-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support OpenSSL 3.0 Legacy provider in version 16 #40948
Labels
openssl
Issues and PRs related to the OpenSSL dependency.
Comments
bradbishop
pushed a commit
to openbmc/webui-vue
that referenced
this issue
Jan 18, 2022
No longer have support for MD4, the default hashFunction. Mess with webpack to use sha256. This solution is from: webpack/webpack#13572 (comment) And was added to phosphor-webui here: openbmc/phosphor-webui@8588400 Ideally --openssl-legacy-provider would work as webpack/webpack#14532 describes but Node 16 supports linking with SSL 3.0 but doesn't support openssl-legacy-provider. See nodejs/node#40948. This should enable the new Yocto bump to pass. Tested: Build Witherspoon Tacoma with https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/48473 and the 3 and this change. The webui looked good. Change-Id: I66f2cc45af85096f9abe935d269838c6a680bc9b Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
herbrechtsmeier
added a commit
to weidmueller/node
that referenced
this issue
Mar 11, 2022
Load OpenSSL 3.0 Legacy provider if OpenSSL major version isn't below 3 to be compatible with older OpenSSL major versions and resolve nodejs#40948.
herbrechtsmeier
added a commit
to weidmueller/node
that referenced
this issue
Mar 11, 2022
Load OpenSSL 3.0 Legacy provider if OpenSSL major version isn't below 3 to be inline with older OpenSSL major versions and support the default hashFunction MD4 of webpack. Fixes: nodejs#40948 Refs: https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html Refs: https://webpack.js.org/plugins/hashed-module-ids-plugin/
herbrechtsmeier
added a commit
to weidmueller/node
that referenced
this issue
Mar 11, 2022
Load OpenSSL 3.0 Legacy provider if OpenSSL major version isn't below 3 to be inline with older OpenSSL major versions and support the default hashFunction MD4 of webpack. Fixes: nodejs#40948 Refs: https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html Refs: https://webpack.js.org/plugins/hashed-module-ids-plugin/ Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
herbrechtsmeier
added a commit
to weidmueller/node
that referenced
this issue
Mar 11, 2022
Load OpenSSL 3.0 Legacy provider if OpenSSL major version isn't below 3 to be inline with older OpenSSL major versions and support the default hashFunction MD4 of webpack. Fixes: nodejs#40948 Refs: https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html Refs: https://webpack.js.org/plugins/hashed-module-ids-plugin/
juanarbol
pushed a commit
that referenced
this issue
Jun 1, 2022
This commit adds an option to Node.js named --openssl-legacy-provider and if specified will load OpenSSL 3.0 Legacy provider when dynamically linking Node.js v16.x with OpenSSL 3.0. Building: $ ./configure --shared-openssl \ --shared-openssl-libpath=/path/openssl_quic-3.0/lib64 \ --shared-openssl-includes=/path/openssl_quic-3.0/include \ --shared-openssl-libname=crypto,ssl $ make -j8 Verify options is available: $ ./node --help ... --openssl-legacy-provider enable OpenSSL 3.0 legacy provider Usage: $ export LD_LIBRARY_PATH=/path/openssl_quic-3.0/lib64 $ export OPENSSL_MODULES=/path/openssl_quic-3.0/lib64/ossl-modules/ $ export OPENSSL_CONF=/path/openssl_quic-3.0/ssl/openssl.cnf $ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } Fixes: #40948 Refs: #40455 PR-URL: #40478 Backport-PR-URL: #42972 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michael Dawson <midawson@redhat.com>
danbev
added a commit
to danbev/node
that referenced
this issue
Jun 23, 2022
This commit adds an option to Node.js named --openssl-legacy-provider and if specified will load OpenSSL 3.0 Legacy provider when dynamically linking Node.js v16.x with OpenSSL 3.0. Building: $ ./configure --shared-openssl \ --shared-openssl-libpath=/path/openssl_quic-3.0/lib64 \ --shared-openssl-includes=/path/openssl_quic-3.0/include \ --shared-openssl-libname=crypto,ssl $ make -j8 Verify options is available: $ ./node --help ... --openssl-legacy-provider enable OpenSSL 3.0 legacy provider Usage: $ export LD_LIBRARY_PATH=/path/openssl_quic-3.0/lib64 $ export OPENSSL_MODULES=/path/openssl_quic-3.0/lib64/ossl-modules/ $ export OPENSSL_CONF=/path/openssl_quic-3.0/ssl/openssl.cnf $ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } Fixes: nodejs#40948 Refs: nodejs#40455 PR-URL: nodejs#40478 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
rfrandse
pushed a commit
to ibm-openbmc/webui-vue
that referenced
this issue
Jun 30, 2022
No longer have support for MD4, the default hashFunction. Mess with webpack to use sha256. This solution is from: webpack/webpack#13572 (comment) And was added to phosphor-webui here: openbmc/phosphor-webui@8588400 Ideally --openssl-legacy-provider would work as webpack/webpack#14532 describes but Node 16 supports linking with SSL 3.0 but doesn't support openssl-legacy-provider. See nodejs/node#40948. This should enable the new Yocto bump to pass. Tested: Build Witherspoon Tacoma with https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/48473 and the 3 and this change. The webui looked good. Change-Id: I66f2cc45af85096f9abe935d269838c6a680bc9b Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
