mirror of
https://github.com/electron/electron.git
synced 2026-01-09 07:28:12 -05:00
40cdfdb1d1
* chore: bump node in DEPS to v22.18.0 * crypto: fix inclusion of OPENSSL_IS_BORINGSSL define https://github.com/nodejs/node/pull/58845 * crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 https://github.com/nodejs/node/pull/58960 * permission: propagate permission model flags on spawn https://github.com/nodejs/node/pull/58853 * esm: syncify default path of ModuleLoader\.load https://github.com/nodejs/node/pull/57419 * src: remove fast API for InternalModuleStat https://github.com/nodejs/node/pull/58489 * src: simplify adding fast APIs to ExternalReferenceRegistry https://github.com/nodejs/node/pull/58896/ * chore: fixup patch indices * src: fix internalModuleStat v8 fast path https://github.com/nodejs/node/pull/58054 * test: add tests to ensure that node.1 is kept in sync with cli.md https://github.com/nodejs/node/pull/58878 * crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 https://github.com/nodejs/node/pull/58942 --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
537 lines
22 KiB
Diff
537 lines
22 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Rose <nornagon@nornagon.net>
|
|
Date: Tue, 9 Feb 2021 12:34:46 -0800
|
|
Subject: fix crypto tests to run with bssl
|
|
|
|
This fixes some crypto tests so that they pass when compiled with
|
|
BoringSSL.
|
|
|
|
This should be upstreamed in some form, though it may need to be tweaked
|
|
before it's acceptable to upstream, as this patch comments out a couple
|
|
of tests that upstream probably cares about.
|
|
|
|
diff --git a/test/parallel/test-crypto-async-sign-verify.js b/test/parallel/test-crypto-async-sign-verify.js
|
|
index b35dd08e6c49796418cd9d10eb5cc9d02b39961e..97bcd79b331db140d157e6b1faf92625597edc98 100644
|
|
--- a/test/parallel/test-crypto-async-sign-verify.js
|
|
+++ b/test/parallel/test-crypto-async-sign-verify.js
|
|
@@ -89,6 +89,7 @@ test('rsa_public.pem', 'rsa_private.pem', 'sha256', false,
|
|
// ED25519
|
|
test('ed25519_public.pem', 'ed25519_private.pem', undefined, true);
|
|
// ED448
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
test('ed448_public.pem', 'ed448_private.pem', undefined, true);
|
|
|
|
// ECDSA w/ der signature encoding
|
|
@@ -110,6 +111,7 @@ test('dsa_public.pem', 'dsa_private.pem', 'sha256',
|
|
// DSA w/ ieee-p1363 signature encoding
|
|
test('dsa_public.pem', 'dsa_private.pem', 'sha256', false,
|
|
{ dsaEncoding: 'ieee-p1363' });
|
|
+}
|
|
|
|
// Test Parallel Execution w/ KeyObject is threadsafe in openssl3
|
|
{
|
|
@@ -150,8 +152,10 @@ MCowBQYDK2VuAyEA6pwGRbadNQAI/tYN8+/p/0/hbsdHfOEGr1ADiLVk/Gc=
|
|
const data = crypto.randomBytes(32);
|
|
const signature = crypto.randomBytes(16);
|
|
|
|
- const expected = hasOpenSSL3 ?
