mirror of
https://github.com/electron/electron.git
synced 2026-04-10 03:01:51 -04:00
cb445b3bbd
* chore: bump node in DEPS to v22.15.0 * inspector: fix GN build https://github.com/nodejs/node/pull/56798 * test: search cctest files https://github.com/nodejs/node/pull/56791 * crypto: fix missing OPENSSL_NO_ENGINE guard https://github.com/nodejs/node/pull/57012 * test,crypto: make tests work for BoringSSL https://github.com/nodejs/node/pull/57021 * module: use synchronous hooks for preparsing in import(cjs) https://github.com/nodejs/node/pull/55698 * deps: update simdjson to 3.12.0 https://github.com/nodejs/node/pull/56874 * build: remove explicit linker call to libm on macOS https://github.com/nodejs/node/pull/56901 * test: make eval snapshot comparison more flexible https://github.com/nodejs/node/pull/57020 * src: allow embedder customization of OOMErrorHandler https://github.com/nodejs/node/pull/57325 * src: do not pass nullptr to std::string ctor https://github.com/nodejs/node/pull/57354 * src: lock the isolate properly in IsolateData destructor https://github.com/nodejs/node/pull/57031 * chore: shrink --trace-atomics-wait patch * chore: fixup patch indices * build: fix GN build failure https://github.com/nodejs/node/pull/57013 * crypto: expose security levels https://github.com/nodejs/node/pull/56601 * zlib: add zstd support https://github.com/nodejs/node/pull/52100 * test: move crypto related common utilities in common/crypto https://github.com/nodejs/node/pull/56714 * cli: move --trace-atomics-wait to eol https://github.com/nodejs/node/pull/52747 * test: disable test-https-client-renegotiation-limit BoringSSL doesn't support caller-initiated renegotiation - see https://source.chromium.org/chromium/chromium/src/+/main:third_party/boringssl/src/ssl/ssl_lib.cc;l=1627-1631 --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
765 lines
31 KiB
Diff
765 lines
31 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Rose <nornagon@nornagon.net>
|
|
Date: Tue, 9 Feb 2021 12:34:46 -0800
|
|
Subject: fix crypto tests to run with bssl
|
|
|
|
This fixes some crypto tests so that they pass when compiled with
|
|
BoringSSL.
|
|
|
|
This should be upstreamed in some form, though it may need to be tweaked
|
|
before it's acceptable to upstream, as this patch comments out a couple
|
|
of tests that upstream probably cares about.
|
|
|
|
diff --git a/test/common/index.js b/test/common/index.js
|
|
index 8f5af57a83dc6b426f1b11bd2e3a8c6c0f2d9a85..f6e00c9f3f3ac4b42662eed6c8d190586f92ab99 100644
|
|
--- a/test/common/index.js
|
|
+++ b/test/common/index.js
|
|
@@ -56,6 +56,8 @@ const hasCrypto = Boolean(process.versions.openssl) &&
|
|
|
|
const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;
|
|
|
|
+const openSSLIsBoringSSL = process.versions.openssl === '0.0.0';
|
|
+
|
|
function parseTestFlags(filename = process.argv[1]) {
|
|
// The copyright notice is relatively big and the flags could come afterwards.
|
|
const bytesToRead = 1500;
|
|
@@ -901,6 +903,7 @@ const common = {
|
|
mustNotMutateObjectDeep,
|
|
mustSucceed,
|
|
nodeProcessAborted,
|
|
+ openSSLIsBoringSSL,
|
|
PIPE,
|
|
parseTestFlags,
|
|
platformTimeout,
|
|
diff --git a/test/parallel/test-buffer-tostring-range.js b/test/parallel/test-buffer-tostring-range.js
|
|
index d033cd204b3200cdd736b581abe027d6e46e4ff3..73fec107a36c3db4af6f492137d0ca174f2d0547 100644
|
|
--- a/test/parallel/test-buffer-tostring-range.js
|
|
+++ b/test/parallel/test-buffer-tostring-range.js
|
|
@@ -102,7 +102,8 @@ assert.throws(() => {
|
|
// Must not throw when start and end are within kMaxLength
|
|
// Cannot test on 32bit machine as we are testing the case
|
|
// when start and end are above the threshold
|
|
-common.skipIf32Bits();
|
|
+if (!common.openSSLIsBoringSSL) {
|
|
const threshold = 0xFFFFFFFF;
|
|
const largeBuffer = Buffer.alloc(threshold + 20);
|
|
largeBuffer.toString('utf8', threshold, threshold + 20);
|
|
+}
|
|
diff --git a/test/parallel/test-crypto-async-sign-verify.js b/test/parallel/test-crypto-async-sign-verify.js
|
|
index 4e3c32fdcd23fbe3e74bd5e624b739d224689f33..29149838ca76986928c7649a5f60a0f5e22a0705 100644
|
|
--- a/test/parallel/test-crypto-async-sign-verify.js
|
|
+++ b/test/parallel/test-crypto-async-sign-verify.js
|
|
@@ -88,6 +88,7 @@ test('rsa_public.pem', 'rsa_private.pem', 'sha256', false,
|
|
// ED25519
|
|
test('ed25519_public.pem', 'ed25519_private.pem', undefined, true);
|
|
// ED448
|
|
+if (!common.openSSLIsBoringSSL) {
|
|
test('ed448_public.pem', 'ed448_private.pem', undefined, true);
|
|
|
|
// ECDSA w/ der signature encoding
|
|
@@ -109,6 +110,7 @@ test('dsa_public.pem', 'dsa_private.pem', 'sha256',
|
|
// DSA w/ ieee-p1363 signature encoding
|
|
test('dsa_public.pem', 'dsa_private.pem', 'sha256', false,
|
|
{ dsaEncoding: 'ieee-p1363' });
|
|
+}
|
|
|
|
// Test Parallel Execution w/ KeyObject is threadsafe in openssl3
|
|
{
|
|
diff --git a/test/parallel/test-crypto-certificate.js b/test/parallel/test-crypto-certificate.js
|
|
index 4a5f1f149fe6c739f7f1d2ee17df6e61a942d621..b3287f428ce6b3fde11d449c601a57ff5e3843f9 100644
|
|
--- a/test/parallel/test-crypto-certificate.js