If anyone is suffering from this issue on *nix, compiling the following code as a shared library and putting it into #define _GNU_SOURCE
#include <stddef.h>
#include <stdint.h>
#include <dlfcn.h>
#include <openssl/ssl.h>
#include <openssl/provider.h>
int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
{
static int once;
static int (*orig_OPENSSL_init_ssl)(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
if (!__atomic_exchange_n(&once, 1, __ATOMIC_ACQ_REL))
{
*(void **)&orig_OPENSSL_init_ssl = dlsym(RTLD_NEXT, "OPENSSL_init_ssl");
OSSL_PROVIDER_load(NULL, "legacy");
}
return (*orig_OPENSSL_init_ssl)(opts, settings);
} |
targos
pushed a commit
that referenced
this issue
Jul 18, 2022
This commit adds an option to Node.js named --openssl-legacy-provider and if specified will load OpenSSL 3.0 Legacy provider when dynamically linking Node.js v16.x with OpenSSL 3.0. Building: $ ./configure --shared-openssl \ --shared-openssl-libpath=/path/openssl_quic-3.0/lib64 \ --shared-openssl-includes=/path/openssl_quic-3.0/include \ --shared-openssl-libname=crypto,ssl $ make -j8 Verify options is available: $ ./node --help ... --openssl-legacy-provider enable OpenSSL 3.0 legacy provider Usage: $ export LD_LIBRARY_PATH=/path/openssl_quic-3.0/lib64 $ export OPENSSL_MODULES=/path/openssl_quic-3.0/lib64/ossl-modules/ $ export OPENSSL_CONF=/path/openssl_quic-3.0/ssl/openssl.cnf $ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } Fixes: #40948 Refs: #40455 PR-URL: #40478 Backport-PR-URL: #42972 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Fixed in #42972 |
targos
pushed a commit
that referenced
this issue
Jul 31, 2022
This commit adds an option to Node.js named --openssl-legacy-provider and if specified will load OpenSSL 3.0 Legacy provider when dynamically linking Node.js v16.x with OpenSSL 3.0. Building: $ ./configure --shared-openssl \ --shared-openssl-libpath=/path/openssl_quic-3.0/lib64 \ --shared-openssl-includes=/path/openssl_quic-3.0/include \ --shared-openssl-libname=crypto,ssl $ make -j8 Verify options is available: $ ./node --help ... --openssl-legacy-provider enable OpenSSL 3.0 legacy provider Usage: $ export LD_LIBRARY_PATH=/path/openssl_quic-3.0/lib64 $ export OPENSSL_MODULES=/path/openssl_quic-3.0/lib64/ossl-modules/ $ export OPENSSL_CONF=/path/openssl_quic-3.0/ssl/openssl.cnf $ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } Fixes: #40948 Refs: #40455 PR-URL: #40478 Backport-PR-URL: #42972 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
guangwong
pushed a commit
to noslate-project/node
that referenced
this issue
Oct 10, 2022
This commit adds an option to Node.js named --openssl-legacy-provider and if specified will load OpenSSL 3.0 Legacy provider when dynamically linking Node.js v16.x with OpenSSL 3.0. Building: $ ./configure --shared-openssl \ --shared-openssl-libpath=/path/openssl_quic-3.0/lib64 \ --shared-openssl-includes=/path/openssl_quic-3.0/include \ --shared-openssl-libname=crypto,ssl $ make -j8 Verify options is available: $ ./node --help ... --openssl-legacy-provider enable OpenSSL 3.0 legacy provider Usage: $ export LD_LIBRARY_PATH=/path/openssl_quic-3.0/lib64 $ export OPENSSL_MODULES=/path/openssl_quic-3.0/lib64/ossl-modules/ $ export OPENSSL_CONF=/path/openssl_quic-3.0/ssl/openssl.cnf $ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } Fixes: nodejs/node#40948 Refs: nodejs/node#40455 PR-URL: nodejs/node#40478 Backport-PR-URL: nodejs/node#42972 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
tjanez
added a commit
to oasisprotocol/oasis-wallet-ext
that referenced
this issue
Mar 17, 2023
Node.js 16+ supports dynamically linking with OpenSSL 3.0, however, that results in 'error:0308010C:digital envelope routines::unsupported' error. To work-around that with the legacy Webpack 4.0 we use, one needs to enable the OpenSSL 3.0 Legacy provider by setting: NODE_OPTIONS=--openssl-legacy-provider For more info, see: - webpack/webpack#14532 - nodejs/node#40455 - nodejs/node#40948
buberdds
pushed a commit
to buberdds/oasis-wallet-ext
that referenced
this issue
Apr 21, 2023
Node.js 16+ supports dynamically linking with OpenSSL 3.0, however, that results in 'error:0308010C:digital envelope routines::unsupported' error. To work-around that with the legacy Webpack 4.0 we use, one needs to enable the OpenSSL 3.0 Legacy provider by setting: NODE_OPTIONS=--openssl-legacy-provider For more info, see: - webpack/webpack#14532 - nodejs/node#40455 - nodejs/node#40948
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Node v16 supports dynamically linking with OpenSSL 3.0 (#29817) but doesn't support OpenSSL 3.0 Legacy provider (#40455). Please backport 86d1c0c or always load the legacy provider for OpenSSL 3.0.
The text was updated successfully, but these errors were encountered: