github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-01-14 18:08:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
fix-codespaces
electron/patches/node/fix_crypto_tests_to_run_with_bssl.patch
electron-roller[bot] 54a617caab chore: bump node to v24.11.1 (main) (#48917) 
* chore: bump node in DEPS to v24.11.1

* src: add a default branch for module phase

https://github.com/nodejs/node/pull/60261

* src: conditionally disable source phase imports by default

https://github.com/nodejs/node/pull/60364

* chore: update patches

* src: update locks to use DictionaryTemplate and other minor cleanups

https://github.com/nodejs/node/pull/60061

* deps: update simdjson to 4.0.7

https://github.com/nodejs/node/pull/59883

* test: move sea tests into test/sea

https://github.com/nodejs/node/pull/60250

* fixup deps: update simdjson to 4.0.7a

* src: conditionally disable source phase imports by default

https://github.com/nodejs/node/pull/60364

* module: handle null source from async loader hooks in sync hooks

https://github.com/nodejs/node/pull/59929

* Revert "src: conditionally disable source phase imports by default"

This reverts commit 5f85b84262.

* src: allow disabling JS source phase imports

https://github.com/nodejs/node/pull/60364

---------

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
2025-11-18 09:34:51 -05:00

614 lines
25 KiB
Diff
Raw Permalink Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Rose <nornagon@nornagon.net>
Date: Tue, 9 Feb 2021 12:34:46 -0800
Subject: fix crypto tests to run with bssl
This fixes some crypto tests so that they pass when compiled with
BoringSSL.
This should be upstreamed in some form, though it may need to be tweaked
before it's acceptable to upstream, as this patch comments out a couple
of tests that upstream probably cares about.
diff --git a/test/fixtures/crypto/rsa_pss.js b/test/fixtures/crypto/rsa_pss.js
index 423f2c4d77bfc98bfbdab93c09aff8012c678cbd..fa0bcceb5697486930a9530732f9a9ab6e1bb5b0 100644
--- a/test/fixtures/crypto/rsa_pss.js
+++ b/test/fixtures/crypto/rsa_pss.js
@@ -1,6 +1,6 @@
'use strict';
-module.exports = function() {
+module.exports = function () {
const pkcs8 = Buffer.from(
'308204bf020100300d06092a864886f70d0101010500048204a9308204a5020100028' +
'2010100d3576092e62957364544e7e4233b7bdb293db2085122c479328546f9f0f712' +
diff --git a/test/fixtures/webcrypto/supports-modern-algorithms.mjs b/test/fixtures/webcrypto/supports-modern-algorithms.mjs
index 337ed577b143062d41e378cc1f820945e76cea08..76d5e805cbc0e756aef0013373baec31bd320f44 100644
--- a/test/fixtures/webcrypto/supports-modern-algorithms.mjs
+++ b/test/fixtures/webcrypto/supports-modern-algorithms.mjs
@@ -9,6 +9,7 @@ const shake256 = crypto.getHashes().includes('shake256');
const chacha = crypto.getCiphers().includes('chacha20-poly1305');
const ocb = hasOpenSSL(3);
const kmac = hasOpenSSL(3);
+const boringSSL = process.features.openssl_is_boringssl;
const { subtle } = globalThis.crypto;
const X25519 = await subtle.generateKey('X25519', false, ['deriveBits', 'deriveKey']);
@@ -108,9 +109,9 @@ export const vectors = {
[true, 'RSA-PSS'],
[true, 'RSASSA-PKCS1-v1_5'],
[true, 'X25519'],
- [true, 'X448'],
+ [!boringSSL, 'X448'],
[true, 'Ed25519'],
- [true, 'Ed448'],
+ [!boringSSL, 'Ed448'],
[true, 'ECDH'],
[true, 'ECDSA'],
[pqc, 'ML-DSA-44'],
diff --git a/test/parallel/test-crypto-async-sign-verify.js b/test/parallel/test-crypto-async-sign-verify.js
index d385926e9943052bbe1793d4b1e39846e1a69562..dbf7b04afa77f132aaa466c9ee02c5ffad0296bc 100644
