` that is generated with
`Configure` in the OpenSSL build system.
For Windows, `Configure` generates makefile that is only available to
nmake command. Since nmake is not supported in Linux,
`Makefile_VC-WIN32` and `Makefile_VC-WIN64A` are made created by hand
for the use of GNU make. If make rules or targets are changed in the
version up of OpenSSL, they should be also updated.
The following files are used in upgrading openssl-1.1.0.
- gyp and gypi files
openssl.gyp has two targets of openssl and openssl-cli referred from
node.gyp. They includes asm and no_asm gypi files with arch dependent
gypi according to its build options and platforms . The gyp data which
is common with asm and no_asm are stored in openssl_common.gypi.
- header files
bn_conf.h, dso_conf.h and opensslconf.h are platform dependent in the
OpenSSL sources. They are replaced with *.h.tmpl files to include the
file in the `../../../config/` and referred to each arch files that
depends on asm and no-asm option.
Fixes: https://github.com/nodejs/node/issues/4270
PR-URL: https://github.com/nodejs/node/pull/19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
