From c7ec30afebe6b35b3acb93af12b387320fdf5cb3 Mon Sep 17 00:00:00 2001 From: "L. E. Segovia" Date: Wed, 6 Aug 2025 01:35:54 +0000 Subject: [PATCH] openssl: update to 3.0.17 This also enables capturing .asm and .rc files, and updates the existing logic to support MSVC 32 and 64-bits x86. This was already available for the OpenSSL 1.x version of my fork, but I had never upstreamed its support. I've also bumped the version to 0.64 to enable the Nasm language support. --- ci_config.json | 6 +- releases.json | 1 + subprojects/openssl.wrap | 9 +- .../packagefiles/openssl/Makefile.patch | 59 +++ .../exclude-library-directive-msvc.patch | 13 + .../openssl/generate_gypi.pl.patch | 100 ++++- subprojects/packagefiles/openssl/generator.sh | 45 +- subprojects/packagefiles/openssl/meson.build | 423 +++++++++++------- .../packagefiles/openssl/meson.build.tmpl | 26 ++ tools/sanity_checks.py | 2 + 10 files changed, 497 insertions(+), 187 deletions(-) create mode 100644 subprojects/packagefiles/openssl/Makefile.patch create mode 100644 subprojects/packagefiles/openssl/exclude-library-directive-msvc.patch diff --git a/ci_config.json b/ci_config.json index a4c64b527..903bf4450 100644 --- a/ci_config.json +++ b/ci_config.json @@ -1115,11 +1115,13 @@ "nasm", "patch", "perl", - "perl-text-template" + "perl-text-template", + "rsync" ], "debian_packages": [ "libtext-template-perl", - "nasm" + "nasm", + "rsync" ], "build_options": [ "openssl:build_cli=true" diff --git a/releases.json b/releases.json index 1202ecc3e..e51f95aca 100644 --- a/releases.json +++ b/releases.json @@ -3234,6 +3234,7 @@ "openssl" ], "versions": [ + "3.0.17-1", "3.0.8-3", "3.0.8-2", "3.0.8-1", diff --git a/subprojects/openssl.wrap b/subprojects/openssl.wrap index a3099259e..efd92d999 100644 --- a/subprojects/openssl.wrap +++ b/subprojects/openssl.wrap @@ -1,8 +1,9 @@ [wrap-file] -directory = openssl-3.0.8 -source_url = https://www.openssl.org/source/openssl-3.0.8.tar.gz -source_filename = openssl-3.0.8.tar.gz -source_hash = 6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e +directory = openssl-3.0.17 +node_version = v22.18.0 +source_url = https://github.com/openssl/openssl/releases/download/openssl-3.0.17/openssl-3.0.17.tar.gz +source_filename = openssl-3.0.17.tar.gz +source_hash = dfdd77e4ea1b57ff3a6dbde6b0bdc3f31db5ac99e7fdd4eaf9e1fbb6ec2db8ce patch_directory = openssl [provide] diff --git a/subprojects/packagefiles/openssl/Makefile.patch b/subprojects/packagefiles/openssl/Makefile.patch new file mode 100644 index 000000000..b5bc1606b --- /dev/null +++ b/subprojects/packagefiles/openssl/Makefile.patch @@ -0,0 +1,59 @@ +diff --git a/deps/openssl/config/Makefile b/deps/openssl/config/Makefile +index 48d2af80..8913d9c5 100644 +--- a/deps/openssl/config/Makefile ++++ b/deps/openssl/config/Makefile +@@ -1,23 +1,33 @@ +-# This Makefile is confirmed to be run only on Linux (CentOS and +-# Ubuntu). perl5 and gas(>=2.26) are needed. ++# This Makefile is confirmed to be run on Linux (CentOS and ++# Ubuntu), macOS, or on a MSYS2 shell. ++# perl5, nasm, and either gas(>=2.26) or LLVM(>= 9.0) are needed. + +-UNAME_S := $(shell uname -s) +-ifneq ($(UNAME_S),Linux) +- $(error This can be run only on Linux) ++UNAME_S := $(shell uname -o) ++ifneq (, $(findstring Linux,$(UNAME_S))) ++ UNAME_OK:=true ++endif ++ifeq ($(UNAME_S),Msys) ++ UNAME_OK:=true ++endif ++ifeq ($(UNAME_S),Darwin) ++ UNAME_OK:=true ++endif ++ifneq ($(UNAME_OK),true) ++ $(error This can be run only on Linux, MSYS or macOS) + endif + + PERL = perl + + # Supported architecture list +-ASM_ARCHS = aix64-gcc-as BSD-x86 BSD-x86_64 \ ++ASM_ARCHS = BSD-x86 BSD-x86_64 \ + darwin64-x86_64-cc darwin-i386-cc darwin64-arm64-cc linux-aarch64 \ +-linux-armv4 linux-elf linux-x86_64 \ +-linux-ppc64le linux32-s390x linux64-s390x linux64-mips64\ +-solaris-x86-gcc solaris64-x86_64-gcc VC-WIN64A VC-WIN32 ++linux-armv4 linux-elf linux-x32 linux-x86_64 linux-ppc \ ++linux-ppc64le linux64-s390x linux64-mips64\ ++solaris-x86-gcc solaris64-x86_64-gcc VC-WIN64A VC-WIN32 mingw mingw64 + + NO_ASM_ARCHS = VC-WIN64-ARM linux64-riscv64 linux64-loongarch64 + +-CC = gcc ++CC ?