1# Maintaining OpenSSL 2 3This document describes how to update `deps/openssl/`. 4 5## Requirements 6* Linux environment. 7* `perl` Only Perl version 5 is tested. 8* `nasm` (<https://www.nasm.us/>) Version 2.11 or higher is needed. 9* GNU `as` in binutils. Version 2.26 or higher is needed. 10 11## 0. Check Requirements 12 13```console 14% perl -v 15 16This is perl 5, version 22, subversion 1 (v5.22.1) built for 17x86_64-linux-gnu-thread-multi 18(with 60 registered patches, see perl -V for more detail) 19 20% as --version 21GNU assembler (GNU Binutils for Ubuntu) 2.26.1 22Copyright (C) 2015 Free Software Foundation, Inc. 23... 24% nasm -v 25NASM version 2.11.08 26``` 27 28## 1. Obtain and extract new OpenSSL sources 29 30Get a new source from <https://www.openssl.org/source/> and extract 31all files into `deps/openssl/openssl`. Then add all files and commit 32them. 33```console 34% cd deps/openssl/ 35% rm -rf openssl 36% tar zxf ~/tmp/openssl-1.1.0h.tar.gz 37% mv openssl-1.1.0h openssl 38% git add --all openssl 39% git commit openssl 40``` 41 42The commit message can be written as (with the openssl version set 43to the relevant value): 44```text 45deps: upgrade openssl sources to 1.1.0h 46 47This updates all sources in deps/openssl/openssl by: 48 $ cd deps/openssl/ 49 $ rm -rf openssl 50 $ tar zxf ~/tmp/openssl-1.1.0h.tar.gz 51 $ mv openssl-1.1.0h openssl 52 $ git add --all openssl 53 $ git commit openssl 54``` 55 56## 2. Execute `make` in `deps/openssl/config` directory 57 58Use `make` to regenerate all platform dependent files in 59`deps/openssl/config/archs/`: 60```console 61# On non-Linux machines 62% make gen-openssl 63 64# On Linux machines 65% make -C deps/openssl/config 66``` 67 68## 3. Check diffs 69 70Check diffs to ensure updates are right. Even if there are no updates in openssl 71sources, `buildinf.h` files will be updated because they have timestamp 72data in them. 73```console 74% git diff -- deps/openssl 75``` 76 77*Note*: On Windows, OpenSSL Configure generates a `makefile` that can be 78used for the `nmake` command. The `make` command in step 2 (above) uses 79 `Makefile_VC-WIN64A` and `Makefile_VC-WIN32` that are manually 80created. When source files or build options are updated in Windows, 81it needs to change these two Makefiles by hand. If you are not sure, 82please ask @shigeki for details. 83 84## 4. Commit and make test 85 86Update all architecture dependent files. Do not forget to git add or remove 87files if they are changed before committing: 88```console 89% git add deps/openssl/config/archs 90% git add deps/openssl/openssl/include/crypto/bn_conf.h 91% git add deps/openssl/openssl/include/crypto/dso_conf.h 92% git add deps/openssl/openssl/include/openssl/opensslconf.h 93% git commit 94``` 95 96The commit message can be written as (with the openssl version set 97to the relevant value): 98```text 99 deps: update archs files for OpenSSL-1.1.0 100 101 After an OpenSSL source update, all the config files need to be 102 regenerated and committed by: 103 $ make -C deps/openssl/config 104 $ git add deps/openssl/config/archs 105 $ git add deps/openssl/openssl/include/crypto/bn_conf.h 106 $ git add deps/openssl/openssl/include/crypto/dso_conf.h 107 $ git add deps/openssl/openssl/include/openssl/opensslconf.h 108 $ git commit 109``` 110 111Finally, build Node.js and run the tests. 112