|
|
- /operation not supported for this keytype/ : /no default digest/;
|
|
+ let expected = /no default digest/;
|
|
+ if (hasOpenSSL3 || process.features.openssl_is_boringssl) {
|
|
+ expected = /operation[\s_]not[\s_]supported[\s_]for[\s_]this[\s_]keytype/i;
|
|
+ }
|
|
|
|
crypto.verify(undefined, data, untrustedKey, signature, common.mustCall((err) => {
|
|
assert.ok(err);
|
|
@@ -165,6 +169,6 @@ MCowBQYDK2VuAyEA6pwGRbadNQAI/tYN8+/p/0/hbsdHfOEGr1ADiLVk/Gc=
|
|
});
|
|
crypto.sign('sha512', 'message', privateKey, common.mustCall((err) => {
|
|
assert.ok(err);
|
|
- assert.match(err.message, /digest too big for rsa key/);
|
|
+ assert.match(err.message, /digest[\s_]too[\s_]big[\s_]for[\s_]rsa[\s_]key/i);
|
|
}));
|
|
}
|
|
diff --git a/test/parallel/test-crypto-certificate.js b/test/parallel/test-crypto-certificate.js
|
|
index 4a5f1f149fe6c739f7f1d2ee17df6e61a942d621..b3287f428ce6b3fde11d449c601a57ff5e3843f9 100644
|
|
--- a/test/parallel/test-crypto-certificate.js
|
|
+++ b/test/parallel/test-crypto-certificate.js
|
|
@@ -40,8 +40,10 @@ function copyArrayBuffer(buf) {
|
|
}
|
|
|
|
function checkMethods(certificate) {
|
|
-
|
|
+ /* spkacValid has a md5 based signature which is not allowed in boringssl
|
|
+ https://boringssl.googlesource.com/boringssl/+/33d7e32ce40c04e8f1b99c05964956fda187819f
|
|
assert.strictEqual(certificate.verifySpkac(spkacValid), true);
|
|
+ */
|
|
assert.strictEqual(certificate.verifySpkac(spkacFail), false);
|
|
|
|
assert.strictEqual(
|
|
@@ -56,10 +58,12 @@ function checkMethods(certificate) {
|
|
);
|
|
assert.strictEqual(certificate.exportChallenge(spkacFail), '');
|
|
|
|
+ /* spkacValid has a md5 based signature which is not allowed in boringssl
|
|
const ab = copyArrayBuffer(spkacValid);
|
|
assert.strictEqual(certificate.verifySpkac(ab), true);
|
|
assert.strictEqual(certificate.verifySpkac(new Uint8Array(ab)), true);
|
|
assert.strictEqual(certificate.verifySpkac(new DataView(ab)), true);
|
|
+ */
|
|
}
|
|
|
|
{
|
|
diff --git a/test/parallel/test-crypto-cipheriv-decipheriv.js b/test/parallel/test-crypto-cipheriv-decipheriv.js
|
|
index 88d07c3b957f57b85861542d174a0fd0ba8ceb66..1f430197579ff5f31322bfa0fa5e92e4c58588e2 100644
|
|
--- a/test/parallel/test-crypto-cipheriv-decipheriv.js
|
|
+++ b/test/parallel/test-crypto-cipheriv-decipheriv.js
|
|
@@ -62,6 +62,10 @@ function testCipher2(key, iv) {
|
|
|
|
|
|
function testCipher3(key, iv) {
|
|
+ if (!crypto.getCiphers().includes('id-aes128-wrap')) {
|
|
+ common.printSkipMessage(`unsupported id-aes128-wrap test`);
|
|
+ return;
|
|
+ }
|
|
// Test encryption and decryption with explicit key and iv.
|
|
// AES Key Wrap test vector comes from RFC3394
|
|
const plaintext = Buffer.from('00112233445566778899AABBCCDDEEFF', 'hex');
|
|
diff --git a/test/parallel/test-crypto-dh-curves.js b/test/parallel/test-crypto-dh-curves.js
|
|
index 81a469c226c261564dee1e0b06b6571b18a41f1f..58b66045dba4201b7ebedd78b129420ffc316051 100644
|
|
--- a/test/parallel/test-crypto-dh-curves.js
|
|
+++ b/test/parallel/test-crypto-dh-curves.js
|
|
@@ -16,7 +16,7 @@ const p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' +
|
|
crypto.createDiffieHellman(p, 'hex');
|
|
|
|
// Confirm DH_check() results are exposed for optional examination.
