Openssl 3 with NODE_EXTRA_CA_CERTS slows down node.js v17 startup

[nassau-t]

Version

v17.0.0

Platform

Microsoft Windows NT 10.0.19042.0 x64

Subsystem

openssl 3

What steps will reproduce the bug?

Create an empty file a.js
Have a certificate.pem file with 1 certificate.

>SET NODE_EXTRA_CA_CERTS=

>timethis node a.js

TimeThis :  Command Line :  node a.js
TimeThis :    Start Time :  Tue Oct 19 21:19:06 2021


TimeThis :  Command Line :  node a.js
TimeThis :    Start Time :  Tue Oct 19 21:19:06 2021
TimeThis :      End Time :  Tue Oct 19 21:19:07 2021
TimeThis :  Elapsed Time :  00:00:00.110

>SET NODE_EXTRA_CA_CERTS=certificate.pem

>timethis node a.js

TimeThis :  Command Line :  node a.js
TimeThis :    Start Time :  Tue Oct 19 21:20:51 2021


TimeThis :  Command Line :  node a.js
TimeThis :    Start Time :  Tue Oct 19 21:20:51 2021
TimeThis :      End Time :  Tue Oct 19 21:20:51 2021
TimeThis :  Elapsed Time :  00:00:00.215

How often does it reproduce? Is there a required condition?

You must set a value for NODE_EXTRA_CA_CERTS

What is the expected behavior?

>node -v
v16.11.1

>timethis node a.js

TimeThis :  Command Line :  node a.js
TimeThis :    Start Time :  Tue Oct 19 21:22:16 2021


TimeThis :  Command Line :  node a.js
TimeThis :    Start Time :  Tue Oct 19 21:22:16 2021
TimeThis :      End Time :  Tue Oct 19 21:22:17 2021
TimeThis :  Elapsed Time :  00:00:00.115

What do you see instead?

It seems that openssl 3 slows down node.js startup.
With this empty script is 86% slower than node.js v16. With a big script, it is around 46% slower.
I don't know if this is expected, so this is a normal beaviour of openssl 3... It's strange that it only happens with EXTRA_CA_CERTS.

Additional information

No response

[nassau-t]

In fact, certificate.pem can also be empty. It has the same slow down.

[mhdawson]

@danbev do you remember any changes related to EXTRA_CA_CERTS with the update to OpenSSL 3 that might be related?

[mhdawson]

this is in src/node.cc

    {
      std::string extra_ca_certs;
      if (credentials::SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs))
        crypto::UseExtraCaCerts(extra_ca_certs);
    }

And the code in UseExtraCaCerts does not seem to be changed as part of the update to v3 -

node/src/crypto/crypto_context.cc

Line 1327 in 7ed303b

void UseExtraCaCerts(const std::string& file) {

[danbev]

do you remember any changes related to EXTRA_CA_CERTS with the update to OpenSSL 3 that might be related?

Nothing that I can think unfortunately specifically related to EXTRA_CA_CERTS with regard to the changes in Node.js related to OpenSSL 3.0.

[mhdawson]

It also seems to reproduce on linux as well. For 16.x adding EXTRA_CA_CERTS does not seems to have much of an effect, where as it is noticeable in 17.x

It varies a bit but these are two comparisions:

Default

[midawson@midawson testextra]$ time node test.js

real	0m0.031s
user	0m0.022s
sys	0m0.009s

With NODE_EXTRA_CA_CERTS set

midawson@midawson testextra]$ time node test.js

real	0m0.071s
user	0m0.067s
sys	0m0.005s

[nassau-t]

Excuse me. Correcting title.

[mhdawson]

Additional time is in this method:

node/src/crypto/crypto_context.cc

Line 192 in 7ed303b

X509_STORE* NewRootCertStore() {

[mhdawson]

Difference seems to be in this part of the code:

if (root_certs_vector.empty() &&
      per_process::cli_options->ssl_openssl_cert_store == false) {
    for (size_t i = 0; i < arraysize(root_certs); i++) {
      X509* x509 =
          PEM_read_bio_X509(NodeBIO::NewFixed(root_certs[i],
                                              strlen(root_certs[i])).get(),
                            nullptr,   // no re-use of X509 structure
                            NoPasswordCallback,
                            nullptr);  // no callback data

      // Parse errors from the built-in roots are fatal.
      CHECK_NOT_NULL(x509);

      root_certs_vector.push_back(x509);
    }
  }

I checked 16.x and 17.x and arraysize(root_certs) is 131 in both cases so looks like the extra time is in PEM_read_bio_X509

[mhdawson]

The extra time seems be proportional to the number of root_certs. ie if I truncate to 1/2 the size it seems to add 1/2 the overhead. This would indicate that PEM_read_bio_X509 is doing more work than before for each certificate.

[mhdawson]

Adding OPENSSL_NO_CHAIN_VERIFY to node.gyp does not seem to have any effect. Trying OPENSSL_NO_X509_VERIFY

[mhdawson]

Actually looks like those might be removed, need to look at equivalents

[nassau-t]

It seems very old, to affect now on v17 and not in v16.

Changes between 1.0.2h and 1.1.0 [25 Aug 2016]

Clean up OPENSSL_NO_xxx #define's

    Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
    Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
    OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC
    OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
    OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
    Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
    Remove MS_STATIC; it's a relic from platforms <32 bits.

Rich Salz

[nassau-t]

In fact, it's very strange that it affects only when new certificates are added througth NODE_EXTRA_CA_CERTS and not with the node default certificates.