mirror of
https://github.com/electron/electron.git
synced 2026-01-09 07:28:12 -05:00
c6d6af2551
* chore: bump node in DEPS to v18.12.1 * chore: update patches * chore: add missing <algorithm> include * src: add detailed embedder process initialization AP https://github.com/nodejs/node/pull/44121 * chore: update gn build files * dns: support dns module in the snapshot https://github.com/nodejs/node/pull/44633 https://github.com/electron/electron/issues/36118 * src: fix OOB reads in process.title getter https://github.com/nodejs/node/pull/31633 * chore: fix incorrectly removed patch bit Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
1103 lines
44 KiB
Diff
1103 lines
44 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Rose <nornagon@nornagon.net>
|
|
Date: Tue, 9 Feb 2021 12:34:46 -0800
|
|
Subject: fix crypto tests to run with bssl
|
|
|
|
This fixes some crypto tests so that they pass when compiled with
|
|
BoringSSL.
|
|
|
|
This should be upstreamed in some form, though it may need to be tweaked
|
|
before it's acceptable to upstream, as this patch comments out a couple
|
|
of tests that upstream probably cares about.
|
|
|
|
diff --git a/test/parallel/test-crypto-async-sign-verify.js b/test/parallel/test-crypto-async-sign-verify.js
|
|
index 4e3c32fdcd23fbe3e74bd5e624b739d224689f33..19d65aae7fa8ec9f9b907733ead17a208ed47909 100644
|
|
--- a/test/parallel/test-crypto-async-sign-verify.js
|
|
+++ b/test/parallel/test-crypto-async-sign-verify.js
|
|
@@ -88,6 +88,7 @@ test('rsa_public.pem', 'rsa_private.pem', 'sha256', false,
|
|
// ED25519
|
|
test('ed25519_public.pem', 'ed25519_private.pem', undefined, true);
|
|
// ED448
|
|
+/*
|
|
test('ed448_public.pem', 'ed448_private.pem', undefined, true);
|
|
|
|
// ECDSA w/ der signature encoding
|
|
@@ -109,6 +110,7 @@ test('dsa_public.pem', 'dsa_private.pem', 'sha256',
|
|
// DSA w/ ieee-p1363 signature encoding
|
|
test('dsa_public.pem', 'dsa_private.pem', 'sha256', false,
|
|
{ dsaEncoding: 'ieee-p1363' });
|
|
+*/
|
|
|
|
// Test Parallel Execution w/ KeyObject is threadsafe in openssl3
|
|
{
|
|
diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
|
|
index 162b451c5b459c566980c7d3476b3df0cef72871..db59d7fb8b46b5a6d4c77de7b5c492408351816d 100644
|
|
--- a/test/parallel/test-crypto-authenticated.js
|
|
+++ b/test/parallel/test-crypto-authenticated.js
|
|
@@ -50,7 +50,9 @@ const errMessages = {
|
|
const ciphers = crypto.getCiphers();
|
|
|
|
const expectedWarnings = common.hasFipsCrypto ?
|
|
- [] : [
|
|
+ [] : !ciphers.includes('aes-192-ccm') ? [
|
|
+ ['Use Cipheriv for counter mode of aes-192-gcm'],
|
|
+ ] : [
|
|
['Use Cipheriv for counter mode of aes-192-gcm'],
|
|
['Use Cipheriv for counter mode of aes-192-ccm'],
|
|
['Use Cipheriv for counter mode of aes-192-ccm'],
|
|
@@ -318,7 +320,9 @@ for (const test of TEST_CASES) {
|
|
|
|
// Test that create(De|C)ipher(iv)? throws if the mode is CCM and an invalid
|
|
// authentication tag length has been specified.
|
|
-{
|
|
+if (!ciphers.includes('aes-256-ccm')) {
|
|
+ common.printSkipMessage(`unsupported aes-256-ccm test`);
|
|
+} else {
|
|
for (const authTagLength of [-1, true, false, NaN, 5.5]) {
|
|
assert.throws(() => {
|
|
crypto.createCipheriv('aes-256-ccm',
|
|
@@ -406,6 +410,10 @@ for (const test of TEST_CASES) {
|
|
// authentication tag has been specified.
|
|
{
|
|
for (const mode of ['ccm', 'ocb']) {
|
|
+ if (!ciphers.includes(`aes-256-${mode}`)) {
|
|
+ common.printSkipMessage(`unsupported aes-256-${mode} test`);
|
|
+ continue;
|
|
+ }
|
|
assert.throws(() => {
|
|
crypto.createCipheriv(`aes-256-${mode}`,
|
|
'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
|
|
@@ -440,7 +448,9 @@ for (const test of TEST_CASES) {
|
|
}
|
|
|
|
// Test that setAAD throws if an invalid plaintext length has been specified.
|
|
-{
|
|
+if (!ciphers.includes('aes-256-ccm')) {
|
|
+ common.printSkipMessage(`unsupported aes-256-ccm test`);
|
|
+} else {
|
|
const cipher = crypto.createCipheriv('aes-256-ccm',
|
|
'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
|
|
'qkuZpJWCewa6S',
|
|
@@ -461,7 +471,9 @@ for (const test of TEST_CASES) {
|
|
}
|
|
|
|
// Test that setAAD and update throw if the plaintext is too long.
|
|
-{
|
|
+if (!ciphers.includes('aes-256-ccm')) {
|
|
+ common.printSkipMessage(`unsupported aes-256-ccm test`);
|
|
+} else {
|
|
for (const ivLength of [13, 12]) {
|
|
const maxMessageSize = (1 << (8 * (15 - ivLength))) - 1;
|
|
const key = 'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8';
|
|
@@ -492,7 +504,9 @@ for (const test of TEST_CASES) {
|
|
|
|
// Test that setAAD throws if the mode is CCM and the plaintext length has not
|
|
// been specified.
|
|
-{
|
|
+if (!ciphers.includes('aes-256-ccm')) {
|
|
+ common.printSkipMessage(`unsupported aes-256-ccm test`);
|
|
+} else {
|
|
assert.throws(() => {
|
|
const cipher = crypto.createCipheriv('aes-256-ccm',
|
|
'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
|
|
@@ -517,7 +531,9 @@ for (const test of TEST_CASES) {
|
|
}
|
|
|
|
// Test that final() throws in CCM mode when no authentication tag is provided.
|
|
-{
|
|
+if (!ciphers.includes('aes-128-ccm')) {
|
|
+ common.printSkipMessage(`unsupported aes-256-ccm test`);
|
|
+} else {
|
|
if (!common.hasFipsCrypto) {
|
|
const key = Buffer.from('1ed2233fa2223ef5d7df08546049406c', 'hex');
|
|
const iv = Buffer.from('7305220bca40d4c90e1791e9', 'hex');
|
|
@@ -549,7 +565,9 @@ for (const test of TEST_CASES) {
|
|
}
|
|
|
|
// Test that an IV length of 11 does not overflow max_message_size_.
|
|
-{
|
|
+if (!ciphers.includes('aes-128-ccm')) {
|
|
+ common.printSkipMessage(`unsupported aes-128-ccm test`);
|
|
+} else {
|
|
const key = 'x'.repeat(16);
|
|
const iv = Buffer.from('112233445566778899aabb', 'hex');
|
|
const options = { authTagLength: 8 };
|
|
@@ -566,6 +584,10 @@ for (const test of TEST_CASES) {
|
|
const iv = Buffer.from('0123456789ab', 'utf8');
|
|
|
|
for (const mode of ['gcm', 'ocb']) {
|
|
+ if (!ciphers.includes(`aes-128-${mode}`)) {
|
|
+ common.printSkipMessage(`unsupported aes-128-${mode} test`);
|
|
+ continue;
|
|
+ }
|
|
for (const authTagLength of mode === 'gcm' ? [undefined, 8] : [8]) {
|
|
const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, {
|
|
authTagLength
|
|
@@ -600,6 +622,10 @@ for (const test of TEST_CASES) {
|
|
const opts = { authTagLength: 8 };
|
|
|
|
for (const mode of ['gcm', 'ccm', 'ocb']) {
|
|
+ if (!ciphers.includes(`aes-128-${mode}`)) {
|
|
+ common.printSkipMessage(`unsupported aes-128-${mode} test`);
|
|
+ continue;
|
|
+ }
|
|
const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, opts);
|
|
const ciphertext = Buffer.concat([cipher.update(plain), cipher.final()]);
|
|
const tag = cipher.getAuthTag();
|
|
@@ -622,7 +648,9 @@ for (const test of TEST_CASES) {
|
|
// Test chacha20-poly1305 rejects invalid IV lengths of 13, 14, 15, and 16 (a
|
|
// length of 17 or greater was already rejected).