= gcc + FAKE_GCC = ../config/fake_gcc.pl + + CONFIGURE = ./Configure +@@ -53,10 +63,6 @@ all: $(ASM_ARCHS) $(NO_ASM_ARCHS) generate_headers + $(ASM_ARCHS): + cd $(OPSSL_SRC); $(NO_WARN_ENV) CC=$(CC) $(PERL) $(CONFIGURE) $(COPTS) $@; + $(PERL) -w -I$(OPSSL_SRC) $(GENERATE) asm $@ "${GEN_HEADERS}" "${CRYPTO_GEN_HEADERS}" +-# Confgure asm_avx2 and generate upto avx2 support +- cd $(OPSSL_SRC); $(NO_WARN_ENV) CC=$(FAKE_GCC) $(PERL) $(CONFIGURE) \ +- $(COPTS) $@; +- $(PERL) -w -I$(OPSSL_SRC) $(GENERATE) asm_avx2 $@ "${GEN_HEADERS}" "${CRYTO_GEN_HEADERS}" + # Configure no-asm and generate no-asm sources + cd $(OPSSL_SRC); $(NO_WARN_ENV) $(PERL) $(CONFIGURE) $(COPTS) \ + no-asm $@; diff --git a/subprojects/packagefiles/openssl/exclude-library-directive-msvc.patch b/subprojects/packagefiles/openssl/exclude-library-directive-msvc.patch new file mode 100644 index 000000000..94ee7138f --- /dev/null +++ b/subprojects/packagefiles/openssl/exclude-library-directive-msvc.patch @@ -0,0 +1,13 @@ +diff --git a/util/mkdef.pl b/util/mkdef.pl +index d9534674..eb98b1cf 100755 +--- a/util/mkdef.pl ++++ b/util/mkdef.pl +@@ -299,8 +299,6 @@ sub writer_windows { + ; Definition file for the DLL version of the $libname library from OpenSSL + ; + +-LIBRARY "$libname" +- + EXPORTS + _____ + for (@_) { diff --git a/subprojects/packagefiles/openssl/generate_gypi.pl.patch b/subprojects/packagefiles/openssl/generate_gypi.pl.patch index 20b9d0045..b2814f56d 100644 --- a/subprojects/packagefiles/openssl/generate_gypi.pl.patch +++ b/subprojects/packagefiles/openssl/generate_gypi.pl.patch @@ -1,10 +1,101 @@ diff --git a/openssl/config/generate_gypi.pl b/openssl/config/generate_gypi.pl +index be7d357f..aafdc73d 100755 --- a/openssl/config/generate_gypi.pl +++ b/openssl/config/generate_gypi.pl -@@ -361,7 +361,35 @@ +@@ -27,13 +27,31 @@ my $arch = shift @ARGV; + my $nasm_banner = `nasm -v`; + die "Error: nasm is not installed." if (!$nasm_banner); + +-# gas version check +-my $gas_version_min = 2.30; +-my $gas_banner = `gcc -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`; +-my ($gas_version) = ($gas_banner =~/GNU assembler version ([2-9]\.[0-9]+)/); +-if ($gas_version < $gas_version_min) { +- die "Error: gas version $gas_version is too old." . +- "$gas_version_min or higher is required."; ++# gas/llvm-as version check ++my $gas_banner = `gcc -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`; ++if ($gas_banner) { ++ my $gas_version_min = 2.30; ++ my ($gas_version) = ($gas_banner =~/GNU assembler version ([2-9]\.[0-9]+)/); ++ if ($gas_version < $gas_version_min) { ++ die "Error: gas version $gas_version is too old." . ++ "$gas_version_min or higher is required."; ++ } ++} else { ++ my $llvm_version_min = 9.0; ++ my $llvm_banner = `clang -Wa,--version -c -o /dev/null -x assembler /dev/null 2>&1`; ++ my ($llvm_as_version) = ($llvm_banner =~/clang version ([0-9]+\.[0-9]+)/); ++ if ($llvm_as_version < $llvm_version_min) { ++ die "Error: LLVM $llvm_as_version is too old." . ++ "$llvm_version_min or higher is required." ++ } ++} ++ ++# Set the compiler ++my $compiler; ++if ($gas_banner) { ++ $compiler = 'cc'; ++} else { ++ $compiler = 'clang'; + } + + our $src_dir = "../openssl"; +@@ -108,6 +126,11 @@ if ($fips_ld ne "" and not $is_win) { + "$base_dir/providers/fips.ld") or die "Copy failed: $!"; + } + ++# list headers following the Makefile glob ++my @openssl_arch_headers = (); ++foreach my $obj (glob("$base_dir/include/openssl/*.