|
|
+++ b/test/parallel/test-crypto-certificate.js
|
|
@@ -40,8 +40,10 @@ function copyArrayBuffer(buf) {
|
|
}
|
|
|
|
function checkMethods(certificate) {
|
|
-
|
|
+ /* spkacValid has a md5 based signature which is not allowed in boringssl
|
|
+ https://boringssl.googlesource.com/boringssl/+/33d7e32ce40c04e8f1b99c05964956fda187819f
|
|
assert.strictEqual(certificate.verifySpkac(spkacValid), true);
|
|
+ */
|
|
assert.strictEqual(certificate.verifySpkac(spkacFail), false);
|
|
|
|
assert.strictEqual(
|
|
@@ -56,10 +58,12 @@ function checkMethods(certificate) {
|
|
);
|
|
assert.strictEqual(certificate.exportChallenge(spkacFail), '');
|
|
|
|
+ /* spkacValid has a md5 based signature which is not allowed in boringssl
|
|
const ab = copyArrayBuffer(spkacValid);
|
|
assert.strictEqual(certificate.verifySpkac(ab), true);
|
|
assert.strictEqual(certificate.verifySpkac(new Uint8Array(ab)), true);
|
|
assert.strictEqual(certificate.verifySpkac(new DataView(ab)), true);
|
|
+ */
|
|
}
|
|
|
|
{
|
|
diff --git a/test/parallel/test-crypto-cipheriv-decipheriv.js b/test/parallel/test-crypto-cipheriv-decipheriv.js
|
|
index 88d07c3b957f57b85861542d174a0fd0ba8ceb66..1f430197579ff5f31322bfa0fa5e92e4c58588e2 100644
|
|
--- a/test/parallel/test-crypto-cipheriv-decipheriv.js
|
|
+++ b/test/parallel/test-crypto-cipheriv-decipheriv.js
|
|
@@ -62,6 +62,10 @@ function testCipher2(key, iv) {
|
|
|
|
|
|
function testCipher3(key, iv) {
|
|
+ if (!crypto.getCiphers().includes('id-aes128-wrap')) {
|
|
+ common.printSkipMessage(`unsupported id-aes128-wrap test`);
|
|
+ return;
|
|
+ }
|
|
// Test encryption and decryption with explicit key and iv.
|
|
// AES Key Wrap test vector comes from RFC3394
|
|
const plaintext = Buffer.from('00112233445566778899AABBCCDDEEFF', 'hex');
|
|
diff --git a/test/parallel/test-crypto-dh-curves.js b/test/parallel/test-crypto-dh-curves.js
|
|
index 81a469c226c261564dee1e0b06b6571b18a41f1f..58b66045dba4201b7ebedd78b129420ffc316051 100644
|
|
--- a/test/parallel/test-crypto-dh-curves.js
|
|
+++ b/test/parallel/test-crypto-dh-curves.js
|
|
@@ -16,7 +16,7 @@ const p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' +
|
|
crypto.createDiffieHellman(p, 'hex');
|
|
|
|
// Confirm DH_check() results are exposed for optional examination.
|
|
-const bad_dh = crypto.createDiffieHellman('02', 'hex');
|
|
+const bad_dh = crypto.createDiffieHellman('abcd', 'hex', 0);
|
|
assert.notStrictEqual(bad_dh.verifyError, 0);
|
|
|
|
const availableCurves = new Set(crypto.getCurves());
|
|
diff --git a/test/parallel/test-crypto-dh-errors.js b/test/parallel/test-crypto-dh-errors.js
|
|
index 0af4db0310750cea9350ecff7fc44404c6df6c83..85ab03f6019989ad4fe93b779c3b4772ce1f5130 100644
|
|
--- a/test/parallel/test-crypto-dh-errors.js
|
|
+++ b/test/parallel/test-crypto-dh-errors.js
|
|
@@ -33,9 +33,9 @@ for (const bits of [-1, 0, 1]) {
|
|
});
|
|
} else {
|
|
assert.throws(() => crypto.createDiffieHellman(bits), {
|
|
- code: 'ERR_OSSL_BN_BITS_TOO_SMALL',
|
|
+ code: /ERR_OSSL_BN_BITS_TOO_SMALL|ERR_OSSL_DH_MODULUS_TOO_LARGE/,
|
|
name: 'Error',
|
|
- message: /bits too small/,
|
|
+ message: /bits too small|BITS_TOO_SMALL|MODULUS_TOO_LARGE/,
|
|
});
|
|
}
|
|
}
|
|
diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
|
|
index d7ffbe5eca92734aa2380f482c7f9bfe7e2a36c7..21ab2333431ea70bdf98dde43624e0b712566395 100644
|
|
--- a/test/parallel/test-crypto-dh.js
|
|
+++ b/test/parallel/test-crypto-dh.js
|
|
@@ -60,18 +60,17 @@ const {
|
|
let wrongBlockLength;
|
|
if (hasOpenSSL3) {
|
|
wrongBlockLength = {
|
|
- message: 'error:1C80006B:Provider routines::wrong final block length',
|
|
- code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
|
|
- library: 'Provider routines',
|
|
- reason: 'wrong final block length'
|
|
+ message: /error:1C80006B:Provider routines::wrong final block length|error:1e00007b:Cipher functions:OPENSSL_internal:WRONG_FINAL_BLOCK_LENGTH/,
|
|
+ code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
|
|
+ library: /digital envelope routines|Cipher functions/,
|
|
+ reason: /wrong final block length|WRONG_FINAL_BLOCK_LENGTH/
|
|
};
|
|
} else {
|
|
wrongBlockLength = {
|
|
- message: 'error:0606506D:digital envelope' +
|
|
- ' routines:EVP_DecryptFinal_ex:wrong final block length',
|
|
- code: 'ERR_OSSL_EVP_WRONG_FINAL_BLOCK_LENGTH',
|
|
- library: 'digital envelope routines',
|
|
- reason: 'wrong final block length'
|
|
+ message: /error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length|error:1e00007b:Cipher functions:OPENSSL_internal:WRONG_FINAL_BLOCK_LENGTH/,
|
|
+ code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
|
|
+ library: /digital envelope routines|Cipher functions/,
|
|
+ reason: /wrong final block length|WRONG_FINAL_BLOCK_LENGTH/
|
|
};
|
|
}
|
|
|
|
@@ -98,17 +97,23 @@ const {
|
|
dh3.computeSecret('');
|
|
}, { message: hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
|
|
'Unspecified validation error' :
|
|
- 'Supplied key is too small' });
|
|
+ 'Supplied key is invalid' });
|
|
}
|
|
}
|
|
|
|
// Through a fluke of history, g=0 defaults to DH_GENERATOR (2).
|
|
{
|
|
const g = 0;
|
|
- crypto.createDiffieHellman('abcdef', g);
|
|
+ assert.throws(() => crypto.createDiffieHellman('abcdef', g), {
|
|
+ code: /ERR_CRYPTO_OPERATION_FAILED/,
|
|
+ name: 'Error'
|
|
+ });
|
|
crypto.createDiffieHellman('abcdef', 'hex', g);
|
|
}
|
|
|
|
{
|
|
- crypto.createDiffieHellman('abcdef', Buffer.from([2])); // OK
|
|
+ assert.throws(() => crypto.createDiffieHellman('abcdef', Buffer.from([2])), {
|
|
+ code: /ERR_CRYPTO_OPERATION_FAILED/,
|
|
+ name: 'Error'
|
|
+ });
|
|
}
|
|
diff --git a/test/parallel/test-crypto-getcipherinfo.js b/test/parallel/test-crypto-getcipherinfo.js
|
|
index 64b79fc36ccf4d38f763fcd8c1930473c82cefd7..1c6717ebd46497384b9b13174b65894ca89e7f2d 100644
|
|
--- a/test/parallel/test-crypto-getcipherinfo.js
|
|
+++ b/test/parallel/test-crypto-getcipherinfo.js
|
|
@@ -62,9 +62,13 @@ assert(getCipherInfo('aes-128-cbc', { ivLength: 16 }));
|
|
|
|
assert(!getCipherInfo('aes-128-ccm', { ivLength: 1 }));
|
|
assert(!getCipherInfo('aes-128-ccm', { ivLength: 14 }));
|
|
+if (!common.openSSLIsBoringSSL) {
|
|
for (let n = 7; n <= 13; n++)
|
|
assert(getCipherInfo('aes-128-ccm', { ivLength: n }));
|
|
+}
|
|
|
|
assert(!getCipherInfo('aes-128-ocb', { ivLength: 16 }));
|
|
+if (!common.openSSLIsBoringSSL) {
|
|
for (let n = 1; n < 16; n++)
|
|
assert(getCipherInfo('aes-128-ocb', { ivLength: n }));
|
|
+}
|
|
\ No newline at end of file
|
|
diff --git a/test/parallel/test-crypto-hash-stream-pipe.js b/test/parallel/test-crypto-hash-stream-pipe.js
|
|
index d22281abbd5c3cab3aaa3ac494301fa6b4a8a968..5f0c6a4aed2e868a1a1049212edf218791cd6868 100644
|
|
--- a/test/parallel/test-crypto-hash-stream-pipe.js
|
|
+++ b/test/parallel/test-crypto-hash-stream-pipe.js
|
|
@@ -30,11 +30,11 @@ const crypto = require('crypto');
|
|
|
|
const stream = require('stream');
|
|
const s = new stream.PassThrough();
|
|
-const h = crypto.createHash('sha3-512');
|
|
-const expect = '36a38a2a35e698974d4e5791a3f05b05' +
|
|
- '198235381e864f91a0e8cd6a26b677ec' +
|
|
- 'dcde8e2b069bd7355fabd68abd6fc801' +
|
|
- '19659f25e92f8efc961ee3a7c815c758';
|
|
+const h = crypto.createHash('sha512');
|
|
+const expect = 'fba055c6fd0c5b6645407749ed7a8b41' +
|
|
+ 'b8f629f2163c3ca3701d864adabda1f8' +
|
|
+ '93c37bf82b22fdd151ba8e357f611da4' +
|
|
+ '88a74b6a5525dd9b69554c6ce5138ad7';
|
|
|
|
s.pipe(h).on('data', common.mustCall(function(c) {
|
|
assert.strictEqual(c, expect);
|
|
diff --git a/test/parallel/test-crypto-hash.js b/test/parallel/test-crypto-hash.js
|
|
index 61145aee0727fbe0b9781acdb3eeb641e7010729..fd7d4bd7d3f86caa30ffd03ea880eeac023bbcbb 100644
|
|
--- a/test/parallel/test-crypto-hash.js
|
|
+++ b/test/parallel/test-crypto-hash.js
|
|
@@ -183,7 +183,7 @@ assert.throws(
|
|
}
|
|
|
|
// Test XOF hash functions and the outputLength option.
|
|
-{
|
|
+if (!common.openSSLIsBoringSSL) {
|
|
// Default outputLengths. Since OpenSSL 3.4 an outputLength is mandatory
|
|
if (!hasOpenSSL(3, 4)) {
|
|
assert.strictEqual(crypto.createHash('shake128').digest('hex'),
|
|
diff --git a/test/parallel/test-crypto-hkdf.js b/test/parallel/test-crypto-hkdf.js
|
|
index 3f7e61e9b2ebc0ca7c367d7c229afe9ab87762b8..36bd78105d153b75b42e4736f11d80a257916607 100644
|
|
--- a/test/parallel/test-crypto-hkdf.js
|
|
+++ b/test/parallel/test-crypto-hkdf.js
|
|
@@ -125,7 +125,7 @@ const algorithms = [
|
|
['sha256', '', 'salt', '', 10],
|
|
['sha512', 'secret', 'salt', '', 15],
|
|
];
|
|
-if (!hasOpenSSL3)
|
|
+if (!hasOpenSSL3 && !common.openSSLIsBoringSSL)
|
|
algorithms.push(['whirlpool', 'secret', '', 'info', 20]);
|
|
|
|
algorithms.forEach(([ hash, secret, salt, info, length ]) => {
|
|
diff --git a/test/parallel/test-crypto-padding.js b/test/parallel/test-crypto-padding.js
|
|
index 48cd1ed4df61aaddeee8785cb90f83bdd9628187..a18aeb2bdffcc7a7e9ef12328b849994e39d6c27 100644
|
|
--- a/test/parallel/test-crypto-padding.js
|
|
+++ b/test/parallel/test-crypto-padding.js
|
|
@@ -88,10 +88,9 @@ assert.throws(function() {
|
|
code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
|
|
reason: 'wrong final block length',
|
|
} : {
|
|
- message: 'error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:' +
|
|
- 'data not multiple of block length',
|
|
- code: 'ERR_OSSL_EVP_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH',
|
|
- reason: 'data not multiple of block length',
|
|
+ message: /error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:data not multiple of block length|error:1e00006a:Cipher functions:OPENSSL_internal:DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
|
|
+ code: /ERR_OSSL(_EVP)?_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
|
|
+ reason: /data not multiple of block length|DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
|
|
}
|
|
);
|
|
|
|
@@ -115,10 +114,9 @@ assert.throws(function() {
|
|
reason: 'bad decrypt',
|
|
code: 'ERR_OSSL_BAD_DECRYPT',
|
|
} : {
|
|
- message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
|
|
- 'bad decrypt',
|
|
- reason: 'bad decrypt',
|
|
- code: 'ERR_OSSL_EVP_BAD_DECRYPT',
|
|
+ message: /error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt|error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT/,
|
|
+ reason: /bad decrypt|BAD_DECRYPT/,
|
|
+ code: /ERR_OSSL(_EVP)?_BAD_DECRYPT/,
|
|
});
|
|
|
|
// No-pad encrypted string should return the same:
|
|
diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
|
|
index dcd5045daaf58c60e27c1e2f7941033302241339..6ac75565792b92a97c622baba73f821d754b8d01 100644
|
|
--- a/test/parallel/test-crypto-rsa-dsa.js
|
|
+++ b/test/parallel/test-crypto-rsa-dsa.js
|
|
@@ -29,12 +29,11 @@ const dsaPkcs8KeyPem = fixtures.readKey('dsa_private_pkcs8.pem');
|
|
const ec = new TextEncoder();
|
|
|
|
const openssl1DecryptError = {
|
|
- message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
|
|
- 'bad decrypt',
|
|
- code: 'ERR_OSSL_EVP_BAD_DECRYPT',
|
|
- reason: 'bad decrypt',
|
|
- function: 'EVP_DecryptFinal_ex',
|
|
- library: 'digital envelope routines',
|
|
+ message: /error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt|error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT/,
|
|
+ code: /ERR_OSSL(_EVP)?_BAD_DECRYPT/,
|
|
+ reason: /bad decrypt|BAD_DECRYPT/,
|
|
+ function: /EVP_DecryptFinal_ex|OPENSSL_internal/,
|
|
+ library: /digital envelope routines|Cipher functions/,
|
|
};
|
|
|
|
const decryptError = hasOpenSSL3 ?
|
|
@@ -223,7 +222,7 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) {
|
|
}, bufferToEncrypt);
|
|
|
|
|
|
- if (padding === constants.RSA_PKCS1_PADDING) {
|
|
+ if (!common.openSSLIsBoringSSL) {
|
|
if (!process.config.variables.node_shared_openssl) {
|
|
assert.throws(() => {
|
|
crypto.privateDecrypt({
|
|
@@ -471,7 +470,7 @@ assert.throws(() => {
|
|
//
|
|
// Test DSA signing and verification
|
|
//
|
|
-{
|
|
+if (!common.openSSLIsBoringSSL) {
|
|
const input = 'I AM THE WALRUS';
|
|
|
|
// DSA signatures vary across runs so there is no static string to verify
|
|
diff --git a/test/parallel/test-crypto-scrypt.js b/test/parallel/test-crypto-scrypt.js
|
|
index 03a18c7522531c7317f12705550117dc389a0245..2f0f46f2c6ddc62de89877cfa0ca80949a0f4c5e 100644
|
|
--- a/test/parallel/test-crypto-scrypt.js
|
|
+++ b/test/parallel/test-crypto-scrypt.js
|
|
@@ -176,7 +176,7 @@ for (const options of bad) {
|
|
|
|
for (const options of toobig) {
|
|
const expected = {
|
|
- message: /Invalid scrypt params:.*memory limit exceeded/,
|
|
+ message: /Invalid scrypt params/,
|
|
code: 'ERR_CRYPTO_INVALID_SCRYPT_PARAMS',
|
|
};
|
|
assert.throws(() => crypto.scrypt('pass', 'salt', 1, options, () => {}),
|
|
diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
|
|
index 0589d60736e377f24dc8550f87a6b7624173fc44..547f22cdc130cf0c68d117f92068e3ac53a0efc2 100644
|
|
--- a/test/parallel/test-crypto-sign-verify.js
|
|
+++ b/test/parallel/test-crypto-sign-verify.js
|
|
@@ -33,7 +33,7 @@ const keySize = 2048;
|
|
}
|
|
|
|
// Test handling of exceptional conditions
|
|
-{
|
|
+if (!common.openSSLIsBoringSSL) {
|
|
const library = {
|
|
configurable: true,
|
|
set() {
|
|
@@ -345,15 +345,15 @@ assert.throws(
|
|
padding: crypto.constants.RSA_PKCS1_OAEP_PADDING
|
|
});
|
|
}, hasOpenSSL3 ? {
|
|
- code: 'ERR_OSSL_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
|
|
- message: /illegal or unsupported padding mode/,
|
|
+ code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
|
|
+ message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
|
|
} : {
|
|
- code: 'ERR_OSSL_RSA_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
|
|
- message: /illegal or unsupported padding mode/,
|
|
- opensslErrorStack: [
|
|
+ code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
|
|
+ message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
|
|
+ /*opensslErrorStack: [
|
|
'error:06089093:digital envelope routines:EVP_PKEY_CTX_ctrl:' +
|
|
'command not supported',
|
|
- ],
|
|
+ ],*/
|
|
});
|
|
}
|
|
|
|
@@ -423,10 +423,12 @@ assert.throws(
|
|
public: fixtures.readKey('ed25519_public.pem', 'ascii'),
|
|
algo: null,
|
|
sigLen: 64 },
|
|
+ /*
|
|
{ private: fixtures.readKey('ed448_private.pem', 'ascii'),
|
|
public: fixtures.readKey('ed448_public.pem', 'ascii'),
|
|
algo: null,
|
|
sigLen: 114 },
|
|
+ */
|
|
{ private: fixtures.readKey('rsa_private_2048.pem', 'ascii'),
|
|
public: fixtures.readKey('rsa_public_2048.pem', 'ascii'),
|
|
algo: 'sha1',
|
|
@@ -497,7 +499,7 @@ assert.throws(
|
|
|
|
{
|
|
const data = Buffer.from('Hello world');
|
|
- const keys = [['ec-key.pem', 64], ['dsa_private_1025.pem', 40]];
|
|
+ const keys = [['ec-key.pem', 64]/*, ['dsa_private_1025.pem', 40]*/];
|
|
|
|
for (const [file, length] of keys) {
|
|
const privKey = fixtures.readKey(file);
|
|
diff --git a/test/parallel/test-crypto-stream.js b/test/parallel/test-crypto-stream.js
|
|
index 62be4eaf6edfb01ce275e7db3e56b51d09ac66ce..3fb6cd833d959d1c3c8522ebacc8f18352672628 100644
|
|
--- a/test/parallel/test-crypto-stream.js
|
|
+++ b/test/parallel/test-crypto-stream.js
|
|
@@ -78,10 +78,10 @@ cipher.pipe(decipher)
|
|
library: 'Provider routines',
|
|
reason: 'bad decrypt',
|
|
} : {
|
|
- message: /bad decrypt/,
|
|
- function: 'EVP_DecryptFinal_ex',
|
|
- library: 'digital envelope routines',
|
|
- reason: 'bad decrypt',
|
|
+ message: /bad decrypt|BAD_DECRYPT/,
|
|
+ function: /EVP_DecryptFinal_ex|OPENSSL_internal/,
|
|
+ library: /digital envelope routines|Cipher functions/,
|
|
+ reason: /bad decrypt|BAD_DECRYPT/,
|
|
}));
|
|
|
|
cipher.end('Papaya!'); // Should not cause an unhandled exception.
|
|
diff --git a/test/parallel/test-crypto-x509.js b/test/parallel/test-crypto-x509.js
|
|
index f75e1d63470bfb7ce7fb354118b87a1a6fe5e4cc..5c0852e83a466ab4b255e8c9c9a33aca1beb9b94 100644
|
|
--- a/test/parallel/test-crypto-x509.js
|
|
+++ b/test/parallel/test-crypto-x509.js
|
|
@@ -97,8 +97,10 @@ const der = Buffer.from(
|
|
assert.strictEqual(x509.infoAccess, infoAccessCheck);
|
|
assert.strictEqual(x509.validFrom, 'Sep 3 21:40:37 2022 GMT');
|
|
assert.strictEqual(x509.validTo, 'Jun 17 21:40:37 2296 GMT');
|
|
+ if (!common.openSSLIsBoringSSL) {
|
|
assert.deepStrictEqual(x509.validFromDate, new Date('2022-09-03T21:40:37Z'));
|
|
assert.deepStrictEqual(x509.validToDate, new Date('2296-06-17T21:40:37Z'));
|
|
+ }
|
|
assert.strictEqual(
|
|
x509.fingerprint,
|
|
'8B:89:16:C4:99:87:D2:13:1A:64:94:36:38:A5:32:01:F0:95:3B:53');
|
|
@@ -326,6 +328,7 @@ oans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
|
|
legacyObjectCheck.serialNumberPattern);
|
|
}
|
|
|
|
+if (!common.openSSLIsBoringSSL) {
|
|
{
|
|
// This X.509 Certificate can be parsed by OpenSSL because it contains a
|
|
// structurally sound TBSCertificate structure. However, the SPKI field of the
|
|
@@ -364,6 +367,7 @@ UcXd/5qu2GhokrKU2cPttU+XAN2Om6a0
|
|
|
|
assert.strictEqual(cert.checkIssued(cert), false);
|
|
}
|
|
+}
|
|
|
|
{
|
|
// Test date parsing of `validFromDate` and `validToDate` fields, according to RFC 5280.