|
|
// - https://www.openssl.org/news/secadv/20190306.txt
|
|
-{
|
|
+if (!ciphers.includes('chacha20-poly1305')) {
|
|
+ common.printSkipMessage(`unsupported chacha20-poly1305 test`);
|
|
+} else {
|
|
// Valid extracted from TEST_CASES, check that it detects IV tampering.
|
|
const valid = {
|
|
algo: 'chacha20-poly1305',
|
|
@@ -667,6 +695,9 @@ for (const test of TEST_CASES) {
|
|
|
|
{
|
|
// CCM cipher without data should not crash, see https://github.com/nodejs/node/issues/38035.
|
|
+ common.printSkipMessage(`unsupported aes-128-ccm test`);
|
|
+ return;
|
|
+
|
|
const algo = 'aes-128-ccm';
|
|
const key = Buffer.alloc(16);
|
|
const iv = Buffer.alloc(12);
|
|
diff --git a/test/parallel/test-crypto-binary-default.js b/test/parallel/test-crypto-binary-default.js
|
|
index 3bbca5b0da395b94c04da7bb7c55b107e41367d8..af62558c4f23aa82804e0077da7b7f3a86cfac60 100644
|
|
--- a/test/parallel/test-crypto-binary-default.js
|
|
+++ b/test/parallel/test-crypto-binary-default.js
|
|
@@ -51,15 +51,15 @@ tls.createSecureContext({ pfx: certPfx, passphrase: 'sample' });
|
|
|
|
assert.throws(function() {
|
|
tls.createSecureContext({ pfx: certPfx });
|
|
-}, /^Error: mac verify failure$/);
|
|
+}, /^Error: (mac verify failure|INCORRECT_PASSWORD)$/);
|
|
|
|
assert.throws(function() {
|
|
tls.createSecureContext({ pfx: certPfx, passphrase: 'test' });
|
|
-}, /^Error: mac verify failure$/);
|
|
+}, /^Error: (mac verify failure|INCORRECT_PASSWORD)$/);
|
|
|
|
assert.throws(function() {
|
|
tls.createSecureContext({ pfx: 'sample', passphrase: 'test' });
|
|
-}, /^Error: not enough data$/);
|
|
+}, /^Error: (not enough data|BAD_PKCS12_DATA)$/);
|
|
|
|
// Test HMAC
|
|
{
|
|
@@ -462,7 +462,7 @@ assert.throws(function() {
|
|
function testCipher1(key) {
|
|
// Test encryption and decryption
|
|
const plaintext = 'Keep this a secret? No! Tell everyone about node.js!';
|
|
- const cipher = crypto.createCipher('aes192', key);
|
|
+ const cipher = crypto.createCipher('aes-192-cbc', key);
|
|
|
|
// Encrypt plaintext which is in utf8 format
|
|
// to a ciphertext which will be in hex
|
|
@@ -470,7 +470,7 @@ function testCipher1(key) {
|
|
// Only use binary or hex, not base64.
|
|
ciph += cipher.final('hex');
|
|
|
|
- const decipher = crypto.createDecipher('aes192', key);
|
|
+ const decipher = crypto.createDecipher('aes-192-cbc', key);
|
|
let txt = decipher.update(ciph, 'hex', 'utf8');
|
|
txt += decipher.final('utf8');
|
|
|
|
@@ -485,14 +485,14 @@ function testCipher2(key) {
|
|
'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw' +
|
|
'eCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZUJ' +
|
|
'jAfaFg**';
|
|
- const cipher = crypto.createCipher('aes256', key);
|
|
+ const cipher = crypto.createCipher('aes-256-cbc', key);
|
|
|
|
// Encrypt plaintext which is in utf8 format
|
|
// to a ciphertext which will be in Base64
|
|
let ciph = cipher.update(plaintext, 'utf8', 'base64');
|
|
ciph += cipher.final('base64');
|
|
|
|
- const decipher = crypto.createDecipher('aes256', key);
|
|
+ const decipher = crypto.createDecipher('aes-256-cbc', key);
|
|
let txt = decipher.update(ciph, 'base64', 'utf8');
|
|
txt += decipher.final('utf8');
|
|
|
|
@@ -537,6 +537,10 @@ function testCipher4(key, iv) {
|
|
|
|
|
|
function testCipher5(key, iv) {
|
|
+ if (!crypto.getCiphers().includes('id-aes128-wrap')) {
|
|
+ common.printSkipMessage(`unsupported id-aes128-wrap test`);
|
|
+ return;
|
|
+ }
|
|
// Test encryption and decryption with explicit key with aes128-wrap
|
|
const plaintext =
|
|
'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw' +
|
|
@@ -662,6 +666,8 @@ assert.throws(
|
|
}
|
|
|
|
|
|
+/* NB: BoringSSL does not support using DSA through the EVP API.
|
|
+ * https://boringssl.googlesource.com/boringssl/+/a2278d4d2cabe73f6663e3299ea7808edfa306b9/PORTING.md#dsa-s
|
|
//
|
|
// Test DSA signing and verification
|
|
//
|
|
@@ -682,6 +688,7 @@ assert.throws(
|
|
|
|
assert.strictEqual(verify.verify(publicKey, signature, 'hex'), true);
|
|
}
|
|
+*/
|
|
|
|
|
|
//
|
|
diff --git a/test/parallel/test-crypto-certificate.js b/test/parallel/test-crypto-certificate.js
|
|
index 4a5f1f149fe6c739f7f1d2ee17df6e61a942d621..b3287f428ce6b3fde11d449c601a57ff5e3843f9 100644
|
|
--- a/test/parallel/test-crypto-certificate.js
|
|
+++ b/test/parallel/test-crypto-certificate.js
|
|
@@ -40,8 +40,10 @@ function copyArrayBuffer(buf) {
|
|
}
|
|
|
|
function checkMethods(certificate) {
|
|
-
|
|
+ /* spkacValid has a md5 based signature which is not allowed in boringssl
|
|
+ https://boringssl.googlesource.com/boringssl/+/33d7e32ce40c04e8f1b99c05964956fda187819f
|
|
assert.strictEqual(certificate.verifySpkac(spkacValid), true);
|
|
+ */
|
|
assert.strictEqual(certificate.verifySpkac(spkacFail), false);
|
|
|
|
assert.strictEqual(
|
|
@@ -56,10 +58,12 @@ function checkMethods(certificate) {
|
|
);
|
|
assert.strictEqual(certificate.exportChallenge(spkacFail), '');
|
|
|
|
+ /* spkacValid has a md5 based signature which is not allowed in boringssl
|
|
const ab = copyArrayBuffer(spkacValid);
|
|
assert.strictEqual(certificate.verifySpkac(ab), true);
|
|
assert.strictEqual(certificate.verifySpkac(new Uint8Array(ab)), true);
|
|
assert.strictEqual(certificate.verifySpkac(new DataView(ab)), true);
|
|
+ */
|
|
}
|
|
|
|
{
|
|
diff --git a/test/parallel/test-crypto-cipher-decipher.js b/test/parallel/test-crypto-cipher-decipher.js
|
|
index 35514afbea92562a81c163b1e4d918b4ab609f71..13098e1acf12c309f2ed6f6143a2c2eeb8a2763d 100644
|
|
--- a/test/parallel/test-crypto-cipher-decipher.js
|
|
+++ b/test/parallel/test-crypto-cipher-decipher.js
|
|
@@ -22,7 +22,7 @@ common.expectWarning({
|
|
function testCipher1(key) {
|
|
// Test encryption and decryption
|
|
const plaintext = 'Keep this a secret? No! Tell everyone about node.js!';
|
|
- const cipher = crypto.createCipher('aes192', key);
|
|
+ const cipher = crypto.createCipher('aes-192-cbc', key);
|
|
|
|
// Encrypt plaintext which is in utf8 format
|
|
// to a ciphertext which will be in hex
|
|
@@ -30,7 +30,7 @@ function testCipher1(key) {
|
|
// Only use binary or hex, not base64.
