-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL 1.1.1 Support TODO (pls help) #18770
Comments
This probably accounts for some of it: Other bits I suspect come out of them enabling TLS 1.3 by default and the tests being sensitive to there not being a version beyond TLS 1.2. (But I haven't triaged and am mostly speculating.) |
I'm now working on build bindings with 1.1.1-pre1 and will look at test errors later. |
Here is my preliminary work to support OpenSSL-1.1.1 on only Linux and Mac. https://github.com/shigeki/node/tree/openssl111pre1_unix_mac_ok Windows is not yet supported because OpenSSL-1.1.1 generates makefiles to work only |
pre2 is out, looks like a ton of pending refactoring and removals got merged in for this one https://github.com/openssl/openssl/commits/master |
OpenSSL-1.1.1-pre1 binding without asm support of https://github.com/shigeki/node/tree/WIP_openssl111pre_noasm has almost been done. Most of CI results of Most of test failures is due to cipher suite incompatibilities between TLS1.2 and TLS1.3 and it can be resolved by limiting to use TLS1.2 by default. The issue is now discussing in openssl/openssl#5359. |
Very nice work @shigeki. I notice there's a failure on testing 1.0.2 support:
Is it going to be hard to main backward compatibility? |
It is the API which is available above 1.1.0 so that |
So, we are at pre9 now, TLS 1.3 is finalized and ratified as an RFC, and Node 10 LTS is only a month(ish) away. It would be nice to have 1.1.1 in Node 10 before we go LTS but if we have to do it after then so be it. I have a 1.1.1-pre test job for Linux in CI that I'd like to enable so we can start getting ready but we don't quite have compatibility. @shigeki the commit at the head of Any idea whether these are easy to overcome and what the impact on non-Linux is at the moment? CI can only do dynamic compiles on Linux at the moment but it's a start and we could use it to make a basic assertion that 1.1.1 isn't going to be a breaking upgrade. I don't know if other collaborators would accept a PR with support for a -pre library but I wouldn't mind trying soon if we can. |
OpenSSL 1.1.1 final is here -> https://www.openssl.org/blog/blog/2018/09/11/release111/ |
Here is my prototype on upgrading latest OpenSSL-1.1.1 release with only TLS1.2 support not TLS1.3. https://github.com/shigeki/node/tree/WIP_upgrade_openssl111_tls12_only This has one new feature to have This is only working on Linux. TODO is to support multi platforms especially on MacOS, Win and s390 that can be checked through CI. I think that it does not have any breaking updates as long as it supports only up to TLS1.2. Supporting TLS1.3 in Node is an another story. It needs much more works and would have breaking updates because of changes of info callbacks of its TLS state machine and deprecated/new several features for TLS1.3 in OpenSSL-1.1.1. |
The failure of |
@shigeki it sounds like from openssl/openssl#7199 that we may have some fundamental architecture problems with our TLS layer. It sounds like the TLS 1.3 support problem is related to the |
Point of note: On Ubuntu, we are building OpenSSL 1.1.1 with OPENSSL_TLS_SECURITY_LEVEL set to 0 and all TLS protocol versions enabled. It would be nice for node.js 11.0.0 to use 1.1.1 abi/api, and to explicitly limit max TLS version to 1.2 then. This will thus allow us to ship nodejs, and later when things are fixed for 1.3, enable 1.3 without changing base api/abi requirement of the openssl library. |
@rvagg @shigeki At the request of @mhdawson I started to look at #18770 (comment) There is one more TODO: rebase on master. When rebasing to master the addition of |
Very nice @sam-github, I'll take a look as soon as I can. A bit busy this week but this is exciting stuff! |
@sam-github Thanks for your work. I will take a look at it later. @rvagg sam-github@a1c64c7 is the tentative fix for it but it does not solve the issues of TLS1.3 adoption. |
Please don‘t forget to make the new curves accessible via crypto api. |
@sam-github I found that this has the AVX-512 errors in building on MacOS as follows. I will fix it so as to disable AVX-512 support on MacOS.
