deps,build: add OpenSSL building of legacy module

This commit adds a configuration time flag to enable OpenSSL legacy module to be built. For example, the following will build the legacy module: $ ./configure --openssl-legacy-module To enable the default provider one has currently has to update the OpenSSL configuration file, openssl.cnf: [openssl_init] providers = provider_sect [provider_sect] default = default_sect legacy = legacy_sect [default_sect] activate = 1 [legacy_sect] activate = 1 This module can then be used by specifying the environment variable OPENSSL_MODULES like this: $ env OPENSSL_MODULES= \ $PWD/out/Release/obj.target/deps/openssl/lib/openssl-modules \ OPENSSL_CONF=out/Release/obj.target/deps/openssl/openssl.cnf \ ./node -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } Refs: nodejs#40455
danbev · Oct 16, 2021 · f5374d3 · f5374d3
1 parent ad4e70c
commit f5374d3
Show file tree

Hide file tree

Showing 9 changed files with 411 additions and 15 deletions.
diff --git a/configure.py b/configure.py
@@ -201,6 +201,12 @@
     default=None,
     help='specifies that the OpenSSL library is FIPS compatible')
 
+parser.add_argument('--openssl-legacy-module',
+    action='store_true',
+    dest='openssl_legacy_module',
+    default=None,
+    help='specifies that the OpenSSL legacy module is to be built')
+
 parser.add_argument('--openssl-use-def-ca-store',
     action='store_true',
     dest='use_openssl_ca_store',
@@ -1410,6 +1416,7 @@ def configure_openssl(o):
   variables['node_shared_nghttp3'] = b(options.shared_nghttp3)
   variables['openssl_is_fips'] = b(options.openssl_is_fips)
   variables['node_fipsinstall'] = b(False)
+  variables['node_openssl_legacy_module'] = b(False)
 
   if options.openssl_no_asm:
     variables['openssl_no_asm'] = 1
@@ -1466,6 +1473,9 @@ def without_ssl_error(option):
     o['defines'] += ['OPENSSL_FIPS']
     variables['node_fipsinstall'] = b(True)
 
+  if options.openssl_legacy_module and not options.shared_openssl:
+    variables['node_openssl_legacy_module'] = b(True)
+
   if options.shared_openssl:
     has_quic = getsharedopensslhasquic.get_has_quic(options.__dict__['shared_openssl_includes'])
   else:

diff --git a/deps/openssl/config/generate_gypi.pl b/deps/openssl/config/generate_gypi.pl
@@ -50,7 +50,8 @@
 my $progs = "apps/progs.h";
 my $prov_headers = "providers/common/include/prov/der_dsa.h providers/common/include/prov/der_wrap.h providers/common/include/prov/der_rsa.h providers/common/include/prov/der_ecx.h providers/common/include/prov/der_sm2.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_digests.h";
 my $fips_ld = ($arch =~ m/linux/ ? "providers/fips.ld" : "");
-my $cmd1 = "cd ../openssl; make -f $makefile clean build_generated $buildinf $progs $prov_headers $fips_ld;";
+my $legacy_ld = ($arch =~ m/linux/ ? "providers/legacy.ld" : "");
+my $cmd1 = "cd ../openssl; make -f $makefile clean build_generated $buildinf $progs $prov_headers $fips_ld $legacy_ld;";
 system($cmd1) == 0 or die "Error in system($cmd1)";
 
 # Copy and move all arch dependent header files into config/archs
@@ -100,11 +101,19 @@
 copy("$src_dir/providers/common/include/prov/der_digests.h",
      "$base_dir/providers/common/include/prov/") or die "Copy failed: $!";
 