|
|
ciph += cipher.final('hex');
|
|
|
|
- const decipher = crypto.createDecipher('aes192', key);
|
|
+ const decipher = crypto.createDecipher('aes-192-cbc', key);
|
|
let txt = decipher.update(ciph, 'hex', 'utf8');
|
|
txt += decipher.final('utf8');
|
|
|
|
@@ -40,11 +40,11 @@ function testCipher1(key) {
|
|
// NB: In real life, it's not guaranteed that you can get all of it
|
|
// in a single read() like this. But in this case, we know it's
|
|
// quite small, so there's no harm.
|
|
- const cStream = crypto.createCipher('aes192', key);
|
|
+ const cStream = crypto.createCipher('aes-192-cbc', key);
|
|
cStream.end(plaintext);
|
|
ciph = cStream.read();
|
|
|
|
- const dStream = crypto.createDecipher('aes192', key);
|
|
+ const dStream = crypto.createDecipher('aes-192-cbc', key);
|
|
dStream.end(ciph);
|
|
txt = dStream.read().toString('utf8');
|
|
|
|
@@ -59,14 +59,14 @@ function testCipher2(key) {
|
|
'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw' +
|
|
'eCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZUJ' +
|
|
'jAfaFg**';
|
|
- const cipher = crypto.createCipher('aes256', key);
|
|
+ const cipher = crypto.createCipher('aes-256-cbc', key);
|
|
|
|
// Encrypt plaintext which is in utf8 format to a ciphertext which will be in
|
|
// Base64.
|
|
let ciph = cipher.update(plaintext, 'utf8', 'base64');
|
|
ciph += cipher.final('base64');
|
|
|
|
- const decipher = crypto.createDecipher('aes256', key);
|
|
+ const decipher = crypto.createDecipher('aes-256-cbc', key);
|
|
let txt = decipher.update(ciph, 'base64', 'utf8');
|
|
txt += decipher.final('utf8');
|
|
|
|
@@ -170,7 +170,7 @@ testCipher2(Buffer.from('0123456789abcdef'));
|
|
// Regression test for https://github.com/nodejs/node-v0.x-archive/issues/5482:
|
|
// string to Cipher#update() should not assert.
|
|
{
|
|
- const c = crypto.createCipher('aes192', '0123456789abcdef');
|
|
+ const c = crypto.createCipher('aes-192-cbc', '0123456789abcdef');
|
|
c.update('update');
|
|
c.final();
|
|
}
|
|
@@ -178,15 +178,15 @@ testCipher2(Buffer.from('0123456789abcdef'));
|
|
// https://github.com/nodejs/node-v0.x-archive/issues/5655 regression tests,
|
|
// 'utf-8' and 'utf8' are identical.
|
|
{
|
|
- let c = crypto.createCipher('aes192', '0123456789abcdef');
|
|
+ let c = crypto.createCipher('aes-192-cbc', '0123456789abcdef');
|
|
c.update('update', ''); // Defaults to "utf8".
|
|
c.final('utf-8'); // Should not throw.
|
|
|
|
- c = crypto.createCipher('aes192', '0123456789abcdef');
|
|
+ c = crypto.createCipher('aes-192-cbc', '0123456789abcdef');
|
|
c.update('update', 'utf8');
|
|
c.final('utf-8'); // Should not throw.
|
|
|
|
- c = crypto.createCipher('aes192', '0123456789abcdef');
|
|
+ c = crypto.createCipher('aes-192-cbc', '0123456789abcdef');
|
|
c.update('update', 'utf-8');
|
|
c.final('utf8'); // Should not throw.
|
|
}
|
|
@@ -195,23 +195,23 @@ testCipher2(Buffer.from('0123456789abcdef'));
|
|
{
|
|
const key = '0123456789abcdef';
|
|
const plaintext = 'Top secret!!!';
|
|
- const c = crypto.createCipher('aes192', key);
|
|
+ const c = crypto.createCipher('aes-192-cbc', key);
|
|
let ciph = c.update(plaintext, 'utf16le', 'base64');
|
|
ciph += c.final('base64');
|
|
|
|
- let decipher = crypto.createDecipher('aes192', key);
|
|
+ let decipher = crypto.createDecipher('aes-192-cbc', key);
|
|
|
|
let txt;
|
|
txt = decipher.update(ciph, 'base64', 'ucs2');
|
|
txt += decipher.final('ucs2');
|
|
assert.strictEqual(txt, plaintext);
|
|
|
|
- decipher = crypto.createDecipher('aes192', key);
|
|
+ decipher = crypto.createDecipher('aes-192-cbc', key);
|
|
txt = decipher.update(ciph, 'base64', 'ucs-2');
|
|
txt += decipher.final('ucs-2');
|
|
assert.strictEqual(txt, plaintext);
|
|
|
|
- decipher = crypto.createDecipher('aes192', key);
|
|
+ decipher = crypto.createDecipher('aes-192-cbc', key);
|
|
txt = decipher.update(ciph, 'base64', 'utf-16le');
|
|
txt += decipher.final('utf-16le');
|
|
assert.strictEqual(txt, plaintext);
|
|
diff --git a/test/parallel/test-crypto-cipheriv-decipheriv.js b/test/parallel/test-crypto-cipheriv-decipheriv.js
|
|
index 87f3641fb188bd322e7c256e9548c6af85dc9a14..1e803bc33ba4642065bf1897c56f65fc92bd2a50 100644
|
|
--- a/test/parallel/test-crypto-cipheriv-decipheriv.js
|
|
+++ b/test/parallel/test-crypto-cipheriv-decipheriv.js
|
|
@@ -60,6 +60,10 @@ function testCipher2(key, iv) {
|
|
|
|
|
|
function testCipher3(key, iv) {
|
|
+ if (!crypto.getCiphers().includes('id-aes128-wrap')) {
|
|
+ common.printSkipMessage(`unsupported id-aes128-wrap test`);
|
|
+ return;
|
|
+ }
|
|
// Test encryption and decryption with explicit key and iv.