--- a/test/parallel/test-crypto-async-sign-verify.js
+++ b/test/parallel/test-crypto-async-sign-verify.js
@@ -89,6 +89,7 @@ test('rsa_public.pem', 'rsa_private.pem', 'sha256', false,
// ED25519
test('ed25519_public.pem', 'ed25519_private.pem', undefined, true);
// ED448
+if (!process.features.openssl_is_boringssl) {
test('ed448_public.pem', 'ed448_private.pem', undefined, true);
// ECDSA w/ der signature encoding
@@ -110,6 +111,7 @@ test('dsa_public.pem', 'dsa_private.pem', 'sha256',
// DSA w/ ieee-p1363 signature encoding
test('dsa_public.pem', 'dsa_private.pem', 'sha256', false,
{ dsaEncoding: 'ieee-p1363' });
+}
// Test Parallel Execution w/ KeyObject is threadsafe in openssl3
{
@@ -150,7 +152,10 @@ MCowBQYDK2VuAyEA6pwGRbadNQAI/tYN8+/p/0/hbsdHfOEGr1ADiLVk/Gc=
const data = crypto.randomBytes(32);
const signature = crypto.randomBytes(16);
- const expected = hasOpenSSL3 ? /operation not supported for this keytype/ : /no default digest/;
+ let expected = hasOpenSSL3 ? /operation not supported for this keytype/ : /no default digest/;
+ if (hasOpenSSL3 || process.features.openssl_is_boringssl) {
+ expected = /operation[\s_]not[\s_]supported[\s_]for[\s_]this[\s_]keytype/i;
+ }
crypto.verify(undefined, data, untrustedKey, signature, common.mustCall((err) => {
assert.ok(err);
@@ -164,6 +169,6 @@ MCowBQYDK2VuAyEA6pwGRbadNQAI/tYN8+/p/0/hbsdHfOEGr1ADiLVk/Gc=
});
crypto.sign('sha512', 'message', privateKey, common.mustCall((err) => {
assert.ok(err);
- assert.match(err.message, /digest too big for rsa key/);
+ assert.match(err.message, /digest[\s_]too[\s_]big[\s_]for[\s_]rsa[\s_]key/i);
}));
}
diff --git a/test/parallel/test-crypto-certificate.js b/test/parallel/test-crypto-certificate.js
index 4a5f1f149fe6c739f7f1d2ee17df6e61a942d621..b3287f428ce6b3fde11d449c601a57ff5e3843f9 100644
--- a/test/parallel/test-crypto-certificate.js
+++ b/test/parallel/test-crypto-certificate.js
@@ -40,8 +40,10 @@ function copyArrayBuffer(buf) {
}
function checkMethods(certificate) {
-
+ /* spkacValid has a md5 based signature which is not allowed in boringssl
+ https://boringssl.googlesource.com/boringssl/+/33d7e32ce40c04e8f1b99c05964956fda187819f
assert.strictEqual(certificate.verifySpkac(spkacValid), true);
+ */
assert.strictEqual(certificate.verifySpkac(spkacFail), false);
assert.strictEqual(
@@ -56,10 +58,12 @@ function checkMethods(certificate) {
);
assert.strictEqual(certificate.exportChallenge(spkacFail), '');
+ /* spkacValid has a md5 based signature which is not allowed in boringssl
const ab = copyArrayBuffer(spkacValid);
assert.strictEqual(certificate.verifySpkac(ab), true);
assert.strictEqual(certificate.verifySpkac(new Uint8Array(ab)), true);
assert.strictEqual(certificate.verifySpkac(new DataView(ab)), true);
+ */
}
{
diff --git a/test/parallel/test-crypto-cipheriv-decipheriv.js b/test/parallel/test-crypto-cipheriv-decipheriv.js
index 6742722f9e90914b4dc8c079426d10040d476f72..8801ddfe7023fd0f7d5657b86a9164d75765322e 100644
--- a/test/parallel/test-crypto-cipheriv-decipheriv.js
+++ b/test/parallel/test-crypto-cipheriv-decipheriv.js
@@ -62,6 +62,10 @@ function testCipher2(key, iv) {
function testCipher3(key, iv) {
+ if (!crypto.getCiphers().includes('id-aes128-wrap')) {
+ common.printSkipMessage(`unsupported id-aes128-wrap test`);
+ return;
+ }
// Test encryption and decryption with explicit key and iv.
// AES Key Wrap test vector comes from RFC3394
const plaintext = Buffer.from('00112233445566778899AABBCCDDEEFF', 'hex');
diff --git a/test/parallel/test-crypto-dh-curves.js b/test/parallel/test-crypto-dh-curves.js
