Node.js crypto fails to sign pem key string from file with error:25066067:DSO support routines:dlfcn_load:could not load the shared library

Question

I have two node projects running side by side in my Git directory.

Same version of node 14.5, same pem key in root, same everything. Yet, one node process is able to sign my base64 pem key and the other is not. I can remove the base64 setting and still one process signs, the other doesn't.

I get this error message from the sign.sign() method.

error:25066067:DSO support routines:dlfcn_load:could not load the shared library

The code is as follows:

const crypto = require('crypto');

var policy = {
 Statement: [
  {
   Resource: 'https://dev.geolytix.io/mapp/workspace.json',
   Condition: { DateLessThan: { 'AWS:EpochTime': Date.now() + 60 * 60 * 1000 } },
  },
 ],
};
  
var sign = crypto.createSign('RSA-SHA1');

sign.write(JSON.stringify(policy));

var pem = String(readFileSync(join(__dirname, `./mykey.pem`)))

let signature = sign.sign(pem, 'base64')

I noticed the problem occuring after updating my OS to Ubuntu 22.04.

I have purged openssl (version 3) and manually installed openssl 1.1.1o from source. https://fedingo.com/how-to-install-openssl-in-ubuntu/ Unfortunately that will remove other apps like Chrome which require a newer version of OpenSSL.

I was now able to manually build and install openssl 3.0.3. The crypto module still fails.

The same is happening to me. I've "bypassed" the error with executing `export OPENSSL_CONF=/dev/null` as stated here for a different but similar issue: https://github.com/bazelbuild/rules_closure/issues/351 It seems to be a temporal fix, but I don't know yet what's really happening. — artberri, May 04 '22 at 11:02
Just to have them tracked, here another issue talking about the problem: https://github.com/acmesh-official/acme.sh/issues/4048 — artberri, May 04 '22 at 11:09
I was able to solve the issue by updating node to v18.x with openssl 3.0.3 — Dennis Bauszus, May 05 '22 at 12:15
@DennisBauszus Post the answer and mark as the best answer. Would be helpful. — Nusry, Jun 16 '22 at 12:46
Updating node isn't really a good answer. I don't understand SSL well enough to provide an accurate answer why this was failing. — Dennis Bauszus, Jun 16 '22 at 14:27

score 21 · Answer 1 · answered Aug 03 '22 at 19:58

21

As a quick fix, run:

export OPENSSL_CONF=/dev/null

Alternatively, upgrade your node to at least v18.x.

Both answers are taken from the comments. What I really wanted to add is how to set the OPENSSL_CONF in Heroku environments. In your app Settings, under "Config Vars" do:

answered Aug 03 '22 at 19:58

Airerr

451
4
16

1

The solution does work. Solved the issue after upgrading to `Ubuntu 22.04.1 LTS`, but is this safe, no side effects? I experienced the issue while running `firebase-admin` [Node.JS 12]. – W.M. Aug 13 '22 at 11:51

Node.js crypto fails to sign pem key string from file with error:25066067:DSO support routines:dlfcn_load:could not load the shared library

1 Answers1