github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-01-10 07:58:08 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
30e992dec4ca1c7b33c2bda1b4353072a9621aa7
electron/patches/node/fix_crypto_tests_to_run_with_bssl.patch
Charles Kerr 30e992dec4 chore: bump chromium to 115.0.5786.0 (main) (#38301) 
* chore: bump chromium in DEPS to 115.0.5772.0

* chore: update disable_color_correct_rendering.patch

no manual changes; patch succeeded with fuzz 2.

* chore: update chromium/build_libc_as_static_library.patch

no manual changes; patch succeeded with fuzz 2 (offset 1 line).

* chore: update chromium/feat_configure_launch_options_for_service_process.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4518747

patch manually reapplied due to upstream code shear

* chore: update chromium/chore_patch_out_profile_methods_in_profile_selections_cc.patch

https://chromium-review.googlesource.com/c/chromium/src/+/4502965

patch manually reapplied due to upstream code shear

* chore: update bundle_locations #include location

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4525355

* chore: Remove `extension_name` from DesktopStreamsRegistry

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4514081

* chore: bump chromium in DEPS to 115.0.5778.0

* chore: add chromium/chore_patch_out_profile_methods_in_chrome_browser_pdf.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4482679

Another instance of patching out upstream references to Profile code

* refactor: add WebViewGuestDelegate::GetGuestDelegateWeakPtr()

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4515455

This approach copied from GuestViewBase::GetGuestDelegateWeakPtr() approach in that same commit.

* fixup! chore: update bundle_locations #include location

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4525355

Sync namespace use to upstream base::mac -> base::apple changes

* fixup! chore: update bundle_locations #include location

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4525355

Sync namespace use to upstream base::mac -> base::apple changes

* chore: update chromium/mas_disable_remote_accessibility.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4530546

patch manually reapplied due to upstream code shear

* chore: update chromium/printing.patch

no manual changes; patch succeeded with fuzz

* chore: update chromium/build_add_electron_tracing_category.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4517872

no manual changes; patch succeeded with fuzz

* chore: update chromium/feat_ensure_mas_builds_of_the_same_application_can_use_safestorage.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4529098

patch manually reapplied due to upstream code shear

* chromium/build_only_use_the_mas_build_config_in_the_required_components.patch

https://chromium-review.googlesource.com/c/chromium/src/+/4529098

patch manually reapplied due to upstream code shear

* chore: update chromium/mas-cgdisplayusesforcetogray.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4529475

no manual changes; patch succeeded with fuzz

* chore: update chromium/build_only_use_the_mas_build_config_in_the_required_components.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4429011

no manual changes; patch succeeded with fuzz

* chore: remove chromium/cherry-pick-48a136e77e6d.patch

already present upstream

* chore: remove chromium/cherry-pick-e6e23ba00379.patch

already present upstream

* [Code Health] Remove value based RegisterPref for Dict and List

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4533537

* Remove `cxx17_backports.h` and adjust unittest file

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4534916

Notes: mostly just removing #include and s/base::clamp/std::clamp/

* refactor: add FakeBrowserProcess helper class

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4424072

Used in ElectronBrowserMainParts' fake_browser_process_ field. Previously
this was an BrowserProcessImpl instance, but upstream 4424072 makes that
an abstract base class. `FakeBrowserProcess` is a thin subclass with the
minimum code needed to make it concrete.

`ElectronBrowserMainParts::fake_browser_process_` is now a `shared_ptr`
instead of a `unique_ptr` so we can avoid exposing `FakeBrowserProcess`
in the header.

* fixup! refactor: add FakeBrowserProcess helper class

remove unnecessary unique_ptr

* fix: Browser::SetDockIcon() when !Browser.is_ready()

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4410741

An alternative fix for https://github.com/electron/electron/pull/36279 .
The previous fix was to call `SetSupportedScales()` ourselves (1b1609a),
but upstream has removed this API.

CC @codebytere

* fixup! chore: remove chromium/cherry-pick-e6e23ba00379.patch

* chore: update chromium/export_gin_v8platform_pageallocator_for_usage_outside_of_the_gin.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4517404

patch manually reapplied due to upstream code shear

* chore: update patches

* chore: add dep: resource_coordinator:mojo_bindings

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4521464

* fixup! chore: add dep: resource_coordinator:mojo_bindings

chore: make lint happy

* chore: patch out Profile methods in titlebar_config

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4508143 (primary)

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4534461 (followup)

* chore: bump chromium in DEPS to 115.0.5780.0

* chore: update chromium/disable_hidden.patch

no manual changes; patch succeeded with fuzz

* chore: update chromium/sysroot.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4535715

no manual changes; patch succeeded with fuzz

* chore: update chromium/feat_enable_offscreen_rendering_with_viz_compositor.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4403623

patch manually reapplied due to upstream code shear

* chore: update chromium/refactor_expose_cursor_changes_to_the_webcontentsobserver.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4547380

patch manually reapplied due to upstream code shear

* chore: update patches

* fixup! fix: Browser::SetDockIcon() when !Browser.is_ready()

chore: iwyu image.h

* chore: bump chromium in DEPS to 115.0.5782.0

* chore: bump chromium in DEPS to 115.0.5784.0

* 4514181: CR2023: Update filled cr-input styles.

https://chromium-review.googlesource.com/c/chromium/src/+/4514181

* 4521894: Remove SiteInstanceDeleting usage outside of tests.

https://chromium-review.googlesource.com/c/chromium/src/+/4521894

* 4525355: Move backup_util and bundle_locations to base/apple

https://chromium-review.googlesource.com/c/chromium/src/+/4525355

* 4484743: webauthn: add underlying support for calling iCloud Keychain on macOS.

https://chromium-review.googlesource.com/c/chromium/src/+/4484743

* chore: fixup patch indices

* 4546398: Convert /chrome/browser to use ARC

https://chromium-review.googlesource.com/c/chromium/src/+/4546398

* chore: bump chromium in DEPS to 115.0.5786.0

* chore: update patches

* 4540682: Initialize PDF SDK with policy in chrome_pdf::RenderPDFPageToDC()

https://chromium-review.googlesource.com/c/chromium/src/+/4540682

* Don't import ObjC++ fn headers into electron_api_app

* 4535715: Refactor sysroot-creator.sh

https://chromium-review.googlesource.com/c/chromium/src/+/4535715

* fixup! refactor: add FakeBrowserProcess helper class

* 4531903: [string][test] Create/Copy strings to old space before externalization

https://chromium-review.googlesource.com/c/v8/v8/+/4531903

* 59645: Add APIs to support RSA keys with large e.

