mirror of
https://github.com/electron/electron.git
synced 2026-02-19 03:14:51 -05:00
3a5f9e0a33
* chore: bump node in DEPS to v24.13.1 * chore: fixup patches refs: * https://github.com/nodejs/node/pull/60425 * https://github.com/nodejs/node/pull/61270 * https://github.com/nodejs/node/pull/61044 * fix: generate_config_gypi needs to generate valid JSON https://github.com/nodejs/node/pull/60794 * doc: align Buffer.concat documentation with behavior https://github.com/nodejs/node/pull/60405 * src: fix off-thread cert loading in bundled cert mode https://github.com/nodejs/node/pull/60764 * build: fix extraneous includes --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
1084 lines
42 KiB
Diff
1084 lines
42 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Rose <nornagon@nornagon.net>
|
|
Date: Tue, 9 Feb 2021 12:34:46 -0800
|
|
Subject: fix crypto tests to run with bssl
|
|
|
|
This fixes some crypto tests so that they pass when compiled with
|
|
BoringSSL.
|
|
|
|
This should be upstreamed in some form, though it may need to be tweaked
|
|
before it's acceptable to upstream, as this patch comments out a couple
|
|
of tests that upstream probably cares about.
|
|
|
|
diff --git a/test/parallel/test-crypto-async-sign-verify.js b/test/parallel/test-crypto-async-sign-verify.js
|
|
index 9876c4bb6ecd2e5b8879f153811cd0a0a22997aa..2c4bf03452eb10fec52c38a361b6aad93169f08d 100644
|
|
--- a/test/parallel/test-crypto-async-sign-verify.js
|
|
+++ b/test/parallel/test-crypto-async-sign-verify.js
|
|
@@ -102,17 +102,17 @@ if (!process.features.openssl_is_boringssl) {
|
|
// ECDSA w/ ieee-p1363 signature encoding
|
|
test('ec_secp256k1_public.pem', 'ec_secp256k1_private.pem', 'sha384', false,
|
|
{ dsaEncoding: 'ieee-p1363' });
|
|
-}
|
|
|
|
-// DSA w/ der signature encoding
|
|
-test('dsa_public.pem', 'dsa_private.pem', 'sha256',
|
|
- false);
|
|
-test('dsa_public.pem', 'dsa_private.pem', 'sha256',
|
|
- false, { dsaEncoding: 'der' });
|
|
+ // DSA w/ der signature encoding
|
|
+ test('dsa_public.pem', 'dsa_private.pem', 'sha256',
|
|
+ false);
|
|
+ test('dsa_public.pem', 'dsa_private.pem', 'sha256',
|
|
+ false, { dsaEncoding: 'der' });
|
|
|
|
-// DSA w/ ieee-p1363 signature encoding
|
|
-test('dsa_public.pem', 'dsa_private.pem', 'sha256', false,
|
|
- { dsaEncoding: 'ieee-p1363' });
|
|
+ // DSA w/ ieee-p1363 signature encoding
|
|
+ test('dsa_public.pem', 'dsa_private.pem', 'sha256', false,
|
|
+ { dsaEncoding: 'ieee-p1363' });
|
|
+}
|
|
|
|
// Test Parallel Execution w/ KeyObject is threadsafe in openssl3
|
|
{
|
|
diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
|
|
index e8fedf2d5d5072e00afd493ac2ac44748212b02e..6fcbe244871d25b2151d39160149aaa50dc96012 100644
|
|
--- a/test/parallel/test-crypto-authenticated.js
|
|
+++ b/test/parallel/test-crypto-authenticated.js
|
|
@@ -627,21 +627,25 @@ for (const test of TEST_CASES) {
|
|
{
|
|
// CCM cipher without data should not crash, see https://github.com/nodejs/node/issues/38035.