|
|
-const bad_dh = crypto.createDiffieHellman('02', 'hex');
|
|
+const bad_dh = crypto.createDiffieHellman('abcd', 'hex', 0);
|
|
assert.notStrictEqual(bad_dh.verifyError, 0);
|
|
|
|
const availableCurves = new Set(crypto.getCurves());
|
|
diff --git a/test/parallel/test-crypto-dh-errors.js b/test/parallel/test-crypto-dh-errors.js
|
|
index 0af4db0310750cea9350ecff7fc44404c6df6c83..b14b4bbf88b902b6de916b92e3d48335c01df911 100644
|
|
--- a/test/parallel/test-crypto-dh-errors.js
|
|
+++ b/test/parallel/test-crypto-dh-errors.js
|
|
@@ -27,7 +27,7 @@ assert.throws(() => crypto.createDiffieHellman('abcdef', 13.37), {
|
|
for (const bits of [-1, 0, 1]) {
|
|
if (hasOpenSSL3) {
|
|
assert.throws(() => crypto.createDiffieHellman(bits), {
|
|
- code: 'ERR_OSSL_DH_MODULUS_TOO_SMALL',
|
|
+ code: 'ERR_OSSL_BN_BITS_TOO_SMALL',
|
|
name: 'Error',
|
|
message: /modulus too small/,
|
|
});
|
|
@@ -35,7 +35,7 @@ for (const bits of [-1, 0, 1]) {
|
|
assert.throws(() => crypto.createDiffieHellman(bits), {
|
|
code: 'ERR_OSSL_BN_BITS_TOO_SMALL',
|
|
name: 'Error',
|
|
- message: /bits too small/,
|
|
+ message: /bits[\s_]too[\s_]small/i,
|
|
});
|
|
}
|
|
}
|
|
diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
|
|
index d7ffbe5eca92734aa2380f482c7f9bfe7e2a36c7..b4e7002d862907d2af3b4f8e985700bd03300809 100644
|
|
--- a/test/parallel/test-crypto-dh.js
|
|
+++ b/test/parallel/test-crypto-dh.js
|
|
@@ -60,18 +60,17 @@ const {
|
|
let wrongBlockLength;
|
|
if (hasOpenSSL3) {
|
|
wrongBlockLength = {
|
|
- message: 'error:1C80006B:Provider routines::wrong final block length',
|
|
- code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
|
|
- library: 'Provider routines',
|
|
- reason: 'wrong final block length'
|
|
+ message: /wrong[\s_]final[\s_]block[\s_]length/i,
|
|
+ code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
|
|
+ library: /Provider routines|Cipher functions/,
|
|
+ reason: /wrong[\s_]final[\s_]block[\s_]length/i,
|
|
};
|
|
} else {
|
|
wrongBlockLength = {
|
|
- message: 'error:0606506D:digital envelope' +
|
|
- ' routines:EVP_DecryptFinal_ex:wrong final block length',
|
|
- code: 'ERR_OSSL_EVP_WRONG_FINAL_BLOCK_LENGTH',
|
|
- library: 'digital envelope routines',
|
|
- reason: 'wrong final block length'
|
|
+ message: /wrong[\s_]final[\s_]block[\s_]length/i,
|
|
+ code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
|
|
+ library: /digital envelope routines|Cipher functions/,
|
|
+ reason: /wrong[\s_]final[\s_]block[\s_]length/i,
|
|
};
|
|
}
|
|
|
|
@@ -98,17 +97,23 @@ const {
|
|
dh3.computeSecret('');
|
|
}, { message: hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
|
|
'Unspecified validation error' :
|
|
- 'Supplied key is too small' });
|
|
+ 'Supplied key is invalid' });
|
|
}
|
|
}
|
|
|
|
// Through a fluke of history, g=0 defaults to DH_GENERATOR (2).