https://boringssl-review.googlesource.com/c/boringssl/+/59645

---------

Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
2023-05-23 21:58:58 +02:00

1082 lines
44 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Rose <nornagon@nornagon.net>
Date: Tue, 9 Feb 2021 12:34:46 -0800
Subject: fix crypto tests to run with bssl
This fixes some crypto tests so that they pass when compiled with
BoringSSL.
This should be upstreamed in some form, though it may need to be tweaked
before it's acceptable to upstream, as this patch comments out a couple
of tests that upstream probably cares about.
diff --git a/test/parallel/test-crypto-async-sign-verify.js b/test/parallel/test-crypto-async-sign-verify.js
index 4e3c32fdcd23fbe3e74bd5e624b739d224689f33..19d65aae7fa8ec9f9b907733ead17a208ed47909 100644
--- a/test/parallel/test-crypto-async-sign-verify.js
+++ b/test/parallel/test-crypto-async-sign-verify.js
@@ -88,6 +88,7 @@ test('rsa_public.pem', 'rsa_private.pem', 'sha256', false,
// ED25519
test('ed25519_public.pem', 'ed25519_private.pem', undefined, true);
// ED448
+/*
test('ed448_public.pem', 'ed448_private.pem', undefined, true);
// ECDSA w/ der signature encoding
@@ -109,6 +110,7 @@ test('dsa_public.pem', 'dsa_private.pem', 'sha256',
// DSA w/ ieee-p1363 signature encoding
test('dsa_public.pem', 'dsa_private.pem', 'sha256', false,
{ dsaEncoding: 'ieee-p1363' });
+*/
// Test Parallel Execution w/ KeyObject is threadsafe in openssl3
{
diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
index d358f6b63c0e9f5761157dc200daa484d9c5ead6..7a3e376d04020e7a883f56591bc07d9970d15c9a 100644
--- a/test/parallel/test-crypto-authenticated.js
+++ b/test/parallel/test-crypto-authenticated.js
@@ -50,7 +50,9 @@ const errMessages = {
const ciphers = crypto.getCiphers();
const expectedWarnings = common.hasFipsCrypto ?
- [] : [
+ [] : !ciphers.includes('aes-192-ccm') ? [
+ ['Use Cipheriv for counter mode of aes-192-gcm'],
+ ] : [
['Use Cipheriv for counter mode of aes-192-gcm'],
['Use Cipheriv for counter mode of aes-192-ccm'],
['Use Cipheriv for counter mode of aes-192-ccm'],
@@ -318,7 +320,9 @@ for (const test of TEST_CASES) {
// Test that create(De|C)ipher(iv)? throws if the mode is CCM and an invalid
// authentication tag length has been specified.
-{
+if (!ciphers.includes('aes-256-ccm')) {
+ common.printSkipMessage(`unsupported aes-256-ccm test`);
+} else {
for (const authTagLength of [-1, true, false, NaN, 5.5]) {
assert.throws(() => {
crypto.createCipheriv('aes-256-ccm',
@@ -406,6 +410,10 @@ for (const test of TEST_CASES) {
// authentication tag has been specified.
{
for (const mode of ['ccm', 'ocb']) {
+ if (!ciphers.includes(`aes-256-${mode}`)) {
+ common.printSkipMessage(`unsupported aes-256-${mode} test`);
+ continue;
+ }
assert.throws(() => {
crypto.createCipheriv(`aes-256-${mode}`,
'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
@@ -440,7 +448,9 @@ for (const test of TEST_CASES) {
}
// Test that setAAD throws if an invalid plaintext length has been specified.
-{
+if (!ciphers.includes('aes-256-ccm')) {
+ common.printSkipMessage(`unsupported aes-256-ccm test`);
+} else {
const cipher = crypto.createCipheriv('aes-256-ccm',
'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
'qkuZpJWCewa6S',
@@ -461,7 +471,9 @@ for (const test of TEST_CASES) {
}
// Test that setAAD and update throw if the plaintext is too long.
-{
+if (!ciphers.includes('aes-256-ccm')) {
+ common.printSkipMessage(`unsupported aes-256-ccm test`);
+} else {
for (const ivLength of [13, 12]) {
const maxMessageSize = (1 << (8 * (15 - ivLength))) - 1;
const key = 'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8';
@@ -492,7 +504,9 @@ for (const test of TEST_CASES) {
// Test that setAAD throws if the mode is CCM and the plaintext length has not
// been specified.
-{
+if (!ciphers.includes('aes-256-ccm')) {
+ common.printSkipMessage(`unsupported aes-256-ccm test`);
+} else {
assert.throws(() => {
const cipher = crypto.createCipheriv('aes-256-ccm',
'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
@@ -517,7 +531,9 @@ for (const test of TEST_CASES) {
}
// Test that final() throws in CCM mode when no authentication tag is provided.
-{
+if (!ciphers.includes('aes-128-ccm')) {
+ common.printSkipMessage(`unsupported aes-256-ccm test`);
+} else {
if (!common.hasFipsCrypto) {
const key = Buffer.from('1ed2233fa2223ef5d7df08546049406c', 'hex');
const iv = Buffer.from('7305220bca40d4c90e1791e9', 'hex');
@@ -549,7 +565,9 @@ for (const test of TEST_CASES) {
}
// Test that an IV length of 11 does not overflow max_message_size_.
-{
+if (!ciphers.includes('aes-128-ccm')) {
+ common.printSkipMessage(`unsupported aes-128-ccm test`);
+} else {
const key = 'x'.repeat(16);
const iv = Buffer.from('112233445566778899aabb', 'hex');
const options = { authTagLength: 8 };
@@ -566,6 +584,10 @@ for (const test of TEST_CASES) {
const iv = Buffer.from('0123456789ab', 'utf8');
for (const mode of ['gcm', 'ocb']) {
+ if (!ciphers.includes(`aes-128-${mode}`)) {
+ common.printSkipMessage(`unsupported aes-128-${mode} test`);
+ continue;
+ }
for (const authTagLength of mode === 'gcm' ? [undefined, 8] : [8]) {
const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, {
authTagLength
@@ -600,6 +622,10 @@ for (const test of TEST_CASES) {
const opts = { authTagLength: 8 };
for (const mode of ['gcm', 'ccm', 'ocb']) {
+ if (!ciphers.includes(`aes-128-${mode}`)) {
+ common.printSkipMessage(`unsupported aes-128-${mode} test`);
+ continue;
+ }
const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, opts);
const ciphertext = Buffer.concat([cipher.update(plain), cipher.final()]);
const tag = cipher.getAuthTag();
@@ -622,7 +648,9 @@ for (const test of TEST_CASES) {
// Test chacha20-poly1305 rejects invalid IV lengths of 13, 14, 15, and 16 (a
// length of 17 or greater was already rejected).
// - https://www.openssl.org/news/secadv/20190306.txt
-{
+if (!ciphers.includes('chacha20-poly1305')) {
+ common.printSkipMessage(`unsupported chacha20-poly1305 test`);
+} else {
