Preload OpenSSL with RTLD_DEEPBIND on Linux to avoid clashing with Node's built-in copy (#691)

baijumeswani · web-flow · commit 58bba9383c80 · 2026-05-01T16:51:30.000-07:00
When the Foundry Local Core .so is loaded into Node on Linux, the first
HTTPS call from inside core (e.g. fetching the Azure catalog) crashes
the process. The crash is in EVP_KEYMGMT_is_a deep inside
libcrypto.so.3.

Node statically links its own copy of OpenSSL and re-exports those
symbols globally (the node binary is linked with --export-dynamic). When
core is loaded later, the .NET cryptography PAL pulls in the system
libcrypto.so.3 for SslStream / X509 verification. The system libcrypto
gets loaded with the dynamic linker's default flags, which means its own
internal function-to-function calls go through the global symbol scope.
And Node's same-named exports win the lookup. Node's OpenSSL and the
distro's libcrypto.so.3 don't agree on the layout of internal structs
like EVP_KEYMGMT, so the first time anything chases one of those
pointers we segfault.

Fix:

Before we load the core .so, dlopen libcrypto.so.3 (and libssl.so.3)
ourselves with RTLD_DEEPBIND. That tells the loader to resolve
libcrypto's undefined references against libcrypto's own scope first, so
its internal calls stay inside libcrypto. Anything that asks for
libcrypto.so.3 after that gets handed back our already-loaded, properly
isolated handle.

Falls back to libcrypto.so.1.1 / libssl.so.1.1 for older distros.
Best-effort: if neither is present, we just skip and let the load
continue.
Linux + glibc only; macOS already isolates dylibs via two-level
namespaces, and Windows isn't affected.
diff --git a/.pipelines/foundry-local-packaging.yml b/.pipelines/foundry-local-packaging.yml
@@ -761,34 +761,31 @@ extends:
             flcNugetDir: '$(Pipeline.Workspace)/flc-nuget'
             depsVersionsDir: '$(Pipeline.Workspace)/deps-versions-standard'
 
-      # The Linux JS test job is currently disabled due to intermittent SSL errors when running get_model_list. This issue is under investigation.
-      #  Error: Command 'get_model_list' failed: Error: System.Net.Http.HttpRequestException: An error occurred while sending the request.
-      #  ---> System.IO.IOException: The decryption operation failed, see inner exception.
-      #  ---> Interop+OpenSsl+SslException: Decrypt failed with OpenSSL error - SSL_ERROR_SSL.
-      #  ---> System.Security.Cryptography.CryptographicException: Error occurred during a cryptographic operation.
-      # - job: test_js_linux_x64
-      #   displayName: 'linux-x64'
-      #   pool:
-      #     name: onnxruntime-Ubuntu2404-AMD-CPU
-      #     os: linux
-      #   templateContext:
-      #     inputs:
-      #     - input: pipelineArtifact
-      #       artifactName: 'flc-nuget'
-      #       targetPath: '$(Pipeline.Workspace)/flc-nuget'
-      #     - input: pipelineArtifact
-      #       artifactName: 'deps-versions-standard'
-      #       targetPath: '$(Pipeline.Workspace)/deps-versions-standard'
-      #   steps:
-      #   - checkout: self
-      #     clean: true
-      #   - checkout: test-data-shared
-      #     lfs: true
-      #   - template: .pipelines/templates/test-js-steps.yml@self
-      #     parameters:
-      #       isWinML: false
-      #       flcNugetDir: '$(Pipeline.Workspace)/flc-nuget'
-      #       depsVersionsDir: '$(Pipeline.Workspace)/deps-versions-standard'
+      - job: test_js_linux_x64
+        displayName: 'linux-x64'
+        pool:
+          name: onnxruntime-Ubuntu2404-AMD-CPU
+          os: linux
+        templateContext:
+          inputs:
+          - input: pipelineArtifact
+            artifactName: 'flc-nuget'
+            targetPath: '$(Pipeline.Workspace)/flc-nuget'
+          - input: pipelineArtifact
+            artifactName: 'deps-versions-standard'
+            targetPath: '$(Pipeline.Workspace)/deps-versions-standard'
+        steps:
+        - checkout: self
+          clean: true
+        - template: .pipelines/templates/checkout-steps.yml@self
+          parameters:
+            repoName: test-data-shared
+            basePath: '$(Agent.BuildDirectory)'
+        - template: .pipelines/templates/test-js-steps.yml@self
+          parameters:
+            isWinML: false
+            flcNugetDir: '$(Pipeline.Workspace)/flc-nuget'
+            depsVersionsDir: '$(Pipeline.Workspace)/deps-versions-standard'
 
