11## How to upgrade openssl library in io.js
22
3- This document describes the procedure to upgrade openssl from 1.0.1m
4- to 1.0.2a in io.js.
3+ This document describes the procedure to upgrade openssl from 1.0.2a
4+ to 1.0.2c in io.js.
55
66
77### Build System and Upgrading Overview
@@ -91,16 +91,16 @@ https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/sha/asm/sha5
9191otherwise asm_obsolete are used.
9292
9393The following is the detail instruction steps how to upgrade openssl
94- version from 1.0.1m to 1.0.2a in iojs.
94+ version from 1.0.2a to 1.0.2c in iojs.
9595
9696### 1. Replace openssl source in ` deps/openssl/openssl `
9797Remove old openssl sources in ` deps/openssl/openssl ` .
9898Get original openssl sources from
99- https://www.openssl.org/source/openssl-1.0.2a .tar.gz and extract all
99+ https://www.openssl.org/source/openssl-1.0.2c .tar.gz and extract all
100100files into ` deps/openssl/openssl ` .
101101
102102### 2. Apply private patches
103- There are three kinds of private patches to be applied in openssl-1.0.2a .
103+ There are three kinds of private patches to be applied in openssl-1.0.2c .
104104
105105- The two fixes of assembly error on ia32 win32. masm is no longer
106106 supported in openssl. We should move to use nasm or yasm in future
@@ -109,13 +109,8 @@ There are three kinds of private patches to be applied in openssl-1.0.2a.
109109- The fix of openssl-cli built on win. Key press requirement of
110110 openssl-cli in win causes timeout failures of several tests.
111111
112- - Backport patches for alt cert feature from openssl-1.1.x. Root certs
113- of 1024bit RSA key length were deprecated in io.js. When a tls
114- server has a cross root cert, io.js client leads CERT_UNTRUSTED
115- error because openssl does not find alternate cert chains. This fix
116- supports its feature but was made the current master which is
117- openssl-1.1.x. We backported them privately into openssl-1.0.2 on
118- iojs.
112+ - A new ` -no_rand_screen ` option to openssl s_client. This makes test
113+ time of test-tls-server-verify be much faster.
119114
120115### 3. Replace openssl header files in ` deps/openssl/openssl/include/openssl `
121116all header files in ` deps/openssl/openssl/include/openssl/*.h ` are
@@ -126,35 +121,10 @@ file such as
126121#include "../../crypto/aes/aes.h"
127122````
128123### 4. Change ` opensslconf.h ` so as to fit each platform.
129- The opensslconf.h in each target was created in advance by typing
130- ` deps/openssl/openssl/Configure {target} ` and copied
131- into ` deps/openssl/conf/archs/{target}/opensslconf.h ` .
132- ` deps/openssl/conf/openssconf.h ` includes each file according to its
133- target by checking pre-defined compiler macros. These can be generated
134- by using ` deps/openssl/conf/Makefile `
135-
136- We should remove OPENSSL_CPUID_OBJ define in opensslconf.h because it
137- causes build error when --openss-no-asm option is specified. Instead,
138- the OPENSSL_CPUID_OBJ is defined in ` deps/openssl/openssl.gypi `
139- according to the configure options.
140-
141- One fix of opensslconf.h is needed in 64-bit MacOS.
142- The current openssl release does not use RC4 asm since it explicitly
143- specified as ` $asm=~s/rc4\-[^:]+//; ` in
144- https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/Configure#L584
145- But iojs has used RC4 asm on MacOS for long time. Fix type of RC4_INT
146- into ` unsigned int ` in opensslconf.h of darwin64-x86_64-cc to work on
147- the RC4 asm.
124+ No change.
148125
149126### 5. Update openssl.gyp and openssl.gypi
150- Sources, cflags and define parameters that depends on each target can
151- be obtained via ` Configure TABLE ` . Its list is put in the table of
152- [ define and cflags changes in openssl-1.0.2a] ( openssl_define_list.pdf )
153-
154- There is no way to verify all necessary sources automatically. We can
155- only carefully look at the source list and compiled objects in
156- Makefile of openssl and compare the compiled objects that stored
157- stored under `out/Release/obj.target/openssl/deps/openssl/' in iojs.
127+ No change.
158128
159129### 6. ASM files for openssl
160130We provide two sets of asm files. One is for the latest assembler
@@ -163,7 +133,7 @@ and the other is the older one.
163133### 6.1. asm files for the latest compiler
164134This was made in ` deps/openssl/asm/Makefile `
165135- Updated asm files for each platforms which are required in
166- openssl-1.0.2a .
136+ openssl-1.0.2c .
167137- Some perl files need CC and ASM envs. Added a check if these envs
168138 exist. Followed asm files are to be generated with CC=gcc and
169139 ASM=nasm on Linux. See
0 commit comments