// Valid extracted from TEST_CASES, check that it detects IV tampering.
const valid = {
algo: 'chacha20-poly1305',
@@ -667,6 +695,9 @@ for (const test of TEST_CASES) {
{
// CCM cipher without data should not crash, see https://github.com/nodejs/node/issues/38035.
+ common.printSkipMessage(`unsupported aes-128-ccm test`);
+ return;
+
const algo = 'aes-128-ccm';
const key = Buffer.alloc(16);
const iv = Buffer.alloc(12);
diff --git a/test/parallel/test-crypto-binary-default.js b/test/parallel/test-crypto-binary-default.js
index 3bbca5b0da395b94c04da7bb7c55b107e41367d8..af62558c4f23aa82804e0077da7b7f3a86cfac60 100644
--- a/test/parallel/test-crypto-binary-default.js
+++ b/test/parallel/test-crypto-binary-default.js
@@ -51,15 +51,15 @@ tls.createSecureContext({ pfx: certPfx, passphrase: 'sample' });
assert.throws(function() {
tls.createSecureContext({ pfx: certPfx });
-}, /^Error: mac verify failure$/);
+}, /^Error: (mac verify failure|INCORRECT_PASSWORD)$/);
assert.throws(function() {
tls.createSecureContext({ pfx: certPfx, passphrase: 'test' });
-}, /^Error: mac verify failure$/);
+}, /^Error: (mac verify failure|INCORRECT_PASSWORD)$/);
assert.throws(function() {
tls.createSecureContext({ pfx: 'sample', passphrase: 'test' });
-}, /^Error: not enough data$/);
+}, /^Error: (not enough data|BAD_PKCS12_DATA)$/);
// Test HMAC
{
@@ -462,7 +462,7 @@ assert.throws(function() {
function testCipher1(key) {
// Test encryption and decryption
const plaintext = 'Keep this a secret? No! Tell everyone about node.js!';
- const cipher = crypto.createCipher('aes192', key);
+ const cipher = crypto.createCipher('aes-192-cbc', key);
// Encrypt plaintext which is in utf8 format
// to a ciphertext which will be in hex
@@ -470,7 +470,7 @@ function testCipher1(key) {
// Only use binary or hex, not base64.
ciph += cipher.final('hex');
- const decipher = crypto.createDecipher('aes192', key);
+ const decipher = crypto.createDecipher('aes-192-cbc', key);
let txt = decipher.update(ciph, 'hex', 'utf8');
txt += decipher.final('utf8');
@@ -485,14 +485,14 @@ function testCipher2(key) {
'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw' +
'eCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZUJ' +
'jAfaFg**';
- const cipher = crypto.createCipher('aes256', key);
+ const cipher = crypto.createCipher('aes-256-cbc', key);
// Encrypt plaintext which is in utf8 format
// to a ciphertext which will be in Base64
let ciph = cipher.update(plaintext, 'utf8', 'base64');
ciph += cipher.final('base64');
- const decipher = crypto.createDecipher('aes256', key);
+ const decipher = crypto.createDecipher('aes-256-cbc', key);
let txt = decipher.update(ciph, 'base64', 'utf8');
txt += decipher.final('utf8');
@@ -537,6 +537,10 @@ function testCipher4(key, iv) {
function testCipher5(key, iv) {
+ if (!crypto.getCiphers().includes('id-aes128-wrap')) {
+ common.printSkipMessage(`unsupported id-aes128-wrap test`);
+ return;
+ }
// Test encryption and decryption with explicit key with aes128-wrap
const plaintext =
'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw' +
@@ -662,6 +666,8 @@ assert.throws(
}
+/* NB: BoringSSL does not support using DSA through the EVP API.
+ * https://boringssl.googlesource.com/boringssl/+/a2278d4d2cabe73f6663e3299ea7808edfa306b9/PORTING.md#dsa-s
//
// Test DSA signing and verification
//
@@ -682,6 +688,7 @@ assert.throws(
assert.strictEqual(verify.verify(publicKey, signature, 'hex'), true);
}
+*/
//
diff --git a/test/parallel/test-crypto-certificate.js b/test/parallel/test-crypto-certificate.js
index 4a5f1f149fe6c739f7f1d2ee17df6e61a942d621..b3287f428ce6b3fde11d449c601a57ff5e3843f9 100644
--- a/test/parallel/test-crypto-certificate.js
+++ b/test/parallel/test-crypto-certificate.js
@@ -40,8 +40,10 @@ function copyArrayBuffer(buf) {
}
function checkMethods(certificate) {
-
+ /* spkacValid has a md5 based signature which is not allowed in boringssl
+ https://boringssl.googlesource.com/boringssl/+/33d7e32ce40c04e8f1b99c05964956fda187819f
assert.strictEqual(certificate.verifySpkac(spkacValid), true);
+ */
assert.strictEqual(certificate.verifySpkac(spkacFail), false);
assert.strictEqual(
@@ -56,10 +58,12 @@ function checkMethods(certificate) {
);
assert.strictEqual(certificate.exportChallenge(spkacFail), '');
+ /* spkacValid has a md5 based signature which is not allowed in boringssl
const ab = copyArrayBuffer(spkacValid);
assert.strictEqual(certificate.verifySpkac(ab), true);
assert.strictEqual(certificate.verifySpkac(new Uint8Array(ab)), true);
assert.strictEqual(certificate.verifySpkac(new DataView(ab)), true);
+ */
}
{
diff --git a/test/parallel/test-crypto-cipher-decipher.js b/test/parallel/test-crypto-cipher-decipher.js
index 35514afbea92562a81c163b1e4d918b4ab609f71..13098e1acf12c309f2ed6f6143a2c2eeb8a2763d 100644
--- a/test/parallel/test-crypto-cipher-decipher.js
+++ b/test/parallel/test-crypto-cipher-decipher.js
@@ -22,7 +22,7 @@ common.expectWarning({
function testCipher1(key) {
// Test encryption and decryption
const plaintext = 'Keep this a secret? No! Tell everyone about node.js!';
- const cipher = crypto.createCipher('aes192', key);
+ const cipher = crypto.createCipher('aes-192-cbc', key);
// Encrypt plaintext which is in utf8 format
// to a ciphertext which will be in hex
@@ -30,7 +30,7 @@ function testCipher1(key) {
// Only use binary or hex, not base64.
ciph += cipher.final('hex');
- const decipher = crypto.createDecipher('aes192', key);
+ const decipher = crypto.createDecipher('aes-192-cbc', key);
let txt = decipher.update(ciph, 'hex', 'utf8');
txt += decipher.final('utf8');
@@ -40,11 +40,11 @@ function testCipher1(key) {
// NB: In real life, it's not guaranteed that you can get all of it
// in a single read() like this. But in this case, we know it's
// quite small, so there's no harm.
- const cStream = crypto.createCipher('aes192', key);
+ const cStream = crypto.createCipher('aes-192-cbc', key);
cStream.end(plaintext);
ciph = cStream.read();
- const dStream = crypto.createDecipher('aes192', key);
+ const dStream = crypto.createDecipher('aes-192-cbc', key);
dStream.end(ciph);
txt = dStream.read().toString('utf8');
@@ -59,14 +59,14 @@ function testCipher2(key) {
'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw' +
'eCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZUJ' +
'jAfaFg**';
- const cipher = crypto.createCipher('aes256', key);
+ const cipher = crypto.createCipher('aes-256-cbc', key);
// Encrypt plaintext which is in utf8 format to a ciphertext which will be in
// Base64.
let ciph = cipher.update(plaintext, 'utf8', 'base64');
ciph += cipher.final('base64');
- const decipher = crypto.createDecipher('aes256', key);
+ const decipher = crypto.createDecipher('aes-256-cbc', key);
let txt = decipher.update(ciph, 'base64', 'utf8');
txt += decipher.final('utf8');
@@ -170,7 +170,7 @@ testCipher2(Buffer.from('0123456789abcdef'));
// Regression test for https://github.com/nodejs/node-v0.x-archive/issues/5482:
// string to Cipher#update() should not assert.
{
- const c = crypto.createCipher('aes192', '0123456789abcdef');
+ const c = crypto.createCipher('aes-192-cbc', '0123456789abcdef');
c.update('update');
c.final();
}
@@ -178,15 +178,15 @@ testCipher2(Buffer.from('0123456789abcdef'));
// https://github.com/nodejs/node-v0.x-archive/issues/5655 regression tests,
// 'utf-8' and 'utf8' are identical.
{
- let c = crypto.createCipher('aes192', '0123456789abcdef');
+ let c = crypto.createCipher('aes-192-cbc', '0123456789abcdef');
c.update('update', ''); // Defaults to "utf8".
c.final('utf-8'); // Should not throw.
- c = crypto.createCipher('aes192', '0123456789abcdef');
+ c = crypto.createCipher('aes-192-cbc', '0123456789abcdef');
c.update('update', 'utf8');
c.final('utf-8'); // Should not throw.
- c = crypto.createCipher('aes192', '0123456789abcdef');
+ c = crypto.createCipher('aes-192-cbc', '0123456789abcdef');
c.update('update', 'utf-8');
c.final('utf8'); // Should not throw.
}
@@ -195,23 +195,23 @@ testCipher2(Buffer.from('0123456789abcdef'));
{
const key = '0123456789abcdef';
const plaintext = 'Top secret!!!';
- const c = crypto.createCipher('aes192', key);
+ const c = crypto.createCipher('aes-192-cbc', key);
let ciph = c.update(plaintext, 'utf16le', 'base64');
ciph += c.final('base64');
- let decipher = crypto.createDecipher('aes192', key);
+ let decipher = crypto.createDecipher('aes-192-cbc', key);
let txt;
txt = decipher.update(ciph, 'base64', 'ucs2');
txt += decipher.final('ucs2');
assert.strictEqual(txt, plaintext);
- decipher = crypto.createDecipher('aes192', key);
+ decipher = crypto.createDecipher('aes-192-cbc', key);
txt = decipher.update(ciph, 'base64', 'ucs-2');
txt += decipher.final('ucs-2');
assert.strictEqual(txt, plaintext);
- decipher = crypto.createDecipher('aes192', key);
+ decipher = crypto.createDecipher('aes-192-cbc', key);
txt = decipher.update(ciph, 'base64', 'utf-16le');
txt += decipher.final('utf-16le');
assert.strictEqual(txt, plaintext);
diff --git a/test/parallel/test-crypto-cipheriv-decipheriv.js b/test/parallel/test-crypto-cipheriv-decipheriv.js
index 3e3632203af72c54f2795d8de0cf345862a043bb..a066bbb803d41d9d1f26a02e41115b71233988d6 100644
--- a/test/parallel/test-crypto-cipheriv-decipheriv.js
+++ b/test/parallel/test-crypto-cipheriv-decipheriv.js
@@ -60,6 +60,10 @@ function testCipher2(key, iv) {
function testCipher3(key, iv) {
+ if (!crypto.getCiphers().includes('id-aes128-wrap')) {
+ common.printSkipMessage(`unsupported id-aes128-wrap test`);
+ return;
+ }
// Test encryption and decryption with explicit key and iv.
// AES Key Wrap test vector comes from RFC3394
const plaintext = Buffer.from('00112233445566778899AABBCCDDEEFF', 'hex');
diff --git a/test/parallel/test-crypto-classes.js b/test/parallel/test-crypto-classes.js
index dd073274aef765e8f1e403aa2c8baf9694b521cb..fc6339e040debe61ecc61a3eb5b26823b102f1ff 100644
--- a/test/parallel/test-crypto-classes.js
+++ b/test/parallel/test-crypto-classes.js
@@ -22,8 +22,8 @@ const TEST_CASES = {
};
if (!common.hasFipsCrypto) {
- TEST_CASES.Cipher = ['aes192', 'secret'];
- TEST_CASES.Decipher = ['aes192', 'secret'];
+ TEST_CASES.Cipher = ['aes-192-cbc', 'secret'];
+ TEST_CASES.Decipher = ['aes-192-cbc', 'secret'];
TEST_CASES.DiffieHellman = [common.hasOpenSSL3 ? 1024 : 256];
}
diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
index 18721fcf289e5545408e309db050a2ff0f4b0140..e5235e0a5fbd68416b4a9480818901b411ed91bd 100644
--- a/test/parallel/test-crypto-dh.js
+++ b/test/parallel/test-crypto-dh.js
@@ -49,7 +49,7 @@ for (const bits of [-1, 0, 1]) {
assert.throws(() => crypto.createDiffieHellman(bits), {
code: 'ERR_OSSL_BN_BITS_TOO_SMALL',
name: 'Error',
- message: /bits too small/,
+ message: /bits too small|BITS_TOO_SMALL/,
});
}
}
@@ -65,7 +65,7 @@ for (const g of [-1, 1]) {
const ex = {
code: 'ERR_OSSL_DH_BAD_GENERATOR',
name: 'Error',
- message: /bad generator/,
+ message: /bad generator|BAD_GENERATOR/,
};
assert.throws(() => crypto.createDiffieHellman('abcdef', g), ex);
assert.throws(() => crypto.createDiffieHellman('abcdef', 'hex', g), ex);
@@ -79,7 +79,7 @@ for (const g of [Buffer.from([]),
const ex = {
code: 'ERR_OSSL_DH_BAD_GENERATOR',
name: 'Error',
- message: /bad generator/,
+ message: /bad generator|BAD_GENERATOR/,
};
assert.throws(() => crypto.createDiffieHellman('abcdef', g), ex);
assert.throws(() => crypto.createDiffieHellman('abcdef', 'hex', g), ex);
@@ -133,18 +133,17 @@ assert.strictEqual(secret1, secret4);
let wrongBlockLength;
if (common.hasOpenSSL3) {
wrongBlockLength = {
- message: 'error:1C80006B:Provider routines::wrong final block length',
- code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
- library: 'Provider routines',
- reason: 'wrong final block length'
+ message: /error:1C80006B:Provider routines::wrong final block length|error:1e00007b:Cipher functions:OPENSSL_internal:WRONG_FINAL_BLOCK_LENGTH/,
+ code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
+ library: /digital envelope routines|Cipher functions/,
+ reason: /wrong final block length|WRONG_FINAL_BLOCK_LENGTH/
};