|
|
// AES Key Wrap test vector comes from RFC3394
|
|
const plaintext = Buffer.from('00112233445566778899AABBCCDDEEFF', 'hex');
|
|
diff --git a/test/parallel/test-crypto-classes.js b/test/parallel/test-crypto-classes.js
|
|
index dd073274aef765e8f1e403aa2c8baf9694b521cb..fc6339e040debe61ecc61a3eb5b26823b102f1ff 100644
|
|
--- a/test/parallel/test-crypto-classes.js
|
|
+++ b/test/parallel/test-crypto-classes.js
|
|
@@ -22,8 +22,8 @@ const TEST_CASES = {
|
|
};
|
|
|
|
if (!common.hasFipsCrypto) {
|
|
- TEST_CASES.Cipher = ['aes192', 'secret'];
|
|
- TEST_CASES.Decipher = ['aes192', 'secret'];
|
|
+ TEST_CASES.Cipher = ['aes-192-cbc', 'secret'];
|
|
+ TEST_CASES.Decipher = ['aes-192-cbc', 'secret'];
|
|
TEST_CASES.DiffieHellman = [common.hasOpenSSL3 ? 1024 : 256];
|
|
}
|
|
|
|
diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
|
|
index 18721fcf289e5545408e309db050a2ff0f4b0140..e5235e0a5fbd68416b4a9480818901b411ed91bd 100644
|
|
--- a/test/parallel/test-crypto-dh.js
|
|
+++ b/test/parallel/test-crypto-dh.js
|
|
@@ -49,7 +49,7 @@ for (const bits of [-1, 0, 1]) {
|
|
assert.throws(() => crypto.createDiffieHellman(bits), {
|
|
code: 'ERR_OSSL_BN_BITS_TOO_SMALL',
|
|
name: 'Error',
|
|
- message: /bits too small/,
|
|
+ message: /bits too small|BITS_TOO_SMALL/,
|
|
});
|
|
}
|
|
}
|
|
@@ -65,7 +65,7 @@ for (const g of [-1, 1]) {
|
|
const ex = {
|
|
code: 'ERR_OSSL_DH_BAD_GENERATOR',
|
|
name: 'Error',
|
|
- message: /bad generator/,
|
|
+ message: /bad generator|BAD_GENERATOR/,
|
|
};
|
|
assert.throws(() => crypto.createDiffieHellman('abcdef', g), ex);
|
|
assert.throws(() => crypto.createDiffieHellman('abcdef', 'hex', g), ex);
|
|
@@ -79,7 +79,7 @@ for (const g of [Buffer.from([]),
|
|
const ex = {
|
|
code: 'ERR_OSSL_DH_BAD_GENERATOR',
|
|
name: 'Error',
|
|
- message: /bad generator/,
|
|
+ message: /bad generator|BAD_GENERATOR/,
|
|
};
|
|
assert.throws(() => crypto.createDiffieHellman('abcdef', g), ex);
|
|
assert.throws(() => crypto.createDiffieHellman('abcdef', 'hex', g), ex);
|
|
@@ -133,18 +133,17 @@ assert.strictEqual(secret1, secret4);
|
|
let wrongBlockLength;
|
|
if (common.hasOpenSSL3) {
|
|
wrongBlockLength = {
|
|
- message: 'error:1C80006B:Provider routines::wrong final block length',
|
|
- code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
|
|
- library: 'Provider routines',
|
|
- reason: 'wrong final block length'
|
|
+ message: /error:1C80006B:Provider routines::wrong final block length|error:1e00007b:Cipher functions:OPENSSL_internal:WRONG_FINAL_BLOCK_LENGTH/,
|
|
+ code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
|
|
+ library: /digital envelope routines|Cipher functions/,
|
|
+ reason: /wrong final block length|WRONG_FINAL_BLOCK_LENGTH/
|
|
};
|
|
} else {
|
|
wrongBlockLength = {
|
|
- message: 'error:0606506D:digital envelope' +
|
|
- ' routines:EVP_DecryptFinal_ex:wrong final block length',
|
|
- code: 'ERR_OSSL_EVP_WRONG_FINAL_BLOCK_LENGTH',
|
|
- library: 'digital envelope routines',
|
|
- reason: 'wrong final block length'
|
|
+ message: /error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length|error:1e00007b:Cipher functions:OPENSSL_internal:WRONG_FINAL_BLOCK_LENGTH/,
|
|
+ code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
|
|
+ library: /digital envelope routines|Cipher functions/,
|
|
+ reason: /wrong final block length|WRONG_FINAL_BLOCK_LENGTH/
|
|
};
|
|
}
|
|
|
|
diff --git a/test/parallel/test-crypto-getcipherinfo.js b/test/parallel/test-crypto-getcipherinfo.js
|
|
index 98d2a52eceac4bc564fd2878f77b50c336a67a66..bcb2de6e354c26816000f2400d9c1d46de01888a 100644
|
|
--- a/test/parallel/test-crypto-getcipherinfo.js
|
|
+++ b/test/parallel/test-crypto-getcipherinfo.js
|
|
@@ -62,9 +62,13 @@ assert(getCipherInfo('aes-128-cbc', { ivLength: 16 }));
|
|
|
|
assert(!getCipherInfo('aes-128-ccm', { ivLength: 1 }));
|
|
assert(!getCipherInfo('aes-128-ccm', { ivLength: 14 }));
|
|
+/*
|
|
for (let n = 7; n <= 13; n++)
|
|
assert(getCipherInfo('aes-128-ccm', { ivLength: n }));
|
|
+*/
|
|
|
|
assert(!getCipherInfo('aes-128-ocb', { ivLength: 16 }));
|
|
+/*
|
|
for (let n = 1; n < 16; n++)
|
|
assert(getCipherInfo('aes-128-ocb', { ivLength: n }));
|
|
+*/
|
|
\ No newline at end of file
|
|
diff --git a/test/parallel/test-crypto-hash-stream-pipe.js b/test/parallel/test-crypto-hash-stream-pipe.js
|
|
index d22281abbd5c3cab3aaa3ac494301fa6b4a8a968..5f0c6a4aed2e868a1a1049212edf218791cd6868 100644
|
|
--- a/test/parallel/test-crypto-hash-stream-pipe.js
|
|
+++ b/test/parallel/test-crypto-hash-stream-pipe.js
|
|
@@ -30,11 +30,11 @@ const crypto = require('crypto');
|
|
|
|
const stream = require('stream');
|
|
const s = new stream.PassThrough();
|
|
-const h = crypto.createHash('sha3-512');
|
|
-const expect = '36a38a2a35e698974d4e5791a3f05b05' +
|
|
- '198235381e864f91a0e8cd6a26b677ec' +
|
|
- 'dcde8e2b069bd7355fabd68abd6fc801' +
|
|
- '19659f25e92f8efc961ee3a7c815c758';
|
|
+const h = crypto.createHash('sha512');
|
|
+const expect = 'fba055c6fd0c5b6645407749ed7a8b41' +
|
|
+ 'b8f629f2163c3ca3701d864adabda1f8' +
|
|
+ '93c37bf82b22fdd151ba8e357f611da4' +
|
|
+ '88a74b6a5525dd9b69554c6ce5138ad7';
|
|
|
|
s.pipe(h).on('data', common.mustCall(function(c) {
|
|
assert.strictEqual(c, expect);
|
|
diff --git a/test/parallel/test-crypto-hash.js b/test/parallel/test-crypto-hash.js
|
|
index af2146982c7a3bf7bd7527f44e4b17a3b605026e..f6b91f675cfea367c608892dee078b565814f2dd 100644
|
|
--- a/test/parallel/test-crypto-hash.js
|
|
+++ b/test/parallel/test-crypto-hash.js
|
|
@@ -182,6 +182,7 @@ assert.throws(
|
|
|
|
// Test XOF hash functions and the outputLength option.
|
|
{
|
|
+ /*
|
|
// Default outputLengths.
|
|
assert.strictEqual(crypto.createHash('shake128').digest('hex'),
|
|
'7f9c2ba4e88f827d616045507605853e');
|
|
@@ -236,6 +237,7 @@ assert.throws(
|
|
assert.strictEqual(superLongHash.length, 2 * 1024 * 1024);
|
|
assert.ok(superLongHash.endsWith('193414035ddba77bf7bba97981e656ec'));
|
|
assert.ok(superLongHash.startsWith('a2a28dbc49cfd6e5d6ceea3d03e77748'));
|
|
+ */
|
|
|
|
// Non-XOF hash functions should accept valid outputLength options as well.