{h,H}")) { ++ push(@openssl_arch_headers, substr($obj, length($base_dir) + 1)); ++} + + # read openssl source lists from configdata.pm + my @libapps_srcs = (); +@@ -265,10 +288,36 @@ foreach my $obj (@{$unified_info{sources}->{'apps/openssl'}}) { + push(@apps_openssl_srcs, ${$unified_info{sources}->{$obj}}[0]); + } + ++# msvc and mingw requires the .rc but none appears in ++# sources; we need to pluck them out of generate ++# (in 1.x this also included the .def but now it's Makefile generated) ++my @win_resources = grep {/(.rc$)/} (keys %{$unified_info{generate}}); ++foreach my $src (@win_resources) { ++ # VC makefiles are intended for static files ++ # Execute the rules straight out of configdata ++ my $generation_cmd = join(" ", @{$unified_info{generate}->{$src}}); ++ my $cmd = "cd ../openssl && $generation_cmd > $src && " . ++ "rsync -R $src ../config/archs/$arch/$asm && cd ../config"; ++ system("$cmd") == 0 or die "Error in system($cmd)"; ++} ++ ++my $libssl_rc; ++if (exists $unified_info{generate}->{'libssl.rc'}) { ++ $libssl_rc = 'libssl.rc'; ++} else { ++ $libssl_rc = ''; ++} ++my $libcrypto_rc; ++if (exists $unified_info{generate}->{'libcrypto.rc'}) { ++ $libcrypto_rc = 'libcrypto.rc'; ++} else { ++ $libcrypto_rc = ''; ++} ++ + # Generate all asm files and copy into config/archs + foreach my $src (@generated_srcs) { +- my $cmd = "cd ../openssl; CC=gcc ASM=nasm make -f $makefile $src;" . +- "cp --parents $src ../config/archs/$arch/$asm; cd ../config"; ++ my $cmd = "cd ../openssl; CC=$compiler ASM=nasm make -f $makefile $src;" . ++ "rsync -R $src ../config/archs/$arch/$asm; cd ../config"; + system("$cmd") == 0 or die "Error in system($cmd)"; + } + +@@ -361,9 +410,40 @@ open(CLGYPI, "> ./archs/$arch/$asm/openssl-cl.gypi"); print CLGYPI "$clgypi"; close(CLGYPI); - + +# Create meson.build +my $mtemplate = + Text::Template->new(TYPE => 'FILE', @@ -15,11 +106,14 @@ diff --git a/openssl/config/generate_gypi.pl b/openssl/config/generate_gypi.pl +my $meson = $mtemplate->fill_in( + HASH => { + libssl_srcs => \@libssl_srcs, ++ libssl_rc => \$libssl_rc, + libcrypto_srcs => \@libcrypto_srcs, + lib_defines => \@lib_defines, ++ libcrypto_rc => \$libcrypto_rc, + generated_srcs => \@generated_srcs, + apps_openssl_srcs => \@apps_openssl_srcs, + libapps_srcs => \@libapps_srcs, ++ openssl_arch_headers => \@openssl_arch_headers, + config => \%config, + target => \%target, + cflags => \@cflags, @@ -38,3 +132,5 @@ diff --git a/openssl/config/generate_gypi.pl b/openssl/config/generate_gypi.pl - "git clean -f $src_dir/crypto"; + "git clean -f crypto"; system($cmd2) == 0 or die "Error in system($cmd2)"; + + diff --git a/subprojects/packagefiles/openssl/generator.sh b/subprojects/packagefiles/openssl/generator.sh index ee02cf215..7f748384b 100755 --- a/subprojects/packagefiles/openssl/generator.sh +++ b/subprojects/packagefiles/openssl/generator.sh @@ -1,35 +1,54 @@ #!/bin/bash set -e +set -x cd "$(dirname "${BASH_SOURCE[0]}")" # Node.js version should bundle OpenSSL of matching version to one specified in wrap file -node_version=v19.7.0 +node_version="$NODE_VERSION" openssl_version="$OPENSSL_VERSION" if [ -z "$openssl_version" ]; then - openssl_version=$(grep 'directory = ' ../../openssl.wrap | grep -oE '[0-9]+\.[0-9]+\.[0-9]+') + openssl_version=$(grep 'directory = ' ../../openssl.wrap | grep -oE '[0-9]+\.[0-9]+\.