} else {
wrongBlockLength = {
- message: 'error:0606506D:digital envelope' +
- ' routines:EVP_DecryptFinal_ex:wrong final block length',
- code: 'ERR_OSSL_EVP_WRONG_FINAL_BLOCK_LENGTH',
- library: 'digital envelope routines',
- reason: 'wrong final block length'
+ message: /error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length|error:1e00007b:Cipher functions:OPENSSL_internal:WRONG_FINAL_BLOCK_LENGTH/,
+ code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
+ library: /digital envelope routines|Cipher functions/,
+ reason: /wrong final block length|WRONG_FINAL_BLOCK_LENGTH/
};
}
diff --git a/test/parallel/test-crypto-getcipherinfo.js b/test/parallel/test-crypto-getcipherinfo.js
index 98d2a52eceac4bc564fd2878f77b50c336a67a66..bcb2de6e354c26816000f2400d9c1d46de01888a 100644
--- a/test/parallel/test-crypto-getcipherinfo.js
+++ b/test/parallel/test-crypto-getcipherinfo.js
@@ -62,9 +62,13 @@ assert(getCipherInfo('aes-128-cbc', { ivLength: 16 }));
assert(!getCipherInfo('aes-128-ccm', { ivLength: 1 }));
assert(!getCipherInfo('aes-128-ccm', { ivLength: 14 }));
+/*
for (let n = 7; n <= 13; n++)
assert(getCipherInfo('aes-128-ccm', { ivLength: n }));
+*/
assert(!getCipherInfo('aes-128-ocb', { ivLength: 16 }));
+/*
for (let n = 1; n < 16; n++)
assert(getCipherInfo('aes-128-ocb', { ivLength: n }));
+*/
\ No newline at end of file
diff --git a/test/parallel/test-crypto-hash-stream-pipe.js b/test/parallel/test-crypto-hash-stream-pipe.js
index d22281abbd5c3cab3aaa3ac494301fa6b4a8a968..5f0c6a4aed2e868a1a1049212edf218791cd6868 100644
--- a/test/parallel/test-crypto-hash-stream-pipe.js
+++ b/test/parallel/test-crypto-hash-stream-pipe.js
@@ -30,11 +30,11 @@ const crypto = require('crypto');
const stream = require('stream');
const s = new stream.PassThrough();
-const h = crypto.createHash('sha3-512');
-const expect = '36a38a2a35e698974d4e5791a3f05b05' +
- '198235381e864f91a0e8cd6a26b677ec' +
- 'dcde8e2b069bd7355fabd68abd6fc801' +
- '19659f25e92f8efc961ee3a7c815c758';
+const h = crypto.createHash('sha512');
+const expect = 'fba055c6fd0c5b6645407749ed7a8b41' +
+ 'b8f629f2163c3ca3701d864adabda1f8' +
+ '93c37bf82b22fdd151ba8e357f611da4' +
+ '88a74b6a5525dd9b69554c6ce5138ad7';
s.pipe(h).on('data', common.mustCall(function(c) {
assert.strictEqual(c, expect);
diff --git a/test/parallel/test-crypto-hash.js b/test/parallel/test-crypto-hash.js
index af2146982c7a3bf7bd7527f44e4b17a3b605026e..f6b91f675cfea367c608892dee078b565814f2dd 100644
--- a/test/parallel/test-crypto-hash.js
+++ b/test/parallel/test-crypto-hash.js
@@ -182,6 +182,7 @@ assert.throws(
// Test XOF hash functions and the outputLength option.
{
+ /*
// Default outputLengths.
assert.strictEqual(crypto.createHash('shake128').digest('hex'),
'7f9c2ba4e88f827d616045507605853e');
@@ -236,6 +237,7 @@ assert.throws(
assert.strictEqual(superLongHash.length, 2 * 1024 * 1024);
assert.ok(superLongHash.endsWith('193414035ddba77bf7bba97981e656ec'));
assert.ok(superLongHash.startsWith('a2a28dbc49cfd6e5d6ceea3d03e77748'));
+ */
// Non-XOF hash functions should accept valid outputLength options as well.
assert.strictEqual(crypto.createHash('sha224', { outputLength: 28 })
diff --git a/test/parallel/test-crypto-hkdf.js b/test/parallel/test-crypto-hkdf.js
index ff3abdf291efcd076b36e755de4147b0aad0b345..d29854cf0c0ce89f84c912def672e7c4e11427a3 100644
--- a/test/parallel/test-crypto-hkdf.js
+++ b/test/parallel/test-crypto-hkdf.js
@@ -124,8 +124,6 @@ const algorithms = [
['sha256', '', 'salt', '', 10],
['sha512', 'secret', 'salt', '', 15],
];
-if (!common.hasOpenSSL3)
- algorithms.push(['whirlpool', 'secret', '', 'info', 20]);
algorithms.forEach(([ hash, secret, salt, info, length ]) => {
{
diff --git a/test/parallel/test-crypto-padding.js b/test/parallel/test-crypto-padding.js
index f1f14b472997e76bb4100edb1c6cf4fc24d1074d..5057e3f9bc5bb78aceffa5e79530f8ceed84e6f7 100644
--- a/test/parallel/test-crypto-padding.js
+++ b/test/parallel/test-crypto-padding.js
@@ -87,10 +87,9 @@ assert.throws(function() {
code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
reason: 'wrong final block length',
} : {
- message: 'error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:' +
- 'data not multiple of block length',
- code: 'ERR_OSSL_EVP_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH',
- reason: 'data not multiple of block length',
+ message: /error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:data not multiple of block length|error:1e00006a:Cipher functions:OPENSSL_internal:DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
+ code: /ERR_OSSL(_EVP)?_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
+ reason: /data not multiple of block length|DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
}
);
@@ -114,10 +113,9 @@ assert.throws(function() {
reason: 'bad decrypt',
code: 'ERR_OSSL_BAD_DECRYPT',
} : {
- message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
- 'bad decrypt',
- reason: 'bad decrypt',
- code: 'ERR_OSSL_EVP_BAD_DECRYPT',
+ message: /error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt|error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT/,
+ reason: /bad decrypt|BAD_DECRYPT/,
+ code: /ERR_OSSL(_EVP)?_BAD_DECRYPT/,
});
// No-pad encrypted string should return the same:
diff --git a/test/parallel/test-crypto-private-decrypt-gh32240.js b/test/parallel/test-crypto-private-decrypt-gh32240.js
index 1785f5eef3d202976666081d09850ed744d83446..e88227a215ba4f7fa196f7642ae694a57d55b3ca 100644
--- a/test/parallel/test-crypto-private-decrypt-gh32240.js
+++ b/test/parallel/test-crypto-private-decrypt-gh32240.js
@@ -24,7 +24,7 @@ const pkeyEncrypted =
pair.privateKey.export({
type: 'pkcs1',
format: 'pem',
- cipher: 'aes128',
+ cipher: 'aes-128-cbc',
passphrase: 'secret',
});
diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
index 9afcb38616dafd6da1ab7b5843d68f4f796ca9a6..00d3381056a5a40c549f06d74c130149ba4abc8c 100644
--- a/test/parallel/test-crypto-rsa-dsa.js
+++ b/test/parallel/test-crypto-rsa-dsa.js