index 81a469c226c261564dee1e0b06b6571b18a41f1f..58b66045dba4201b7ebedd78b129420ffc316051 100644
--- a/test/parallel/test-crypto-dh-curves.js
+++ b/test/parallel/test-crypto-dh-curves.js
@@ -16,7 +16,7 @@ const p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' +
crypto.createDiffieHellman(p, 'hex');
// Confirm DH_check() results are exposed for optional examination.
-const bad_dh = crypto.createDiffieHellman('02', 'hex');
+const bad_dh = crypto.createDiffieHellman('abcd', 'hex', 0);
assert.notStrictEqual(bad_dh.verifyError, 0);
const availableCurves = new Set(crypto.getCurves());
diff --git a/test/parallel/test-crypto-dh-errors.js b/test/parallel/test-crypto-dh-errors.js
index 0af4db0310750cea9350ecff7fc44404c6df6c83..b14b4bbf88b902b6de916b92e3d48335c01df911 100644
--- a/test/parallel/test-crypto-dh-errors.js
+++ b/test/parallel/test-crypto-dh-errors.js
@@ -27,7 +27,7 @@ assert.throws(() => crypto.createDiffieHellman('abcdef', 13.37), {
for (const bits of [-1, 0, 1]) {
if (hasOpenSSL3) {
assert.throws(() => crypto.createDiffieHellman(bits), {
- code: 'ERR_OSSL_DH_MODULUS_TOO_SMALL',
+ code: 'ERR_OSSL_BN_BITS_TOO_SMALL',
name: 'Error',
message: /modulus too small/,
});
@@ -35,7 +35,7 @@ for (const bits of [-1, 0, 1]) {
assert.throws(() => crypto.createDiffieHellman(bits), {
code: 'ERR_OSSL_BN_BITS_TOO_SMALL',
name: 'Error',
- message: /bits too small/,
+ message: /bits[\s_]too[\s_]small/i,
});
}
}
diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
index d7ffbe5eca92734aa2380f482c7f9bfe7e2a36c7..b4e7002d862907d2af3b4f8e985700bd03300809 100644
--- a/test/parallel/test-crypto-dh.js
+++ b/test/parallel/test-crypto-dh.js
@@ -60,18 +60,17 @@ const {
let wrongBlockLength;
if (hasOpenSSL3) {
wrongBlockLength = {
- message: 'error:1C80006B:Provider routines::wrong final block length',
- code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
- library: 'Provider routines',
- reason: 'wrong final block length'
+ message: /wrong[\s_]final[\s_]block[\s_]length/i,
+ code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
+ library: /Provider routines|Cipher functions/,
+ reason: /wrong[\s_]final[\s_]block[\s_]length/i,
};
} else {
wrongBlockLength = {
- message: 'error:0606506D:digital envelope' +
- ' routines:EVP_DecryptFinal_ex:wrong final block length',
- code: 'ERR_OSSL_EVP_WRONG_FINAL_BLOCK_LENGTH',
- library: 'digital envelope routines',
- reason: 'wrong final block length'
+ message: /wrong[\s_]final[\s_]block[\s_]length/i,
+ code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
+ library: /digital envelope routines|Cipher functions/,
+ reason: /wrong[\s_]final[\s_]block[\s_]length/i,
};
}
@@ -98,17 +97,23 @@ const {
dh3.computeSecret('');
}, { message: hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
'Unspecified validation error' :
- 'Supplied key is too small' });
+ 'Supplied key is invalid' });
}
}
// Through a fluke of history, g=0 defaults to DH_GENERATOR (2).
{
const g = 0;
- crypto.createDiffieHellman('abcdef', g);
+ assert.throws(() => crypto.createDiffieHellman('abcdef', g), {
+ code: /ERR_CRYPTO_OPERATION_FAILED/,
+ name: 'Error'
+ });
crypto.createDiffieHellman('abcdef', 'hex', g);
}
{
- crypto.createDiffieHellman('abcdef', Buffer.from([2])); // OK
+ assert.throws(() => crypto.createDiffieHellman('abcdef', Buffer.from([2])), {
+ code: /ERR_CRYPTO_OPERATION_FAILED/,
+ name: 'Error'
+ });
}
diff --git a/test/parallel/test-crypto-hash-stream-pipe.js b/test/parallel/test-crypto-hash-stream-pipe.js
index d22281abbd5c3cab3aaa3ac494301fa6b4a8a968..5f0c6a4aed2e868a1a1049212edf218791cd6868 100644