|
|
{
|
|
const g = 0;
|
|
- crypto.createDiffieHellman('abcdef', g);
|
|
+ assert.throws(() => crypto.createDiffieHellman('abcdef', g), {
|
|
+ code: /ERR_CRYPTO_OPERATION_FAILED/,
|
|
+ name: 'Error'
|
|
+ });
|
|
crypto.createDiffieHellman('abcdef', 'hex', g);
|
|
}
|
|
|
|
{
|
|
- crypto.createDiffieHellman('abcdef', Buffer.from([2])); // OK
|
|
+ assert.throws(() => crypto.createDiffieHellman('abcdef', Buffer.from([2])), {
|
|
+ code: /ERR_CRYPTO_OPERATION_FAILED/,
|
|
+ name: 'Error'
|
|
+ });
|
|
}
|
|
diff --git a/test/parallel/test-crypto-hash-stream-pipe.js b/test/parallel/test-crypto-hash-stream-pipe.js
|
|
index d22281abbd5c3cab3aaa3ac494301fa6b4a8a968..5f0c6a4aed2e868a1a1049212edf218791cd6868 100644
|
|
--- a/test/parallel/test-crypto-hash-stream-pipe.js
|
|
+++ b/test/parallel/test-crypto-hash-stream-pipe.js
|
|
@@ -30,11 +30,11 @@ const crypto = require('crypto');
|
|
|
|
const stream = require('stream');
|
|
const s = new stream.PassThrough();
|
|
-const h = crypto.createHash('sha3-512');
|
|
-const expect = '36a38a2a35e698974d4e5791a3f05b05' +
|
|
- '198235381e864f91a0e8cd6a26b677ec' +
|
|
- 'dcde8e2b069bd7355fabd68abd6fc801' +
|
|
- '19659f25e92f8efc961ee3a7c815c758';
|
|
+const h = crypto.createHash('sha512');
|
|
+const expect = 'fba055c6fd0c5b6645407749ed7a8b41' +
|
|
+ 'b8f629f2163c3ca3701d864adabda1f8' +
|
|
+ '93c37bf82b22fdd151ba8e357f611da4' +
|
|
+ '88a74b6a5525dd9b69554c6ce5138ad7';
|
|
|
|
s.pipe(h).on('data', common.mustCall(function(c) {
|
|
assert.strictEqual(c, expect);
|
|
diff --git a/test/parallel/test-crypto-hash.js b/test/parallel/test-crypto-hash.js
|
|
index 929dd36c669239804f2cfc5168bd3bf6e15855e6..8ebe599bbd21ad30e5041e0eab1e5898caf33e49 100644
|
|
--- a/test/parallel/test-crypto-hash.js
|
|
+++ b/test/parallel/test-crypto-hash.js
|
|
@@ -182,7 +182,7 @@ assert.throws(
|
|
}
|
|
|
|
// Test XOF hash functions and the outputLength option.
|
|
-{
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
// Default outputLengths.
|
|
assert.strictEqual(crypto.createHash('shake128').digest('hex'),
|
|
'7f9c2ba4e88f827d616045507605853e');
|
|
diff --git a/test/parallel/test-crypto-padding.js b/test/parallel/test-crypto-padding.js
|
|
index 48cd1ed4df61aaddeee8785cb90f83bdd9628187..d09e01712c617597833bb1320a32a967bcf1d318 100644
|
|
--- a/test/parallel/test-crypto-padding.js
|
|
+++ b/test/parallel/test-crypto-padding.js
|
|
@@ -84,14 +84,13 @@ assert.throws(function() {
|
|
// Input must have block length %.
|
|
enc(ODD_LENGTH_PLAIN, false);
|
|
}, hasOpenSSL3 ? {
|
|
- message: 'error:1C80006B:Provider routines::wrong final block length',
|
|
- code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
|
|
- reason: 'wrong final block length',
|
|
+ message: /wrong[\s_]final[\s_]block[\s_]length/i,
|
|
+ code: /ERR_OSSL(_EVP)?_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
|
|
+ message: /wrong[\s_]final[\s_]block[\s_]length/i,
|
|
} : {
|
|
- message: 'error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:' +
|
|
- 'data not multiple of block length',
|
|
- code: 'ERR_OSSL_EVP_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH',
|
|
- reason: 'data not multiple of block length',
|
|
+ message: /data[\s_]not[\s_]multiple[\s_]of[\s_]block[\s_]length/i,
|
|
+ code: /ERR_OSSL(_EVP)?_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
|
|
+ reason: /data[\s_]not[\s_]multiple[\s_]of[\s_]block[\s_]length/i,
|
|
}
|
|
);
|
|
|
|
@@ -110,15 +109,10 @@ assert.strictEqual(dec(EVEN_LENGTH_ENCRYPTED, false).length, 48);
|
|
assert.throws(function() {
|
|
// Must have at least 1 byte of padding (PKCS):
|
|
assert.strictEqual(dec(EVEN_LENGTH_ENCRYPTED_NOPAD, true), EVEN_LENGTH_PLAIN);
|
|
-}, hasOpenSSL3 ? {
|
|
- message: 'error:1C800064:Provider routines::bad decrypt',
|
|
- reason: 'bad decrypt',
|
|
- code: 'ERR_OSSL_BAD_DECRYPT',
|
|
-} : {
|
|
- message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
|
|
- 'bad decrypt',
|
|
- reason: 'bad decrypt',
|
|
- code: 'ERR_OSSL_EVP_BAD_DECRYPT',
|
|
+}, {
|
|
+ message: /bad[\s_]decrypt/i,
|
|
+ reason: /bad[\s_]decrypt/i,
|
|
+ code: /ERR_OSSL(_EVP)?_BAD_DECRYPT/,
|
|
});
|
|
|
|
// No-pad encrypted string should return the same:
|
|
diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
|
|
index dcd5045daaf58c60e27c1e2f7941033302241339..b52ec0e2cd5d6b1c9a0fee3064f2f8ff3b6e4308 100644
|
|
--- a/test/parallel/test-crypto-rsa-dsa.js
|
|
+++ b/test/parallel/test-crypto-rsa-dsa.js
|
|
@@ -29,12 +29,11 @@ const dsaPkcs8KeyPem = fixtures.readKey('dsa_private_pkcs8.pem');
|
|
const ec = new TextEncoder();
|
|
|
|
const openssl1DecryptError = {
|
|
- message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
|
|
- 'bad decrypt',
|
|
- code: 'ERR_OSSL_EVP_BAD_DECRYPT',
|
|
- reason: 'bad decrypt',
|
|
- function: 'EVP_DecryptFinal_ex',
|
|
- library: 'digital envelope routines',
|
|
+ message: /error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt|error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT/,
|
|
+ code: /ERR_OSSL(_EVP)?_BAD_DECRYPT/,
|
|
+ reason: /bad decrypt|BAD_DECRYPT/,
|
|
+ function: /EVP_DecryptFinal_ex|OPENSSL_internal/,
|
|
+ library: /digital envelope routines|Cipher functions/,
|
|
};
|
|
|
|
const decryptError = hasOpenSSL3 ?
|
|
@@ -223,7 +222,7 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) {
|
|
}, bufferToEncrypt);
|
|
|
|
|
|
- if (padding === constants.RSA_PKCS1_PADDING) {
|
|
+ if (!process.features.openssl_is_boringssl) {
|
|
if (!process.config.variables.node_shared_openssl) {
|
|
assert.throws(() => {
|
|
crypto.privateDecrypt({
|
|
@@ -471,7 +470,7 @@ assert.throws(() => {
|
|
//
|
|
// Test DSA signing and verification
|
|
//
|
|
-{
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
const input = 'I AM THE WALRUS';
|
|
|
|
// DSA signatures vary across runs so there is no static string to verify
|
|
diff --git a/test/parallel/test-crypto-scrypt.js b/test/parallel/test-crypto-scrypt.js
|
|
index 03a18c7522531c7317f12705550117dc389a0245..2f0f46f2c6ddc62de89877cfa0ca80949a0f4c5e 100644
|
|
--- a/test/parallel/test-crypto-scrypt.js
|
|
+++ b/test/parallel/test-crypto-scrypt.js
|
|
@@ -176,7 +176,7 @@ for (const options of bad) {
|
|
|
|
for (const options of toobig) {
|
|
const expected = {
|
|
- message: /Invalid scrypt params:.*memory limit exceeded/,
|
|
+ message: /Invalid scrypt params/,
|
|
code: 'ERR_CRYPTO_INVALID_SCRYPT_PARAMS',
|
|
};
|
|
assert.throws(() => crypto.scrypt('pass', 'salt', 1, options, () => {}),
|
|
diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
|
|
index 0589d60736e377f24dc8550f87a6b7624173fc44..113003826fc47a589cf2334f7345e33d3e189d0a 100644
|
|
--- a/test/parallel/test-crypto-sign-verify.js
|
|
+++ b/test/parallel/test-crypto-sign-verify.js
|
|
@@ -33,7 +33,7 @@ const keySize = 2048;
|
|
}
|
|
|
|
// Test handling of exceptional conditions
|
|
-{
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
const library = {
|
|
configurable: true,
|
|
set() {
|
|
@@ -345,15 +345,15 @@ assert.throws(
|
|
padding: crypto.constants.RSA_PKCS1_OAEP_PADDING
|
|
});
|
|
}, hasOpenSSL3 ? {
|
|
- code: 'ERR_OSSL_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
|
|
- message: /illegal or unsupported padding mode/,
|
|
+ code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
|
|
+ message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
|
|
} : {
|
|
- code: 'ERR_OSSL_RSA_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
|
|
- message: /illegal or unsupported padding mode/,
|
|
- opensslErrorStack: [
|
|
+ code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
|
|
+ message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
|
|
+ /*opensslErrorStack: [
|
|
'error:06089093:digital envelope routines:EVP_PKEY_CTX_ctrl:' +
|
|
'command not supported',
|
|
- ],
|
|
+ ],*/
|
|
});
|
|
}
|
|
|
|
@@ -423,10 +423,12 @@ assert.throws(
|
|
public: fixtures.readKey('ed25519_public.pem', 'ascii'),
|
|
algo: null,
|
|
sigLen: 64 },
|
|
+ /*
|
|
{ private: fixtures.readKey('ed448_private.pem', 'ascii'),
|
|
public: fixtures.readKey('ed448_public.pem', 'ascii'),
|
|
algo: null,
|
|
sigLen: 114 },
|
|
+ */
|
|
{ private: fixtures.readKey('rsa_private_2048.pem', 'ascii'),
|
|
public: fixtures.readKey('rsa_public_2048.pem', 'ascii'),
|
|
algo: 'sha1',
|
|
@@ -497,7 +499,7 @@ assert.throws(
|
|
|
|
{
|
|
const data = Buffer.from('Hello world');
|
|
- const keys = [['ec-key.pem', 64], ['dsa_private_1025.pem', 40]];
|
|
+ const keys = [['ec-key.pem', 64]/*, ['dsa_private_1025.pem', 40]*/];
|
|
|
|
for (const [file, length] of keys) {
|
|
const privKey = fixtures.readKey(file);
|
|
diff --git a/test/parallel/test-crypto-stream.js b/test/parallel/test-crypto-stream.js
|
|
index 747af780469c22eb8e4c6c35424043e868f75c3d..ed0916b036a9af23d805007ebd609973ee954473 100644
|
|
--- a/test/parallel/test-crypto-stream.js
|
|
+++ b/test/parallel/test-crypto-stream.js
|
|
@@ -73,9 +73,9 @@ const cipher = crypto.createCipheriv('aes-128-cbc', key, iv);
|
|
const decipher = crypto.createDecipheriv('aes-128-cbc', badkey, iv);
|
|
|
|
cipher.pipe(decipher)
|
|
- .on('error', common.expectsError(hasOpenSSL3 ? {
|
|
- message: /bad[\s_]decrypt/,
|
|
- library: 'Provider routines',
|
|
+ .on('error', common.expectsError((hasOpenSSL3 || process.features.openssl_is_boringssl) ? {
|
|
+ message: /bad[\s_]decrypt/i,
|
|
+ library: /Provider routines|Cipher functions/,
|
|
reason: /bad[\s_]decrypt/i,
|
|
} : {
|
|
message: /bad[\s_]decrypt/i,
|
|
diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js
|
|
index 84111740cd9ef6425b747e24e984e66e46b0b2ef..b1621d310536fae3fdec91a6a9d275ec8fc99a98 100644
|
|
--- a/test/parallel/test-crypto.js
|
|
+++ b/test/parallel/test-crypto.js
|
|
@@ -62,7 +62,7 @@ assert.throws(() => {
|
|
// Throws general Error, so there is no opensslErrorStack property.
|
|
return err instanceof Error &&
|
|
err.name === 'Error' &&
|
|
- /^Error: mac verify failure$/.test(err) &&
|
|
+ (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
|
|
!('opensslErrorStack' in err);
|
|
});
|
|
|
|
@@ -72,7 +72,7 @@ assert.throws(() => {
|
|
// Throws general Error, so there is no opensslErrorStack property.
|
|
return err instanceof Error &&
|
|
err.name === 'Error' &&
|
|
- /^Error: mac verify failure$/.test(err) &&
|
|
+ (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
|
|
!('opensslErrorStack' in err);
|
|
});
|
|
|
|
@@ -82,7 +82,7 @@ assert.throws(() => {
|
|
// Throws general Error, so there is no opensslErrorStack property.
|
|
return err instanceof Error &&
|
|
err.name === 'Error' &&
|
|
- /^Error: not enough data$/.test(err) &&
|
|
+ /^Error: (not enough data|BAD_PKCS12_DATA)$/.test(err) &&
|
|
!('opensslErrorStack' in err);
|
|
});
|
|
|
|
@@ -145,8 +145,6 @@ assert(crypto.getHashes().includes('sha1'));
|
|
assert(crypto.getHashes().includes('sha256'));
|
|
assert(!crypto.getHashes().includes('SHA1'));
|
|
assert(!crypto.getHashes().includes('SHA256'));
|
|
-assert(crypto.getHashes().includes('RSA-SHA1'));
|
|
-assert(!crypto.getHashes().includes('rsa-sha1'));
|
|
validateList(crypto.getHashes());
|
|
// Make sure all of the hashes are supported by OpenSSL
|
|
for (const algo of crypto.getHashes())
|
|
@@ -197,6 +195,7 @@ assert.throws(
|
|
}
|
|
);
|
|
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
assert.throws(() => {
|
|
const priv = [
|
|
'-----BEGIN RSA PRIVATE KEY-----',
|
|
@@ -253,7 +252,7 @@ if (!hasOpenSSL3) {
|
|
return true;
|
|
});
|
|
}
|
|
-
|
|
+}
|
|
// Make sure memory isn't released before being returned
|
|
console.log(crypto.randomBytes(16));
|
|
|
|
diff --git a/test/parallel/test-tls-alert-handling.js b/test/parallel/test-tls-alert-handling.js