[0-9]+[a-z]?') + node_version=$(grep 'node_version = ' ../../openssl.wrap | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+') fi -rm -rf node -git clone --depth 1 --branch $node_version https://github.com/nodejs/node.git +if [ ! -d "node" ]; then + git clone --depth 1 --branch $node_version https://github.com/nodejs/node.git +else + pushd node + git checkout -f $node_version + popd +fi rm -rf generated-config pushd node/deps/openssl # Apply patch that will allow us generate `meson.build` for different targets +patch -u config/Makefile -i ../../../Makefile.patch patch -u config/generate_gypi.pl -i ../../../generate_gypi.pl.patch # Copy `meson.build` template file cp ../../../meson.build.tmpl config/ # Swap bundled OpenSSL in Node.js with upstream -rm -rf openssl -git clone --depth 1 --branch "openssl-$openssl_version" https://github.com/openssl/openssl.git +if [ -d "openssl" ]; then + if [ ! -d "openssl/.git" ]; then + rm -rf "openssl" + git clone --depth 1 --branch "openssl-$openssl_version" https://github.com/openssl/openssl.git + fi +fi python3 ../../../generate_def.py --fixup-crypto < openssl/util/libcrypto.num > ../../../crypto.def python3 ../../../generate_def.py < openssl/util/libssl.num > ../../../ssl.def +pushd openssl +pwd +git checkout -f "openssl-$openssl_version" +# Apply patch to block OpenSSL from renaming the Windows DLLs +patch -p1 -i ../../../../exclude-library-directive-msvc.patch +popd + rm -rf config/archs LANG=C make -C config @@ -39,17 +58,13 @@ find config/archs -name 'meson.build' -exec sh -c "$cmd" _ignored {} \; find config/archs -name '*.asm' -exec sh -c "$cmd" _ignored {} \; find config/archs -name '*.c' -exec sh -c "$cmd" _ignored {} \; find config/archs -name '*.h' -exec sh -c "$cmd" _ignored {} \; -find config/archs -iname '*.s' -exec sh -c "$cmd" _ignored {} \; - -# AIX is not supported by Meson -rm -rf ../../../generated-config/archs/aix* -# 32-bit s390x supported in Meson -rm -rf ../../../generated-config/archs/linux32-s390x -# This is for old gas/nasm versions, we do not care about them -rm -rf ../../../generated-config/archs/*/asm_avx2 +find config/archs -name '*.s' -exec sh -c "$cmd" _ignored {} \; +find config/archs -name '*.rc' -exec sh -c "$cmd" _ignored {} \; + # Remove build info files, we use hardcoded deterministic one instead rm -rf ../../../generated-config/archs/*/*/crypto/buildinf.h popd -rm -rf node +# Comment this line out when testing, so that it avoids repeated clones +# rm -rf node diff --git a/subprojects/packagefiles/openssl/meson.build b/subprojects/packagefiles/openssl/meson.build index a270eee66..444c0283e 100644 --- a/subprojects/packagefiles/openssl/meson.build +++ b/subprojects/packagefiles/openssl/meson.build @@ -1,9 +1,9 @@ project( 'openssl', 'c', - version: '3.0.8', + version: '3.0.17', license: 'Apache-2.0', - meson_version: '>= 0.55', + meson_version: '>= 0.64', default_options: ['warning_level=1'], ) @@ -11,17 +11,15 @@ project( fs = import('fs') if not fs.exists('generated-config') message('Generating OpenSSL configs...') - - if host_machine.system() != 'linux' - error('Generator only works on Linux, other platforms are not supported') - endif - + env = environment() + env.set('NODE_VERSION', 'v22.18.0') + env.set('OPENSSL_VERSION', meson.project_version()) bash = find_program('bash') run_command( bash, 'generator.sh', check: true, - env: ['OPENSSL_VERSION=' + meson.project_version()], + env: env, ) endif @@ -52,19 +50,25 @@ c_args = [] asm_opt = get_option('asm') if asm_opt.disabled() - gas_or_nasm = false + new_gas_or_nasm = false else - gas_or_nasm = (find_program( + # See openssl.gyp, openssl-fipsmodule target + new_gas = find_program( 'as', required: false, - ).found() or -find_program( + version: '>=2.26', + ) + new_asm = find_program( 'nasm', required: false, - ).found() + version: '>=2.11.8', + ) + new_gas_or_nasm = (new_gas.found() or + new_asm.found() ) endif +is_msvc_like = ['msvc', 