|
@shigeki I worry that our branches will diverge. Can I push https://github.com/sam-github/node/tree/WIP_upgrade_openssl111_tls12_only to the nodejs/node repo, so we can both push fixups to it, and perhaps PR it so comment is more possible? If you would prefer I (EDIT: can) PR your branch, or anything else, I am happy to do as you suggest. As for Your change modifies the arguments of |
@shigeki re:
I get 100% test pass on linux. Is the failure ephemeral, or was this the failure fixed by EDIT: I am sorry, I ignore this. Its the same question Rod asked and you answered. |
@volschin Is there anything special to do? How do I check that what curves are available? I tried this:
|
|
Regarding "Error: instruction requires: AVX-512 ISA", see LLVM Issue 39875, Error: instruction requires: AVX-512 ISA when using -mavx512f. The short of it is, Clang 7.0 is needed to sidestep a problem with the Clang integrated assembler. The root cause is LLVM Issue 36202, llvm-mc doesn't accept AVX512 instructions using %zmm16+. |
Took a shot at figuring out whether updating OpenSSL on v10.x will break anything.
Ran tests on the v10.x branch: https://ci.nodejs.org/job/node-test-commit/24242 Passed everything, except a build against openssl 1.1.0, where TLS1_3_VERSION macro is missing, which I fixed in both "upgrade" branches. Failure here for the record. With a v10.x that uses openssl1.1.1a, I tried to test backwards compat, but finding an npm module that:
... was not so easy. I'm happy to take suggestions. I searched for openssl and crypto keywords on npmjs.com, and also went through all the citgm modules tagged "native".
... I found a handful of others that didn't build or pass their tests, didn't include them. |
I also took a shot at searching github for |
@sam-github uws and grpc both link against openssl. For uws, you can test on node 10 using @kapouer/uws. |
@kapouer I could use some help, what I found was:
|
Regarding the missing PEM file, the following may help:
I can only say "may" because I don't know what is expected in |
Helps a bit, still doesn't build. I ran all the gulp targets, twice (in case there was an order dependence). Always fails with:
If you can give me directions to test from a clean git clone, I will try again. You can do it, too, might be easier, just build my update_openssl1.1.a-v10.x branch. |
There doesn't seem to be any blockers, or activity, so at @mhdawson 's suggestion, I have PRed the update to OpenSSL 1.1.1a: #25381 Also, I have a branch on top of the basic openssl1.1.1a for TLSv1.2 (and below) where I continue to work through the test suites getting them to either pass when run with TLSv1.3, or identify outstanding work. I'm making progress. I think I've identified how to resolve the main issues, but its hard to know when one of the tests will reveal a nasty new problem, so I will wait until I'm through them before feeling too confident. |
@shigeki @rvagg TLS1.3 update. I've run through all the test-tls- tests, and found the problems with TLS1.3, as well as read the OpenSSL release notes. I've prototyped solutions to all the problems, except the problems with the info callback. For that, I'm trying to change TLSWrap to use SSL_do_handshake() until the handshake completes. I have had some success with simple connections, but there are still problems, and I'm deep in the weeds of node C++ streams, and reentrant C++/JS. If either of you have any cred with the OpenSSL team, please, please jump in on this thread: https://mta.openssl.org/pipermail/openssl-project/2019-January/thread.html#1204 It looks like nginx and haprox are also affected by the unnecessary API breakage between openssl 1.1.0 and 1.1.1. I can't even post to the relevant mailing list (Matt Caswell claims its moderated, but AFAICT, my emails are just bounced), maybe you two have access? If the changes made in that thread occur, then the TLS1.3 handshake problem melts away, and I think I can get TLS1.3 working in relatively short order, just a couple new APIs, some docs, etc. |
@nodejs/tsc I've no idea how the OpenSSL core team works, but ☝️ , perhaps an official request from node is in order? I (and others on that thread) believe this to be an API breakage between releases of OpenSSL that are not supposed to have API breakage. There was a judement call made, but with implementation experience available, I think they made it the wrong way. |
