crypto: fail early when loading crypto module w/o openssl

[jasnell]

Pull Request check-list

Please make sure to review and check all of these items:

• Does make -j8 test (UNIX) or vcbuild test nosign (Windows) pass with
  this change (including linting)?
• Is the commit message formatted according to [CONTRIBUTING.md][0]?
• If this change fixes a bug (or a performance problem), is a regression
  test (or a benchmark) included?
• Is a documentation update included (if this change modifies
  existing APIs, or introduces new ones)?

Affected core subsystem(s)

crypto, tls, https, process, src

Description of change

Updated
Fail early in require('crypto'), require('tls'), require('https'), etc when crypto is not available
(rather than depending on an internal try/catch).

Add documentation for detecting when crypto is not available.

(this previously had a process.noCrypto flag that was removed)

[evanlucas]

what about something like process.hasCrypto? Using process.noCrypto seems a little odd to me

[vkurchatkin]

the only way to determine if crypto is enabled is to either attempt to require the 'crypto' module

It seems to be perfectly fine

[jasnell]

The typical check is to see if crypto is disabled. Having it as process.hasCrypto would require developers to negate in the typical case... e.g. if (!process.hasCrypto)

[jasnell]

@vkurchatkin ... sure, it works, but it also requires two try/catch blocks (one outside crypto.js, one inside) and a call to process.binding to determine if crypto to present... which is silly because node already knows that crypto isn't available when it is compiled. This alternative is more efficient, consolidates the checking, and makes it easier on developers.

[vkurchatkin]

@jasnell I just don't like adding more and more properties to process. We can change internal implementation to throw immediately on require, but I think we shouldn't add a flag.

In most cases if script requires crypto and node is compiled without OpenSSL, failing is the only option. In other cases (which should be rare, in my opinion) try catch is good enough.

[jasnell]

I just don't like adding more and more properties to process

Out of curiosity... how come? Would it be more palatable if the flag was _ prefixed and left undocumented?

Other than adding the flag, this PR does modify the internal implementation to throw immediately on require eliminating the internal try/catch.

[jasnell]

Btw, see https://github.com/npm/npm/blob/master/lib/adduser.js#L7-L20 for an example of the kind of "is crypto enabled" check this is intended to address.

[vkurchatkin]

how come? Would it be more palatable if the flag was _ prefixed and left undocumented

no, it's much worse. The problem is that we use process for all kinds of unrelated things, both public and private. The only reason for this is that there is no other simple way to expose something to js without thinking too much. Because of this process is really littered.

Other than adding the flag, this PR does modify the internal implementation to throw immediately on require eliminating the internal try/catch.

This seems reasonable to me

[rvagg]

wouldn't !!process.versions.openssl do this same thing?

[jasnell]

@rvagg +1 ... was just going to suggest the same thing. The only reason I had added the process.noCrypto was to make the check slightly easier.

[jasnell]

@vkurchatkin @rvagg: ok, I'll pull the process.noCrypto flag and will keep everything else.

[jasnell]

@vkurchatkin @rvagg ... ok, new commit added. PTAL

[jasnell]

Thinking about it further, I think this may actually be semver-major because it changes the error reported when doing require('https') and others when openssl is not available.

[rvagg]

empty line above code blocks is standard isn't it?

[rvagg]

lgtm sans two minor formatting nits in doc, I'm not sold on semver-minor mainly since no-crypto mode isn't really something we "officially" support, although I don't imagine there's any great hurry to get this in so I'll leave that call to you.

[jasnell]

Nope, no hurry at all. I'll let this one sit for a bit. I suspect you're right tho... it's entirely possible this could land as a patch without any real impact.

[bnoordhuis]

I'm -1. The try/catch approach is still the most future-proof. What if we switch to another crypto library some day?

[jasnell]

@bnoordhuis ... not sure how switching to another crypto library would impact this. Wouldn't we still know that it's not available without having to do the internal try/catch?

[jasnell]

... and even if we did switch to a different library, the assertCrypto utility method could simply be modified to check for any crypto as opposed to specifically for process.versions.openssl

[jasnell]

@bnoordhuis .. updated! squashed. PTAL!

[bnoordhuis]

Is there still a reason to set this property?

[jasnell]

@bnoordhuis ... PTAL

[bnoordhuis]

LGTM

[jasnell]

One final CI before landing (although we don't actually run CI with openssl off): https://ci.nodejs.org/job/node-test-pull-request/2044/

[jasnell]

CI had a couple of red tests that I believe are unrelated. Just to be safe, running again: https://ci.nodejs.org/job/node-test-pull-request/2045/

[jasnell]

CI is green. One unrelated failure.

[jasnell]

Landed in f429fe1