'clang-cl'].contains(compiler.get_id()) is_bsd = host_machine.system() in ['dragonfly', 'freebsd', 'netbsd', 'openbsd'] is_darwin = host_machine.system() == 'darwin' is_linux = host_machine.system() in ['linux', 'android'] @@ -80,106 +84,86 @@ is_arm = host_machine.cpu_family() == 'arm' is_ppc64 = host_machine.cpu_family() == 'ppc64' is_riskv64 = host_machine.cpu_family() == 'riscv64' -if gas_or_nasm +if new_gas_or_nasm asm = 'asm' - if is_bsd - if is_x86 - arch_subdir = 'BSD-x86' - elif is_x86_64 - arch_subdir = 'BSD-x86_64' - else - asm = 'no-asm' - endif - elif is_darwin - if is_aarch64 - arch_subdir = 'darwin64-arm64-cc' - elif is_x86_64 - arch_subdir = 'darwin64-x86_64-cc' - elif is_x86 - arch_subdir = 'darwin-i386-cc' - else - asm = 'no-asm' - endif - elif is_linux - if is_mips64 - arch_subdir = 'linux64-mips64' - elif is_s390x - arch_subdir = 'linux64-s390x' - elif is_aarch64 - arch_subdir = 'linux-aarch64' - elif is_arm - arch_subdir = 'linux-armv4' - elif is_ppc64 - arch_subdir = 'linux-ppc64le' - elif is_x86 - arch_subdir = 'linux-elf' - elif is_x86_64 - arch_subdir = 'linux-x86_64' - else - asm = 'no-asm' - endif - elif is_sunos - if is_x86_64 - arch_subdir = 'solaris64-x86_64-gcc' - elif is_x86 - arch_subdir = 'solaris-x86-gcc' + # Require AVX512IFMA supported. See + # https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_ia32cap.html + # Currently crypto/poly1305/asm/poly1305-x86_64.pl requires AVX512IFMA. + if host_machine.cpu_family() == 'ppc' and host_machine.system() == 'linux' + arch_subdir = 'linux-ppc' + elif host_machine.cpu_family() == 'ppc64' and host_machine.system() == 'linux' and host_machine.endian() == 'little' + arch_subdir = 'linux-ppc64le' + elif host_machine.cpu_family() == 'ppc64' and host_machine.system() == 'linux' + arch_subdir = 'linux-ppc64' + elif host_machine.cpu_family() == 's390x' and host_machine.system() == 'linux' + arch_subdir = 'linux64-s390x' + elif host_machine.cpu_family() == 'arm' and host_machine.system() in [ + 'linux', + 'android', + ] + arch_subdir = 'linux-armv4' + elif host_machine.cpu_family() == 'aarch64' and host_machine.system() in [ + 'linux', + 'android', + ] + arch_subdir = 'linux-aarch64' + elif host_machine.cpu_family() == 'x86' and host_machine.system() in [ + 'dragonfly', + 'freebsd', + 'netbsd', + 'openbsd', + ] + arch_subdir = 'BSD-x86' + elif host_machine.cpu_family() == 'x86' and host_machine.system() in [ + 'linux', + 'android', + ] + arch_subdir = 'linux-elf' + elif host_machine.cpu_family() == 'x86' and host_machine.system() == 'darwin' + arch_subdir = 'darwin-i386-cc' + elif host_machine.cpu_family() == 'x86' and host_machine.system() == 'sunos' + arch_subdir = 'solaris-x86-gcc' + elif host_machine.cpu_family() == 'x86' and host_machine.system() == 'windows' + if is_msvc_like + if new_asm.found() + arch_subdir = 'VC-WIN32' + else + asm = 'no_asm' + endif else - asm = 'no-asm' + arch_subdir = 'mingw' endif - elif is_windows - if is_x86 - warning('x86 + windows combo does not support ASM yet, please contribute') - asm = 'no-asm' - # TODO: Port this for Windows and uncomment - # arch_subdir = 'VC-WIN32' - # asm = 'asm' - #'rules': [ - # { - # 'rule_name': 'Assemble', - # 'extension': 'asm', - # 'inputs': [], - # 'outputs': [ - # '<(INTERMEDIATE_DIR)/<(RULE_INPUT_ROOT).obj', - # ], - # 'action': [ - # 'nasm.exe', - # '-f win32', - # '-o', '<(INTERMEDIATE_DIR)/<(RULE_INPUT_ROOT).obj', - # '<(RULE_INPUT_PATH)', - # ], - # } - #], - elif is_x86_64 - warning( - 'x86_64 + windows combo does not support ASM yet, please contribute', - ) - asm = 'no-asm' - # TODO: Port this for Windows and uncomment - # arch_subdir = 'VC-WIN64A' - # asm = 'asm' - #'rules': [ - # { - # 'rule_name': 'Assemble', - # 