|
|
assert.strictEqual(crypto.createHash('sha224', { outputLength: 28 })
|
|
diff --git a/test/parallel/test-crypto-hkdf.js b/test/parallel/test-crypto-hkdf.js
|
|
index ff3abdf291efcd076b36e755de4147b0aad0b345..d29854cf0c0ce89f84c912def672e7c4e11427a3 100644
|
|
--- a/test/parallel/test-crypto-hkdf.js
|
|
+++ b/test/parallel/test-crypto-hkdf.js
|
|
@@ -124,8 +124,6 @@ const algorithms = [
|
|
['sha256', '', 'salt', '', 10],
|
|
['sha512', 'secret', 'salt', '', 15],
|
|
];
|
|
-if (!common.hasOpenSSL3)
|
|
- algorithms.push(['whirlpool', 'secret', '', 'info', 20]);
|
|
|
|
algorithms.forEach(([ hash, secret, salt, info, length ]) => {
|
|
{
|
|
diff --git a/test/parallel/test-crypto-padding.js b/test/parallel/test-crypto-padding.js
|
|
index f1f14b472997e76bb4100edb1c6cf4fc24d1074d..5057e3f9bc5bb78aceffa5e79530f8ceed84e6f7 100644
|
|
--- a/test/parallel/test-crypto-padding.js
|
|
+++ b/test/parallel/test-crypto-padding.js
|
|
@@ -87,10 +87,9 @@ assert.throws(function() {
|
|
code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
|
|
reason: 'wrong final block length',
|
|
} : {
|
|
- message: 'error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:' +
|
|
- 'data not multiple of block length',
|
|
- code: 'ERR_OSSL_EVP_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH',
|
|
- reason: 'data not multiple of block length',
|
|
+ message: /error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:data not multiple of block length|error:1e00006a:Cipher functions:OPENSSL_internal:DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
|
|
+ code: /ERR_OSSL(_EVP)?_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
|
|
+ reason: /data not multiple of block length|DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
|
|
}
|
|
);
|
|
|
|
@@ -114,10 +113,9 @@ assert.throws(function() {
|
|
reason: 'bad decrypt',
|
|
code: 'ERR_OSSL_BAD_DECRYPT',
|
|
} : {
|
|
- message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
|
|
- 'bad decrypt',
|
|
- reason: 'bad decrypt',
|
|
- code: 'ERR_OSSL_EVP_BAD_DECRYPT',
|
|
+ message: /error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt|error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT/,
|
|
+ reason: /bad decrypt|BAD_DECRYPT/,
|
|
+ code: /ERR_OSSL(_EVP)?_BAD_DECRYPT/,
|
|
});
|
|
|
|
// No-pad encrypted string should return the same:
|
|
diff --git a/test/parallel/test-crypto-private-decrypt-gh32240.js b/test/parallel/test-crypto-private-decrypt-gh32240.js
|
|
index 1785f5eef3d202976666081d09850ed744d83446..e88227a215ba4f7fa196f7642ae694a57d55b3ca 100644
|
|
--- a/test/parallel/test-crypto-private-decrypt-gh32240.js
|
|
+++ b/test/parallel/test-crypto-private-decrypt-gh32240.js
|
|
@@ -24,7 +24,7 @@ const pkeyEncrypted =
|
|
pair.privateKey.export({
|
|
type: 'pkcs1',
|
|
format: 'pem',
|
|
- cipher: 'aes128',
|
|
+ cipher: 'aes-128-cbc',
|
|
passphrase: 'secret',
|
|
});
|
|
|
|
diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
|
|
index 9afcb38616dafd6da1ab7b5843d68f4f796ca9a6..00d3381056a5a40c549f06d74c130149ba4abc8c 100644
|
|
--- a/test/parallel/test-crypto-rsa-dsa.js
|
|
+++ b/test/parallel/test-crypto-rsa-dsa.js
|
|
@@ -28,12 +28,11 @@ const dsaPkcs8KeyPem = fixtures.readKey('dsa_private_pkcs8.pem');
|
|
const ec = new TextEncoder();
|
|
|
|
const openssl1DecryptError = {
|
|
- message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
|
|
- 'bad decrypt',
|
|
- code: 'ERR_OSSL_EVP_BAD_DECRYPT',
|
|
- reason: 'bad decrypt',
|
|
- function: 'EVP_DecryptFinal_ex',
|
|
- library: 'digital envelope routines',
|
|
+ message: /error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt|error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT/,
|
|
+ code: /ERR_OSSL(_EVP)?_BAD_DECRYPT/,
|
|
+ reason: /bad decrypt|BAD_DECRYPT/,
|
|
+ function: /EVP_DecryptFinal_ex|OPENSSL_internal/,
|
|
+ library: /digital envelope routines|Cipher functions/,
|
|
};
|
|
|
|
const decryptError = common.hasOpenSSL3 ?
|
|
@@ -397,7 +396,7 @@ assert.throws(() => {
|
|
assert.strictEqual(verify2.verify(publicKey, signature, 'hex'), true);
|
|
}
|
|
|
|
-
|
|
+/*
|
|
//
|
|
// Test DSA signing and verification
|
|
//
|
|
@@ -472,3 +471,4 @@ const input = 'I AM THE WALRUS';
|
|
|
|
assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
|
|
}
|
|
+*/
|
|
diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
|
|
index 74c0ff53eb18b749d4018b50d654df943403245b..aab253ca5d4504c445c88cd9519f8385a7b39b91 100644
|
|
--- a/test/parallel/test-crypto-sign-verify.js
|
|
+++ b/test/parallel/test-crypto-sign-verify.js
|
|
@@ -29,6 +29,7 @@ const keySize = 2048;
|
|
'instance when called without `new`');
|
|
}
|
|
|
|
+/*
|
|
// Test handling of exceptional conditions
|
|
{
|
|
const library = {
|
|
@@ -69,6 +70,7 @@ const keySize = 2048;
|
|
|
|
delete Object.prototype.opensslErrorStack;
|
|
}
|
|
+*/
|
|
|
|
assert.throws(
|
|
() => crypto.createVerify('SHA256').verify({
|
|
@@ -342,15 +344,17 @@ assert.throws(
|
|
padding: crypto.constants.RSA_PKCS1_OAEP_PADDING
|
|
});
|
|
}, common.hasOpenSSL3 ? {
|
|
- code: 'ERR_OSSL_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
|
|
- message: /illegal or unsupported padding mode/,
|
|
+ code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
|
|
+ message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
|
|
} : {
|
|
- code: 'ERR_OSSL_RSA_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
|
|
- message: /illegal or unsupported padding mode/,
|
|
+ code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
|
|
+ message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
|
|
+ /*
|
|
opensslErrorStack: [
|
|
'error:06089093:digital envelope routines:EVP_PKEY_CTX_ctrl:' +
|
|
'command not supported',
|
|
],
|
|
+ */
|
|
});
|
|
}
|
|
|
|
@@ -420,10 +424,12 @@ assert.throws(
|
|
public: fixtures.readKey('ed25519_public.pem', 'ascii'),
|
|
algo: null,
|
|
sigLen: 64 },
|
|
+ /*
|
|
{ private: fixtures.readKey('ed448_private.pem', 'ascii'),
|
|
public: fixtures.readKey('ed448_public.pem', 'ascii'),
|
|
algo: null,
|
|
sigLen: 114 },
|
|
+ */
|
|
{ private: fixtures.readKey('rsa_private_2048.pem', 'ascii'),
|
|
public: fixtures.readKey('rsa_public_2048.pem', 'ascii'),
|
|
algo: 'sha1',
|
|
@@ -494,7 +500,7 @@ assert.throws(
|
|
|
|
{
|
|
const data = Buffer.from('Hello world');
|
|
- const keys = [['ec-key.pem', 64], ['dsa_private_1025.pem', 40]];
|
|
+ const keys = [['ec-key.pem', 64]/*, ['dsa_private_1025.pem', 40]*/];
|
|
|
|
for (const [file, length] of keys) {
|
|
const privKey = fixtures.readKey(file);
|
|
diff --git a/test/parallel/test-crypto-stream.js b/test/parallel/test-crypto-stream.js
|
|
index 008ab129f0e019c659eecf5a76b7eb412c947fe3..6688f5d916f50e1e4fcfff1619c8634a3233f820 100644
|
|
--- a/test/parallel/test-crypto-stream.js
|
|
+++ b/test/parallel/test-crypto-stream.js
|
|
@@ -76,10 +76,10 @@ cipher.pipe(decipher)
|
|
library: 'Provider routines',
|
|
reason: 'bad decrypt',
|
|
} : {
|
|
- message: /bad decrypt/,
|
|
- function: 'EVP_DecryptFinal_ex',
|
|
- library: 'digital envelope routines',
|
|
- reason: 'bad decrypt',
|
|
+ message: /bad decrypt|BAD_DECRYPT/,
|
|
+ function: /EVP_DecryptFinal_ex|OPENSSL_internal/,
|
|
+ library: /digital envelope routines|Cipher functions/,
|
|
+ reason: /bad decrypt|BAD_DECRYPT/,
|
|
}));
|
|
|
|
cipher.end('Papaya!'); // Should not cause an unhandled exception.