--- a/test/parallel/test-crypto-hash-stream-pipe.js
+++ b/test/parallel/test-crypto-hash-stream-pipe.js
@@ -30,11 +30,11 @@ const crypto = require('crypto');
const stream = require('stream');
const s = new stream.PassThrough();
-const h = crypto.createHash('sha3-512');
-const expect = '36a38a2a35e698974d4e5791a3f05b05' +
- '198235381e864f91a0e8cd6a26b677ec' +
- 'dcde8e2b069bd7355fabd68abd6fc801' +
- '19659f25e92f8efc961ee3a7c815c758';
+const h = crypto.createHash('sha512');
+const expect = 'fba055c6fd0c5b6645407749ed7a8b41' +
+ 'b8f629f2163c3ca3701d864adabda1f8' +
+ '93c37bf82b22fdd151ba8e357f611da4' +
+ '88a74b6a5525dd9b69554c6ce5138ad7';
s.pipe(h).on('data', common.mustCall(function(c) {
assert.strictEqual(c, expect);
diff --git a/test/parallel/test-crypto-hash.js b/test/parallel/test-crypto-hash.js
index 929dd36c669239804f2cfc5168bd3bf6e15855e6..8ebe599bbd21ad30e5041e0eab1e5898caf33e49 100644
--- a/test/parallel/test-crypto-hash.js
+++ b/test/parallel/test-crypto-hash.js
@@ -182,7 +182,7 @@ assert.throws(
}
// Test XOF hash functions and the outputLength option.
-{
+if (!process.features.openssl_is_boringssl) {
// Default outputLengths.
assert.strictEqual(crypto.createHash('shake128').digest('hex'),
'7f9c2ba4e88f827d616045507605853e');
diff --git a/test/parallel/test-crypto-oneshot-hash-xof.js b/test/parallel/test-crypto-oneshot-hash-xof.js
index 75cb4800ff1bd51fedd7bc4e2d7e6af6f4f48346..b4363c31592763235116d970a5f45d4cf63de373 100644
--- a/test/parallel/test-crypto-oneshot-hash-xof.js
+++ b/test/parallel/test-crypto-oneshot-hash-xof.js
@@ -7,6 +7,10 @@ if (!common.hasCrypto) common.skip('missing crypto');
const assert = require('assert');
const crypto = require('crypto');
+if (process.features.openssl_is_boringssl) {
+ common.skip('BoringSSL does not support XOF hash functions');
+}
+
// Test XOF hash functions and the outputLength option.
{
// Default outputLengths.
diff --git a/test/parallel/test-crypto-padding.js b/test/parallel/test-crypto-padding.js
index 48cd1ed4df61aaddeee8785cb90f83bdd9628187..d09e01712c617597833bb1320a32a967bcf1d318 100644
--- a/test/parallel/test-crypto-padding.js
+++ b/test/parallel/test-crypto-padding.js
@@ -84,14 +84,13 @@ assert.throws(function() {
// Input must have block length %.
enc(ODD_LENGTH_PLAIN, false);
}, hasOpenSSL3 ? {
- message: 'error:1C80006B:Provider routines::wrong final block length',
- code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
- reason: 'wrong final block length',
+ message: /wrong[\s_]final[\s_]block[\s_]length/i,
+ code: /ERR_OSSL(_EVP)?_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
+ message: /wrong[\s_]final[\s_]block[\s_]length/i,
} : {
- message: 'error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:' +
- 'data not multiple of block length',
- code: 'ERR_OSSL_EVP_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH',
- reason: 'data not multiple of block length',
+ message: /data[\s_]not[\s_]multiple[\s_]of[\s_]block[\s_]length/i,
+ code: /ERR_OSSL(_EVP)?_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
+ reason: /data[\s_]not[\s_]multiple[\s_]of[\s_]block[\s_]length/i,
}
);
@@ -110,15 +109,10 @@ assert.strictEqual(dec(EVEN_LENGTH_ENCRYPTED, false).length, 48);
assert.throws(function() {
// Must have at least 1 byte of padding (PKCS):
assert.strictEqual(dec(EVEN_LENGTH_ENCRYPTED_NOPAD, true), EVEN_LENGTH_PLAIN);
-}, hasOpenSSL3 ? {
- message: 'error:1C800064:Provider routines::bad decrypt',
- reason: 'bad decrypt',
- code: 'ERR_OSSL_BAD_DECRYPT',
-} : {