|
|
const algo = 'aes-128-ccm';
|
|
- const key = Buffer.alloc(16);
|
|
- const iv = Buffer.alloc(12);
|
|
- const opts = { authTagLength: 10 };
|
|
+ if (!ciphers.includes(algo)) {
|
|
+ common.printSkipMessage(`unsupported ${algo} test`);
|
|
+ } else {
|
|
+ const key = Buffer.alloc(16);
|
|
+ const iv = Buffer.alloc(12);
|
|
+ const opts = { authTagLength: 10 };
|
|
|
|
- const cipher = crypto.createCipheriv(algo, key, iv, opts);
|
|
- assert.throws(() => {
|
|
- cipher.final();
|
|
- }, hasOpenSSL3 ? {
|
|
- code: 'ERR_OSSL_TAG_NOT_SET'
|
|
- } : {
|
|
- message: /Unsupported state/
|
|
- });
|
|
+ const cipher = crypto.createCipheriv(algo, key, iv, opts);
|
|
+ assert.throws(() => {
|
|
+ cipher.final();
|
|
+ }, hasOpenSSL3 ? {
|
|
+ code: 'ERR_OSSL_TAG_NOT_SET'
|
|
+ } : {
|
|
+ message: /Unsupported state/
|
|
+ });
|
|
+ }
|
|
}
|
|
|
|
-{
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
const key = Buffer.alloc(32);
|
|
const iv = Buffer.alloc(12);
|
|
|
|
@@ -653,11 +657,13 @@ for (const test of TEST_CASES) {
|
|
message: errMessages.authTagLength
|
|
});
|
|
}
|
|
+} else {
|
|
+ common.printSkipMessage('Skipping unsupported chacha20-poly1305 test');
|
|
}
|
|
|
|
// ChaCha20-Poly1305 should respect the authTagLength option and should not
|
|
// require the authentication tag before calls to update() during decryption.
|
|
-{
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
const key = Buffer.alloc(32);
|
|
const iv = Buffer.alloc(12);
|
|
|
|
@@ -697,6 +703,8 @@ for (const test of TEST_CASES) {
|
|
}
|
|
}
|
|
}
|
|
+} else {
|
|
+ common.printSkipMessage('Skipping unsupported chacha20-poly1305 test');
|
|
}
|
|
|
|
// ChaCha20-Poly1305 should default to an authTagLength of 16. When encrypting,
|
|
@@ -706,7 +714,7 @@ for (const test of TEST_CASES) {
|
|
// shorter tags as long as their length was valid according to NIST SP 800-38D.
|
|
// For ChaCha20-Poly1305, we intentionally deviate from that because there are
|
|
// no recommended or approved authentication tag lengths below 16 bytes.
|
|
-{
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
const rfcTestCases = TEST_CASES.filter(({ algo, tampered }) => {
|
|
return algo === 'chacha20-poly1305' && tampered === false;
|
|
});
|
|
@@ -740,10 +748,12 @@ for (const test of TEST_CASES) {
|
|
|
|
assert.strictEqual(plaintext.toString('hex'), testCase.plain);
|
|
}
|
|
+} else {
|
|
+ common.printSkipMessage('Skipping unsupported chacha20-poly1305 test');
|
|
}
|
|
|
|
// https://github.com/nodejs/node/issues/45874
|
|
-{
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
const rfcTestCases = TEST_CASES.filter(({ algo, tampered }) => {
|
|
return algo === 'chacha20-poly1305' && tampered === false;
|
|
});
|
|
@@ -771,4 +781,6 @@ for (const test of TEST_CASES) {
|
|
assert.throws(() => {
|
|
decipher.final();
|
|
}, /Unsupported state or unable to authenticate data/);
|
|
+} else {
|
|
+ common.printSkipMessage('Skipping unsupported chacha20-poly1305 test');
|
|
}
|
|
diff --git a/test/parallel/test-crypto-cipheriv-decipheriv.js b/test/parallel/test-crypto-cipheriv-decipheriv.js
|
|
index 6742722f9e90914b4dc8c079426d10040d476f72..8801ddfe7023fd0f7d5657b86a9164d75765322e 100644
|
|
--- a/test/parallel/test-crypto-cipheriv-decipheriv.js
|
|
+++ b/test/parallel/test-crypto-cipheriv-decipheriv.js
|
|
@@ -62,6 +62,10 @@ function testCipher2(key, iv) {
|
|
|
|
|
|
function testCipher3(key, iv) {
|
|
+ if (!crypto.getCiphers().includes('id-aes128-wrap')) {
|
|
+ common.printSkipMessage(`unsupported id-aes128-wrap test`);
|
|
+ return;
|
|
+ }
|
|
// Test encryption and decryption with explicit key and iv.