@@ -28,12 +28,11 @@ const dsaPkcs8KeyPem = fixtures.readKey('dsa_private_pkcs8.pem');
const ec = new TextEncoder();
const openssl1DecryptError = {
- message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
- 'bad decrypt',
- code: 'ERR_OSSL_EVP_BAD_DECRYPT',
- reason: 'bad decrypt',
- function: 'EVP_DecryptFinal_ex',
- library: 'digital envelope routines',
+ message: /error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt|error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT/,
+ code: /ERR_OSSL(_EVP)?_BAD_DECRYPT/,
+ reason: /bad decrypt|BAD_DECRYPT/,
+ function: /EVP_DecryptFinal_ex|OPENSSL_internal/,
+ library: /digital envelope routines|Cipher functions/,
};
const decryptError = common.hasOpenSSL3 ?
@@ -397,7 +396,7 @@ assert.throws(() => {
assert.strictEqual(verify2.verify(publicKey, signature, 'hex'), true);
}
-
+/*
//
// Test DSA signing and verification
//
@@ -472,3 +471,4 @@ const input = 'I AM THE WALRUS';
assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
}
+*/
diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
index 74c0ff53eb18b749d4018b50d654df943403245b..aab253ca5d4504c445c88cd9519f8385a7b39b91 100644
--- a/test/parallel/test-crypto-sign-verify.js
+++ b/test/parallel/test-crypto-sign-verify.js
@@ -29,6 +29,7 @@ const keySize = 2048;
'instance when called without `new`');
}
+/*
// Test handling of exceptional conditions
{
const library = {
@@ -69,6 +70,7 @@ const keySize = 2048;
delete Object.prototype.opensslErrorStack;
}
+*/
assert.throws(
() => crypto.createVerify('SHA256').verify({
@@ -342,15 +344,17 @@ assert.throws(
padding: crypto.constants.RSA_PKCS1_OAEP_PADDING
});
}, common.hasOpenSSL3 ? {
- code: 'ERR_OSSL_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
- message: /illegal or unsupported padding mode/,
+ code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
+ message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
} : {
- code: 'ERR_OSSL_RSA_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
- message: /illegal or unsupported padding mode/,
+ code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
+ message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
+ /*
opensslErrorStack: [
'error:06089093:digital envelope routines:EVP_PKEY_CTX_ctrl:' +
'command not supported',
],
+ */
});
}
@@ -420,10 +424,12 @@ assert.throws(
public: fixtures.readKey('ed25519_public.pem', 'ascii'),
algo: null,
sigLen: 64 },
+ /*
{ private: fixtures.readKey('ed448_private.pem', 'ascii'),
public: fixtures.readKey('ed448_public.pem', 'ascii'),
algo: null,
sigLen: 114 },
+ */
{ private: fixtures.readKey('rsa_private_2048.pem', 'ascii'),
public: fixtures.readKey('rsa_public_2048.pem', 'ascii'),
algo: 'sha1',
@@ -494,7 +500,7 @@ assert.throws(
{
const data = Buffer.from('Hello world');
- const keys = [['ec-key.pem', 64], ['dsa_private_1025.pem', 40]];
+ const keys = [['ec-key.pem', 64]/*, ['dsa_private_1025.pem', 40]*/];
for (const [file, length] of keys) {
const privKey = fixtures.readKey(file);
diff --git a/test/parallel/test-crypto-stream.js b/test/parallel/test-crypto-stream.js
index 008ab129f0e019c659eecf5a76b7eb412c947fe3..6688f5d916f50e1e4fcfff1619c8634a3233f820 100644
--- a/test/parallel/test-crypto-stream.js
+++ b/test/parallel/test-crypto-stream.js
@@ -76,10 +76,10 @@ cipher.pipe(decipher)
library: 'Provider routines',
reason: 'bad decrypt',
} : {
- message: /bad decrypt/,
- function: 'EVP_DecryptFinal_ex',
- library: 'digital envelope routines',
- reason: 'bad decrypt',
+ message: /bad decrypt|BAD_DECRYPT/,
+ function: /EVP_DecryptFinal_ex|OPENSSL_internal/,
+ library: /digital envelope routines|Cipher functions/,
+ reason: /bad decrypt|BAD_DECRYPT/,
}));
cipher.end('Papaya!'); // Should not cause an unhandled exception.
diff --git a/test/parallel/test-crypto-x509.js b/test/parallel/test-crypto-x509.js
index 2f2e443a7f6482c26f3a065520c8764d8402a91f..ccfe79ac65a223139f293f7dd034096fcdbc81ab 100644
--- a/test/parallel/test-crypto-x509.js
+++ b/test/parallel/test-crypto-x509.js
@@ -111,7 +111,7 @@ const der = Buffer.from(
'5A:42:63:E0:21:2F:D6:70:63:07:96:6F:27:A7:78:12:08:02:7A:8B'
);
assert.strictEqual(x509.keyUsage, undefined);
- assert.strictEqual(x509.serialNumber, '147D36C1C2F74206DE9FAB5F2226D78ADB00A426');
+ assert.match(x509.serialNumber, /147D36C1C2F74206DE9FAB5F2226D78ADB00A426/i);
assert.deepStrictEqual(x509.raw, der);
@@ -253,6 +253,16 @@ oans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
});
mc.port2.postMessage(x509);
+ const modulusOSSL = 'D456320AFB20D3827093DC2C4284ED04DFBABD56E1DDAE529E28B790CD42' +
+ '56DB273349F3735FFD337C7A6363ECCA5A27B7F73DC7089A96C6D886DB0C' +
+ '62388F1CDD6A963AFCD599D5800E587A11F908960F84ED50BA25A28303EC' +
+ 'DA6E684FBE7BAEDC9CE8801327B1697AF25097CEE3F175E400984C0DB6A8' +
+ 'EB87BE03B4CF94774BA56FFFC8C63C68D6ADEB60ABBE69A7B14AB6A6B9E7' +
+ 'BAA89B5ADAB8EB07897C07F6D4FA3D660DFF574107D28E8F63467A788624' +
+ 'C574197693E959CEA1362FFAE1BBA10C8C0D88840ABFEF103631B2E8F5C3' +
+ '9B5548A7EA57E8A39F89291813F45A76C448033A2B7ED8403F4BAA147CF3' +
+ '5E2D2554AA65CE49695797095BF4DC6B';
+
// Verify that legacy encoding works
const legacyObjectCheck = {
subject: Object.assign(Object.create(null), {
@@ -277,16 +287,8 @@ oans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
'OCSP - URI': ['http://ocsp.nodejs.org/'],
'CA Issuers - URI': ['http://ca.nodejs.org/ca.cert']
}),
- modulus: 'D456320AFB20D3827093DC2C4284ED04DFBABD56E1DDAE529E28B790CD42' +
- '56DB273349F3735FFD337C7A6363ECCA5A27B7F73DC7089A96C6D886DB0C' +
- '62388F1CDD6A963AFCD599D5800E587A11F908960F84ED50BA25A28303EC' +
- 'DA6E684FBE7BAEDC9CE8801327B1697AF25097CEE3F175E400984C0DB6A8' +
- 'EB87BE03B4CF94774BA56FFFC8C63C68D6ADEB60ABBE69A7B14AB6A6B9E7' +
- 'BAA89B5ADAB8EB07897C07F6D4FA3D660DFF574107D28E8F63467A788624' +
- 'C574197693E959CEA1362FFAE1BBA10C8C0D88840ABFEF103631B2E8F5C3' +
- '9B5548A7EA57E8A39F89291813F45A76C448033A2B7ED8403F4BAA147CF3' +
- '5E2D2554AA65CE49695797095BF4DC6B',
bits: 2048,
+ modulusPattern: new RegExp(modulusOSSL, 'i'),
exponent: '0x10001',
