`crypto.getCiphers()` includes unsupported ciphers

[mscdex]

Version

v17.x, master

Platform

n/a

Subsystem

crypto

What steps will reproduce the bug?

$ node -e 'console.log(crypto.getCiphers().includes("rc4")); crypto.createCipheriv("rc4", Buffer.alloc(16), Buffer.alloc(0))'

How often does it reproduce? Is there a required condition?

Yes.

What is the expected behavior?

false
node:internal/crypto/cipher:116
    this[kHandle].initiv(cipher, credential, iv, authTagLength);
                  ^

Error: error:0308010C:digital envelope routines::unsupported
    at Cipheriv.createCipherBase (node:internal/crypto/cipher:116:19)
    at Cipheriv.createCipherWithIV (node:internal/crypto/cipher:135:3)
    at new Cipheriv (node:internal/crypto/cipher:243:3)
    at Object.createCipheriv (node:crypto:138:10)
    at [eval]:1:58
    at Script.runInThisContext (node:vm:129:12)
    at Object.runInThisContext (node:vm:305:38)
    at node:internal/process/execution:75:19
    at [eval]-wrapper:6:22
    at evalScript (node:internal/process/execution:74:60) {
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
}

What do you see instead?

true
node:internal/crypto/cipher:116
    this[kHandle].initiv(cipher, credential, iv, authTagLength);
                  ^

Error: error:0308010C:digital envelope routines::unsupported
    at Cipheriv.createCipherBase (node:internal/crypto/cipher:116:19)
    at Cipheriv.createCipherWithIV (node:internal/crypto/cipher:135:3)
    at new Cipheriv (node:internal/crypto/cipher:243:3)
    at Object.createCipheriv (node:crypto:138:10)
    at [eval]:1:58
    at Script.runInThisContext (node:vm:129:12)
    at Object.runInThisContext (node:vm:305:38)
    at node:internal/process/execution:75:19
    at [eval]-wrapper:6:22
    at evalScript (node:internal/process/execution:74:60) {
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
}

Additional information

Node.js shouldn't fib about its supported ciphers.

Whatever change is made for crypto.getCiphers() should probably also be made for the other crypto.get*() methods for consistency.

[mscdex]

FWIW I think calling the various _fetch() (and _free()) OpenSSL APIs for each algorithm name seems to do the trick, however just making that change causes existing tests (e.g. test/parallel/test-crypto-authenticated.js and a couple others) to fail (for supported algorithms like "aes-128-gcm") for unknown reasons with "unsupported" errors from OpenSSL.

[Trott]

@nodejs/crypto

[mscdex]

I figured out what was happening, I have a potential solution incoming....