[83531] | 1 | Some notes from updating OpenSSL from 1.1.0j to 1.1.1b. These notes are not
|
---|
| 2 | intended to be complete yet, but might become more so after a few update
|
---|
| 3 | rounds. These notes apply to a 64-bit Linux host and may need to be adjusted
|
---|
| 4 | for others. For updating the minor version just applying the changes
|
---|
| 5 | between the current and upstream should be enough, instead of steps 3 and
|
---|
| 6 | later. Finish of with kmk check-openssl-mangling.
|
---|
| 7 |
|
---|
| 8 | 1) kmk recreate-openssl-asm needs to be run. In the OpenSSL sub-folder?
|
---|
| 9 | 2) kmk openssl-mangling.h should be run with VBOX_WITH_GCC_SANITIZER:= and
|
---|
| 10 | VBOX_NEED_EXTPACK_OPENSSL=1 set in the OpenSSL sub-folder. Do a normal kmk
|
---|
| 11 | with those options in that folder first.
|
---|
| 12 | 3) Unpack and configure an unmodified upstream OpenSSL and capture the build
|
---|
| 13 | output. Configuration used:
|
---|
| 14 |
|
---|
| 15 | $ ./config no-err no-dso no-camellia no-cast no-comp no-des no-ecdh no-ecdsa \
|
---|
| 16 | no-engine no-idea no-rc2 no-rmd160 no-mdc2 enable-md2 no-md4 no-ssl3 \
|
---|
| 17 | no-whirlpool no-poly1305
|
---|
| 18 |
|
---|
| 19 | Get the list of source files built and check whether any of them are missing
|
---|
| 20 | in our makefiles. E.g. for crypto:
|
---|
| 21 |
|
---|
| 22 | $ names=`cat openssl.out | sed -n 's|.* crypto/\([^ ]*/[^ ]*\.[cs]$\)|\1|p'`
|
---|
| 23 | $ for i in $names; do
|
---|
| 24 | case $i in *.s) i=${i%.s}.S; esac
|
---|
| 25 | grep -q ${i#*/} <new VBox OpenSSL>/crypto/${i%%/*}/Makefile.kmk || echo $i
|
---|
| 26 | done
|
---|
| 27 |
|
---|
| 28 | Check Configurations/00-base-templates.conf to see which asm source files
|
---|
| 29 | are needed for which modules for x86, x86_64 and no asm.
|
---|
| 30 |
|
---|
| 31 | 4) Check that we do not have any files in our makefiles which should not be
|
---|
| 32 | there:
|
---|
| 33 |
|
---|
| 34 | $ for i in crypto/*/Makefile.kmk; do
|
---|
| 35 | base=${i#crypto/}; folder=${base%/Makefile.kmk};
|
---|
| 36 | list=$(sed -n 's;.*[\t /]\([^ /]*\.[cS]\) *\\*$;\1;p' $i | sort -u);
|
---|
| 37 | for j in $list; do
|
---|
| 38 | case $j in *.S) j=${j%.S}.s; esac;
|
---|
| 39 | grep -q "$folder[^ ]*/$j" <original OpenSSL>/Makefile || echo $folder/$j;
|
---|
| 40 | done;
|
---|
| 41 | done
|
---|
| 42 |
|
---|
| 43 | There will be some hits for files which are not built for the current target.
|
---|
| 44 |
|
---|
| 45 | 5) Run diff on the generated and our opensslconf.h and bn_conf.h and dso_conf.h
|
---|
| 46 | and adjust as necessary.
|
---|
| 47 |
|
---|
| 48 | 6) Update TEMPLATE_LIBCRYPTO_DEFS from CPPFLAGS_Q in the OpenSSL generated
|
---|
| 49 | makefile.
|
---|