- message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
- 'bad decrypt',
- reason: 'bad decrypt',
- code: 'ERR_OSSL_EVP_BAD_DECRYPT',
+}, {
+ message: /bad[\s_]decrypt/i,
+ reason: /bad[\s_]decrypt/i,
+ code: /ERR_OSSL(_EVP)?_BAD_DECRYPT/,
});
// No-pad encrypted string should return the same:
diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
index 119bc3c2d20ea7d681f0b579f9d91ad46cdc3634..8d13b105fa426015a873c411ad1d7f64b3d9580e 100644
--- a/test/parallel/test-crypto-rsa-dsa.js
+++ b/test/parallel/test-crypto-rsa-dsa.js
@@ -29,12 +29,11 @@ const dsaPkcs8KeyPem = fixtures.readKey('dsa_private_pkcs8.pem');
const ec = new TextEncoder();
const openssl1DecryptError = {
- message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
- 'bad decrypt',
- code: 'ERR_OSSL_EVP_BAD_DECRYPT',
- reason: 'bad decrypt',
- function: 'EVP_DecryptFinal_ex',
- library: 'digital envelope routines',
+ message: /error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt|error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT/,
+ code: /ERR_OSSL(_EVP)?_BAD_DECRYPT/,
+ reason: /bad decrypt|BAD_DECRYPT/,
+ function: /EVP_DecryptFinal_ex|OPENSSL_internal/,
+ library: /digital envelope routines|Cipher functions/,
};
const decryptError = hasOpenSSL3 ?
@@ -223,7 +222,7 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) {
}, bufferToEncrypt);
- if (padding === constants.RSA_PKCS1_PADDING) {
+ if (!process.features.openssl_is_boringssl) {
if (!process.config.variables.node_shared_openssl) {
// TODO(richardlau) remove check and else branch after deps/openssl
// is upgraded.
@@ -489,7 +488,7 @@ assert.throws(() => {
//
// Test DSA signing and verification
//
-{
+if (!process.features.openssl_is_boringssl) {
const input = 'I AM THE WALRUS';
// DSA signatures vary across runs so there is no static string to verify
diff --git a/test/parallel/test-crypto-scrypt.js b/test/parallel/test-crypto-scrypt.js
index eafdfe392bde8eb1fde1dc7e7e9ae51682c74b87..2907e0175379266c90acb9df829d10283bd46652 100644
--- a/test/parallel/test-crypto-scrypt.js
+++ b/test/parallel/test-crypto-scrypt.js
@@ -192,7 +192,7 @@ for (const options of incompatibleOptions) {
for (const options of toobig) {
const expected = {
- message: /Invalid scrypt params:.*memory limit exceeded/,
+ message: /Invalid scrypt params/,
code: 'ERR_CRYPTO_INVALID_SCRYPT_PARAMS',
};
assert.throws(() => crypto.scrypt('pass', 'salt', 1, options, () => {}),
diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
index a66f0a94efd7c952c1d2320fbc7a39fe3a88a8a1..dc5846db0e3dcf8f7cb5f7efcdbc81c1d767ab88 100644
--- a/test/parallel/test-crypto-sign-verify.js
+++ b/test/parallel/test-crypto-sign-verify.js
@@ -33,7 +33,7 @@ const keySize = 2048;
}
// Test handling of exceptional conditions
-{
+if (!process.features.openssl_is_boringssl) {
const library = {
configurable: true,
set() {
@@ -345,15 +345,15 @@ assert.throws(
padding: crypto.constants.RSA_PKCS1_OAEP_PADDING
});
}, hasOpenSSL(3) ? {
- code: 'ERR_OSSL_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
- message: /illegal or unsupported padding mode/,
+ code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
+ message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
} : {
- code: 'ERR_OSSL_RSA_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
- message: /illegal or unsupported padding mode/,
- opensslErrorStack: [
+ code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
+ message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
+ /*opensslErrorStack: [
'error:06089093:digital envelope routines:EVP_PKEY_CTX_ctrl:' +
'command not supported',
- ],
+ ],*/
});
}
@@ -423,11 +423,13 @@ assert.throws(
public: fixtures.readKey('ed25519_public.pem', 'ascii'),
algo: null,
sigLen: 64 },
+ /*
{ private: fixtures.readKey('ed448_private.pem', 'ascii'),
public: fixtures.readKey('ed448_public.pem', 'ascii'),
algo: null,
supportsContext: true,
sigLen: 114 },
+ */
{ private: fixtures.readKey('rsa_private_2048.pem', 'ascii'),
public: fixtures.readKey('rsa_public_2048.pem', 'ascii'),
algo: 'sha1',
@@ -547,7 +549,7 @@ assert.throws(
{
const data = Buffer.from('Hello world');
- const keys = [['ec-key.pem', 64], ['dsa_private_1025.pem', 40]];
+ const keys = [['ec-key.pem', 64]/*, ['dsa_private_1025.pem', 40]*/];
for (const [file, length] of keys) {
const privKey = fixtures.readKey(file);
diff --git a/test/parallel/test-crypto-stream.js b/test/parallel/test-crypto-stream.js
index 747af780469c22eb8e4c6c35424043e868f75c3d..ed0916b036a9af23d805007ebd609973ee954473 100644
--- a/test/parallel/test-crypto-stream.js
+++ b/test/parallel/test-crypto-stream.js
@@ -73,9 +73,9 @@ const cipher = crypto.createCipheriv('aes-128-cbc', key, iv);
const decipher = crypto.createDecipheriv('aes-128-cbc', badkey, iv);
cipher.pipe(decipher)
- .on('error', common.expectsError(hasOpenSSL3 ? {
- message: /bad[\s_]decrypt/,
- library: 'Provider routines',
+ .on('error', common.expectsError((hasOpenSSL3 || process.features.openssl_is_boringssl) ? {
+ message: /bad[\s_]decrypt/i,
+ library: /Provider routines|Cipher functions/,
reason: /bad[\s_]decrypt/i,
} : {
message: /bad[\s_]decrypt/i,
diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js
index 84111740cd9ef6425b747e24e984e66e46b0b2ef..b1621d310536fae3fdec91a6a9d275ec8fc99a98 100644
--- a/test/parallel/test-crypto.js
+++ b/test/parallel/test-crypto.js
@@ -62,7 +62,7 @@ assert.throws(() => {
// Throws general Error, so there is no opensslErrorStack property.
return err instanceof Error &&
err.name === 'Error' &&
- /^Error: mac verify failure$/.test(err) &&
+ (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
!('opensslErrorStack' in err);
});
@@ -72,7 +72,7 @@ assert.throws(() => {
// Throws general Error, so there is no opensslErrorStack property.
return err instanceof Error &&
err.name === 'Error' &&
- /^Error: mac verify failure$/.test(err) &&
+ (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
!('opensslErrorStack' in err);
});
@@ -82,7 +82,7 @@ assert.throws(() => {
// Throws general Error, so there is no opensslErrorStack property.
return err instanceof Error &&
err.name === 'Error' &&
- /^Error: not enough data$/.test(err) &&
+ /^Error: (not enough data|BAD_PKCS12_DATA)$/.test(err) &&
!('opensslErrorStack' in err);
});
@@ -145,8 +145,6 @@ assert(crypto.getHashes().includes('sha1'));
assert(crypto.getHashes().includes('sha256'));
assert(!crypto.getHashes().includes('SHA1'));
assert(!crypto.getHashes().includes('SHA256'));
-assert(crypto.getHashes().includes('RSA-SHA1'));
-assert(!crypto.getHashes().includes('rsa-sha1'));
validateList(crypto.getHashes());
// Make sure all of the hashes are supported by OpenSSL
for (const algo of crypto.getHashes())
@@ -197,6 +195,7 @@ assert.throws(
}
);
+if (!process.features.openssl_is_boringssl) {
assert.throws(() => {
const priv = [
'-----BEGIN RSA PRIVATE KEY-----',
@@ -253,7 +252,7 @@ if (!hasOpenSSL3) {
return true;
});
}
-
+}
// Make sure memory isn't released before being returned
console.log(crypto.randomBytes(16));
diff --git a/test/parallel/test-tls-alert-handling.js b/test/parallel/test-tls-alert-handling.js
index 7bd42bbe721c4c9442410d524c5ca740078fc72c..de49dbdc2b75517f497af353a6b24b1beb11ed69 100644
--- a/test/parallel/test-tls-alert-handling.js
+++ b/test/parallel/test-tls-alert-handling.js
@@ -43,7 +43,8 @@ const errorHandler = common.mustCall((err) => {
assert.strictEqual(err.code, expectedErrorCode);
assert.strictEqual(err.library, 'SSL routines');
- if (!hasOpenSSL3) assert.strictEqual(err.function, 'ssl3_get_record');
+ if (!hasOpenSSL3 && !process.features.openssl_is_boringssl)
+ assert.strictEqual(err.function, 'ssl3_get_record');
assert.match(err.reason, expectedErrorReason);
errorReceived = true;
if (canCloseServer())
@@ -105,7 +106,7 @@ function sendBADTLSRecord() {
}
assert.strictEqual(err.code, expectedErrorCode);
assert.strictEqual(err.library, 'SSL routines');
- if (!hasOpenSSL3)
+ if (!hasOpenSSL3 && !process.features.openssl_is_boringssl)
assert.strictEqual(err.function, 'ssl3_read_bytes');
assert.match(err.reason, expectedErrorReason);
}));
diff --git a/test/parallel/test-webcrypto-wrap-unwrap.js b/test/parallel/test-webcrypto-wrap-unwrap.js
index bd788ec4ed88289d35798b8af8c9490a68e081a2..1a5477ba928bce93320f8056db02e1a7b8ddcdf3 100644
--- a/test/parallel/test-webcrypto-wrap-unwrap.js
+++ b/test/parallel/test-webcrypto-wrap-unwrap.js
@@ -20,14 +20,15 @@ const kWrappingData = {
wrap: { label: new Uint8Array(8) },
pair: true
},
- 'AES-CTR': {
+ 'AES-CBC': {
generate: { length: 128 },
- wrap: { counter: new Uint8Array(16), length: 64 },
+ wrap: { iv: new Uint8Array(16) },
pair: false
},
- 'AES-CBC': {
+ /*
+ 'AES-CTR': {
generate: { length: 128 },
- wrap: { iv: new Uint8Array(16) },
+ wrap: { counter: new Uint8Array(16), length: 64 },
pair: false
},
'AES-GCM': {
@@ -46,30 +47,9 @@ if (!process.features.openssl_is_boringssl) {
generate: { length: 128 },
wrap: { },
pair: false
- };
- kWrappingData['ChaCha20-Poly1305'] = {
- wrap: {
- iv: new Uint8Array(12),
- additionalData: new Uint8Array(16),
- tagLength: 128
- },
- pair: false
- };
-} else {
- common.printSkipMessage('Skipping unsupported AES-KW test case');
-}
-
-if (hasOpenSSL(3)) {
- kWrappingData['AES-OCB'] = {
- generate: { length: 128 },
- wrap: {
- iv: new Uint8Array(15),
- additionalData: new Uint8Array(16),
- tagLength: 128
- },
- pair: false
- };
-}
+ }
+ */
+};
function generateWrappingKeys() {
return Promise.all(Object.keys(kWrappingData).map(async (name) => {
diff --git a/test/parallel/test-x509-escaping.js b/test/parallel/test-x509-escaping.js
index b507af88e1f7f3424b7b5d6d683a295b9d208e5e..825ba4c8dce775f401080a0522565bb7a087bcc3 100644
--- a/test/parallel/test-x509-escaping.js
+++ b/test/parallel/test-x509-escaping.js
@@ -448,7 +448,7 @@ const { hasOpenSSL3 } = require('../common/crypto');
assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
undefined);
assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
- servername);
+ undefined);
assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
undefined);
@@ -483,11 +483,11 @@ const { hasOpenSSL3 } = require('../common/crypto');
assert.strictEqual(certX509.subjectAltName, 'IP Address:1.2.3.4');
// The newer X509Certificate API allows customizing this behavior:
- assert.strictEqual(certX509.checkHost(servername), servername);
+ assert.strictEqual(certX509.checkHost(servername), undefined);
assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
- servername);
+ undefined);
assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
- servername);
+ undefined);
assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
undefined);
Reference in New Issue View Git Blame Copy Permalink