src: only initialize openssl once #29999

sam-github · 2019-10-16T22:44:04Z

For compatibility with OpenSSL 1.1.0 and 1.0.1 a series of
initialization wrappers were being called, many deprecated, and many
calling each other internally already. Compatibility is unnecessary in
12.x and later, which support only OpenSSL 1.1.1, and the multiple calls
cause the configuration file to be loaded multiple times.

Fixes: #29702

See:

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
commit message follows commit guidelines

richardlau · 2019-10-16T22:56:04Z

For compatibility with OpenSSL 1.1.0 and 1.0.1 a series of
initialization wrappers were being called, many deprecated, and many
calling each other internally already. Compatibility is unnecessary in
12.x and later, which support only OpenSSL 1.1.1, and the multiple calls
cause the configuration file to be loaded multiple times.

I've added a dont-land-on-v10.x label based on the above. Feel free to remove if incorrect.

richardlau · 2019-10-16T22:59:41Z

Is there anyone we should ping from Electron in case this affects their use of BoringSSL?

sam-github · 2019-10-16T23:01:04Z

@danbev @codebytere This affects OpenSSL initialization, you might want to take a look.

src/node_crypto.cc

nodejs-github-bot · 2019-10-17T01:39:46Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26072/

codebytere · 2019-10-17T16:33:34Z

OPENSSL_INIT_set_config_filename is incompatible with BoringSSL, as is OPENSSL_INIT_free it seems :( Is there a potential alternative that doesn't use methods not exposed by BoringSSL?

cc @davidben for potential ideas :)

davidben · 2019-10-17T17:11:11Z

Stub versions of those functions in BoringSSL would be just fine. We only add compatibility functions as we need them and this is the first time I've ever seen anyone use OPENSSL_INIT_SETTINGS.

If it's off in a corner, clearly a no-op, and doesn't affect anything else, we generally just freely add compatibility functions.

davidben · 2019-10-17T17:12:44Z

We would, of course, ignore whatever config file you pass in, but that's totally self-consistent. BoringSSL has zero config file options so we vacuously "parse" the file. :-)

sam-github · 2019-10-17T17:46:06Z

I don't mind 1b8d782d58 if its going to be a while before BoringSSL implements the compat APIs.

@codebytere What's your preference?

nodejs-github-bot · 2019-10-17T17:46:58Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26082/

For compatibility with OpenSSL 1.1.0 and 1.0.1 a series of initialization wrappers were being called, many deprecated, and many calling each other internally already. Compatibility is unnecessary in 12.x and later, which support only OpenSSL 1.1.1, and the multiple calls cause the configuration file to be loaded multiple times. Fixes: nodejs#29702 See: - https://mta.openssl.org/pipermail/openssl-users/2019-October/011303.html - https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_ssl.html - https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_crypto.html

codebytere · 2019-10-17T18:18:03Z

@sam-github i can handle this on the BoringSSL side, so all clear 🚀 ty for tagging me in!

nodejs-github-bot · 2019-10-17T18:21:50Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26084/

codebytere · 2019-10-17T18:27:22Z

Failing test es-module/test-esm-specifiers looks unrelated?

sam-github · 2019-10-17T18:45:47Z

@nodejs/modules-active-members Any comment on above? Is that test flaky? It doesn't have any crypto dependency I can think of, am I missing something?

sam-github · 2019-10-17T18:46:48Z

FTR:

=== release test-esm-specifiers ===
272Path: es-module/test-esm-specifiers
273--- stderr ---
274(node:31666) ExperimentalWarning: The ESM module loader is experimental.
275internal/modules/cjs/loader.js:1039
276      internalBinding('errors').triggerUncaughtException(
277                                ^
278
279AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
280
281'esm' !== 'cjs'
282
283    at file:///home/travis/build/nodejs/node/test/es-module/test-esm-specifiers.mjs:17:8
284    at ModuleJob.run (internal/modules/esm/module_job.js:109:37)
285    at async Loader.import (internal/modules/esm/loader.js:132:24) {
286  generatedMessage: true,
287  code: 'ERR_ASSERTION',
288  actual: 'esm',
289  expected: 'cjs',
290  operator: 'strictEqual'
291}
292Command: out/Release/node --experimental-modules --es-module-specifier-resolution=node /home/travis/build/nodejs/node/test/es-module/test-esm-specifiers.mjs

https://travis-ci.com/nodejs/node/jobs/246812568

richardlau · 2019-10-17T19:38:18Z

Failing test es-module/test-esm-specifiers looks unrelated?

It's probably some interaction between ccache and #29974 landing on master (Travis runs on refs/pull/29999/merge created by GitHub). I'll clear the cache for this PR and restart the Travis job.

