src: only initialize openssl once#29999

sam-github · 2019-10-16T22:44:04Z

For compatibility with OpenSSL 1.1.0 and 1.0.1 a series of
initialization wrappers were being called, many deprecated, and many
calling each other internally already. Compatibility is unnecessary in
12.x and later, which support only OpenSSL 1.1.1, and the multiple calls
cause the configuration file to be loaded multiple times.

Fixes: #29702

See:

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
commit message follows commit guidelines

richardlau · 2019-10-16T22:56:04Z

For compatibility with OpenSSL 1.1.0 and 1.0.1 a series of
initialization wrappers were being called, many deprecated, and many
calling each other internally already. Compatibility is unnecessary in
12.x and later, which support only OpenSSL 1.1.1, and the multiple calls
cause the configuration file to be loaded multiple times.

I've added a dont-land-on-v10.x label based on the above. Feel free to remove if incorrect.

richardlau · 2019-10-16T22:59:41Z

Is there anyone we should ping from Electron in case this affects their use of BoringSSL?

sam-github · 2019-10-16T23:01:04Z

@danbev @codebytere This affects OpenSSL initialization, you might want to take a look.

src/node_crypto.cc

nodejs-github-bot · 2019-10-17T01:39:46Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26072/

codebytere · 2019-10-17T16:33:34Z

OPENSSL_INIT_set_config_filename is incompatible with BoringSSL, as is OPENSSL_INIT_free it seems :( Is there a potential alternative that doesn't use methods not exposed by BoringSSL?

cc @davidben for potential ideas :)

davidben · 2019-10-17T17:11:11Z

Stub versions of those functions in BoringSSL would be just fine. We only add compatibility functions as we need them and this is the first time I've ever seen anyone use OPENSSL_INIT_SETTINGS.

If it's off in a corner, clearly a no-op, and doesn't affect anything else, we generally just freely add compatibility functions.

davidben · 2019-10-17T17:12:44Z

We would, of course, ignore whatever config file you pass in, but that's totally self-consistent. BoringSSL has zero config file options so we vacuously "parse" the file. :-)

sam-github · 2019-10-17T17:46:06Z

I don't mind 1b8d782d58 if its going to be a while before BoringSSL implements the compat APIs.

@codebytere What's your preference?

nodejs-github-bot · 2019-10-17T17:46:58Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26082/

For compatibility with OpenSSL 1.1.0 and 1.0.1 a series of initialization wrappers were being called, many deprecated, and many calling each other internally already. Compatibility is unnecessary in 12.x and later, which support only OpenSSL 1.1.1, and the multiple calls cause the configuration file to be loaded multiple times. Fixes: nodejs#29702 See: - https://mta.openssl.org/pipermail/openssl-users/2019-October/011303.html - https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_ssl.html - https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_crypto.html

codebytere · 2019-10-17T18:18:03Z

@sam-github i can handle this on the BoringSSL side, so all clear 🚀 ty for tagging me in!

nodejs-github-bot · 2019-10-17T18:21:50Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26084/

codebytere · 2019-10-17T18:27:22Z

Failing test es-module/test-esm-specifiers looks unrelated?

sam-github · 2019-10-17T18:45:47Z

@nodejs/modules-active-members Any comment on above? Is that test flaky? It doesn't have any crypto dependency I can think of, am I missing something?

sam-github · 2019-10-17T18:46:48Z

FTR:

=== release test-esm-specifiers === 272Path: es-module/test-esm-specifiers 273--- stderr --- 274(node:31666) ExperimentalWarning: The ESM module loader is experimental. 275internal/modules/cjs/loader.js:1039 276 internalBinding('errors').triggerUncaughtException( 277 ^ 278 279AssertionError [ERR_ASSERTION]: Expected values to be strictly equal: 280 281'esm' !== 'cjs' 282 283 at file:///home/travis/build/nodejs/node/test/es-module/test-esm-specifiers.mjs:17:8 284 at ModuleJob.run (internal/modules/esm/module_job.js:109:37) 285 at async Loader.import (internal/modules/esm/loader.js:132:24){286 generatedMessage: true, 287 code: 'ERR_ASSERTION', 288 actual: 'esm', 289 expected: 'cjs', 290 operator: 'strictEqual' 291} 292Command: out/Release/node --experimental-modules --es-module-specifier-resolution=node /home/travis/build/nodejs/node/test/es-module/test-esm-specifiers.mjs

https://travis-ci.com/nodejs/node/jobs/246812568

richardlau · 2019-10-17T19:38:18Z

Failing test es-module/test-esm-specifiers looks unrelated?

