Investigate loading legacy provider with OpenSSL 3.0

[danbev]

I though it would be possible to enable it but updating openssl.cnf like this:

[openssl_init]                                                                  
providers = provider_sect                                                       
                                                                                
# List of providers to load                                                     
[provider_sect]                                                                 
default = default_sect                                                          
legacy = legacy_sect  

[default_sect]                                                                  
activate = 1                                                                    
                                                                                
[legacy_sect]                                                                   
activate = 1

But that does not work:

$ env OPENSSL_CONF=out/Release/obj.target/deps/openssl/openssl.cnf ./node -p 'crypto.createHash("md4")'
node:internal/crypto/hash:67
  this[kHandle] = new _Hash(algorithm, xofLen);
                  ^

Error: error:0308010C:digital envelope routines::unsupported
    at new Hash (node:internal/crypto/hash:67:19)
    at Object.createHash (node:crypto:130:10)
    at [eval]:1:8
    at Script.runInThisContext (node:vm:129:12)
    at Object.runInThisContext (node:vm:305:38)
    at node:internal/process/execution:81:19
    at [eval]-wrapper:6:22
    at evalScript (node:internal/process/execution:80:60)
    at node:internal/main/eval_string:27:3 {
  opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
}

This issue should take a closer look at how the legacy provider can be enabled.

Refs: #40119 (comment)

[richardlau]

@danbev It looks like we don't build at least legacyprov.c (maybe some others?). This doesn't appear to work but might be a start:

diff --git a/deps/openssl/config/archs/linux-x86_64/asm/openssl.gypi b/deps/openssl/config/archs/linux-x86_64/asm/openssl.gypi
index 46cc9b2b4a..13b6d6eb96 100644
--- a/deps/openssl/config/archs/linux-x86_64/asm/openssl.gypi
+++ b/deps/openssl/config/archs/linux-x86_64/asm/openssl.gypi
@@ -775,6 +775,7 @@
       'openssl/engines/e_padlock.c',
       'openssl/providers/baseprov.c',
       'openssl/providers/defltprov.c',
+      'openssl/providers/legacyprov.c',
       'openssl/providers/nullprov.c',
       'openssl/providers/prov_running.c',
       'openssl/providers/common/der/der_rsa_sig.c',
diff --git a/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl.gypi b/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl.gypi
index cb90c57338..4f5a640dd8 100644
--- a/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl.gypi
+++ b/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl.gypi
@@ -775,6 +775,7 @@
       'openssl/engines/e_padlock.c',
       'openssl/providers/baseprov.c',
       'openssl/providers/defltprov.c',
+      'openssl/providers/legacyprov.c',
       'openssl/providers/nullprov.c',
       'openssl/providers/prov_running.c',
       'openssl/providers/common/der/der_rsa_sig.c',

[danbev]

@richardlau Thanks, I'll take a look. These gypi files are generated and perhaps we are missing, or reading the wrong source list from configdata.pm.

[richardlau]

FWIW This hack appears to allow the legacy provider to be statically compiled and loaded:

diff --git a/deps/openssl/config/archs/linux-x86_64/asm/openssl.gypi b/deps/openssl/config/archs/linux-x86_64/asm/openssl.gypi
index 46cc9b2b4a..13b6d6eb96 100644
--- a/deps/openssl/config/archs/linux-x86_64/asm/openssl.gypi
+++ b/deps/openssl/config/archs/linux-x86_64/asm/openssl.gypi
@@ -775,6 +775,7 @@
       'openssl/engines/e_padlock.c',
       'openssl/providers/baseprov.c',
       'openssl/providers/defltprov.c',
+      'openssl/providers/legacyprov.c',
       'openssl/providers/nullprov.c',
       'openssl/providers/prov_running.c',
       'openssl/providers/common/der/der_rsa_sig.c',
diff --git a/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl.gypi b/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl.gypi
index cb90c57338..4f5a640dd8 100644
--- a/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl.gypi
+++ b/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl.gypi
@@ -775,6 +775,7 @@
       'openssl/engines/e_padlock.c',
       'openssl/providers/baseprov.c',
       'openssl/providers/defltprov.c',
+      'openssl/providers/legacyprov.c',
       'openssl/providers/nullprov.c',
       'openssl/providers/prov_running.c',
       'openssl/providers/common/der/der_rsa_sig.c',
diff --git a/deps/openssl/config/archs/linux-x86_64/no-asm/openssl.gypi b/deps/openssl/config/archs/linux-x86_64/no-asm/openssl.gypi
index 647092c410..279a4d27c3 100644
--- a/deps/openssl/config/archs/linux-x86_64/no-asm/openssl.gypi
+++ b/deps/openssl/config/archs/linux-x86_64/no-asm/openssl.gypi
@@ -782,6 +782,7 @@
       'openssl/engines/e_padlock.c',
       'openssl/providers/baseprov.c',
       'openssl/providers/defltprov.c',
+      'openssl/providers/legacyprov.c',
       'openssl/providers/nullprov.c',
       'openssl/providers/prov_running.c',
       'openssl/providers/common/der/der_rsa_sig.c',
diff --git a/deps/openssl/openssl.gyp b/deps/openssl/openssl.gyp
index 4d4e6f2801..d178ffaa61 100644
--- a/deps/openssl/openssl.gyp
+++ b/deps/openssl/openssl.gyp
@@ -29,6 +29,7 @@
         # is able to create a malicious DLL in one of the default search paths.
         'OPENSSL_NO_HW',
         'OPENSSL_API_COMPAT=0x10100001L',
+       'STATIC_LEGACY',
         #'OPENSSL_NO_DEPRECATED',
       ],
       'conditions': [
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
index 7e0c8ba3eb..c1fe6fb6ac 100644
--- a/src/crypto/crypto_util.cc
+++ b/src/crypto/crypto_util.cc
@@ -170,6 +170,16 @@ void InitCryptoOnce() {
   ENGINE_load_builtin_engines();
 #endif  // !OPENSSL_NO_ENGINE

+#if OPENSSL_VERSION_MAJOR >= 3
+  // Put behind a flag?
+  {
+    OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy");
+    if (legacy_provider == nullptr) {
+      fprintf(stderr, "Unable to load legacy provider.\n");
+    }
+  }
+#endif
+
   NodeBIO::GetMethod();
 }

$ ./node -p 'crypto.createHash("md4")'
Hash {
  _options: undefined,
  [Symbol(kHandle)]: Hash {},
  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
}
$

I'm not entirely sure how to get legacyprov.c into gyp via the generating scripts. We'd probably want to put some CLI flag around the loading of the provider (we probably can't assume it's available if linking to an shared openssl) or maybe enablement could be via modifying the openssl config file.

[danbev]

This sounds good to me and if we can do that and not have to mess around with openssl.cnf that is great.

I'm not entirely sure how to get legacyprov.c into gyp via the generating scripts.

Yeah, I was not sure about this either. We need to add this to generate_gypi.pl. The easiest way to try this out it to update that file and then run make linux-x86-64 (or use the arch you are on). After that you can inspect the generated archs/linux-x86_64/asm/openssl.gypi. If that looks good one can try to build node with this and see that it works before generating all the arch files which takes a while.

I've opened a pull request based on your suggestion: #40478. I've added you as Co-author which I hope is alright.