OpenSSL version 3.0.0-alpha1 published

Sam Roberts vieuxtech at gmail.com
Thu Apr 30 23:22:34 UTC 2020 

On Fri, Apr 24, 2020 at 9:07 AM Nicola Tuveri <nic.tuv at gmail.com> wrote:
> At https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers there was already an example of how to do this programmatically, and a link to the manpage for the config file syntax.

That's not working for me:

Failed to load Legacy provider: error:25000067:DSO support
routines::could not load the shared library
/home/sam/w/core/tls/./node[26693]: ../../src/node_crypto.cc:6804:void
node::crypto::InitCryptoOnce(): Assertion `"Unreachable code reached"'
failed.
 1: 0x557630598d84 node::Abort() [/home/sam/w/core/tls/./node]

From:
  /* Load Multiple providers into the default (NULL) library context */
  auto legacy = OSSL_PROVIDER_load(0, "legacy");
  if (legacy == nullptr) {
    unsigned long err = ERR_get_error();
    fprintf(stderr, "Failed to load Legacy provider: %s\n",
ERR_error_string(err, nullptr));
    UNREACHABLE();
  }
  auto deflt = OSSL_PROVIDER_load(0, "default");
  if (deflt == nullptr) {
    unsigned long err = ERR_get_error();
    fprintf(stderr, "Failed to load Default provider: %s\n",
ERR_error_string(err, nullptr));
    OSSL_PROVIDER_unload(legacy);
    UNREACHABLE();
  }


I notice that the legacy.so isn't in the same folder as the other .so
files, so I tried:

LD_LIBRARY_PATH=/usr/local/stow/openssl-3.0.0-alpha1/lib:/usr/local/stow/openssl-3.0.0-alpha1/lib/ossl-modules

But that didn't work.

It looks like  adding this did work:

OSSL_PROVIDER_set_default_search_path(0,
       "/usr/local/stow/openssl-3.0.0-alpha1/lib/ossl-modules");

What are the default values? I built with prefix set to /usr/local,
but then installed to the DESTDIR directory above, is that what caused
me trouble?

Cheers,
Sam



> I just added also a minimal config file example to load both the default and the legacy provider in the default library context.
>
>
> Cheers,
>
> Nicola
>
> On Fri, 24 Apr 2020 at 17:56, Sam Roberts <vieuxtech at gmail.com> wrote:
>>
>> On Fri, Apr 24, 2020 at 1:05 AM Matt Caswell <matt at openssl.org> wrote:
>> > This one is interesting:
>> >
>> > ERR_OSSL_EVP_FETCH_FAILED
>> >
>> >
>> > This means that the algorithm you are trying to use isn't available in
>> > the loaded providers. Since you should be getting the default provider
>> > loaded automatically it could be because some legacy algorithms were
>> > moved to the legacy provider (MD2, MD4, MDC2, RMD160, CAST5, BF
>> > (Blowfish), IDEA, SEED, RC2, RC4, RC5 and DES (but not 3DES)). If you're
>> > using something from that list then that would explain it.
>>
>> Can we add the legacy provider, via configuration, or via code?

More information about the openssl-users mailing list