build: add OpenSSL-1.1.0 support

- For Windows, nasm is new build requirements and openssl_no_asm is set to 1 with warning if it is not installed. - For use of openssl assemble codes, either gas_version >= 2.23, xcode_version >= 5.0 ,llvm_version >= 3.3 or nasm_version >= 2.10 is needed. Otherwise, openssl_no_asm is set to 1 with warning. - FIPS is not supported in OpenSSL-1.1.0 so that it leads an error when openssl_fips options is enabled in configure. Fixes: https://github.com/nodejs/node/issues/4270 PR-URL: https://github.com/nodejs/node/pull/19794 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
2025-08-15 13:48:44 +02:00 · 2018-03-07 22:31:05 +09:00 · 2018-03-07 22:31:05 +09:00 · 08af7dba2a
commit 08af7dba2a
parent 7812ec735b
4 changed files with 68 additions and 61 deletions
--- a/67
+++ b/67
@ -639,6 +639,25 @@ def get_version_helper(cc, regexp):
  else:
    return 0

+def get_nasm_version(asm):
+  try:
+    proc = subprocess.Popen(shlex.split(asm) + ['-v'],
+                            stdin=subprocess.PIPE, stderr=subprocess.PIPE,
+                            stdout=subprocess.PIPE)
+  except OSError:
+    warn('''No acceptable ASM compiler found!
+         Please make sure you have installed nasm from http://www.nasm.us
+         and refer BUILDING.md.''')
+    return 0
+
+  match = re.match(r"NASM version ([2-9]\.[0-9][0-9]+)",
+                   proc.communicate()[0])
+
+  if match:
+    return match.group(1)
+  else:
+    return 0
+
 def get_llvm_version(cc):
  return get_version_helper(
    cc, r"(^(?:FreeBSD )?clang version|based on LLVM) ([3-9]\.[0-9]+)")
@ -677,6 +696,11 @@ def get_gas_version(cc):
 # quite prepared to go that far yet.
 def check_compiler(o):
  if sys.platform == 'win32':
+    if not options.openssl_no_asm:
+      nasm_version = get_nasm_version('nasm')
+      o['variables']['nasm_version'] = nasm_version
+      if nasm_version == 0:
+        o['variables']['openssl_no_asm'] = 1
    return

  ok, is_clang, clang_version, gcc_version = try_check_compiler(CXX, 'c++')
@ -1039,32 +1063,35 @@ def configure_v8(o):


 def configure_openssl(o):
-  o['variables']['node_use_openssl'] = b(not options.without_ssl)
-  o['variables']['node_shared_openssl'] = b(options.shared_openssl)
-  o['variables']['openssl_no_asm'] = 1 if options.openssl_no_asm else 0
+  variables = o['variables']
+  variables['node_use_openssl'] = b(not options.without_ssl)
+  variables['node_shared_openssl'] = b(options.shared_openssl)
+  variables['openssl_no_asm'] = 1 if options.openssl_no_asm else 0
  if options.use_openssl_ca_store:
    o['defines'] += ['NODE_OPENSSL_CERT_STORE']
  if options.openssl_system_ca_path:
-    o['variables']['openssl_system_ca_path'] = options.openssl_system_ca_path
-  o['variables']['node_without_node_options'] = b(options.without_node_options)
+    variables['openssl_system_ca_path'] = options.openssl_system_ca_path
+  variables['node_without_node_options'] = b(options.without_node_options)
  if options.without_node_options:
      o['defines'] += ['NODE_WITHOUT_NODE_OPTIONS']
+
+  # supported asm compiler for AVX2. See https://github.com/openssl/openssl/
+  # blob/OpenSSL_1_1_0-stable/crypto/modes/asm/aesni-gcm-x86_64.pl#L52-L69
+  openssl110_asm_supported = \
+  ('gas_version' in variables and variables['gas_version'] >= '2.23') or \
+  ('xcode_version' in variables and variables['xcode_version'] >= '5.0') or \
+  ('llvm_version' in variables and variables['llvm_version'] >= '3.3') or \
+  ('nasm_version' in variables and variables['nasm_version'] >= '2.10')
+
+  if not openssl110_asm_supported and variables['openssl_no_asm'] == 0:
+    warn('''openssl_no_asm is enabled due to missed or old assembler.
+            Please refer BUILDING.md''')
+    variables['openssl_no_asm'] = 1
+
  if options.openssl_fips:
-    o['variables']['openssl_fips'] = options.openssl_fips
-    fips_dir = os.path.join('deps', 'openssl', 'fips')
-    fips_ld = os.path.abspath(os.path.join(fips_dir, 'fipsld'))
-    # LINK is for Makefiles, LD/LDXX is for ninja
-    o['make_fips_settings'] = [
-      ['LINK', fips_ld + ' <(openssl_fips)/bin/fipsld'],
-      ['LD', fips_ld + ' <(openssl_fips)/bin/fipsld'],
-      ['LDXX', fips_ld + ' <(openssl_fips)/bin/fipsld'],
-    ]
-  else:
-    o['variables']['openssl_fips'] = ''
-    try:
-      os.remove('config_fips.gypi')
-    except OSError:
-      pass
+     print('Error: FIPS is not supported yet in this version')
+     exit(1)
+  variables['openssl_fips'] = ''

  if options.without_ssl:
    def without_ssl_error(option):