'extension': 'asm', - # 'inputs': [], - # 'outputs': [ - # '<(INTERMEDIATE_DIR)/<(RULE_INPUT_ROOT).obj', - # ], - # 'action': [ - # 'nasm.exe', - # '-f win64', - # '-DNEAR', - # '-Ox', - # '-g', - # '-o', '<(INTERMEDIATE_DIR)/<(RULE_INPUT_ROOT).obj', - # '<(RULE_INPUT_PATH)', - # ], - # } - #], + elif host_machine.cpu_family() == 'x86_64' and host_machine.system() in [ + 'dragonfly', + 'freebsd', + 'netbsd', + 'openbsd', + ] + arch_subdir = 'BSD-x86_64' + elif host_machine.cpu_family() == 'x86_64' and host_machine.system() == 'darwin' + arch_subdir = 'darwin64-x86_64-cc' + elif host_machine.cpu_family() == 'aarch64' and host_machine.system() == 'darwin' + arch_subdir = 'darwin64-arm64-cc' + elif host_machine.cpu_family() == 'x86_64' and host_machine.system() == 'sunos' + arch_subdir = 'solaris64-x86_64-gcc' + elif host_machine.cpu_family() == 'x86_64' and host_machine.system() == 'windows' + if is_msvc_like + if new_asm.found() + arch_subdir = 'VC-WIN64A' + else + asm = 'no_asm' + endif else - asm = 'no-asm' + arch_subdir = 'mingw64' endif + elif host_machine.cpu_family() == 'x86_64' and host_machine.system() in [ + 'linux', + 'android', + ] + arch_subdir = 'linux-x86_64' + elif host_machine.cpu_family() == 'mips64' and host_machine.system() == 'linux' + arch_subdir = 'linux64-mips64' else asm = 'no-asm' endif @@ -193,66 +177,75 @@ endif if asm == 'no-asm' defines += ['OPENSSL_NO_ASM'] - error_message = 'Unsupported arch+OS combo: ' + host_machine.cpu_family() + ' + ' + host_machine.system() - - if is_bsd - if is_x86 - arch_subdir = 'BSD-x86' - elif is_x86_64 - arch_subdir = 'BSD-x86_64' - else - error(error_message) - endif - elif is_darwin - if is_aarch64 - arch_subdir = 'darwin64-arm64-cc' - elif is_x86_64 - arch_subdir = 'darwin64-x86_64-cc' - elif is_x86 - arch_subdir = 'darwin-i386-cc' - else - error(error_message) - endif - elif is_linux - if is_mips64 - arch_subdir = 'linux64-mips64' - elif is_riskv64 - arch_subdir = 'linux64-riscv64' - elif is_s390x - arch_subdir = 'linux64-s390x' - elif is_aarch64 - arch_subdir = 'linux-aarch64' - elif is_arm - arch_subdir = 'linux-armv4' - elif is_ppc64 - arch_subdir = 'linux-ppc64le' - elif is_x86 - arch_subdir = 'linux-elf' - elif is_x86_64 - arch_subdir = 'linux-x86_64' - else - error(error_message) - endif - elif is_sunos - if is_x86_64 - arch_subdir = 'solaris64-x86_64-gcc' - elif is_x86 - arch_subdir = 'solaris-x86-gcc' + if host_machine.cpu_family() == 'ppc' and host_machine.system() == 'linux' + arch_subdir = 'linux-ppc' + elif host_machine.cpu_family() == 'ppc64' and host_machine.system() == 'linux' and host_machine.endian() == 'little' + arch_subdir = 'linux-ppc64le' + elif host_machine.cpu_family() == 'ppc64' and host_machine.system() == 'linux' + arch_subdir = 'linux-ppc64' + elif host_machine.cpu_family() == 's390x' and host_machine.system() == 'linux' + arch_subdir = 'linux64-s390x' + elif host_machine.cpu_family() == 'arm' and host_machine.system() in [ + 'linux', + 'android', + ] + arch_subdir = 'linux-armv4' + elif host_machine.cpu_family() == 'aarch64' and host_machine.system() in [ + 'linux', + 'android', + ] + arch_subdir = 'linux-aarch64' + elif host_machine.cpu_family() == 'x86' and host_machine.system() in [ + 'dragonfly', + 'freebsd', + 'netbsd', + 'openbsd', + ] + arch_subdir = 'BSD-x86' + elif host_machine.cpu_family() == 'x86' and host_machine.system() in [ + 'linux', + 'android', + ] + arch_subdir = 'linux-elf' + elif host_machine.cpu_family() == 'x86' and host_machine.system() == 'darwin' + arch_subdir = 'darwin-i386-cc' + elif host_machine.cpu_family() == 'x86' and host_machine.system() == 'sunos' + arch_subdir = 'solaris-x86-gcc' + elif host_machine.cpu_family() == 'x86' and