Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

src: fix dynamically linked OpenSSL version #53456

Closed
wants to merge 4 commits into from
Closed

src: fix dynamically linked OpenSSL version #53456

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f132c85
src: fix dynamically linked OpenSSL version
richardlau Jun 14, 2024
d71c5ab
test: check against run-time OpenSSL version
richardlau Jun 14, 2024
067a462
fixup! test: check against run-time OpenSSL version
richardlau Jun 14, 2024
3f69079
fixup! test: check against run-time OpenSSL version
richardlau Jun 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions src/node_metadata.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
#endif // NODE_BUNDLED_ZLIB

#if HAVE_OPENSSL
#include <openssl/opensslv.h>
#include <openssl/crypto.h>
#if NODE_OPENSSL_HAS_QUIC
#include <openssl/quic.h>
#endif
Expand Down Expand Up @@ -55,9 +55,10 @@ static constexpr size_t search(const char* s, char c, size_t n = 0) {
static inline std::string GetOpenSSLVersion() {
// sample openssl version string format
// for reference: "OpenSSL 1.1.0i 14 Aug 2018"
constexpr size_t start = search(OPENSSL_VERSION_TEXT, ' ') + 1;
constexpr size_t len = search(&OPENSSL_VERSION_TEXT[start], ' ');
return std::string(OPENSSL_VERSION_TEXT, start, len);
const char* version = OpenSSL_version(OPENSSL_VERSION);
const size_t start = search(version, ' ') + 1;
const size_t len = search(&version[start], ' ');
return std::string(version, start, len);
}
#endif // HAVE_OPENSSL

Expand Down
29 changes: 23 additions & 6 deletions test/common/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,14 +57,30 @@ const noop = () => {};
const hasCrypto = Boolean(process.versions.openssl) &&
!process.env.NODE_SKIP_CRYPTO;

const hasOpenSSL3 = hasCrypto &&
require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30000000;
// Synthesize OPENSSL_VERSION_NUMBER format with the layout 0xMNN00PPSL
const opensslVersionNumber = (major = 0, minor = 0, patch = 0) => {
assert(major >= 0 && major <= 0xf);
assert(minor >= 0 && minor <= 0xff);
assert(patch >= 0 && patch <= 0xff);
return (major << 28) | (minor << 20) | (patch << 4);
};

let OPENSSL_VERSION_NUMBER;
const hasOpenSSL = (major = 0, minor = 0, patch = 0) => {
if (!hasCrypto) return false;
if (OPENSSL_VERSION_NUMBER === undefined) {
const regexp = /(?<m>\d+)\.(?<n>\d+)\.(?<p>\d+)/;
const { m, n, p } = process.versions.openssl.match(regexp).groups;
OPENSSL_VERSION_NUMBER = opensslVersionNumber(m, n, p);
}
return OPENSSL_VERSION_NUMBER >= opensslVersionNumber(major, minor, patch);
};

const hasOpenSSL3 = hasOpenSSL(3);

const hasOpenSSL31 = hasCrypto &&
require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000;
const hasOpenSSL31 = hasOpenSSL(3, 1);

const hasOpenSSL32 = hasCrypto &&
require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30200000;
const hasOpenSSL32 = hasOpenSSL(3, 2);

const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;

Expand Down Expand Up @@ -969,6 +985,7 @@ const common = {
getTTYfd,
hasIntl,
hasCrypto,
hasOpenSSL,
hasOpenSSL3,
hasOpenSSL31,
hasOpenSSL32,
Expand Down
4 changes: 2 additions & 2 deletions test/parallel/test-crypto-dh.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,8 @@ const crypto = require('crypto');
}

{
const v = crypto.constants.OPENSSL_VERSION_NUMBER;
const hasOpenSSL3WithNewErrorMessage = (v >= 0x300000c0 && v <= 0x30100000) || (v >= 0x30100040 && v <= 0x30200000);
const hasOpenSSL3WithNewErrorMessage = (common.hasOpenSSL(3, 0, 12) && !common.hasOpenSSL(3, 1, 0)) ||
(common.hasOpenSSL(3, 1, 4) && !common.hasOpenSSL(3, 2, 0));
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've translated the existing checks, but there's actually an issue here which is that OpenSSL 3.2 and 3.3 have the new error message but fail the hasOpenSSL3WithNewErrorMessage check. I'm thinking this could be explicitly fixed in a follow up PR, but let me know if you prefer me to include it here since I'm changing the check anyway.

richardlau marked this conversation as resolved.
Show resolved Hide resolved
assert.throws(() => {
dh3.computeSecret('');
}, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
Expand Down
Loading