-my $fips_linker_script = "";
+my $version_script_dir = "\$(srcdir)/deps/openssl/config/archs/$arch/$asm/providers";
+my $fips_version_script = "";
 if ($fips_ld ne "") {
-  $fips_linker_script = "$base_dir/providers/fips.ld";
+  $fips_version_script = "$version_script_dir/fips.ld";
   copy("$src_dir/providers/fips.ld",
-       $fips_linker_script) or die "Copy failed: $!";
+       "$base_dir/providers/fips.ld") or die "Copy failed: $!";
+}
+
+my $legacy_version_script = "";
+if ($legacy_ld ne "") {
+  $legacy_version_script = "$version_script_dir/legacy.ld";
+  copy("$src_dir/providers/legacy.ld",
+       "$base_dir/providers/legacy.ld") or die "Copy failed: $!";
 }
 
 
@@ -172,27 +181,52 @@
     $src =~ s\.[sS]$\.asm\ if ($is_win);
     push(@generated_srcs, $src);
   } else {
-    if ($src =~ m/\.c$/) { 
+    if ($src =~ m/\.c$/) {
       push(@libcrypto_srcs, $src);
     }
   }
 }
 
+my @liblegacy_srcs = ();
+
 foreach my $obj (@{$unified_info{sources}->{'providers/liblegacy.a'}}) {
   my $src = ${$unified_info{sources}->{$obj}}[0];
-  #print("liblegacy src: $src \n");
+  #print("providers/liblegacy.a obj: $obj src: $src \n");
   # .S files should be preprocessed into .s
   if ($unified_info{generate}->{$src}) {
     # .S or .s files should be preprocessed into .asm for WIN
-    $src =~ s\.[sS]$\.asm\ if ($is_win);
-    push(@generated_srcs, $src);
+    #$src =~ s\.[sS]$\.asm\ if ($is_win);
+    #push(@generated_srcs, $src);
   } else {
-    if ($src =~ m/\.c$/) { 
-      push(@libcrypto_srcs, $src);
+    if ($src =~ m/\.c$/) {
+      push(@liblegacy_srcs, $src);
+    }
+  }
+}
+
+foreach my $obj (@{$unified_info{sources}->{'providers/legacy'}}) {
+  if ($obj eq 'providers/legacy.ld') {
+    push(@generated_srcs, $obj);
+  } else {
+    my $src = ${$unified_info{sources}->{$obj}}[0];
+    #print("providers/fips obj: $obj, src: $src\n");
+    if ($src =~ m/\.c$/) {
+      push(@liblegacy_srcs, $src);
     }
   }
 }
 
+my @liblegacy_defines = ();
+foreach my $df (@{$unified_info{defines}->{'providers/liblegacy.a'}}) {
+  #print("liblegacy defines: $df\n");
+  push(@liblegacy_defines, $df);
+}
+
+foreach my $df (@{$unified_info{defines}->{'providers/legacy'}}) {
+  #print("liblegacy defines: $df\n");
+  push(@liblegacy_srcs, $df);
+}
+
 my @libfips_srcs = ();
 foreach my $obj (@{$unified_info{sources}->{'providers/libfips.a'}}) {
   my $src = ${$unified_info{sources}->{$obj}}[0];
@@ -316,12 +350,37 @@
         arch => \$arch,
         lib_cppflags => \@lib_cppflags,
         is_win => \$is_win,
-	linker_script => \rel2abs($fips_linker_script),
+	version_script => $fips_version_script,
     });
 
 open(FIPSGYPI, "> ./archs/$arch/$asm/openssl-fips.gypi");
 print FIPSGYPI "$fipsgypi";
 close(FIPSGYPI);
+#
+# Create openssl-fips.gypi
+my $legacytemplate =
+    Text::Template->new(TYPE => 'FILE',
+                        SOURCE => 'openssl-legacy.gypi.tmpl',
+                        DELIMITERS => [ "%%-", "-%%" ]
+                        );
+my $legacygypi = $legacytemplate->fill_in(
+    HASH => {
+        liblegacy_srcs => \@liblegacy_srcs,
+        liblegacy_defines => \@liblegacy_defines,
+	#generated_srcs => \@generated_srcs,
+        config => \%config,
+        target => \%target,
+        cflags => \@cflags,
+        asm => \$asm,
+        arch => \$arch,
+        lib_cppflags => \@lib_cppflags,
+        is_win => \$is_win,
+	version_script => $legacy_version_script,
+    });
+
+open(LEGACYGYPI, "> ./archs/$arch/$asm/openssl-legacy.gypi");
+print LEGACYGYPI "$legacygypi";
+close(LEGACYGYPI);
 