valid_from: 'Sep 3 21:40:37 2022 GMT',
valid_to: 'Jun 17 21:40:37 2296 GMT',
@@ -298,7 +300,7 @@ oans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
'51:62:18:39:E2:E2:77:F5:86:11:E8:C0:CA:54:43:7C:76:83:19:05:D0:03:' +
'24:21:B8:EB:14:61:FB:24:16:EB:BD:51:1A:17:91:04:30:03:EB:68:5F:DC:' +
'86:E1:D1:7C:FB:AF:78:ED:63:5F:29:9C:32:AF:A1:8E:22:96:D1:02',
- serialNumber: '147D36C1C2F74206DE9FAB5F2226D78ADB00A426'
+ serialNumberPattern: /147D36C1C2F74206DE9FAB5F2226D78ADB00A426/i
};
const legacyObject = x509.toLegacyObject();
@@ -307,7 +309,7 @@ oans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
assert.deepStrictEqual(legacyObject.subject, legacyObjectCheck.subject);
assert.deepStrictEqual(legacyObject.issuer, legacyObjectCheck.issuer);
assert.deepStrictEqual(legacyObject.infoAccess, legacyObjectCheck.infoAccess);
- assert.strictEqual(legacyObject.modulus, legacyObjectCheck.modulus);
+ assert.match(legacyObject.modulus, legacyObjectCheck.modulusPattern);
assert.strictEqual(legacyObject.bits, legacyObjectCheck.bits);
assert.strictEqual(legacyObject.exponent, legacyObjectCheck.exponent);
assert.strictEqual(legacyObject.valid_from, legacyObjectCheck.valid_from);
@@ -316,7 +318,7 @@ oans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
assert.strictEqual(
legacyObject.fingerprint256,
legacyObjectCheck.fingerprint256);
- assert.strictEqual(
+ assert.match(
legacyObject.serialNumber,
- legacyObjectCheck.serialNumber);
+ legacyObjectCheck.serialNumberPattern);
}
diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js
index a8ceb169de2b3de73f062083c42292babc673e73..8fb950d0814e5014faf5c1ef576b65795857da1b 100644
--- a/test/parallel/test-crypto.js
+++ b/test/parallel/test-crypto.js
@@ -67,7 +67,7 @@ assert.throws(() => {
// Throws general Error, so there is no opensslErrorStack property.
return err instanceof Error &&
err.name === 'Error' &&
- /^Error: mac verify failure$/.test(err) &&
+ (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
!('opensslErrorStack' in err);
});
@@ -77,7 +77,7 @@ assert.throws(() => {
// Throws general Error, so there is no opensslErrorStack property.
return err instanceof Error &&
err.name === 'Error' &&
- /^Error: mac verify failure$/.test(err) &&
+ (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
!('opensslErrorStack' in err);
});
@@ -87,7 +87,7 @@ assert.throws(() => {
// Throws general Error, so there is no opensslErrorStack property.
return err instanceof Error &&
err.name === 'Error' &&
- /^Error: not enough data$/.test(err) &&
+ /^Error: (not enough data|BAD_PKCS12_DATA)$/.test(err) &&
!('opensslErrorStack' in err);
});
@@ -150,8 +150,6 @@ assert(crypto.getHashes().includes('sha1'));
assert(crypto.getHashes().includes('sha256'));
assert(!crypto.getHashes().includes('SHA1'));
assert(!crypto.getHashes().includes('SHA256'));
-assert(crypto.getHashes().includes('RSA-SHA1'));
-assert(!crypto.getHashes().includes('rsa-sha1'));
validateList(crypto.getHashes());
// Make sure all of the hashes are supported by OpenSSL
for (const algo of crypto.getHashes())
@@ -188,7 +186,7 @@ const encodingError = {
// hex input that's not a power of two should throw, not assert in C++ land.
['createCipher', 'createDecipher'].forEach((funcName) => {
assert.throws(
- () => crypto[funcName]('aes192', 'test').update('0', 'hex'),
+ () => crypto[funcName]('aes-192-cbc', 'test').update('0', 'hex'),
(error) => {
assert.ok(!('opensslErrorStack' in error));
if (common.hasFipsCrypto) {
@@ -219,7 +217,7 @@ assert.throws(
return true;
}
);
-
+/*
assert.throws(() => {
const priv = [
'-----BEGIN RSA PRIVATE KEY-----',
@@ -232,6 +230,7 @@ assert.throws(() => {
].join('\n');
crypto.createSign('SHA256').update('test').sign(priv);
}, (err) => {
+ console.log(err)
if (!common.hasOpenSSL3)
assert.ok(!('opensslErrorStack' in err));
assert.throws(() => { throw err; }, common.hasOpenSSL3 ? {
@@ -240,10 +239,10 @@ assert.throws(() => {
library: 'rsa routines',
} : {
name: 'Error',
- message: /routines:RSA_sign:digest too big for rsa key$/,
- library: 'rsa routines',
- function: 'RSA_sign',
- reason: 'digest too big for rsa key',
+ message: /routines:RSA_sign:digest too big for rsa key$|routines:OPENSSL_internal:DIGEST_TOO_BIG_FOR_RSA_KEY$/,
+ library: /rsa routines|RSA routines/,
+ function: /RSA_sign|OPENSSL_internal/,
+ reason: /digest too big for rsa key|DIGEST_TOO_BIG_FOR_RSA_KEY/,
code: 'ERR_OSSL_RSA_DIGEST_TOO_BIG_FOR_RSA_KEY'
});
return true;
@@ -276,7 +275,7 @@ if (!common.hasOpenSSL3) {
return true;
});
}
-
+*/
// Make sure memory isn't released before being returned
console.log(crypto.randomBytes(16));
diff --git a/test/parallel/test-https-agent-additional-options.js b/test/parallel/test-https-agent-additional-options.js
index 543ee176fb6af38874fee9f14be76f3fdda11060..fef9f1bc2f9fc6c220cf47847e86e03882b51b1d 100644
--- a/test/parallel/test-https-agent-additional-options.js
+++ b/test/parallel/test-https-agent-additional-options.js
@@ -13,7 +13,7 @@ const options = {
cert: fixtures.readKey('agent1-cert.pem'),
ca: fixtures.readKey('ca1-cert.pem'),
minVersion: 'TLSv1.1',
- ciphers: 'ALL@SECLEVEL=0'
+ // ciphers: 'ALL@SECLEVEL=0'
};
const server = https.Server(options, (req, res) => {
@@ -28,7 +28,7 @@ function getBaseOptions(port) {
ca: options.ca,
rejectUnauthorized: true,
servername: 'agent1',
- ciphers: 'ALL@SECLEVEL=0'
+ // ciphers: 'ALL@SECLEVEL=0'
};
}
diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js
index 940c43cc40bf15e51df177ee30ecc69ffbeec296..e95743a91a3c709c7d2c10dc80b3f75b7d988027 100644
--- a/test/parallel/test-https-agent-session-eviction.js
+++ b/test/parallel/test-https-agent-session-eviction.js
@@ -14,7 +14,7 @@ const options = {
key: readKey('agent1-key.pem'),
cert: readKey('agent1-cert.pem'),
secureOptions: SSL_OP_NO_TICKET,
- ciphers: 'RSA@SECLEVEL=0'
+ // ciphers: 'RSA@SECLEVEL=0'
};
// Create TLS1.2 server
diff --git a/test/parallel/test-tls-getcertificate-x509.js b/test/parallel/test-tls-getcertificate-x509.js
index aa685ca9e09cf0d17ff4d5480089e9977dd51f72..ccafa427433922155c1afd5d95ba69d8108825ef 100644