|
|
// AES Key Wrap test vector comes from RFC3394
|
|
const plaintext = Buffer.from('00112233445566778899AABBCCDDEEFF', 'hex');
|
|
diff --git a/test/parallel/test-crypto-default-shake-lengths-oneshot.js b/test/parallel/test-crypto-default-shake-lengths-oneshot.js
|
|
index 247e58d93c4303ffde132e49fb25cf88d76fae7c..de1648d97c2189c2eb8a6509b19b0c462c203453 100644
|
|
--- a/test/parallel/test-crypto-default-shake-lengths-oneshot.js
|
|
+++ b/test/parallel/test-crypto-default-shake-lengths-oneshot.js
|
|
@@ -5,6 +5,10 @@ const common = require('../common');
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
|
|
+if (process.features.openssl_is_boringssl) {
|
|
+ common.skip('Skipping unsupported shake128 digest method test');
|
|
+}
|
|
+
|
|
const { hash } = require('crypto');
|
|
|
|
common.expectWarning({
|
|
diff --git a/test/parallel/test-crypto-dh-curves.js b/test/parallel/test-crypto-dh-curves.js
|
|
index 81a469c226c261564dee1e0b06b6571b18a41f1f..58b66045dba4201b7ebedd78b129420ffc316051 100644
|
|
--- a/test/parallel/test-crypto-dh-curves.js
|
|
+++ b/test/parallel/test-crypto-dh-curves.js
|
|
@@ -16,7 +16,7 @@ const p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' +
|
|
crypto.createDiffieHellman(p, 'hex');
|
|
|
|
// Confirm DH_check() results are exposed for optional examination.
|
|
-const bad_dh = crypto.createDiffieHellman('02', 'hex');
|
|
+const bad_dh = crypto.createDiffieHellman('abcd', 'hex', 0);
|
|
assert.notStrictEqual(bad_dh.verifyError, 0);
|
|
|
|
const availableCurves = new Set(crypto.getCurves());
|
|
diff --git a/test/parallel/test-crypto-dh-errors.js b/test/parallel/test-crypto-dh-errors.js
|
|
index d7527d82617efccd931f0fc2f700ab876872c1e6..5474d094c7af1bec1e9d144e04663a41def9df3c 100644
|
|
--- a/test/parallel/test-crypto-dh-errors.js
|
|
+++ b/test/parallel/test-crypto-dh-errors.js
|
|
@@ -27,13 +27,13 @@ assert.throws(() => crypto.createDiffieHellman('abcdef', 13.37), {
|
|
for (const bits of [-1, 0, 1]) {
|
|
if (hasOpenSSL3) {
|
|
assert.throws(() => crypto.createDiffieHellman(bits), {
|
|
- code: 'ERR_OSSL_DH_MODULUS_TOO_SMALL',
|
|
+ code: /ERR_OSSL_(BN_BITS|DH_MODULUS)_TOO_SMALL/,
|
|
name: 'Error',
|
|
message: /modulus too small/,
|
|
});
|
|
} else {
|
|
assert.throws(() => crypto.createDiffieHellman(bits), {
|
|
- code: 'ERR_OSSL_BN_BITS_TOO_SMALL',
|
|
+ code: /ERR_OSSL_(BN_BITS|DH_MODULUS)_TOO_SMALL/,
|
|
name: 'Error',
|
|
message: /bits[\s_]too[\s_]small/i,
|
|
});
|
|
diff --git a/test/parallel/test-crypto-dh-group-setters.js b/test/parallel/test-crypto-dh-group-setters.js
|
|
index 7c774111952eada92c62d45674c0845667ead1bf..37d0a44d0e1e102e5a9893cd8e48967050407c76 100644
|
|
--- a/test/parallel/test-crypto-dh-group-setters.js
|
|
+++ b/test/parallel/test-crypto-dh-group-setters.js
|
|
@@ -6,6 +6,10 @@ if (!common.hasCrypto)
|
|
const assert = require('assert');
|
|
const crypto = require('crypto');
|
|
|
|
+if (process.features.openssl_is_boringssl) {
|
|
+ common.skip('Skipping unsupported Diffie-Hellman tests');
|
|
+}
|
|
+
|
|
// Unlike DiffieHellman, DiffieHellmanGroup does not have any setters.