|
|
@@ -401,8 +405,10 @@ UidvpWWipVLZgK+oDks+bKTobcoXGW9oXobiIYqslXPy
|
|
-----END CERTIFICATE-----`.trim();
|
|
const c1 = new X509Certificate(certPemUTCTime);
|
|
|
|
+ if (!common.openSSLIsBoringSSL) {
|
|
assert.deepStrictEqual(c1.validFromDate, new Date('1949-12-25T23:59:58Z'));
|
|
assert.deepStrictEqual(c1.validToDate, new Date('1950-01-01T23:59:58Z'));
|
|
+ }
|
|
|
|
// The GeneralizedTime format is used for dates in 2050 or later.
|
|
const certPemGeneralizedTime = `-----BEGIN CERTIFICATE-----
|
|
@@ -436,6 +442,8 @@ CWwQO8JZjJqFtqtuzy2n+gLCvqePgG/gmSqHOPm2ZbLW
|
|
-----END CERTIFICATE-----`.trim();
|
|
const c2 = new X509Certificate(certPemGeneralizedTime);
|
|
|
|
+ if (!common.openSSLIsBoringSSL) {
|
|
assert.deepStrictEqual(c2.validFromDate, new Date('2049-12-26T00:00:01Z'));
|
|
assert.deepStrictEqual(c2.validToDate, new Date('2050-01-02T00:00:01Z'));
|
|
+ }
|
|
}
|
|
diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js
|
|
index 93644e016de447d2aadc519123f18cd72b7a5750..8b16c83cd47bd8969654242296c987ecc97ccaeb 100644
|
|
--- a/test/parallel/test-crypto.js
|
|
+++ b/test/parallel/test-crypto.js
|
|
@@ -62,7 +62,7 @@ assert.throws(() => {
|
|
// Throws general Error, so there is no opensslErrorStack property.
|
|
return err instanceof Error &&
|
|
err.name === 'Error' &&
|
|
- /^Error: mac verify failure$/.test(err) &&
|
|
+ (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
|
|
!('opensslErrorStack' in err);
|
|
});
|
|
|
|
@@ -72,7 +72,7 @@ assert.throws(() => {
|
|
// Throws general Error, so there is no opensslErrorStack property.
|
|
return err instanceof Error &&
|
|
err.name === 'Error' &&
|
|
- /^Error: mac verify failure$/.test(err) &&
|
|
+ (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
|
|
!('opensslErrorStack' in err);
|
|
});
|
|
|
|
@@ -82,7 +82,7 @@ assert.throws(() => {
|
|
// Throws general Error, so there is no opensslErrorStack property.
|
|
return err instanceof Error &&
|
|
err.name === 'Error' &&
|
|
- /^Error: not enough data$/.test(err) &&
|
|
+ /^Error: (not enough data|BAD_PKCS12_DATA)$/.test(err) &&
|
|
!('opensslErrorStack' in err);
|
|
});
|
|
|
|
@@ -145,8 +145,6 @@ assert(crypto.getHashes().includes('sha1'));
|
|
assert(crypto.getHashes().includes('sha256'));
|
|
assert(!crypto.getHashes().includes('SHA1'));
|
|
assert(!crypto.getHashes().includes('SHA256'));
|
|
-assert(crypto.getHashes().includes('RSA-SHA1'));
|
|
-assert(!crypto.getHashes().includes('rsa-sha1'));
|
|
validateList(crypto.getHashes());
|
|
// Make sure all of the hashes are supported by OpenSSL
|
|
for (const algo of crypto.getHashes())
|
|
@@ -197,6 +195,7 @@ assert.throws(
|
|
}
|
|
);
|
|
|
|
+if (!common.openSSLIsBoringSSL) {
|
|
assert.throws(() => {
|
|
const priv = [
|
|
'-----BEGIN RSA PRIVATE KEY-----',
|
|
@@ -217,10 +216,10 @@ assert.throws(() => {
|
|
library: 'rsa routines',
|
|
} : {
|
|
name: 'Error',
|
|
- message: /routines:RSA_sign:digest too big for rsa key$/,
|
|
- library: 'rsa routines',
|
|
- function: 'RSA_sign',
|
|
- reason: 'digest too big for rsa key',
|
|
+ message: /routines:RSA_sign:digest too big for rsa key$|routines:OPENSSL_internal:DIGEST_TOO_BIG_FOR_RSA_KEY$/,
|
|
+ library: /rsa routines|RSA routines/,
|
|
+ function: /RSA_sign|OPENSSL_internal/,
|
|
+ reason: /digest too big for rsa key|DIGEST_TOO_BIG_FOR_RSA_KEY/,
|
|
code: 'ERR_OSSL_RSA_DIGEST_TOO_BIG_FOR_RSA_KEY'
|
|
});
|
|
return true;
|
|
@@ -253,7 +252,7 @@ if (!hasOpenSSL3) {
|
|
return true;
|
|
});
|
|
}
|
|
-
|
|
+}
|
|
// Make sure memory isn't released before being returned
|
|
console.log(crypto.randomBytes(16));
|
|
|
|
diff --git a/test/parallel/test-https-agent-additional-options.js b/test/parallel/test-https-agent-additional-options.js
|
|
index 543ee176fb6af38874fee9f14be76f3fdda11060..fef9f1bc2f9fc6c220cf47847e86e03882b51b1d 100644
|
|
--- a/test/parallel/test-https-agent-additional-options.js
|
|
+++ b/test/parallel/test-https-agent-additional-options.js
|
|
@@ -13,7 +13,7 @@ const options = {
|
|
cert: fixtures.readKey('agent1-cert.pem'),
|
|
ca: fixtures.readKey('ca1-cert.pem'),
|
|
minVersion: 'TLSv1.1',
|
|
- ciphers: 'ALL@SECLEVEL=0'
|
|
+ // ciphers: 'ALL@SECLEVEL=0'
|
|
};
|
|