host_machine.system() == 'windows' + if is_msvc_like + arch_subdir = 'VC-WIN32' else - error(error_message) + arch_subdir = 'mingw' endif - elif is_windows - if is_x86 - arch_subdir = 'VC-WIN32' - elif is_aarch64 - arch_subdir = 'VC-WIN64-ARM' - elif is_x86_64 + elif host_machine.cpu_family() == 'x86_64' and host_machine.system() in [ + 'dragonfly', + 'freebsd', + 'netbsd', + 'openbsd', + ] + arch_subdir = 'BSD-x86_64' + elif host_machine.cpu_family() == 'x86_64' and host_machine.system() == 'darwin' + arch_subdir = 'darwin64-x86_64-cc' + elif host_machine.cpu_family() == 'aarch64' and host_machine.system() == 'darwin' + arch_subdir = 'darwin64-arm64-cc' + elif host_machine.cpu_family() == 'x86_64' and host_machine.system() == 'sunos' + arch_subdir = 'solaris64-x86_64-gcc' + elif host_machine.cpu_family() == 'x86_64' and host_machine.system() == 'windows' + if is_msvc_like arch_subdir = 'VC-WIN64A' else - error(error_message) + arch_subdir = 'mingw64' endif + elif host_machine.cpu_family() == 'aarch64' and host_machine.system() == 'windows' + arch_subdir = 'VC-WIN64-ARM' + elif host_machine.cpu_family() == 'x86_64' and host_machine.system() == 'linux' + arch_subdir = 'linux-x86_64' + elif host_machine.cpu_family() == 'mips64' and host_machine.system() == 'linux' + arch_subdir = 'linux64-mips64' else - error(error_message) + error( + 'Unsupported arch+OS combo: ' + host_machine.cpu_family() + ' + ' + host_machine.system(), + ) endif message('OpenSSL is configured without ASM support') @@ -262,13 +255,33 @@ endif subdir('generated-config/archs' / arch_subdir / asm) +if asm != 'no-asm' + if is_msvc_like + add_languages( + 'nasm', + required: true, + ) + endif + libcrypto_sources += libcrypto_asm +endif + +windows = import('windows') + +if host_machine.system() == 'windows' + if libcrypto_rc != '' + libcrypto_sources += windows.compile_resources(libcrypto_rc) + endif + if libssl_rc != '' + libssl_sources += windows.compile_resources(libssl_rc) + endif +endif + # Build options specific to OS, engines are disabled on purpose for the same reasons as `OPENSSL_NO_HW` above if is_windows defines += [ ## default of Win. See INSTALL in openssl repo. 'OPENSSLDIR="C:\\Program Files\\Common Files\\SSL"', 'ENGINESDIR="NUL"', - 'MODULESDIR="NUL"', 'OPENSSL_SYS_WIN32', 'WIN32_LEAN_AND_MEAN', 'L_ENDIAN', @@ -278,6 +291,11 @@ if is_windows ] if compiler.get_id() == 'msvc' c_args += ['-wd4090', '-Gs0', '-GF', '-Gy', '-nologo'] + elif compiler.get_id() == 'clang' + c_args += [ + # Silence the defines coming from the architecture folders. + '-Wno-unused-command-line-argument', + ] endif elif is_darwin defines += [ @@ -285,7 +303,10 @@ elif is_darwin 'ENGINESDIR="/dev/null"', 'MODULESDIR="/dev/null"', ] - c_args += ['-Wno-missing-field-initializers'] + c_args += [ + '-Wno-missing-field-initializers', + '-Wno-unused-command-line-argument', + ] elif is_sunos defines += [ 'OPENSSLDIR="/etc/ssl"', @@ -303,12 +324,14 @@ else c_args += ['-Wno-missing-field-initializers'] if compiler.get_id() != 'clang' c_args += ['-Wno-old-style-declaration'] + else + c_args += ['-Wno-unused-command-line-argument'] endif endif foreach library : openssl_libraries # MSVC fails with "ERROR: C static library 'ws2_32' not found" when `static` is specified at all - if compiler.get_id() == 'msvc' + if host_machine.system() == 'windows' dependencies += [compiler.find_library(library)] else dependencies += [ @@ -338,12 +361,40 @@ c_args += openssl_cflags include_directories += openssl_include_directories +openssl_library_version = meson.project_version().substring(0, -1) + +version_components = openssl_library_version.split('.') + +openssl_so_version = '.'