|
|
diff --git a/test/parallel/test-crypto-x509.js b/test/parallel/test-crypto-x509.js
|
|
index 510e3183cf3ce367aa6e9cf21ee653feb106a9ba..afb2e07d9e8d60cb37dd07714c810fb8b83df8c3 100644
|
|
--- a/test/parallel/test-crypto-x509.js
|
|
+++ b/test/parallel/test-crypto-x509.js
|
|
@@ -109,7 +109,7 @@ const der = Buffer.from(
|
|
'5A:42:63:E0:21:2F:D6:70:63:07:96:6F:27:A7:78:12:08:02:7A:8B'
|
|
);
|
|
assert.strictEqual(x509.keyUsage, undefined);
|
|
- assert.strictEqual(x509.serialNumber, '147D36C1C2F74206DE9FAB5F2226D78ADB00A426');
|
|
+ assert.match(x509.serialNumber, /147D36C1C2F74206DE9FAB5F2226D78ADB00A426/i);
|
|
|
|
assert.deepStrictEqual(x509.raw, der);
|
|
|
|
@@ -195,6 +195,16 @@ const der = Buffer.from(
|
|
});
|
|
mc.port2.postMessage(x509);
|
|
|
|
+ const modulusOSSL = 'D456320AFB20D3827093DC2C4284ED04DFBABD56E1DDAE529E28B790CD42' +
|
|
+ '56DB273349F3735FFD337C7A6363ECCA5A27B7F73DC7089A96C6D886DB0C' +
|
|
+ '62388F1CDD6A963AFCD599D5800E587A11F908960F84ED50BA25A28303EC' +
|
|
+ 'DA6E684FBE7BAEDC9CE8801327B1697AF25097CEE3F175E400984C0DB6A8' +
|
|
+ 'EB87BE03B4CF94774BA56FFFC8C63C68D6ADEB60ABBE69A7B14AB6A6B9E7' +
|
|
+ 'BAA89B5ADAB8EB07897C07F6D4FA3D660DFF574107D28E8F63467A788624' +
|
|
+ 'C574197693E959CEA1362FFAE1BBA10C8C0D88840ABFEF103631B2E8F5C3' +
|
|
+ '9B5548A7EA57E8A39F89291813F45A76C448033A2B7ED8403F4BAA147CF3' +
|
|
+ '5E2D2554AA65CE49695797095BF4DC6B';
|
|
+
|
|
// Verify that legacy encoding works
|
|
const legacyObjectCheck = {
|
|
subject: Object.assign(Object.create(null), {
|
|
@@ -219,16 +229,8 @@ const der = Buffer.from(
|
|
'OCSP - URI': ['http://ocsp.nodejs.org/'],
|
|
'CA Issuers - URI': ['http://ca.nodejs.org/ca.cert']
|
|
}),
|
|
- modulus: 'D456320AFB20D3827093DC2C4284ED04DFBABD56E1DDAE529E28B790CD42' +
|
|
- '56DB273349F3735FFD337C7A6363ECCA5A27B7F73DC7089A96C6D886DB0C' +
|
|
- '62388F1CDD6A963AFCD599D5800E587A11F908960F84ED50BA25A28303EC' +
|
|
- 'DA6E684FBE7BAEDC9CE8801327B1697AF25097CEE3F175E400984C0DB6A8' +
|
|
- 'EB87BE03B4CF94774BA56FFFC8C63C68D6ADEB60ABBE69A7B14AB6A6B9E7' +
|
|
- 'BAA89B5ADAB8EB07897C07F6D4FA3D660DFF574107D28E8F63467A788624' +
|
|
- 'C574197693E959CEA1362FFAE1BBA10C8C0D88840ABFEF103631B2E8F5C3' +
|
|
- '9B5548A7EA57E8A39F89291813F45A76C448033A2B7ED8403F4BAA147CF3' +
|
|
- '5E2D2554AA65CE49695797095BF4DC6B',
|
|
bits: 2048,
|
|
+ modulusPattern: new RegExp(modulusOSSL, 'i'),
|
|
exponent: '0x10001',
|
|
valid_from: 'Sep 3 21:40:37 2022 GMT',
|
|
valid_to: 'Jun 17 21:40:37 2296 GMT',
|
|
@@ -240,7 +242,7 @@ const der = Buffer.from(
|
|
'51:62:18:39:E2:E2:77:F5:86:11:E8:C0:CA:54:43:7C:76:83:19:05:D0:03:' +
|
|
'24:21:B8:EB:14:61:FB:24:16:EB:BD:51:1A:17:91:04:30:03:EB:68:5F:DC:' +
|
|
'86:E1:D1:7C:FB:AF:78:ED:63:5F:29:9C:32:AF:A1:8E:22:96:D1:02',
|
|
- serialNumber: '147D36C1C2F74206DE9FAB5F2226D78ADB00A426'
|
|
+ serialNumberPattern: /147D36C1C2F74206DE9FAB5F2226D78ADB00A426/i
|
|
};
|
|
|
|
const legacyObject = x509.toLegacyObject();
|
|
@@ -249,7 +251,7 @@ const der = Buffer.from(
|
|
assert.deepStrictEqual(legacyObject.subject, legacyObjectCheck.subject);
|
|
assert.deepStrictEqual(legacyObject.issuer, legacyObjectCheck.issuer);
|
|
assert.deepStrictEqual(legacyObject.infoAccess, legacyObjectCheck.infoAccess);
|
|
- assert.strictEqual(legacyObject.modulus, legacyObjectCheck.modulus);
|
|
+ assert.match(legacyObject.modulus, legacyObjectCheck.modulusPattern);
|
|
assert.strictEqual(legacyObject.bits, legacyObjectCheck.bits);
|
|
assert.strictEqual(legacyObject.exponent, legacyObjectCheck.exponent);
|
|
assert.strictEqual(legacyObject.valid_from, legacyObjectCheck.valid_from);
|
|
@@ -258,7 +260,7 @@ const der = Buffer.from(
|
|
assert.strictEqual(
|
|
legacyObject.fingerprint256,
|
|
legacyObjectCheck.fingerprint256);
|
|
- assert.strictEqual(
|
|
+ assert.match(
|
|
legacyObject.serialNumber,
|
|
- legacyObjectCheck.serialNumber);
|
|
+ legacyObjectCheck.serialNumberPattern);
|
|
}
|
|
diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js
|
|
index a8ceb169de2b3de73f062083c42292babc673e73..a3bb574d0e5dc85b4ba3fb0b3bd8782fbb8c8700 100644
|
|
--- a/test/parallel/test-crypto.js
|
|
+++ b/test/parallel/test-crypto.js
|
|
@@ -67,7 +67,7 @@ assert.throws(() => {
|
|
// Throws general Error, so there is no opensslErrorStack property.