|
|
const server = https.Server(options, (req, res) => {
|
|
@@ -28,7 +28,7 @@ function getBaseOptions(port) {
|
|
ca: options.ca,
|
|
rejectUnauthorized: true,
|
|
servername: 'agent1',
|
|
- ciphers: 'ALL@SECLEVEL=0'
|
|
+ // ciphers: 'ALL@SECLEVEL=0'
|
|
};
|
|
}
|
|
|
|
diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js
|
|
index 6f88e81e9ff29defe73800fc038b0d96d1ebd846..c0b92e2bdf86d3d2638c973f8be3110d5ae31f78 100644
|
|
--- a/test/parallel/test-https-agent-session-eviction.js
|
|
+++ b/test/parallel/test-https-agent-session-eviction.js
|
|
@@ -17,7 +17,7 @@ const options = {
|
|
key: readKey('agent1-key.pem'),
|
|
cert: readKey('agent1-cert.pem'),
|
|
secureOptions: SSL_OP_NO_TICKET,
|
|
- ciphers: 'RSA@SECLEVEL=0'
|
|
+ // ciphers: 'RSA@SECLEVEL=0'
|
|
};
|
|
|
|
// Create TLS1.2 server
|
|
diff --git a/test/parallel/test-tls-alert-handling.js b/test/parallel/test-tls-alert-handling.js
|
|
index cba5bebaa29b6f8ac4fd0fcedaadb2f7bb3eb321..019d95df499892b14ab088f99013ee32c432779c 100644
|
|
--- a/test/parallel/test-tls-alert-handling.js
|
|
+++ b/test/parallel/test-tls-alert-handling.js
|
|
@@ -35,7 +35,7 @@ let iter = 0;
|
|
|
|
const errorHandler = common.mustCall((err) => {
|
|
let expectedErrorCode = 'ERR_SSL_WRONG_VERSION_NUMBER';
|
|
- let expectedErrorReason = 'wrong version number';
|
|
+ let expectedErrorReason = /wrong[\s_]version[\s_]number/i;
|
|
if (hasOpenSSL(3, 2)) {
|
|
expectedErrorCode = 'ERR_SSL_PACKET_LENGTH_TOO_LONG';
|
|
expectedErrorReason = 'packet length too long';
|
|
@@ -43,8 +43,8 @@ const errorHandler = common.mustCall((err) => {
|
|
|
|
assert.strictEqual(err.code, expectedErrorCode);
|
|
assert.strictEqual(err.library, 'SSL routines');
|
|
- if (!hasOpenSSL3) assert.strictEqual(err.function, 'ssl3_get_record');
|
|
- assert.strictEqual(err.reason, expectedErrorReason);
|
|
+ if (!hasOpenSSL3 && !common.openSSLIsBoringSSL) assert.strictEqual(err.function, 'ssl3_get_record');
|
|
+ assert.match(err.reason, expectedErrorReason);
|
|
errorReceived = true;
|
|
if (canCloseServer())
|
|
server.close();
|
|
@@ -98,15 +98,15 @@ function sendBADTLSRecord() {
|
|
}));
|
|
client.on('error', common.mustCall((err) => {
|
|
let expectedErrorCode = 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION';
|
|
- let expectedErrorReason = 'tlsv1 alert protocol version';
|
|
+ let expectedErrorReason = /tlsv1[\s_]alert[\s_]protocol[\s_]version/i;
|
|
if (hasOpenSSL(3, 2)) {
|
|
expectedErrorCode = 'ERR_SSL_TLSV1_ALERT_RECORD_OVERFLOW';
|
|
expectedErrorReason = 'tlsv1 alert record overflow';
|
|
}
|
|
assert.strictEqual(err.code, expectedErrorCode);
|
|
assert.strictEqual(err.library, 'SSL routines');
|
|
- if (!hasOpenSSL3)
|
|
+ if (!hasOpenSSL3 && !common.openSSLIsBoringSSL)
|
|
assert.strictEqual(err.function, 'ssl3_read_bytes');
|
|
- assert.strictEqual(err.reason, expectedErrorReason);
|
|
+ assert.match(err.reason, expectedErrorReason);
|
|
}));
|
|
}
|
|
diff --git a/test/parallel/test-tls-getprotocol.js b/test/parallel/test-tls-getprotocol.js
|
|
index b1eab88fd6517e3698934dea17752ef2bb8d8d54..3ad6db20316baa8490e3787dd55903b58a54ad06 100644
|
|
--- a/test/parallel/test-tls-getprotocol.js
|
|
+++ b/test/parallel/test-tls-getprotocol.js
|
|
@@ -29,7 +29,7 @@ const clientConfigs = [
|
|
|
|
const serverConfig = {
|
|
secureProtocol: 'TLS_method',
|
|
- ciphers: 'RSA@SECLEVEL=0',
|
|
+ // ciphers: 'RSA@SECLEVEL=0',
|
|
key: fixtures.readKey('agent2-key.pem'),
|
|
cert: fixtures.readKey('agent2-cert.pem')
|
|
};
|
|
diff --git a/test/parallel/test-tls-write-error.js b/test/parallel/test-tls-write-error.js
|
|
index b06f2fa2c53ea72f9a66f0d002dd9281d0259a0f..864fffeebfad75d95416fd47efdea7f222c507a2 100644
|
|
--- a/test/parallel/test-tls-write-error.js
|
|
+++ b/test/parallel/test-tls-write-error.js
|
|
@@ -17,7 +17,7 @@ const server_cert = fixtures.readKey('agent1-cert.pem');
|
|
const opts = {
|
|
key: server_key,
|
|
cert: server_cert,
|
|
- ciphers: 'ALL@SECLEVEL=0'
|
|
+ // ciphers: 'ALL@SECLEVEL=0'
|
|
};
|
|
|
|
const server = https.createServer(opts, (req, res) => {
|
|
diff --git a/test/parallel/test-webcrypto-derivebits.js b/test/parallel/test-webcrypto-derivebits.js
|
|