It's probably some interaction between ccache and #29974 landing on master (Travis runs on refs/pull/29999/merge created by GitHub). I'll clear the cache for this PR and restart the Travis job.

Edit: and everything now passed 🎉.

nodejs-github-bot · 2019-10-17T20:02:54Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26088/

sam-github · 2019-10-18T18:44:42Z

Resume failed on test.parallel/test-worker-prof in windows, @nodejs/platform-windows @nodejs/workers

Trying again.

nodejs-github-bot · 2019-10-18T18:45:46Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26102/

nodejs-github-bot · 2019-10-19T02:48:45Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26107/

nodejs-github-bot · 2019-10-19T02:52:32Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26108/

nodejs-github-bot · 2019-10-19T02:59:48Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26110/

nodejs-github-bot · 2019-10-19T03:06:59Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26111/ ✔️

Trott · 2019-10-19T04:25:38Z

Landed in 8425183

For compatibility with OpenSSL 1.1.0 and 1.0.1 a series of initialization wrappers were being called, many deprecated, and many calling each other internally already. Compatibility is unnecessary in 12.x and later, which support only OpenSSL 1.1.1, and the multiple calls cause the configuration file to be loaded multiple times. Fixes: #29702 See: - https://mta.openssl.org/pipermail/openssl-users/2019-October/011303.html - https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_ssl.html - https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_crypto.html PR-URL: #29999 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Shelley Vohr <[email protected]>

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Oct 16, 2019

sam-github added the tls Issues and PRs related to the tls subsystem. label Oct 16, 2019

richardlau added the dont-land-on-v10.x label Oct 16, 2019

richardlau reviewed Oct 16, 2019
View reviewed changes

src/node_crypto.cc Outdated Show resolvedHide resolved

jasnell approved these changes Oct 17, 2019
View reviewed changes

sam-github force-pushed the modernize-openssl-init branch from 1b8d782 to 21859d4Compare October 17, 2019 18:08

sam-github force-pushed the modernize-openssl-init branch from 21859d4 to 12cbdcbCompare October 17, 2019 18:09

richardlau mentioned this pull request Oct 17, 2019
build: make linter failures fail test-doc target #30012
Closed
2 tasks

codebytere approved these changes Oct 17, 2019
View reviewed changes

Trott closed this Oct 19, 2019

MylesBorins mentioned this pull request Oct 23, 2019
v13.0.1 proposal #30081
Merged

targos mentioned this pull request Nov 10, 2019
v12.13.1 release proposal #30352
Merged

sam-github deleted the modernize-openssl-init branch November 28, 2019 22:06

Uh oh!

src: only initialize openssl once#29999

src: only initialize openssl once #29999

Uh oh!

Conversation

sam-github commented Oct 16, 2019• edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Checklist

Uh oh!

richardlau commented Oct 16, 2019

Uh oh!

richardlau commented Oct 16, 2019

Uh oh!

sam-github commented Oct 16, 2019

Uh oh!

Uh oh!

nodejs-github-bot commented Oct 17, 2019

Uh oh!

codebytere commented Oct 17, 2019

Uh oh!

davidben commented Oct 17, 2019

Uh oh!

davidben commented Oct 17, 2019

Uh oh!

sam-github commented Oct 17, 2019

Uh oh!

nodejs-github-bot commented Oct 17, 2019

Uh oh!

codebytere commented Oct 17, 2019

Uh oh!

nodejs-github-bot commented Oct 17, 2019

Uh oh!

codebytere commented Oct 17, 2019

Uh oh!

sam-github commented Oct 17, 2019

Uh oh!

sam-github commented Oct 17, 2019

Uh oh!

richardlau commented Oct 17, 2019• edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nodejs-github-bot commented Oct 17, 2019

Uh oh!

sam-github commented Oct 18, 2019

Uh oh!

nodejs-github-bot commented Oct 18, 2019

Uh oh!

nodejs-github-bot commented Oct 19, 2019

Uh oh!

nodejs-github-bot commented Oct 19, 2019

Uh oh!

nodejs-github-bot commented Oct 19, 2019

Uh oh!

nodejs-github-bot commented Oct 19, 2019• edited by Trott Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Trott commented Oct 19, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

sam-github commented Oct 16, 2019•
edited
Loading

richardlau commented Oct 17, 2019•
edited
Loading

nodejs-github-bot commented Oct 19, 2019•
edited by Trott
Loading