|
|
return err instanceof Error &&
|
|
err.name === 'Error' &&
|
|
- /^Error: mac verify failure$/.test(err) &&
|
|
+ (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
|
|
!('opensslErrorStack' in err);
|
|
});
|
|
|
|
@@ -77,7 +77,7 @@ assert.throws(() => {
|
|
// Throws general Error, so there is no opensslErrorStack property.
|
|
return err instanceof Error &&
|
|
err.name === 'Error' &&
|
|
- /^Error: mac verify failure$/.test(err) &&
|
|
+ (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
|
|
!('opensslErrorStack' in err);
|
|
});
|
|
|
|
@@ -87,7 +87,7 @@ assert.throws(() => {
|
|
// Throws general Error, so there is no opensslErrorStack property.
|
|
return err instanceof Error &&
|
|
err.name === 'Error' &&
|
|
- /^Error: not enough data$/.test(err) &&
|
|
+ /^Error: (not enough data|BAD_PKCS12_DATA)$/.test(err) &&
|
|
!('opensslErrorStack' in err);
|
|
});
|
|
|
|
@@ -150,8 +150,6 @@ assert(crypto.getHashes().includes('sha1'));
|
|
assert(crypto.getHashes().includes('sha256'));
|
|
assert(!crypto.getHashes().includes('SHA1'));
|
|
assert(!crypto.getHashes().includes('SHA256'));
|
|
-assert(crypto.getHashes().includes('RSA-SHA1'));
|
|
-assert(!crypto.getHashes().includes('rsa-sha1'));
|
|
validateList(crypto.getHashes());
|
|
// Make sure all of the hashes are supported by OpenSSL
|
|
for (const algo of crypto.getHashes())
|
|
@@ -188,7 +186,7 @@ const encodingError = {
|
|
// hex input that's not a power of two should throw, not assert in C++ land.
|
|
['createCipher', 'createDecipher'].forEach((funcName) => {
|
|
assert.throws(
|
|
- () => crypto[funcName]('aes192', 'test').update('0', 'hex'),
|
|
+ () => crypto[funcName]('aes-192-cbc', 'test').update('0', 'hex'),
|
|
(error) => {
|
|
assert.ok(!('opensslErrorStack' in error));
|
|
if (common.hasFipsCrypto) {
|
|
@@ -240,15 +238,15 @@ assert.throws(() => {
|
|
library: 'rsa routines',
|
|
} : {
|
|
name: 'Error',
|
|
- message: /routines:RSA_sign:digest too big for rsa key$/,
|
|
- library: 'rsa routines',
|
|
- function: 'RSA_sign',
|
|
- reason: 'digest too big for rsa key',
|
|
+ message: /routines:RSA_sign:digest too big for rsa key$|routines:OPENSSL_internal:DIGEST_TOO_BIG_FOR_RSA_KEY$/,
|
|
+ library: /rsa routines|RSA routines/,
|
|
+ function: /RSA_sign|OPENSSL_internal/,
|
|
+ reason: /digest too big for rsa key|DIGEST_TOO_BIG_FOR_RSA_KEY/,
|
|
code: 'ERR_OSSL_RSA_DIGEST_TOO_BIG_FOR_RSA_KEY'
|
|
});
|
|
return true;
|
|
});
|
|
-
|
|
+/*
|
|
if (!common.hasOpenSSL3) {
|
|
assert.throws(() => {
|
|
// The correct header inside `rsa_private_pkcs8_bad.pem` should have been
|
|
@@ -276,7 +274,7 @@ if (!common.hasOpenSSL3) {
|
|
return true;
|
|
});
|
|
}
|
|
-
|
|
+*/
|
|
// Make sure memory isn't released before being returned
|
|
console.log(crypto.randomBytes(16));
|
|
|
|
diff --git a/test/parallel/test-https-agent-additional-options.js b/test/parallel/test-https-agent-additional-options.js
|
|
index 543ee176fb6af38874fee9f14be76f3fdda11060..fef9f1bc2f9fc6c220cf47847e86e03882b51b1d 100644
|
|
--- a/test/parallel/test-https-agent-additional-options.js
|
|
+++ b/test/parallel/test-https-agent-additional-options.js
|
|
@@ -13,7 +13,7 @@ const options = {
|
|
cert: fixtures.readKey('agent1-cert.pem'),
|
|
ca: fixtures.readKey('ca1-cert.pem'),
|
|
minVersion: 'TLSv1.1',
|
|
- ciphers: 'ALL@SECLEVEL=0'
|
|
+ // ciphers: 'ALL@SECLEVEL=0'
|
|
};
|
|
|
|
const server = https.Server(options, (req, res) => {
|
|
@@ -28,7 +28,7 @@ function getBaseOptions(port) {
|
|
ca: options.ca,
|
|
rejectUnauthorized: true,
|
|
servername: 'agent1',
|
|
- ciphers: 'ALL@SECLEVEL=0'
|
|
+ // ciphers: 'ALL@SECLEVEL=0'
|
|
};
|
|
}
|
|
|
|
diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js
|
|
index 940c43cc40bf15e51df177ee30ecc69ffbeec296..e95743a91a3c709c7d2c10dc80b3f75b7d988027 100644
|
|
--- a/test/parallel/test-https-agent-session-eviction.js
|
|
+++ b/test/parallel/test-https-agent-session-eviction.js
|
|
@@ -14,7 +14,7 @@ const options = {
|
|
key: readKey('agent1-key.pem'),
|
|
cert: readKey('agent1-cert.pem'),
|
|
secureOptions: SSL_OP_NO_TICKET,
|
|
- ciphers: 'RSA@SECLEVEL=0'
|
|
+ // ciphers: 'RSA@SECLEVEL=0'
|
|
};
|
|
|
|
// Create TLS1.2 server
|
|
diff --git a/test/parallel/test-tls-getcertificate-x509.js b/test/parallel/test-tls-getcertificate-x509.js
|
|
index aa685ca9e09cf0d17ff4d5480089e9977dd51f72..ccafa427433922155c1afd5d95ba69d8108825ef 100644
|
|
--- a/test/parallel/test-tls-getcertificate-x509.js
|
|
+++ b/test/parallel/test-tls-getcertificate-x509.js
|
|
@@ -20,9 +20,7 @@ const server = tls.createServer(options, function(cleartext) {
|
|
server.once('secureConnection', common.mustCall(function(socket) {
|
|
const cert = socket.getX509Certificate();
|
|
assert(cert instanceof X509Certificate);
|
|
- assert.strictEqual(
|
|
- cert.serialNumber,
|
|
- '5B75D77EDC7FB5B7FA9F1424DA4C64FB815DCBDE');
|
|
+ assert.match(cert.serialNumber, /5B75D77EDC7FB5B7FA9F1424DA4C64FB815DCBDE/i)
|
|
}));
|
|
|
|
server.listen(0, common.mustCall(function() {
|
|
@@ -33,10 +31,7 @@ server.listen(0, common.mustCall(function() {
|
|
const peerCert = socket.getPeerX509Certificate();
|
|
assert(peerCert.issuerCertificate instanceof X509Certificate);
|
|
assert.strictEqual(peerCert.issuerCertificate.issuerCertificate, undefined);
|
|
- assert.strictEqual(
|
|
- peerCert.issuerCertificate.serialNumber,
|
|
- '147D36C1C2F74206DE9FAB5F2226D78ADB00A425'
|
|
- );
|
|
+ assert.match(peerCert.issuerCertificate.serialNumber, /147D36C1C2F74206DE9FAB5F2226D78ADB00A425/i);
|
|
server.close();
|
|
}));
|
|
socket.end('Hello');
|
|
diff --git a/test/parallel/test-tls-getprotocol.js b/test/parallel/test-tls-getprotocol.js
|
|
index 02c683c71c8775e84d5d125a4f05560b8206677d..4c6dd20ca0a8d0acdf9f8d1b7153087de9305196 100644
|
|
--- a/test/parallel/test-tls-getprotocol.js
|
|
+++ b/test/parallel/test-tls-getprotocol.js