 # Create openssl-cl.gypi
 my $cltemplate =

diff --git a/deps/openssl/config/openssl-fips.gypi.tmpl b/deps/openssl/config/openssl-fips.gypi.tmpl
@@ -33,7 +33,7 @@
     'openssl_ex_libs_%%-$arch-%%': [
       '%%-$target{ex_libs}-%%',
     ],
-    'linker_script': '%%-$linker_script-%%'
+    'version_script': '%%-$version_script-%%'
   },
   'include_dirs': [
     '.',
@@ -46,8 +46,8 @@
 %%- if (!$is_win) {
       $OUT .= "  'cflags': ['<@(openssl_cflags_$arch)'],\n";
       $OUT .= "  'libraries': ['<@(openssl_ex_libs_$arch)'],\n";
-      if ($linker_script ne "") {
-        $OUT .= "  'ldflags': ['-Wl,--version-script=<@(linker_script)'],";
+      if ($version_script ne "") {
+        $OUT .= "  'ldflags': ['-Wl,--version-script=<@(version_script)'],";
       }
 } -%%
   'sources': ['<@(openssl_sources)', '<@(openssl_sources_%%-$arch-%%)'],

diff --git a/deps/openssl/config/openssl-legacy.gypi.tmpl b/deps/openssl/config/openssl-legacy.gypi.tmpl
@@ -0,0 +1,58 @@
+{
+  'variables': {
+    'openssl_sources': [
+%%- foreach $src (@liblegacy_srcs) {
+  $OUT .= "      'openssl/$src',\n";
+} -%%
+    ],
+    'openssl_sources_%%-$arch-%%': [
+%%- foreach $src (@generated_srcs) {
+  $OUT .= "      './config/archs/$arch/$asm/$src',\n";
+} -%%
+    ],
+    'openssl_defines_%%-$arch-%%': [
+%%- foreach $define (@{$config{defines}}) {
+      $OUT .= "      '$define',\n";
+    }
+    foreach $define (@lib_cppflags) {
+      $OUT .= "      '$define',\n";
+    }
+    foreach $define (@{$target{defines}}) {
+      $OUT .= "      '$define',\n";
+    }
+    foreach $define (@{liblegacy_defines}) {
+      $OUT .= "      '$define',\n";
+    }
+    foreach $define (@{$config{liblegacy_defines}}) {
+  $OUT .= "      '$define',\n";
+} -%%    ],
+    'openssl_cflags_%%-$arch-%%': [
+%%- foreach $cflag (@cflags) {
+      $OUT .= "      '$cflag',\n";
+} -%%    ],
+    'openssl_ex_libs_%%-$arch-%%': [
+      '%%-$target{ex_libs}-%%',
+    ],
+    'version_script': '%%-$version_script-%%'
+  },
+  'include_dirs': [
+    '.',
+    './include',
+    './crypto',
+    './crypto/include/internal',
+    './providers/common/include',
+  ],
+  'defines': ['<@(openssl_defines_%%-$arch-%%)'],
+%%- if (!$is_win) {
+      $OUT .= "  'cflags': ['<@(openssl_cflags_$arch)'],\n";
+      $OUT .= "  'libraries': ['<@(openssl_ex_libs_$arch)'],\n";
+      if ($version_script ne "") {
+        $OUT .= "  'ldflags': ['-Wl,--version-script=<@(version_script)'],";
+      }
+} -%%
+  'sources': ['<@(openssl_sources)', '<@(openssl_sources_%%-$arch-%%)'],
+  'direct_dependent_settings': {
+    'include_dirs': ['./include', '.'],
+    'defines': ['<@(openssl_defines_%%-$arch-%%)'],
+  },
+}
diff --git a/deps/openssl/openssl-legacy_asm.gypi b/deps/openssl/openssl-legacy_asm.gypi
@@ -0,0 +1,85 @@
+{
+  'conditions': [
+    ['target_arch=="ppc" and OS=="aix"', {
+      'includes': ['config/archs/aix-gcc/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="ppc" and OS=="linux"', {
+      'includes': ['config/archs/linux-ppc/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="ppc64" and OS=="aix"', {
+      'includes': ['config/archs/aix64-gcc-as/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="ppc64" and OS=="linux" and node_byteorder =="little"', {