--- a/test/parallel/test-tls-getcertificate-x509.js
+++ b/test/parallel/test-tls-getcertificate-x509.js
@@ -20,9 +20,7 @@ const server = tls.createServer(options, function(cleartext) {
server.once('secureConnection', common.mustCall(function(socket) {
const cert = socket.getX509Certificate();
assert(cert instanceof X509Certificate);
- assert.strictEqual(
- cert.serialNumber,
- '5B75D77EDC7FB5B7FA9F1424DA4C64FB815DCBDE');
+ assert.match(cert.serialNumber, /5B75D77EDC7FB5B7FA9F1424DA4C64FB815DCBDE/i)
}));
server.listen(0, common.mustCall(function() {
@@ -33,10 +31,7 @@ server.listen(0, common.mustCall(function() {
const peerCert = socket.getPeerX509Certificate();
assert(peerCert.issuerCertificate instanceof X509Certificate);
assert.strictEqual(peerCert.issuerCertificate.issuerCertificate, undefined);
- assert.strictEqual(
- peerCert.issuerCertificate.serialNumber,
- '147D36C1C2F74206DE9FAB5F2226D78ADB00A425'
- );
+ assert.match(peerCert.issuerCertificate.serialNumber, /147D36C1C2F74206DE9FAB5F2226D78ADB00A425/i);
server.close();
}));
socket.end('Hello');
diff --git a/test/parallel/test-tls-getprotocol.js b/test/parallel/test-tls-getprotocol.js
index d45287d671d8afb1be391d391efc4d098d0b77c9..86f1a12528b535eefeb8c263581f1240f3df5771 100644
--- a/test/parallel/test-tls-getprotocol.js
+++ b/test/parallel/test-tls-getprotocol.js
@@ -18,7 +18,7 @@ const clientConfigs = [
const serverConfig = {
secureProtocol: 'TLS_method',
- ciphers: 'RSA@SECLEVEL=0',
+ // ciphers: 'RSA@SECLEVEL=0',
key: fixtures.readKey('agent2-key.pem'),
cert: fixtures.readKey('agent2-cert.pem')
};
diff --git a/test/parallel/test-tls-write-error.js b/test/parallel/test-tls-write-error.js
index b06f2fa2c53ea72f9a66f0d002dd9281d0259a0f..864fffeebfad75d95416fd47efdea7f222c507a2 100644
--- a/test/parallel/test-tls-write-error.js
+++ b/test/parallel/test-tls-write-error.js
@@ -17,7 +17,7 @@ const server_cert = fixtures.readKey('agent1-cert.pem');
const opts = {
key: server_key,
cert: server_cert,
- ciphers: 'ALL@SECLEVEL=0'
+ // ciphers: 'ALL@SECLEVEL=0'
};
const server = https.createServer(opts, (req, res) => {
diff --git a/test/parallel/test-webcrypto-derivebits.js b/test/parallel/test-webcrypto-derivebits.js
index 442423954b10b2ee1696eb7db56eaa4c88492122..cbb96d7de046c80fad608431b7ec0216e2d271fb 100644
--- a/test/parallel/test-webcrypto-derivebits.js
+++ b/test/parallel/test-webcrypto-derivebits.js
@@ -101,6 +101,7 @@ const { subtle } = require('crypto').webcrypto;
tests.then(common.mustCall());
}
+/*
// Test X25519 and X448 bit derivation
{
async function test(name) {
@@ -126,3 +127,4 @@ const { subtle } = require('crypto').webcrypto;
test('X25519').then(common.mustCall());
test('X448').then(common.mustCall());
}
+*/
diff --git a/test/parallel/test-webcrypto-derivekey.js b/test/parallel/test-webcrypto-derivekey.js
index b819b998d217e0c71e9b41f175de6802d3ac7d90..fbd32b02abd120aa02b9ac92341ef1331422308d 100644
--- a/test/parallel/test-webcrypto-derivekey.js
+++ b/test/parallel/test-webcrypto-derivekey.js
@@ -174,6 +174,7 @@ const { webcrypto: { subtle }, KeyObject } = require('crypto');
})().then(common.mustCall());
}
+/*
// Test X25519 and X448 key derivation
{
async function test(name) {
@@ -208,3 +209,4 @@ const { webcrypto: { subtle }, KeyObject } = require('crypto');
test('X25519').then(common.mustCall());
test('X448').then(common.mustCall());
}
+*/
diff --git a/test/parallel/test-webcrypto-sign-verify.js b/test/parallel/test-webcrypto-sign-verify.js
index 6c6b15781549a4b37781bf0b8014054dc5d8c746..142d41b169c836201660d78c19383f3ffc469407 100644
--- a/test/parallel/test-webcrypto-sign-verify.js
+++ b/test/parallel/test-webcrypto-sign-verify.js
@@ -105,6 +105,7 @@ const { subtle } = require('crypto').webcrypto;
test('hello world').then(common.mustCall());
}
+/*
// Test Sign/Verify Ed25519
{
async function test(data) {
@@ -144,3 +145,4 @@ const { subtle } = require('crypto').webcrypto;
test('hello world').then(common.mustCall());
}
+*/
diff --git a/test/parallel/test-webcrypto-wrap-unwrap.js b/test/parallel/test-webcrypto-wrap-unwrap.js
index 8d107a99bdd8c5ce0c32cfbbc337b2c880bde200..2a2b7e2253ed2d55b3fb973d06dec768ba9b1e1c 100644
--- a/test/parallel/test-webcrypto-wrap-unwrap.js
+++ b/test/parallel/test-webcrypto-wrap-unwrap.js
@@ -18,14 +18,15 @@ const kWrappingData = {
wrap: { label: new Uint8Array(8) },
pair: true
},
- 'AES-CTR': {
+ 'AES-CBC': {
generate: { length: 128 },
- wrap: { counter: new Uint8Array(16), length: 64 },
+ wrap: { iv: new Uint8Array(16) },
pair: false
},
- 'AES-CBC': {
+ /*
+ 'AES-CTR': {
generate: { length: 128 },
- wrap: { iv: new Uint8Array(16) },
+ wrap: { counter: new Uint8Array(16), length: 64 },
pair: false
},
'AES-GCM': {
@@ -42,6 +43,7 @@ const kWrappingData = {
wrap: { },
pair: false
}
+ */
};
function generateWrappingKeys() {
diff --git a/test/parallel/test-x509-escaping.js b/test/parallel/test-x509-escaping.js
index 170103fd9c973d64a30ee319a45c7e11c72a19d4..c19118146269651e4fe7d5591360876ce66bb1f6 100644
--- a/test/parallel/test-x509-escaping.js
+++ b/test/parallel/test-x509-escaping.js
@@ -447,7 +447,7 @@ const { hasOpenSSL3 } = common;
assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
undefined);
assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
- servername);
+ undefined);
assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
undefined);
@@ -482,11 +482,11 @@ const { hasOpenSSL3 } = common;
assert.strictEqual(certX509.subjectAltName, 'IP Address:1.2.3.4');
// The newer X509Certificate API allows customizing this behavior:
- assert.strictEqual(certX509.checkHost(servername), servername);
+ assert.strictEqual(certX509.checkHost(servername), undefined);
assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
- servername);
+ undefined);
assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
- servername);
+ undefined);
assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
undefined);
Reference in New Issue View Git Blame Copy Permalink