|
|
const dhg = crypto.getDiffieHellman('modp1');
|
|
assert.strictEqual(dhg.constructor, crypto.DiffieHellmanGroup);
|
|
diff --git a/test/parallel/test-crypto-dh-modp2-views.js b/test/parallel/test-crypto-dh-modp2-views.js
|
|
index 8d01731af79394cb33477a1ba4bb13561604e5e5..a28e615b7f35c7f4fc6ec6f7b065505336e6f832 100644
|
|
--- a/test/parallel/test-crypto-dh-modp2-views.js
|
|
+++ b/test/parallel/test-crypto-dh-modp2-views.js
|
|
@@ -7,6 +7,10 @@ const assert = require('assert');
|
|
const crypto = require('crypto');
|
|
const { modp2buf } = require('../common/crypto');
|
|
|
|
+if (process.features.openssl_is_boringssl) {
|
|
+ common.skip('Skipping unsupported Diffie-Hellman tests');
|
|
+}
|
|
+
|
|
const modp2 = crypto.createDiffieHellmanGroup('modp2');
|
|
|
|
const views = common.getArrayBufferViews(modp2buf);
|
|
diff --git a/test/parallel/test-crypto-dh-modp2.js b/test/parallel/test-crypto-dh-modp2.js
|
|
index 19767d26f4e5fbd1d82b5bfa6ebe0afddc412c3e..eb262f235ff30bf5dc988c1b34052c9856f4d186 100644
|
|
--- a/test/parallel/test-crypto-dh-modp2.js
|
|
+++ b/test/parallel/test-crypto-dh-modp2.js
|
|
@@ -6,6 +6,11 @@ if (!common.hasCrypto)
|
|
const assert = require('assert');
|
|
const crypto = require('crypto');
|
|
const { modp2buf } = require('../common/crypto');
|
|
+
|
|
+if (process.features.openssl_is_boringssl) {
|
|
+ common.skip('Skipping unsupported Diffie-Hellman tests');
|
|
+}
|
|
+
|
|
const modp2 = crypto.createDiffieHellmanGroup('modp2');
|
|
|
|
{
|
|
diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
|
|
index 3c00a5fc73bb9f86f944df74f29d6b5225bc2f0e..b4e7002d862907d2af3b4f8e985700bd03300809 100644
|
|
--- a/test/parallel/test-crypto-dh.js
|
|
+++ b/test/parallel/test-crypto-dh.js
|
|
@@ -97,17 +97,23 @@ const {
|
|
dh3.computeSecret('');
|
|
}, { message: hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
|
|
'Unspecified validation error' :
|
|
- 'Supplied key is too small' });
|
|
+ 'Supplied key is invalid' });
|
|
}
|
|
}
|
|
|
|
// Through a fluke of history, g=0 defaults to DH_GENERATOR (2).
|
|
{
|
|
const g = 0;
|
|
- crypto.createDiffieHellman('abcdef', g);
|
|
+ assert.throws(() => crypto.createDiffieHellman('abcdef', g), {
|
|
+ code: /ERR_CRYPTO_OPERATION_FAILED/,
|
|
+ name: 'Error'
|
|
+ });
|
|
crypto.createDiffieHellman('abcdef', 'hex', g);
|
|
}
|
|
|
|
{
|
|
- crypto.createDiffieHellman('abcdef', Buffer.from([2])); // OK
|
|
+ assert.throws(() => crypto.createDiffieHellman('abcdef', Buffer.from([2])), {
|
|
+ code: /ERR_CRYPTO_OPERATION_FAILED/,
|
|
+ name: 'Error'
|
|
+ });
|
|
}
|
|
diff --git a/test/parallel/test-crypto-hash-stream-pipe.js b/test/parallel/test-crypto-hash-stream-pipe.js
|
|
index d22281abbd5c3cab3aaa3ac494301fa6b4a8a968..5f0c6a4aed2e868a1a1049212edf218791cd6868 100644
|
|
--- a/test/parallel/test-crypto-hash-stream-pipe.js
|
|
+++ b/test/parallel/test-crypto-hash-stream-pipe.js
|
|
@@ -30,11 +30,11 @@ const crypto = require('crypto');
|
|
|
|
const stream = require('stream');
|
|
const s = new stream.PassThrough();
|
|
-const h = crypto.createHash('sha3-512');
|
|
-const expect = '36a38a2a35e698974d4e5791a3f05b05' +
|
|
- '198235381e864f91a0e8cd6a26b677ec' +
|
|