|
|
@@ -18,7 +18,7 @@ const clientConfigs = [
|
|
|
|
const serverConfig = {
|
|
secureProtocol: 'TLS_method',
|
|
- ciphers: 'RSA@SECLEVEL=0',
|
|
+ // ciphers: 'RSA@SECLEVEL=0',
|
|
key: fixtures.readKey('agent2-key.pem'),
|
|
cert: fixtures.readKey('agent2-cert.pem')
|
|
};
|
|
diff --git a/test/parallel/test-tls-write-error.js b/test/parallel/test-tls-write-error.js
|
|
index b06f2fa2c53ea72f9a66f0d002dd9281d0259a0f..864fffeebfad75d95416fd47efdea7f222c507a2 100644
|
|
--- a/test/parallel/test-tls-write-error.js
|
|
+++ b/test/parallel/test-tls-write-error.js
|
|
@@ -17,7 +17,7 @@ const server_cert = fixtures.readKey('agent1-cert.pem');
|
|
const opts = {
|
|
key: server_key,
|
|
cert: server_cert,
|
|
- ciphers: 'ALL@SECLEVEL=0'
|
|
+ // ciphers: 'ALL@SECLEVEL=0'
|
|
};
|
|
|
|
const server = https.createServer(opts, (req, res) => {
|
|
diff --git a/test/parallel/test-webcrypto-derivebits.js b/test/parallel/test-webcrypto-derivebits.js
|
|
index 442423954b10b2ee1696eb7db56eaa4c88492122..c65610245e7e328d5e844afc48f8f685c49be3b7 100644
|
|
--- a/test/parallel/test-webcrypto-derivebits.js
|
|
+++ b/test/parallel/test-webcrypto-derivebits.js
|
|
@@ -37,6 +37,7 @@ const { subtle } = require('crypto').webcrypto;
|
|
test('P-521').then(common.mustCall());
|
|
}
|
|
|
|
+/*
|
|
// Test HKDF bit derivation
|
|
{
|
|
async function test(pass, info, salt, hash, length, expected) {
|
|
@@ -68,6 +69,7 @@ const { subtle } = require('crypto').webcrypto;
|
|
|
|
tests.then(common.mustCall());
|
|
}
|
|
+*/
|
|
|
|
// Test PBKDF2 bit derivation
|
|
{
|
|
@@ -101,6 +103,7 @@ const { subtle } = require('crypto').webcrypto;
|
|
tests.then(common.mustCall());
|
|
}
|
|
|
|
+/*
|
|
// Test X25519 and X448 bit derivation
|
|
{
|
|
async function test(name) {
|
|
@@ -126,3 +129,4 @@ const { subtle } = require('crypto').webcrypto;
|
|
test('X25519').then(common.mustCall());
|
|
test('X448').then(common.mustCall());
|
|
}
|
|
+*/
|
|
diff --git a/test/parallel/test-webcrypto-derivekey.js b/test/parallel/test-webcrypto-derivekey.js
|
|
index f8eb996000ec899abafbfd558f4f49bad2c69c9a..0bf5c7811eeccff6194d8df41887df0a86a53823 100644
|
|
--- a/test/parallel/test-webcrypto-derivekey.js
|
|
+++ b/test/parallel/test-webcrypto-derivekey.js
|
|
@@ -46,6 +46,7 @@ const { webcrypto: { subtle }, KeyObject } = require('crypto');
|
|
test('P-521').then(common.mustCall());
|
|
}
|
|
|
|
+/*
|
|
// Test HKDF key derivation
|
|
{
|
|
async function test(pass, info, salt, hash, expected) {
|
|
@@ -82,6 +83,7 @@ const { webcrypto: { subtle }, KeyObject } = require('crypto');
|
|
|
|
tests.then(common.mustCall());
|
|
}
|
|
+*/
|
|
|
|
// Test PBKDF2 key derivation
|
|
{
|
|
@@ -151,6 +153,7 @@ const { webcrypto: { subtle }, KeyObject } = require('crypto');
|
|
})().then(common.mustCall());
|
|
}
|
|
|
|
+/*
|
|
// Test X25519 and X448 key derivation
|
|
{
|
|
async function test(name) {
|
|
@@ -185,3 +188,4 @@ const { webcrypto: { subtle }, KeyObject } = require('crypto');
|
|
test('X25519').then(common.mustCall());
|
|
test('X448').then(common.mustCall());
|
|
}
|
|
+*/
|
|
diff --git a/test/parallel/test-webcrypto-sign-verify.js b/test/parallel/test-webcrypto-sign-verify.js
|
|
index 6c6b15781549a4b37781bf0b8014054dc5d8c746..142d41b169c836201660d78c19383f3ffc469407 100644
|
|
--- a/test/parallel/test-webcrypto-sign-verify.js
|
|
+++ b/test/parallel/test-webcrypto-sign-verify.js
|
|
@@ -105,6 +105,7 @@ const { subtle } = require('crypto').webcrypto;
|
|
test('hello world').then(common.mustCall());
|
|
}
|
|
|
|
+/*
|
|
// Test Sign/Verify Ed25519
|
|
{
|
|
async function test(data) {
|
|
@@ -144,3 +145,4 @@ const { subtle } = require('crypto').webcrypto;
|
|
|
|
test('hello world').then(common.mustCall());
|
|
}
|
|
+*/
|
|
diff --git a/test/parallel/test-webcrypto-wrap-unwrap.js b/test/parallel/test-webcrypto-wrap-unwrap.js
|
|
index 1094845c73e14313860ad476fb7baba2a11b5af4..51972b4b34b191ac59145889dbf2da5c0d407dbe 100644
|
|
--- a/test/parallel/test-webcrypto-wrap-unwrap.js
|
|
+++ b/test/parallel/test-webcrypto-wrap-unwrap.js
|
|
@@ -18,14 +18,15 @@ const kWrappingData = {
|
|
wrap: { label: new Uint8Array(8) },
|
|
pair: true
|
|
},
|
|
- 'AES-CTR': {
|
|
+ 'AES-CBC': {
|
|
generate: { length: 128 },
|
|
- wrap: { counter: new Uint8Array(16), length: 64 },
|
|
+ wrap: { iv: new Uint8Array(16) },
|
|
pair: false
|
|
},
|
|
- 'AES-CBC': {
|
|
+ /*
|
|
+ 'AES-CTR': {
|
|
generate: { length: 128 },
|
|
- wrap: { iv: new Uint8Array(16) },
|
|
+ wrap: { counter: new Uint8Array(16), length: 64 },
|
|
pair: false
|
|
},
|
|
'AES-GCM': {
|
|
@@ -42,6 +43,7 @@ const kWrappingData = {
|
|
wrap: { },
|
|
pair: false
|
|
}
|
|
+ */
|
|
};
|
|
|
|
function generateWrappingKeys() {
|
|
diff --git a/test/parallel/test-x509-escaping.js b/test/parallel/test-x509-escaping.js
|
|
index c31a6d21351dc97054daf6276454e2cd98263e26..e339fcc3f9af9c55a9000bb1b836b553ef1bf795 100644
|
|
--- a/test/parallel/test-x509-escaping.js
|
|
+++ b/test/parallel/test-x509-escaping.js
|
|
@@ -447,7 +447,7 @@ const { hasOpenSSL3 } = common;
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
|
|
undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
|
|
- servername);
|
|
+ undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
|
|
undefined);
|
|
|
|
@@ -482,11 +482,11 @@ const { hasOpenSSL3 } = common;
|
|
assert.strictEqual(certX509.subjectAltName, 'IP Address:1.2.3.4');
|
|
|
|
// The newer X509Certificate API allows customizing this behavior:
|
|
- assert.strictEqual(certX509.checkHost(servername), servername);
|
|
+ assert.strictEqual(certX509.checkHost(servername), undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
|
|
- servername);
|
|
+ undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
|
|
- servername);
|
|
+ undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
|
|
undefined);
|
|
|