Skip to content

src: add --openssl-legacy-provider option #40478

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

src: add --openssl-legacy-provider option #40478

wants to merge 4 commits into from

Conversation

@danbev
Copy link
Contributor

@danbev danbev commented Oct 16, 2021
edited
Loading

This commit adds an option to Node.js named --openssl-legacy-provider and
if specified will load OpenSSL 3.0 Legacy provider.

$ ./node --help
...
--openssl-legacy-provider  enable OpenSSL 3.0 legacy provider

Example usage:

$ ./node --openssl-legacy-provider  -p 'crypto.createHash("md4")'
Hash {
  _options: undefined,
  [Symbol(kHandle)]: Hash {},
  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
}

Co-authored-by: Richard Lau [email protected]

Refs: #40455

This is an alternative to the suggestion in #40466

@nodejs-github-bot nodejs-github-bot added needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. labels Oct 16, 2021
This was referenced Oct 16, 2021
Closed
Closed
tniessen
tniessen reviewed Oct 16, 2021
View reviewed changes
@tniessen
Copy link
Member

tniessen commented Oct 16, 2021

Neither this PR nor #40466 load the legacy provider by default, and I think that makes sense. While these PRs make the legacy provider available, this will not unbreak npm.

richardlau
richardlau reviewed Oct 16, 2021
View reviewed changes
@richardlau
Copy link
Member

richardlau commented Oct 16, 2021

Neither this PR nor #40466 load the legacy provider by default, and I think that makes sense. While these PRs make the legacy provider available, this will not unbreak npm.

I agree about not being the default making sense -- this option should be intended to be used as a stop-gap until dependencies can be updated to migrate away from the weaker crypto algorithms.

@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Oct 16, 2021
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Oct 16, 2021
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 16, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/40327/

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 16, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/40328/

@danbev danbev changed the title src: add --openssl-legacy-module option src: add --openssl-legacy-provider option Oct 16, 2021
@github-actions github-actions bot mentioned this pull request Oct 17, 2021
Open
25 tasks
RaisinTen
RaisinTen reviewed Oct 17, 2021
View reviewed changes
@github-actions github-actions bot mentioned this pull request Oct 18, 2021
Open
27 tasks
danbev and others added 3 commits October 18, 2021 09:06
@danbev @richardlau
deps: add missing legacyprov.c source
1d10df9 
This commit add the missing legacy provider source code which is
requried for statically linking the OpenSSL legacy provider.

Co-authored-by: Richard Lau <[email protected]>
@danbev @richardlau
deps: regenerate OpenSSL arch files
9bb7bd8 
Co-authored-by: Richard Lau <[email protected]>
@danbev
src: add --openssl-legacy-provider option
86d1c0c 
This commit adds an option to Node.js named --openssl-legacy-provider
and if specified will load OpenSSL 3.0 Legacy provider.

$ ./node --help
...
--openssl-legacy-provider  enable OpenSSL 3.0 legacy provider

Example usage:

$ ./node --openssl-legacy-provider  -p 'crypto.createHash("md4")'
Hash {
  _options: undefined,
  [Symbol(kHandle)]: Hash {},
  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
}

Co-authored-by: Richard Lau <[email protected]>

Refs: nodejs#40455
@danbev danbev force-pushed the openssl_legacy_static branch from 415743a to 86d1c0c Compare October 18, 2021 07:24
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 18, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/40341/

@danbev
Copy link
Contributor Author

danbev commented Oct 18, 2021

@tniessen @targos @RaisinTen @BethGriggs @mhdawson I would be great if we could get this PR merged today and into the Node.js 17 release tomorrow. Would one or more of you be able to review?

richardlau
richardlau approved these changes Oct 18, 2021
View reviewed changes
@danbev danbev added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Oct 18, 2021
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 18, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/40343/

@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Oct 18, 2021
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Oct 18, 2021
This was referenced May 31, 2022
Closed
Merged
@targos targos mentioned this pull request Aug 2, 2022
Merged
@simllll
Copy link
Contributor

simllll commented Aug 16, 2022
edited
Loading

Should this work now with node16?

# node --version 
v16.17.0

# node --openssl-legacy-provider
node: bad option: --openssl-legacy-provider

In our use case it woudl be enough if it just doesn't fail with an error message, as we need this flag for all our devs that are on node 16+, but we can't add it for all that are still on node 16

@mshabarov mshabarov mentioned this pull request Sep 20, 2022
Closed
@mshabarov
Copy link

mshabarov commented Sep 21, 2022

I also have the same issue with v16.17.0:

# node -v   
v16.17.0
# node --openssl-legacy-provider
node: bad option: --openssl-legacy-provider

node --help doesn't show this parameter in the list.

@BethGriggs
Copy link
Member

BethGriggs commented Sep 21, 2022

@mshabarov what is your output of $ node -p process.versions.openssl? I believe the option is only relevant (and therefore available) when using OpenSSL 3.0 (refs). Node.js 16 ships with OpenSSL 1.1.1 by default.

@mshabarov
Copy link

mshabarov commented Sep 21, 2022

@BethGriggs my output is 1.1.1q+quic, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RaisinTen RaisinTen RaisinTen left review comments

@tniessen tniessen tniessen approved these changes

@richardlau richardlau richardlau approved these changes

@BethGriggs BethGriggs BethGriggs approved these changes

@mhdawson mhdawson mhdawson approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. fast-track PRs that do not need to wait for 48 hours to land. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. semver-minor PRs that contain new features and should be released in the next minor version.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.