+      'includes': ['config/archs/linux-ppc64le/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="ppc64" and OS=="linux"', {
+      'includes': ['config/archs/linux-ppc64/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="s390x" and OS=="linux"', {
+      'includes': ['config/archs/linux64-s390x/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="arm" and OS=="linux"', {
+      'includes': ['config/archs/linux-armv4/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="arm64" and OS=="linux"', {
+      'includes': ['config/archs/linux-aarch64/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="arm64" and OS=="mac"', {
+      'includes': ['config/archs/darwin64-arm64-cc/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="ia32" and OS=="freebsd"', {
+      'includes': ['config/archs/BSD-x86/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="ia32" and OS=="linux"', {
+      'includes': ['config/archs/linux-elf/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="ia32" and OS=="mac"', {
+      'includes': ['config/archs/darwin-i386-cc/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="ia32" and OS=="solaris"', {
+      'includes': ['config/archs/solaris-x86-gcc/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="ia32" and OS=="win"', {
+      'includes': ['config/archs/VC-WIN32/asm/openssl-legacy.gypi'],
+      'rules': [
+        {
+          'rule_name': 'Assemble',
+          'extension': 'asm',
+          'inputs': [],
+          'outputs': [
+            '<(INTERMEDIATE_DIR)/<(RULE_INPUT_ROOT).obj',
+          ],
+          'action': [
+            'nasm.exe',
+            '-f win32',
+            '-o', '<(INTERMEDIATE_DIR)/<(RULE_INPUT_ROOT).obj',
+            '<(RULE_INPUT_PATH)',
+          ],
+        }
+      ],
+    }, 'target_arch=="ia32"', {
+      'includes': ['config/archs/linux-elf/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="x64" and OS=="freebsd"', {
+      'includes': ['config/archs/BSD-x86_64/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="x64" and OS=="mac"', {
+      'includes': ['config/archs/darwin64-x86_64-cc/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="x64" and OS=="solaris"', {
+      'includes': ['config/archs/solaris64-x86_64-gcc/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="x64" and OS=="win"', {
+      'includes': ['config/archs/VC-WIN64A/asm/openssl-legacy.gypi'],
+      'rules': [
+        {
+          'rule_name': 'Assemble',
+          'extension': 'asm',
+          'inputs': [],
+          'outputs': [
+            '<(INTERMEDIATE_DIR)/<(RULE_INPUT_ROOT).obj',
+          ],
+          'action': [
+            'nasm.exe',
+            '-f win64',
+            '-DNEAR',
+            '-Ox',
+            '-g',
+            '-o', '<(INTERMEDIATE_DIR)/<(RULE_INPUT_ROOT).obj',
+            '<(RULE_INPUT_PATH)',
+          ],
+        }
+      ],
+    }, 'target_arch=="x64" and OS=="linux"', {
+      'includes': ['config/archs/linux-x86_64/asm/openssl-legacy.gypi'],
+    }, 'target_arch=="mips64el" and OS=="linux"', {
+      'includes': ['config/archs/linux64-mips64/asm/openssl-legacy.gypi'],
+    }, {
+      # Other architectures don't use assembly
+      'includes': ['config/archs/linux-x86_64/asm/openssl-legacy.gypi'],
+    }],
+  ],
+}