Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: Read OpenSSL config before init #6374

Closed
wants to merge 1 commit into from
Closed

crypto: Read OpenSSL config before init #6374

wants to merge 1 commit into from

Conversation

stefanmb
Copy link
Contributor

@stefanmb stefanmb commented Apr 25, 2016
edited
Loading

Checklist
  • tests and code linting passes
  • the commit message follows commit guidelines
Affected core subsystem(s)

crypto

Description of change

The OpenSSL configuration file allows a directive for a custom crypto engine to be used, but such a directive will not be respected if the config file is loaded after initializing all crypto subsystems.

This PR reads the configuration file first, and is meant to directly address the issues raised by @burmisov and @fast0490f in #5101.

The previous PR (#5739) proposed to address the same problem introduces new runtime argument which is not strictly necessary and thus has a higher impact.

In this PR I've opted, after discussion, to propose the minimal possible change to resolve the issue reported with the GOST engine support. For more information, please see #5739 (comment).

@stefanmb
crypto: Read OpenSSL config before init
4029815 
The OpenSSL configuration file allows custom crypto engines but those
directives will not be respected if the config file is loaded after
initializing all crypto subsystems. This patch reads the configuration
file first.
@stefanmb stefanmb self-assigned this Apr 25, 2016
@stefanmb stefanmb added tls Issues and PRs related to the tls subsystem. crypto Issues and PRs related to the crypto subsystem. c++ Issues and PRs that require attention from people who are familiar with C++. semver-minor PRs that contain new features and should be released in the next minor version. land-on-master labels Apr 25, 2016
@stefanmb
Copy link
Contributor Author

CI: https://ci.nodejs.org/job/node-test-pull-request/2383/

@stefanmb stefanmb mentioned this pull request Apr 25, 2016
Closed
4 tasks
@indutny
Copy link
Member

indutny commented Apr 25, 2016

LGTM if CI is green.

@jasnell
Copy link
Member

jasnell commented Apr 25, 2016

would this actually be semver-minor or major?

@indutny
Copy link
Member

indutny commented Apr 25, 2016

I'd say minor

@stefanmb
Copy link
Contributor Author

CI is green. I will land in 48 hrs if there are no objections.

@jasnell I labeled it as a semver-minor since the functionality already exists in master since #5181, reordering the order of the calls does not break any existing interface/contract, but enables other uses (like the GOST engine). Please also note I've fixed the labels - this PR should not be landed in v4.x and v5.x since they do not read the OpenSSL config file at all - adding that functionality would be semver-major (which is why it was not done in the first place pre 6.x).

@jasnell
Copy link
Member

jasnell commented Apr 25, 2016

Ok, SGTM!

@mhdawson
Copy link
Member

LGTM

1 similar comment
@jasnell
Copy link
Member

jasnell commented Apr 25, 2016

LGTM

@jasnell jasnell added this to the 6.0.0 milestone Apr 25, 2016
@jasnell
Copy link
Member

jasnell commented Apr 26, 2016

@stefanmb ... I'm going to go ahead and land this now so it makes it into v6

jasnell pushed a commit that referenced this pull request Apr 26, 2016
@stefanmb @jasnell
crypto: Read OpenSSL config before init
56b9478 
The OpenSSL configuration file allows custom crypto engines but those
directives will not be respected if the config file is loaded after
initializing all crypto subsystems. This patch reads the configuration
file first.

PR-URL: #6374
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@jasnell
Copy link
Member

jasnell commented Apr 26, 2016

Landed in 56b9478

@jasnell jasnell closed this Apr 26, 2016
@stefanmb
Copy link
Contributor Author

@jasnell Thank you! I wanted to go by the book and wait for 48 hrs but I think this should make it into 6 on day one.

@stefanmb stefanmb mentioned this pull request Apr 26, 2016
Closed
jasnell pushed a commit that referenced this pull request Apr 26, 2016
@stefanmb @jasnell
crypto: Read OpenSSL config before init
d6237aa 
The OpenSSL configuration file allows custom crypto engines but those
directives will not be respected if the config file is loaded after
initializing all crypto subsystems. This patch reads the configuration
file first.

PR-URL: #6374
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@Anatoliy4041
Copy link

@stefanmb Thanks you for your solution!
Guys,
I've met the issue that @stefanmb commitment was applied just for Node 6.0.0 and there is no any changes in node_crypto.cc in higher versions. Could we sort it out?

@Anatoliy4041 Anatoliy4041 mentioned this pull request Nov 22, 2016
Closed
@temaivanoff
Copy link

temaivanoff commented Nov 22, 2016
edited
Loading

@Anatoliy4041
You can do to make the necessary changes to realise the functionality in older versions. But you will need to build the project from source. I may be able to help you with this, for a quick fix. Write on e-mail.

@Anatoliy4041
Copy link

@fast0490f Thanks, I appreciate it 👍 .

However I think It sould be applied it the latest versions of NodeJS, shouldn't it?

@temaivanoff
Copy link

temaivanoff commented Dec 16, 2016
edited
Loading

@indutny --openssl-config
To achieve the desired and to connect additional algorithms PR should be used ./configure --openssl-config=file ?
Correct me if it isn't, maybe I'm wrong

@gibfahn
Copy link
Member

gibfahn commented Dec 16, 2016

I've met the issue that @stefanmb commitment was applied just for Node 6.0.0 and there is no any changes in node_crypto.cc in higher versions. Could we sort it out?

As discussed in #9738 , this is not true. Can we continue the discussion in there so everything's in the same place?

@rmhrisk rmhrisk mentioned this pull request Nov 11, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@stefanmb stefanmb

Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. semver-minor PRs that contain new features and should be released in the next minor version. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Milestone
6.0.0
Development

Successfully merging this pull request may close these issues.
7 participants
@stefanmb @indutny @jasnell @mhdawson @Anatoliy4041 @temaivanoff @gibfahn