[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Viktor Dukhovni
viktor at openssl.org
Fri Dec 1 17:35:49 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via e6f38fb817d831ed093f7d7140325783b5556d8f (commit)
from a61c15eb9b8d0ef513d695c854516958e2ccf1eb (commit)
- Log -----------------------------------------------------------------
commit e6f38fb817d831ed093f7d7140325783b5556d8f
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date: Mon Nov 20 21:30:04 2017 -0500
Make possible variant SONAMEs and symbol versions
This small change in the Unix template and shared library build
scripts enables building "variant" shared libraries. A "variant"
shared library has a non-default SONAME, and non default symbol
versions. This makes it possible to build (say) an OpenSSL 1.1.0
library that can coexist without conflict in the same process address
space as the system's default OpenSSL library which may be OpenSSL
1.0.2.
Such "variant" shared libraries make it possible to link applications
against a custom OpenSSL library installed in /opt/openssl/1.1 or
similar location, and not risk conflict with an indirectly loaded
OpenSSL runtime that is required by some other dependency.
Variant shared libraries have been fully tested under Linux, and
build successfully on MacOS/X producing variant DYLD names. MacOS/X
Darwin has no symbol versioning, but has a non-flat library namespace.
Variant libraries may therefore support multiple OpenSSL libraries
in the same address space also with MacOS/X, despite lack of symbol
versions, but this has not been verified.
Variant shared libraries are optional and off by default.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
Configurations/README | 21 ++++++++++++++
Configurations/unix-Makefile.tmpl | 3 +-
util/mkdef.pl | 58 +++++++++++++++++++++++++++++++++++++--
3 files changed, 78 insertions(+), 4 deletions(-)
diff --git a/Configurations/README b/Configurations/README
index 47971c2..eecf1ea 100644
--- a/Configurations/README
+++ b/Configurations/README
@@ -86,6 +86,27 @@ In each table entry, the following keys are significant:
files. On unix, this defaults to "" (NOTE:
this is here for future use, it's not
implemented yet)
+ shlib_variant => A "variant" identifier inserted between the base
+ shared library name and the extension. On "unixy"
+ platforms (BSD, Linux, Solaris, MacOS/X, ...) this
+ supports installation of custom OpenSSL libraries
+ that don't conflict with other builds of OpenSSL
+ installed on the system. The variant identifier
+ becomes part of the SONAME of the library and also
+ any symbol versions (symbol versions are not used or
+ needed with MacOS/X). For example, on a system
+ where a default build would normally create the SSL
+ shared library as 'libssl.so -> libssl.so.1.1' with
+ the value of the symlink as the SONAME, a target
+ definition that sets 'shlib_variant => "-abc"' will
+ create 'libssl.so -> libssl-abc.so.1.1', again with
+ an SONAME equal to the value of the symlink. The
+ symbol versions associated with the variant library
+ would then be 'OPENSSL_ABC_<version>' rather than
+ the default 'OPENSSL_<version>'. The string inserted
+ into symbol versions is obtained by mapping all
+ letters in the "variant" identifier to upper case
+ and all non-alphanumeric characters to '_'.
thread_scheme => The type of threads is used on the
configured platform. Currently known
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index f044e95..39c4402 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -8,6 +8,7 @@
our $exeext = $target{exe_extension} || "";
our $libext = $target{lib_extension} || ".a";
our $shlibext = $target{shared_extension} || ".so";
+ our $shlibvariant = $target{shlib_variant} || "";
our $shlibextsimple = $target{shared_extension_simple} || ".so";
our $shlibextimport = $target{shared_import_extension} || "";
our $dsoext = $target{dso_extension} || ".so";
@@ -40,7 +41,7 @@
sub shlib {
return () if $disabled{shared};
my $lib = shift;
- return $unified_info{sharednames}->{$lib} . $shlibext;
+ return $unified_info{sharednames}->{$lib}. $shlibvariant. $shlibext;
}
sub shlib_simple {
return () if $disabled{shared};
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 779503c..69c208d 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -53,6 +53,58 @@ use FindBin;
use lib "$FindBin::Bin/perl";
use OpenSSL::Glob;
+# When building a "variant" shared library, with a custom SONAME, also customize
+# all the symbol versions. This produces a shared object that can coexist
+# without conflict in the same address space as a default build, or an object
+# with a different variant tag.
+#
+# For example, with a target definition that includes:
+#
+# shlib_variant => "-opt",
+#
+# we build the following objects:
+#
+# $ perl -le '
+# for (@ARGV) {
+# if ($l = readlink) {
+# printf "%s -> %s\n", $_, $l
+# } else {
+# print
+# }
+# }' *.so*
+# libcrypto-opt.so.1.1
+# libcrypto.so -> libcrypto-opt.so.1.1
+# libssl-opt.so.1.1
+# libssl.so -> libssl-opt.so.1.1
+#
+# whose SONAMEs and dependencies are:
+#
+# $ for l in *.so; do
+# echo $l
+# readelf -d $l | egrep 'SONAME|NEEDED.*(ssl|crypto)'
+# done
+# libcrypto.so
+# 0x000000000000000e (SONAME) Library soname: [libcrypto-opt.so.1.1]
+# libssl.so
+# 0x0000000000000001 (NEEDED) Shared library: [libcrypto-opt.so.1.1]
+# 0x000000000000000e (SONAME) Library soname: [libssl-opt.so.1.1]
+#
+# We case-fold the variant tag to upper case and replace all non-alnum
+# characters with "_". This yields the following symbol versions:
+#
+# $ nm libcrypto.so | grep -w A
+# 0000000000000000 A OPENSSL_OPT_1_1_0
+# 0000000000000000 A OPENSSL_OPT_1_1_0a
+# 0000000000000000 A OPENSSL_OPT_1_1_0c
+# 0000000000000000 A OPENSSL_OPT_1_1_0d
+# 0000000000000000 A OPENSSL_OPT_1_1_0f
+# 0000000000000000 A OPENSSL_OPT_1_1_0g
+# $ nm libssl.so | grep -w A
+# 0000000000000000 A OPENSSL_OPT_1_1_0
+# 0000000000000000 A OPENSSL_OPT_1_1_0d
+#
+(my $SO_VARIANT = qq{\U$target{"shlib_variant"}}) =~ s/\W/_/g;
+
my $debug=0;
my $crypto_num= catfile($config{sourcedir},"util","libcrypto.num");
@@ -1263,13 +1315,13 @@ EOF
if ($symversion ne $prevsymversion) {
if ($prevsymversion ne "") {
if ($prevprevsymversion ne "") {
- print OUT "} OPENSSL_"
+ print OUT "} OPENSSL${SO_VARIANT}_"
."$prevprevsymversion;\n\n";
} else {
print OUT "};\n\n";
}
}
- print OUT "OPENSSL_$symversion {\n global:\n";
+ print OUT "OPENSSL${SO_VARIANT}_$symversion {\n global:\n";
$prevprevsymversion = $prevsymversion;
$prevsymversion = $symversion;
}
@@ -1318,7 +1370,7 @@ EOF
} while ($linux && $thisversion ne $currversion);
if ($linux) {
if ($prevprevsymversion ne "") {
- print OUT " local: *;\n} OPENSSL_$prevprevsymversion;\n\n";
+ print OUT " local: *;\n} OPENSSL${SO_VARIANT}_$prevprevsymversion;\n\n";
} else {
print OUT " local: *;\n};\n\n";
}
More information about the openssl-commits
mailing list