Since you are working in C++ already, maybe Jack Lloyd's Botan would be a better for Node. Botan is a C++ TLS library. It is a cross-platform library and runs on the major platforms, including BSDs, AIX, Linux, OS X and Windows. Development is active and the code is very clean. Jack also takes a more disciplined approach to the software engineering process (than many other projects found on the web). One thing it is missing is Andy Polyakov's hand tuned assembly language routines. But Botan uses builtins and intrinsics so performance is not off by much. He uses builtins because of mostly universal compiler support. You can write once, run anywhere. Something to think about in the future... |
@noloader Thanks for weighing in, but switching libraries is off-topic for this thread, as well as not easily done (we need support for more than the major platforms, and we provide the OpenSSL API to native add-ons, so changing libraries is a significant breaking change). |
TLS1.3 draft PR: #26209 |
@sam-github openssl 1.1.1b was released with the api fix. Maybe that means node 10 could upgrade to openssl 1.1.1b without breaking abi ? |
node 10 could upgraded to openssl 1.1.1a without breaking ABI or API, and it likely will: #26270 But openssl1.1.1b means I should be able to remove a work-around from Node.js, yes (though the work-around does no harm, it basically just removes TLS1.3 cipher suites, but TLS1.3 isn't supported yet anyhow)(and the workaround goes away in the TLS1.3 PR). We'll see when #26327 lands if it does so in time to make the next 10.x. It might not, because it would need to be in an 11.x release for a while first, as I understand it. That's OK, once 10.x is using openssl 1.1.1a, then updating to 1.1.1b can be done in a patch release. /cc @MylesBorins @rvagg |
Actually, I can't remove the work-around from Node.js even with openssl1.1.1b, because its possible to link node.js against a system openssl, and it could be openssl1.1.1a. That's OK. Like I said, the work-around disappears in #26209 |
We're up to openssl-1.1.1b in master, #26327, and TLS1.3 has landed, #26209. Thanks for all the people who helped with this. I think this issue can be closed now, but if someone feels differently, please reopen. And that's not to imply that help isn't still wanted for tls/crypto support. More people working on it would be very much appreciated! |
I've opened up #26626 for that particular feature request. |
@nodejs/crypto
OpenSSL 1.1.1-pre1 was released today. The headline item is TLS 1.3 (worth noting that the spec hasn't quite been finalised yet). This is obviously only a pre-release, not final and not supposed to be entirely bug free.
The OpenSSL team have said previously that 1.1.1 would be API and ABI compatible with 1.1.0. We currently have 1.1.0 support in Node so the theory goes that it shouldn't be too difficult an upgrade path. This is nice because it's possible (but not yet known) that 1.1.1 is the next LTS of OpenSSL, with 1.1.0 going EOL soon. 1.1.0 -> 1.1.1 or just straight to 1.1.1 might have to be our Node 10 strategy (I'm outlining that case here).
So, getting as close to 1.1.1 support as possible even while it's pre-release would be very valuable for us. Maintaining 1.0.2 and 1.1.0 support in the meantime is preferable (perhaps essential thanks to distribution dependencies). There will be a time, after 1.0.2 EOL next year, that we can ditch all the cruft but for now if we can do all 3 then that's what we should do.
Our CI tests 1.0.2 (obviously) and 1.0.2 dynamically linked. It also tests dynamic linking to 1.1.0 in Node 9+ (soon 8 too I think). See https://ci.nodejs.org/job/node-test-commit-linux-containered/ for this happening.
I've also 1.1.1-pre1 to the same containers that are used to run these other dynamic-linked tests and I can turn that on as needed. For now it's too broken to turn on full-time, so this is the call to help fix that!
Node compiles just fine with 1.1.1-pre1 thanks to @davidben's most excellent work in #16130. But it currently fails 55 tests in CI (there may be at least one async-wrap flaky in there).
We need help figuring out whether these are things that we can fix on our end or whether they are upstream problems. If OpenSSL 1.1.1 isn't properly API compatible with 1.1.0 then I'd like us to push back on them to get them to stick to that commitment.
Full output is captured here https://gist.github.com/rvagg/cdead09ffa269453d728dcf9bc831d3d (it comes from here but that link is not going to survive).
The text was updated successfully, but these errors were encountered: