Make it build using openssl 1.1.0

[kroeckx]

Checklist

• make -j4 test (UNIX), or vcbuild test nosign (Windows) passes
• commit message follows commit guidelines

Affected core subsystem(s)

crypto

Description of change

This is to make it possible to build against OpenSSL 1.1.0 (#4270)

It currently has 2 new test failures when build against 1.0.2, because OpenSSL generates a different error message in 1.0.2 and 1.1.0. I'm not sure how to deal with that.

In test/parallel/test-crypto.js the message is changed from "asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag" to "asn1 encoding routines:asn1_check_tlen:wrong tag". (The function name in openssl got renamed from all capital letters to small letters.)

In test/parallel/test-tls-junk-server.js, the error message changed from "/unknown protocol/" to "/wrong version number/".

It also fixes 3 current issues with the test suite against the 1.0.2 version.

When building against the 1.1.0 version there are various tests that fail. There are a total of 11 test failures.

Some tests assumes the TLS ticket is 48 bytes. This was always just an implementation details and you could already ask OpenSSL what the size was. The encryption got changed from AES128 to AES256 in 1.1.0 and so the size changed. I have no idea how to get that size to the right places in the test suite.

Some of the other failures are related to ciphers that are disabled by default. For instance anonymous ciphers like AECDH are disabled and you need to enable them by selecting a different security level, which can for instance be done by adding @SECLEVEL=0 to the cipher list, but that's not compatible with the 1.0.x version. Ciphers like 3DES and RC4 are disabled by default.

Other tests fails because the key size that's used is too small.

I'm not sure yet why some of the other tests fail.

There are also a bunch of warnings about deprecated functions. I left them like they are. The proper way to deal with it will probably break compatibility.

PS: During make test I'm getting invalid opcode traps, this seems unrelated to my changes and doesn't seem to cause test suite failures.

[indutny]

Why should it be removed?

[indutny]

Ah, we have no insight into the size of the structure anymore...

[kroeckx]

There is no way to tell what the external size of it is with OpenSSL 1.1.0. And it was wrong with 1.0.X in the first place.

[indutny]

Thank you, @kroeckx ! We'll review it ASAP.

cc @nodejs/crypto

[Trott]

It currently has 2 new test failures when build against 1.0.2, because OpenSSL generates a different error message in 1.0.2 and 1.1.0. I'm not sure how to deal with that.

I believe that when a dependency error message changes, we can just update the test with the new message. For error messages generated by Node.js itself, a change to the message text is currently considered semver-major. But I don't think that's the case if OpenSSL or V8 or libuv changes the message. At least, that's my understanding. /cc @jasnell for confirmation....

[kroeckx]

It contains 1 change in error message generated by itself as far as I know, from "Ticket keys length must be 48 bytes" to "Ticket keys length incorrect".

[jbergstroem]

Is it reasonable to schedule this for 7.x? I'd like to :)

[addaleax]

We can add it to the milestone (I’m doing that) but I guess it depends a lot on how busy @nodejs/crypto is?

[jasnell]

So long as the update is not semver-major, it should be possible to do for v7.x. If it is semver-major, then it would require CTC review and approval to land in v7.x

[Fishrock123]

Ping @nodejs/crypto

[jasnell]

Ping. Need a status update on this. This would need to move forward this week in order to make it into v7.0.0. We're a week out from the release.

[bnoordhuis]

I think we already decided this won't land in v7.0.0. Maybe later in a minor release. I don't have time to review at any rate.

[jasnell]

Clearing the v7 milestone from this.

[agl]

(I happened to be looking at this line today and wondered how this change handled the problem.)

I don't think this works: SSL_CTX_set_cert_store will free the existing X509_STORE before assigning nullptr. But the point of this code was to avoid that because root_cert_store is a global that shouldn't be freed.

Rather I think the answer is to use X509_STORE_up_ref before assigning root_cert_store in the first place. Sadly, in 1.0.1, X509_STORE contained a reference count but it was ignored. In 1.0.2 it's used, but there's no good way to increment it. It's only in 1.1.0 that X509_STORE_up_ref was finally added. (Albeit with an unhelpful signtaure that doesn't return the pointer itself.)

(I'm also quite suspicious of the ownership semantics of root_cert_store anyway.)

I expect I'll send a change this week to try and clear this up and will try to #ifdef things so that it'll work with 1.1.0 too.

[sam-github]

Is this fixed by the first commit in #8334?

[kroeckx]

I guess it handled it by marking it to be fixed (the XXX) and then forgetting all about it.

I think OpenSSL should have called X509_STORE_up_ref() itself in the SSL_CTX_set_cert_store(). It's at least inconsistent that it calls free (which decrements the counter), but doesn't increase the counter.

[agl]

@sam-github I think the first commit in #8334 is a step in the right direction, but that there's more to be done. (Although sadness about reaching into the structure to fiddle with the refcount; but I don't think there's another way until 1.1.0.)

Nonetheless I support landing that change.

[agl]

@sam-github I built upon the commit that you referenced and fixed the other issues that I hinted at in #9409.