- 'dcde8e2b069bd7355fabd68abd6fc801' +
|
|
- '19659f25e92f8efc961ee3a7c815c758';
|
|
+const h = crypto.createHash('sha512');
|
|
+const expect = 'fba055c6fd0c5b6645407749ed7a8b41' +
|
|
+ 'b8f629f2163c3ca3701d864adabda1f8' +
|
|
+ '93c37bf82b22fdd151ba8e357f611da4' +
|
|
+ '88a74b6a5525dd9b69554c6ce5138ad7';
|
|
|
|
s.pipe(h).on('data', common.mustCall(function(c) {
|
|
assert.strictEqual(c, expect);
|
|
diff --git a/test/parallel/test-crypto-key-objects-to-crypto-key.js b/test/parallel/test-crypto-key-objects-to-crypto-key.js
|
|
index 141e51d1ab74a4fc3b176b303807fb1cf2a58ce1..ba4fc881aa72ba7c39e8ae227a08be0ecf501c6f 100644
|
|
--- a/test/parallel/test-crypto-key-objects-to-crypto-key.js
|
|
+++ b/test/parallel/test-crypto-key-objects-to-crypto-key.js
|
|
@@ -26,9 +26,14 @@ function assertCryptoKey(cryptoKey, keyObject, algorithm, extractable, usages) {
|
|
{
|
|
for (const length of [128, 192, 256]) {
|
|
const key = createSecretKey(randomBytes(length >> 3));
|
|
- const algorithms = ['AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW'];
|
|
+ let algorithms = ['AES-CTR', 'AES-CBC', 'AES-GCM', 'AES-KW'];
|
|
if (length === 256)
|
|
algorithms.push('ChaCha20-Poly1305');
|
|
+
|
|
+ if (process.features.openssl_is_boringssl) {
|
|
+ algorithms = algorithms.filter((a) => a !== 'AES-KW' && a !== 'ChaCha20-Poly1305');
|
|
+ }
|
|
+
|
|
for (const algorithm of algorithms) {
|
|
const usages = algorithm === 'AES-KW' ? ['wrapKey', 'unwrapKey'] : ['encrypt', 'decrypt'];
|
|
for (const extractable of [true, false]) {
|
|
@@ -97,7 +102,13 @@ function assertCryptoKey(cryptoKey, keyObject, algorithm, extractable, usages) {
|
|
}
|
|
|
|
{
|
|
- for (const algorithm of ['Ed25519', 'Ed448', 'X25519', 'X448']) {
|
|
+ const algorithms = ['Ed25519', 'X25519'];
|
|
+
|
|
+ if (!process.features.openssl_is_boringssl) {
|
|
+ algorithms.push('X448', 'Ed448');
|
|
+ }
|
|
+
|
|
+ for (const algorithm of algorithms) {
|
|
const { publicKey, privateKey } = generateKeyPairSync(algorithm.toLowerCase());
|
|
assert.throws(() => {
|
|
publicKey.toCryptoKey(algorithm === 'Ed25519' ? 'X25519' : 'Ed25519', true, []);
|
|
diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js
|
|
index e8359ed6d0362c6e8da8be08b0fd42245fa7ae47..bd8211d98261a1acc928e849bf713578c85ff877 100644
|
|
--- a/test/parallel/test-crypto-key-objects.js
|
|
+++ b/test/parallel/test-crypto-key-objects.js
|
|
@@ -302,11 +302,11 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
|
|
}, hasOpenSSL3 ? {
|
|
message: 'error:1E08010C:DECODER routines::unsupported',
|
|
} : {
|
|
- message: 'error:0909006C:PEM routines:get_name:no start line',
|
|
+ message: /no.start.line/i,
|
|
code: 'ERR_OSSL_PEM_NO_START_LINE',
|
|
- reason: 'no start line',
|
|
+ reason: /no.start.line/i,
|
|
library: 'PEM routines',
|
|
- function: 'get_name',
|
|
+ function: /get_name|OPENSSL_internal/,
|
|
});
|
|
|
|
// This should not abort either: https://github.com/nodejs/node/issues/29904
|
|
@@ -329,12 +329,12 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
|
|
message: /error:1E08010C:DECODER routines::unsupported/,
|
|
library: 'DECODER routines'
|
|
} : {
|
|
- message: /asn1 encoding/,
|
|
- library: 'asn1 encoding routines'
