Skip to content

[v16.x] update to openssl-1.1.1m+quic #41175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jan 17, 2022
Merged

[v16.x] update to openssl-1.1.1m+quic #41175

merged 3 commits into from
Jan 17, 2022

Conversation

@richardlau
Copy link
Member

@richardlau richardlau commented Dec 14, 2021
edited
Loading

@nodejs-github-bot nodejs-github-bot added needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. v16.x labels Dec 14, 2021
@nodejs-github-bot

This comment has been minimized.

Sign in to view
tniessen
tniessen approved these changes Dec 14, 2021
View reviewed changes
Copy link
Member

@tniessen tniessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RSLGTM

@richardlau
Copy link
Member Author

richardlau commented Dec 14, 2021

Looks like test.parallel/test-crypto-engine is failing on macOS 😞:
e.g. https://ci.nodejs.org/job/node-test-commit-osx/nodes=osx1015/43113/testReport/junit/(root)/test/parallel_test_crypto_engine/

node:internal/crypto/util:111
    throw new ERR_CRYPTO_ENGINE_UNKNOWN(id);
    ^

Error [ERR_CRYPTO_ENGINE_UNKNOWN]: Engine "/Users/iojs/build/workspace/node-test-commit-osx/nodes/osx1015/out/Release/libtest_crypto_engine.dylib" was not found
    at new NodeError (node:internal/errors:371:5)
    at Object.setEngine (node:internal/crypto/util:111:11)
    at Object.<anonymous> (/Users/iojs/build/workspace/node-test-commit-osx/nodes/osx1015/test/parallel/test-crypto-engine.js:47:12)
    at Module._compile (node:internal/modules/cjs/loader:1101:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12)
    at node:internal/main/run_main_module:17:47 {
  code: 'ERR_CRYPTO_ENGINE_UNKNOWN'
}

@richardlau richardlau changed the title [v16.x] update to openssl1.1.1m+quic [v16.x] update to openssl-1.1.1m+quic Dec 14, 2021
@richardlau
Copy link
Member Author

richardlau commented Dec 15, 2021
edited
Loading

Looks like test.parallel/test-crypto-engine is failing on macOS 😞: e.g. https://ci.nodejs.org/job/node-test-commit-osx/nodes=osx1015/43113/testReport/junit/(root)/test/parallel_test_crypto_engine/

node:internal/crypto/util:111
    throw new ERR_CRYPTO_ENGINE_UNKNOWN(id);
    ^

Error [ERR_CRYPTO_ENGINE_UNKNOWN]: Engine "/Users/iojs/build/workspace/node-test-commit-osx/nodes/osx1015/out/Release/libtest_crypto_engine.dylib" was not found
    at new NodeError (node:internal/errors:371:5)
    at Object.setEngine (node:internal/crypto/util:111:11)
    at Object.<anonymous> (/Users/iojs/build/workspace/node-test-commit-osx/nodes/osx1015/test/parallel/test-crypto-engine.js:47:12)
    at Module._compile (node:internal/modules/cjs/loader:1101:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12)
    at node:internal/main/run_main_module:17:47 {
  code: 'ERR_CRYPTO_ENGINE_UNKNOWN'
}

Line 47 is the second of

node/test/parallel/test-crypto-engine.js

Lines 46 to 47 in 7b112d9

crypto.setEngine(enginePath);
crypto.setEngine(enginePath);

There is reference to fixes in openssl-1.1.1m with dynamic engines in the changelog:

node/deps/openssl/openssl/CHANGES

Lines 10 to 12 in 603bcaa

Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
*) Avoid loading of a dynamic engine twice.

@richardlau richardlau mentioned this pull request Dec 15, 2021
Closed
mcollina
mcollina approved these changes Dec 15, 2021
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@richardlau richardlau force-pushed the v16.x-openssl1.1.1m+quic branch from 603bcaa to a6d890f Compare December 15, 2021 19:15
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@richardlau
Copy link
Member Author

richardlau commented Dec 15, 2021

Pulled over the same test fix from #41177.

@nodejs-github-bot

This comment has been minimized.

Sign in to view
@richardlau richardlau added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Dec 15, 2021
This was referenced Dec 16, 2021
Open
Open
Open
Open
Open
Open
Open
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jan 10, 2022
@danielleadams danielleadams force-pushed the v16.x-staging branch 2 times, most recently from f668e82 to 95c19c3 Compare January 10, 2022 23:09
@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Jan 12, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jan 12, 2022
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@github-actions github-actions bot mentioned this pull request Jan 13, 2022
Open
18 tasks
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jan 13, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/41850/

@richardlau richardlau force-pushed the v16.x-openssl1.1.1m+quic branch from a6d890f to ef1eaad Compare January 13, 2022 16:46
@richardlau
Copy link
Member Author

richardlau commented Jan 13, 2022

Rebased onto current v16.x-staging.

@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Jan 13, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jan 13, 2022
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jan 13, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/41851/

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jan 13, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/41858/

@github-actions github-actions bot mentioned this pull request Jan 14, 2022
Open
22 tasks
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jan 14, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/41862/

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jan 14, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/41884/

mhdawson
mhdawson approved these changes Jan 14, 2022
View reviewed changes
Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubber Stamp LGTM

@github-actions github-actions bot mentioned this pull request Jan 15, 2022
Open
26 tasks
@richardlau
test: do not load absolute path crypto engines twice
2c84c3e 
Newer versions of OpenSSL now throws an error if an engine is loaded
twice by its absolute path (a second load by its id appears to be okay).

PR-URL: nodejs#41175
Refs: quictls/openssl#68
Refs: https://mta.openssl.org/pipermail/openssl-announce/2021-December/000212.html
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Derek Lewis <DerekNonGeneric@inf.is>
Reviewed-By: Michael Dawson <midawson@redhat.com>
@richardlau
deps: upgrade openssl sources to OpenSSL_1_1_1m+quic
553246c 
This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1m+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

PR-URL: nodejs#41175
Refs: quictls/openssl#68
Refs: https://mta.openssl.org/pipermail/openssl-announce/2021-December/000212.html
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Derek Lewis <DerekNonGeneric@inf.is>
Reviewed-By: Michael Dawson <midawson@redhat.com>
@richardlau
deps: update archs files for OpenSSL-1.1.1m+quic
0466400 
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: nodejs#41175
Refs: quictls/openssl#68
Refs: https://mta.openssl.org/pipermail/openssl-announce/2021-December/000212.html
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Derek Lewis <DerekNonGeneric@inf.is>
Reviewed-By: Michael Dawson <midawson@redhat.com>
@richardlau richardlau force-pushed the v16.x-openssl1.1.1m+quic branch from ef1eaad to 0466400 Compare January 17, 2022 12:56
@richardlau richardlau merged commit 0466400 into nodejs:v16.x-staging Jan 17, 2022
@richardlau
Copy link
Member Author

richardlau commented Jan 17, 2022

Landed in f4493c1...0466400.

@richardlau richardlau deleted the v16.x-openssl1.1.1m+quic branch January 17, 2022 12:57
@danielleadams danielleadams mentioned this pull request Feb 1, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcollina mcollina mcollina approved these changes

@tniessen tniessen tniessen approved these changes

@mhdawson mhdawson mhdawson approved these changes

+1 more reviewer

@DerekNonGeneric DerekNonGeneric DerekNonGeneric approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@richardlau @nodejs-github-bot @mcollina @tniessen @mhdawson @DerekNonGeneric