diff options
| author | Sam Roberts <vieuxtech@gmail.com> | 2019-10-16 15:37:40 -0700 |
|---|---|---|
| committer | Rich Trott <rtrott@gmail.com> | 2019-10-18 21:25:03 -0700 |
| commit | 8425183e0bb49d7342a59fed704576993e13fe47 (patch) | |
| tree | 5c6c2a81f54e94ad8ee9ccae9453bee804d22a74 | |
| parent | d594a9a79890b76e002fbc1c7aa2a3aaed82c160 (diff) | |
| download | android-node-v8-8425183e0bb49d7342a59fed704576993e13fe47.tar.gz android-node-v8-8425183e0bb49d7342a59fed704576993e13fe47.tar.bz2 android-node-v8-8425183e0bb49d7342a59fed704576993e13fe47.zip | |
src: initialize openssl only once
For compatibility with OpenSSL 1.1.0 and 1.0.1 a series of
initialization wrappers were being called, many deprecated, and many
calling each other internally already. Compatibility is unnecessary in
12.x and later, which support only OpenSSL 1.1.1, and the multiple calls
cause the configuration file to be loaded multiple times.
Fixes: https://github.com/nodejs/node/issues/29702
See:
- https://mta.openssl.org/pipermail/openssl-users/2019-October/011303.html
- https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_ssl.html
- https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_crypto.html
PR-URL: https://github.com/nodejs/node/pull/29999
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
| -rw-r--r-- | src/node.cc | 7 | ||||
| -rw-r--r-- | src/node_crypto.cc | 27 |
2 files changed, 8 insertions, 26 deletions
diff --git a/src/node.cc b/src/node.cc index 17963d0b11..5dbb837425 100644 --- a/src/node.cc +++ b/src/node.cc @@ -833,13 +833,6 @@ int InitializeNodeWithArgs(std::vector<std::string>* argv, &default_env_options->redirect_warnings); } -#if HAVE_OPENSSL - std::string* openssl_config = &per_process::cli_options->openssl_config; - if (openssl_config->empty()) { - credentials::SafeGetenv("OPENSSL_CONF", openssl_config); - } -#endif - #if !defined(NODE_WITHOUT_NODE_OPTIONS) std::string node_options; diff --git a/src/node_crypto.cc b/src/node_crypto.cc index a8d26ffa0a..adefb7f482 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -6975,30 +6975,19 @@ void TimingSafeEqual(const FunctionCallbackInfo<Value>& args) { } void InitCryptoOnce() { - SSL_load_error_strings(); - OPENSSL_no_config(); +#ifndef OPENSSL_IS_BORINGSSL + OPENSSL_INIT_SETTINGS* settings = OPENSSL_INIT_new(); // --openssl-config=... if (!per_process::cli_options->openssl_config.empty()) { - OPENSSL_load_builtin_modules(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_load_builtin_engines(); -#endif - ERR_clear_error(); - CONF_modules_load_file(per_process::cli_options->openssl_config.c_str(), - nullptr, - CONF_MFLAGS_DEFAULT_SECTION); - int err = ERR_get_error(); - if (0 != err) { - fprintf(stderr, - "openssl config failed: %s\n", - ERR_error_string(err, nullptr)); - CHECK_NE(err, 0); - } + const char* conf = per_process::cli_options->openssl_config.c_str(); + OPENSSL_INIT_set_config_filename(settings, conf); } - SSL_library_init(); - OpenSSL_add_all_algorithms(); + OPENSSL_init_ssl(0, settings); + OPENSSL_INIT_free(settings); + settings = nullptr; +#endif #ifdef NODE_FIPS_MODE /* Override FIPS settings in cnf file, if needed. */ |