.join([version_components[0], version_components[1]]) + +if is_msvc_like + openssl_library_prefix = 'lib' +else + openssl_library_prefix = [] +endif + +if is_msvc_like + msvc_version = compiler.get_define('_MSC_VER') + # Block build if the linker gets a renaming directive. + if msvc_version.version_compare('>=1930') + link_args = ['/WX:4070'] + else + link_args = ['/WX'] + endif +else + link_args = [] +endif + libcrypto_lib = library( 'crypto', dependencies: dependencies, sources: libcrypto_sources, include_directories: include_directories, c_args: c_args, + link_args: link_args, + name_prefix: openssl_library_prefix, + version: openssl_library_version, + soversion: openssl_so_version, vs_module_defs: 'crypto.def', install: true, ) @@ -360,6 +411,10 @@ libssl_lib = library( sources: libssl_sources, include_directories: include_directories, c_args: c_args, + link_args: link_args, + name_prefix: openssl_library_prefix, + version: openssl_library_version, + soversion: openssl_so_version, vs_module_defs: 'ssl.def', install: true, ) @@ -387,3 +442,43 @@ openssl_cli = executable( c_args: c_args, install: cli_opt, ) + +install_headers( + openssl_headers + openssl_arch_headers, + subdir: 'openssl', +) + +pkg = import('pkgconfig') +openssl_pc = pkg.generate( + name: 'OpenSSL', + description: 'Secure Sockets Layer and cryptography libraries and tools', + libraries: [libssl_lib, libcrypto_lib], +) + +python3 = import('python').find_installation() + + +headers = run_command( + python3, + '-c', + '''import sys +from pathlib import Path +srcdir = Path(sys.argv[1]) +headers = list(f for f in Path(srcdir, 'include', 'openssl').glob('*.h') if not f.name.startswith('__DECC_')) +for p in headers: + print(p.relative_to(srcdir).as_posix()) +genasmdir = Path(sys.argv[2]) +headers = list(f for f in Path(genasmdir, 'include', 'openssl').glob('*.h')) +for p in headers: + print(p.relative_to(srcdir).as_posix()) +''', + meson.current_source_dir(), + meson.current_source_dir() / 'generated-config/archs' / arch_subdir / asm, + check: true, + capture: true, +).stdout().strip().split('\n') + +install_headers( + headers, + subdir: 'openssl', +) diff --git a/subprojects/packagefiles/openssl/meson.build.tmpl b/subprojects/packagefiles/openssl/meson.build.tmpl index bb0af6fe0..5903c95ce 100644 --- a/subprojects/packagefiles/openssl/meson.build.tmpl +++ b/subprojects/packagefiles/openssl/meson.build.tmpl @@ -4,18 +4,37 @@ libcrypto_sources = [ foreach $src (@libcrypto_srcs) { $OUT .= " '$src',\n"; } +-%%] +libcrypto_asm = [ +%%- foreach $src (@generated_srcs) { if ($src !~ /\.ld/) { $OUT .= " 'generated-config/archs/$arch/$asm/$src',\n"; } } -%%] +libcrypto_rc = %%- + if (length($libcrypto_rc)) { + $OUT = "'generated-config/archs/$arch/$asm/$libcrypto_rc'"; + } + else { + $OUT = "''"; + } +-%% libssl_sources = [ %%- foreach $src (@libssl_srcs) { $OUT .= " '$src',\n"; } -%%] +libssl_rc = %%- + if (length($libssl_rc)) { + $OUT = "'generated-config/archs/$arch/$asm/$libssl_rc'"; + } + else { + $OUT = "''"; + } +-%% openssl_defines = [ %%- foreach $define (@{$config{defines}}) { @@ -82,6 +101,13 @@ openssl_include_directories = [ 'generated-config/archs/%%-$arch-%%/%%-$asm-%%/providers/common/include', ] +openssl_arch_headers = [ +%%- +foreach $src (@openssl_arch_headers) { + $OUT .= " 'generated-config/archs/$arch/$asm/$src',\n"; +} +-%%] + # OpenSSL CLI openssl_cli_sources = [ %%- diff --git a/tools/sanity_checks.py b/tools/sanity_checks.py index 2086ca009..a93e72fe7 100755 --- a/tools/sanity_checks.py +++ b/tools/sanity_checks.py @@ -115,9 +115,11 @@ 'bn_conf.h', 'dso_conf.h', 'buildinf.h', + 'exclude-library-directive-msvc.patch', 'generate_def.py', 'generate_gypi.pl.patch', 'meson.build.tmpl', + 'Makefile.patch', 'README.md', }, 'pcre': {