       - job: test_js_osx_arm64
         displayName: 'osx-arm64'
diff --git a/sdk/js/native/foundry_local_napi.c b/sdk/js/native/foundry_local_napi.c
@@ -1,6 +1,13 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+/* Required for RTLD_DEEPBIND (a glibc extension) to be exposed by <dlfcn.h>.
+ * Must be defined before any system header is included. Harmless on non-glibc
+ * platforms. */
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+
 /**
  * Node-API C addon for the Foundry Local JS SDK.
  *
@@ -151,6 +158,67 @@ static void reject_with_error(napi_env env, napi_deferred deferred,
     napi_reject_deferred(env, deferred, err_obj);
 }
 
+/* ── Preload system OpenSSL with RTLD_DEEPBIND on Linux/glibc ─────────── */
+
+/*
+ * Why this exists:
+ *
+ * Node.js statically links its own copy of OpenSSL and exports those symbols
+ * globally (the Node binary is linked with --export-dynamic). When the
+ * NativeAOT-compiled core .so is later loaded, the .NET cryptography PAL pulls
+ * in the system libcrypto.so.3 / libssl.so.3 for HTTPS (SslStream, X509 chain
+ * validation, etc.). libcrypto is mapped with the loader's default flags, so
+ * its *own internal* function-to-function calls are bound through the global
+ * symbol scope. They resolve to Node's same-named static OpenSSL exports
+ * instead of to libcrypto's own functions. The two OpenSSL builds have
+ * incompatible internal struct layouts (e.g., EVP_KEYMGMT), and the process
+ * segfaults inside EVP_KEYMGMT_is_a / X509_verify_cert on the first HTTPS
+ * request.
+ *
+ * Fix: explicitly dlopen libcrypto (and libssl) ourselves, before anything
+ * else can pull them in, with RTLD_DEEPBIND. That flag tells the loader to
+ * bind libcrypto's undefined references against libcrypto's own scope first,
+ * so its internal calls stay inside libcrypto. Subsequent dlopen calls by the
+ * .NET PAL (or anything else) for the same soname return our already-loaded
+ * handle, preserving the isolation.
+ *
+ * Notes:
+ *   - RTLD_DEEPBIND is a glibc extension. On macOS the dyld two-level
+ *     namespace already prevents this kind of cross-library symbol clobber,
+ *     so this is a no-op there. Windows uses LoadLibrary which is also
+ *     unaffected.
+ *   - Best-effort: if libcrypto isn't present at the expected sonames, we
+ *     skip silently and let the original load proceed (it may still work in
+ *     hosts that don't export conflicting OpenSSL symbols).
+ *   - RTLD_DEEPBIND on the *core* .so by itself is not sufficient — that flag
+ *     does not propagate to libraries loaded transitively after the core.
+ */
+static void preload_isolated_openssl(void) {
+#if defined(__linux__) && defined(__GLIBC__) && defined(RTLD_DEEPBIND)
+    static lib_handle_t s_libcrypto = NULL;
+    static lib_handle_t s_libssl = NULL;
+
+    if (s_libcrypto != NULL) {
+        return;
+    }
+
+    const int flags = RTLD_NOW | RTLD_LOCAL | RTLD_DEEPBIND;
+    static const char* const crypto_sonames[] = { "libcrypto.so.3", "libcrypto.so.1.1", NULL };
+    static const char* const ssl_sonames[]    = { "libssl.so.3",    "libssl.so.1.1",    NULL };
+
+    /* libcrypto must be loaded before libssl (libssl depends on libcrypto). */
+    for (size_t i = 0; crypto_sonames[i] != NULL && !s_libcrypto; i++) {
+        s_libcrypto = dlopen(crypto_sonames[i], flags);
+    }
+    if (!s_libcrypto) {
+        return;
+    }
+    for (size_t i = 0; ssl_sonames[i] != NULL && !s_libssl; i++) {
+        s_libssl = dlopen(ssl_sonames[i], flags);
+    }
+#endif
+}
+
 /* ── Helper: clean up loaded libraries on error ───────────────────────── */
 
 static void cleanup_loaded_libs(void) {
@@ -224,6 +292,10 @@ static napi_value napi_load_library(napi_env env, napi_callback_info info) {
     /* Close previously loaded libraries if any */
     cleanup_loaded_libs();
 
+    /* Isolate libcrypto/libssl from Node's static OpenSSL symbols on Linux.
+     * No-op on other platforms. See preload_isolated_openssl() for details. */
+    preload_isolated_openssl();
+
     /* Load dependency libraries first (e.g., onnxruntime on Windows) */
     if (argc >= 2) {
         napi_valuetype vt;