|
|
index 7bd42bbe721c4c9442410d524c5ca740078fc72c..de49dbdc2b75517f497af353a6b24b1beb11ed69 100644
|
|
--- a/test/parallel/test-tls-alert-handling.js
|
|
+++ b/test/parallel/test-tls-alert-handling.js
|
|
@@ -43,7 +43,8 @@ const errorHandler = common.mustCall((err) => {
|
|
|
|
assert.strictEqual(err.code, expectedErrorCode);
|
|
assert.strictEqual(err.library, 'SSL routines');
|
|
- if (!hasOpenSSL3) assert.strictEqual(err.function, 'ssl3_get_record');
|
|
+ if (!hasOpenSSL3 && !process.features.openssl_is_boringssl)
|
|
+ assert.strictEqual(err.function, 'ssl3_get_record');
|
|
assert.match(err.reason, expectedErrorReason);
|
|
errorReceived = true;
|
|
if (canCloseServer())
|
|
@@ -105,7 +106,7 @@ function sendBADTLSRecord() {
|
|
}
|
|
assert.strictEqual(err.code, expectedErrorCode);
|
|
assert.strictEqual(err.library, 'SSL routines');
|
|
- if (!hasOpenSSL3)
|
|
+ if (!hasOpenSSL3 && !process.features.openssl_is_boringssl)
|
|
assert.strictEqual(err.function, 'ssl3_read_bytes');
|
|
assert.match(err.reason, expectedErrorReason);
|
|
}));
|
|
diff --git a/test/parallel/test-webcrypto-wrap-unwrap.js b/test/parallel/test-webcrypto-wrap-unwrap.js
|
|
index d1ca571af4be713082d32093bfb8a65f2aef9800..57b8df2ce18df58ff54b2d828af67e3c2e082fe0 100644
|
|
--- a/test/parallel/test-webcrypto-wrap-unwrap.js
|
|
+++ b/test/parallel/test-webcrypto-wrap-unwrap.js
|
|
@@ -18,14 +18,15 @@ const kWrappingData = {
|
|
wrap: { label: new Uint8Array(8) },
|
|
pair: true
|
|
},
|
|
- 'AES-CTR': {
|
|
+ 'AES-CBC': {
|
|
generate: { length: 128 },
|
|
- wrap: { counter: new Uint8Array(16), length: 64 },
|
|
+ wrap: { iv: new Uint8Array(16) },
|
|
pair: false
|
|
},
|
|
- 'AES-CBC': {
|
|
+ /*
|
|
+ 'AES-CTR': {
|
|
generate: { length: 128 },
|
|
- wrap: { iv: new Uint8Array(16) },
|
|
+ wrap: { counter: new Uint8Array(16), length: 64 },
|
|
pair: false
|
|
},
|
|
'AES-GCM': {
|
|
@@ -42,6 +43,7 @@ const kWrappingData = {
|
|
wrap: { },
|
|
pair: false
|
|
}
|
|
+ */
|
|
};
|
|
|
|
function generateWrappingKeys() {
|
|
diff --git a/test/parallel/test-x509-escaping.js b/test/parallel/test-x509-escaping.js
|
|
index b507af88e1f7f3424b7b5d6d683a295b9d208e5e..825ba4c8dce775f401080a0522565bb7a087bcc3 100644
|
|
--- a/test/parallel/test-x509-escaping.js
|
|
+++ b/test/parallel/test-x509-escaping.js
|
|
@@ -448,7 +448,7 @@ const { hasOpenSSL3 } = require('../common/crypto');
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
|
|
undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
|
|
- servername);
|
|
+ undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
|
|
undefined);
|
|
|
|
@@ -483,11 +483,11 @@ const { hasOpenSSL3 } = require('../common/crypto');
|
|
assert.strictEqual(certX509.subjectAltName, 'IP Address:1.2.3.4');
|
|
|
|
// The newer X509Certificate API allows customizing this behavior:
|
|
- assert.strictEqual(certX509.checkHost(servername), servername);
|
|
+ assert.strictEqual(certX509.checkHost(servername), undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
|
|
- servername);
|
|
+ undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
|
|
- servername);
|
|
+ undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
|
|
undefined);
|
|
|