index eb09bc24f0cb8244b05987e3a7c1d203360d3a38..8c251ff2371fb59bf679160574e1c5dc1b4b2665 100644
|
|
--- a/test/parallel/test-webcrypto-derivebits.js
|
|
+++ b/test/parallel/test-webcrypto-derivebits.js
|
|
@@ -101,8 +101,9 @@ const { subtle } = globalThis.crypto;
|
|
tests.then(common.mustCall());
|
|
}
|
|
|
|
+
|
|
// Test X25519 and X448 bit derivation
|
|
-{
|
|
+if (!common.openSSLIsBoringSSL) {
|
|
async function test(name) {
|
|
const [alice, bob] = await Promise.all([
|
|
subtle.generateKey({ name }, true, ['deriveBits']),
|
|
diff --git a/test/parallel/test-webcrypto-derivekey.js b/test/parallel/test-webcrypto-derivekey.js
|
|
index 558d37d90d5796b30101d1b512c9df3e7661d0db..f42bf8f4be0b439dd7e7c8d0f6f8a41e01588870 100644
|
|
--- a/test/parallel/test-webcrypto-derivekey.js
|
|
+++ b/test/parallel/test-webcrypto-derivekey.js
|
|
@@ -176,7 +176,7 @@ const { KeyObject } = require('crypto');
|
|
}
|
|
|
|
// Test X25519 and X448 key derivation
|
|
-{
|
|
+if (!common.openSSLIsBoringSSL) {
|
|
async function test(name) {
|
|
const [alice, bob] = await Promise.all([
|
|
subtle.generateKey({ name }, true, ['deriveKey']),
|
|
diff --git a/test/parallel/test-webcrypto-sign-verify.js b/test/parallel/test-webcrypto-sign-verify.js
|
|
index de736102bdcb71a5560c95f7041537f25026aed4..12d7fa39446c196bdf1479dbe74c9ee8ab02f949 100644
|
|
--- a/test/parallel/test-webcrypto-sign-verify.js
|
|
+++ b/test/parallel/test-webcrypto-sign-verify.js
|
|
@@ -105,8 +105,9 @@ const { subtle } = globalThis.crypto;
|
|
test('hello world').then(common.mustCall());
|
|
}
|
|
|
|
+
|
|
// Test Sign/Verify Ed25519
|
|
-{
|
|
+if (!common.openSSLIsBoringSSL) {
|
|
async function test(data) {
|
|
const ec = new TextEncoder();
|
|
const { publicKey, privateKey } = await subtle.generateKey({
|
|
@@ -126,7 +127,7 @@ const { subtle } = globalThis.crypto;
|
|
}
|
|
|
|
// Test Sign/Verify Ed448
|
|
-{
|
|
+if (!common.openSSLIsBoringSSL) {
|
|
async function test(data) {
|
|
const ec = new TextEncoder();
|
|
const { publicKey, privateKey } = await subtle.generateKey({
|
|
diff --git a/test/parallel/test-webcrypto-wrap-unwrap.js b/test/parallel/test-webcrypto-wrap-unwrap.js
|
|
index d1ca571af4be713082d32093bfb8a65f2aef9800..57b8df2ce18df58ff54b2d828af67e3c2e082fe0 100644
|
|
--- a/test/parallel/test-webcrypto-wrap-unwrap.js
|
|
+++ b/test/parallel/test-webcrypto-wrap-unwrap.js
|
|
@@ -18,14 +18,15 @@ const kWrappingData = {
|
|
wrap: { label: new Uint8Array(8) },
|
|
pair: true
|
|
},
|
|
- 'AES-CTR': {
|
|
+ 'AES-CBC': {
|
|
generate: { length: 128 },
|
|
- wrap: { counter: new Uint8Array(16), length: 64 },
|
|
+ wrap: { iv: new Uint8Array(16) },
|
|
pair: false
|
|
},
|
|
- 'AES-CBC': {
|
|
+ /*
|
|
+ 'AES-CTR': {
|
|
generate: { length: 128 },
|
|
- wrap: { iv: new Uint8Array(16) },
|
|
+ wrap: { counter: new Uint8Array(16), length: 64 },
|
|
pair: false
|
|
},
|
|
'AES-GCM': {
|
|
@@ -42,6 +43,7 @@ const kWrappingData = {
|
|
wrap: { },
|
|
pair: false
|
|
}
|
|
+ */
|
|
};
|
|
|
|
function generateWrappingKeys() {
|
|
diff --git a/test/parallel/test-x509-escaping.js b/test/parallel/test-x509-escaping.js
|
|
index b507af88e1f7f3424b7b5d6d683a295b9d208e5e..825ba4c8dce775f401080a0522565bb7a087bcc3 100644
|
|
--- a/test/parallel/test-x509-escaping.js
|
|
+++ b/test/parallel/test-x509-escaping.js
|
|
@@ -448,7 +448,7 @@ const { hasOpenSSL3 } = require('../common/crypto');
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
|
|
undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
|
|
- servername);
|
|
+ undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
|
|
undefined);
|
|
|
|
@@ -483,11 +483,11 @@ const { hasOpenSSL3 } = require('../common/crypto');
|
|
assert.strictEqual(certX509.subjectAltName, 'IP Address:1.2.3.4');
|
|
|
|
// The newer X509Certificate API allows customizing this behavior:
|
|
- assert.strictEqual(certX509.checkHost(servername), servername);
|
|
+ assert.strictEqual(certX509.checkHost(servername), undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
|
|
- servername);
|
|
+ undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
|
|
- servername);
|
|
+ undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
|
|
undefined);
|
|
|