Edit: and everything now passed 🎉.

nodejs-github-bot · 2019-10-17T20:02:54Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26088/

sam-github · 2019-10-18T18:44:42Z

Resume failed on test.parallel/test-worker-prof in windows, @nodejs/platform-windows @nodejs/workers

Trying again.

nodejs-github-bot · 2019-10-18T18:45:46Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26102/

nodejs-github-bot · 2019-10-19T02:48:45Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26107/

nodejs-github-bot · 2019-10-19T02:52:32Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26108/

nodejs-github-bot · 2019-10-19T02:59:48Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26110/

nodejs-github-bot · 2019-10-19T03:06:59Z

CI: https://ci.nodejs.org/job/node-test-pull-request/26111/ ✔️

Trott · 2019-10-19T04:25:38Z

Landed in 8425183

For compatibility with OpenSSL 1.1.0 and 1.0.1 a series of initialization wrappers were being called, many deprecated, and many calling each other internally already. Compatibility is unnecessary in 12.x and later, which support only OpenSSL 1.1.1, and the multiple calls cause the configuration file to be loaded multiple times. Fixes: #29702 See: - https://mta.openssl.org/pipermail/openssl-users/2019-October/011303.html - https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_ssl.html - https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_crypto.html PR-URL: #29999 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Oct 16, 2019

sam-github added the tls Issues and PRs related to the tls subsystem. label Oct 16, 2019

richardlau added the dont-land-on-v10.x label Oct 16, 2019

richardlau reviewed Oct 16, 2019

View reviewed changes

src/node_crypto.cc Outdated Show resolved Hide resolved

jasnell approved these changes Oct 17, 2019

View reviewed changes

sam-github force-pushed the modernize-openssl-init branch from 1b8d782 to 21859d4 Compare October 17, 2019 18:08

sam-github force-pushed the modernize-openssl-init branch from 21859d4 to 12cbdcb Compare October 17, 2019 18:09

richardlau mentioned this pull request Oct 17, 2019

build: make linter failures fail test-doc target #30012

Closed

2 tasks

codebytere approved these changes Oct 17, 2019

View reviewed changes

Trott closed this Oct 19, 2019

MylesBorins mentioned this pull request Oct 23, 2019

v13.0.1 proposal #30081

Merged

targos mentioned this pull request Nov 10, 2019

v12.13.1 release proposal #30352

Merged

sam-github deleted the modernize-openssl-init branch November 28, 2019 22:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

src: only initialize openssl once #29999

src: only initialize openssl once #29999

sam-github commented Oct 16, 2019 •

edited

Loading

richardlau commented Oct 16, 2019

richardlau commented Oct 16, 2019

sam-github commented Oct 16, 2019

nodejs-github-bot commented Oct 17, 2019

codebytere commented Oct 17, 2019

davidben commented Oct 17, 2019

davidben commented Oct 17, 2019

sam-github commented Oct 17, 2019

nodejs-github-bot commented Oct 17, 2019

codebytere commented Oct 17, 2019

nodejs-github-bot commented Oct 17, 2019

codebytere commented Oct 17, 2019

sam-github commented Oct 17, 2019

sam-github commented Oct 17, 2019

richardlau commented Oct 17, 2019 •

edited

Loading

nodejs-github-bot commented Oct 17, 2019

sam-github commented Oct 18, 2019

nodejs-github-bot commented Oct 18, 2019

nodejs-github-bot commented Oct 19, 2019

nodejs-github-bot commented Oct 19, 2019

nodejs-github-bot commented Oct 19, 2019

nodejs-github-bot commented Oct 19, 2019 •

edited by Trott

Loading

Trott commented Oct 19, 2019

src: only initialize openssl once #29999

src: only initialize openssl once #29999

Conversation

sam-github commented Oct 16, 2019 • edited Loading

Checklist

richardlau commented Oct 16, 2019

richardlau commented Oct 16, 2019

sam-github commented Oct 16, 2019

nodejs-github-bot commented Oct 17, 2019

codebytere commented Oct 17, 2019

davidben commented Oct 17, 2019

davidben commented Oct 17, 2019

sam-github commented Oct 17, 2019

nodejs-github-bot commented Oct 17, 2019

codebytere commented Oct 17, 2019

nodejs-github-bot commented Oct 17, 2019

codebytere commented Oct 17, 2019

sam-github commented Oct 17, 2019

sam-github commented Oct 17, 2019

richardlau commented Oct 17, 2019 • edited Loading

nodejs-github-bot commented Oct 17, 2019

sam-github commented Oct 18, 2019

nodejs-github-bot commented Oct 18, 2019

nodejs-github-bot commented Oct 19, 2019

nodejs-github-bot commented Oct 19, 2019

nodejs-github-bot commented Oct 19, 2019

nodejs-github-bot commented Oct 19, 2019 • edited by Trott Loading

Trott commented Oct 19, 2019

sam-github commented Oct 16, 2019 •

edited

Loading

richardlau commented Oct 17, 2019 •

edited

Loading

nodejs-github-bot commented Oct 19, 2019 •

edited by Trott

Loading