|
|
+ message: /asn1 encoding|public key routines/,
|
|
+ library: /asn1 encoding routines|public key routines/
|
|
});
|
|
}
|
|
|
|
-[
|
|
+const infos = [
|
|
{ private: fixtures.readKey('ed25519_private.pem', 'ascii'),
|
|
public: fixtures.readKey('ed25519_public.pem', 'ascii'),
|
|
keyType: 'ed25519',
|
|
@@ -344,17 +344,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
|
|
d: 'wVK6M3SMhQh3NK-7GRrSV-BVWQx1FO5pW8hhQeu_NdA',
|
|
kty: 'OKP'
|
|
} },
|
|
- { private: fixtures.readKey('ed448_private.pem', 'ascii'),
|
|
- public: fixtures.readKey('ed448_public.pem', 'ascii'),
|
|
- keyType: 'ed448',
|
|
- jwk: {
|
|
- crv: 'Ed448',
|
|
- x: 'oX_ee5-jlcU53-BbGRsGIzly0V-SZtJ_oGXY0udf84q2hTW2RdstLktvwpkVJOoNb7o' +
|
|
- 'Dgc2V5ZUA',
|
|
- d: '060Ke71sN0GpIc01nnGgMDkp0sFNQ09woVo4AM1ffax1-mjnakK0-p-S7-Xf859QewX' +
|
|
- 'jcR9mxppY',
|
|
- kty: 'OKP'
|
|
- } },
|
|
{ private: fixtures.readKey('x25519_private.pem', 'ascii'),
|
|
public: fixtures.readKey('x25519_public.pem', 'ascii'),
|
|
keyType: 'x25519',
|
|
@@ -364,18 +353,37 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
|
|
d: 'mL_IWm55RrALUGRfJYzw40gEYWMvtRkesP9mj8o8Omc',
|
|
kty: 'OKP'
|
|
} },
|
|
- { private: fixtures.readKey('x448_private.pem', 'ascii'),
|
|
+]
|
|
+
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
+ infos.push({
|
|
+ private: fixtures.readKey('ed448_private.pem', 'ascii'),
|
|
+ public: fixtures.readKey('ed448_public.pem', 'ascii'),
|
|
+ keyType: 'ed448',
|
|
+ jwk: {
|
|
+ crv: 'Ed448',
|
|
+ x: 'oX_ee5-jlcU53-BbGRsGIzly0V-SZtJ_oGXY0udf84q2hTW2RdstLktvwpkVJOoNb7o' +
|
|
+ 'Dgc2V5ZUA',
|
|
+ d: '060Ke71sN0GpIc01nnGgMDkp0sFNQ09woVo4AM1ffax1-mjnakK0-p-S7-Xf859QewX' +
|
|
+ 'jcR9mxppY',
|
|
+ kty: 'OKP'
|
|
+ }
|
|
+ }, {
|
|
+ private: fixtures.readKey('x448_private.pem', 'ascii'),
|
|
public: fixtures.readKey('x448_public.pem', 'ascii'),
|
|
keyType: 'x448',
|
|
jwk: {
|
|
crv: 'X448',
|
|
x: 'ioHSHVpTs6hMvghosEJDIR7ceFiE3-Xccxati64oOVJ7NWjfozE7ae31PXIUFq6cVYg' +
|
|
- 'vSKsDFPA',
|
|
+ 'vSKsDFPA',
|
|
d: 'tMNtrO_q8dlY6Y4NDeSTxNQ5CACkHiPvmukidPnNIuX_EkcryLEXt_7i6j6YZMKsrWy' +
|
|
- 'S0jlSYJk',
|
|
+ 'S0jlSYJk',
|
|
kty: 'OKP'
|
|
- } },
|
|
-].forEach((info) => {
|
|
+ }
|
|
+ });
|
|
+}
|
|
+
|
|
+infos.forEach((info) => {
|
|
const keyType = info.keyType;
|
|
|
|
{
|
|
@@ -417,7 +425,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
|
|
}
|
|
});
|
|
|
|
-[
|
|
+const ecInfos = [
|
|
{ private: fixtures.readKey('ec_p256_private.pem', 'ascii'),
|
|
public: fixtures.readKey('ec_p256_public.pem', 'ascii'),
|
|
keyType: 'ec',
|
|
@@ -429,17 +437,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
|
|
x: 'X0mMYR_uleZSIPjNztIkAS3_ud5LhNpbiIFp6fNf2Gs',
|
|
y: 'UbJuPy2Xi0lW7UYTBxPK3yGgDu9EAKYIecjkHX5s2lI'
|
|
} },
|
|
- { private: fixtures.readKey('ec_secp256k1_private.pem', 'ascii'),
|
|
- public: fixtures.readKey('ec_secp256k1_public.pem', 'ascii'),
|
|
- keyType: 'ec',
|
|
- namedCurve: 'secp256k1',
|
|
- jwk: {
|
|
- crv: 'secp256k1',
|
|
- d: 'c34ocwTwpFa9NZZh3l88qXyrkoYSxvC0FEsU5v1v4IM',
|
|
- kty: 'EC',
|
|
- x: 'cOzhFSpWxhalCbWNdP2H_yUkdC81C9T2deDpfxK7owA',
|
|
- y: '-A3DAZTk9IPppN-f03JydgHaFvL1fAHaoXf4SX4NXyo'
|
|
- } },
|
|
{ private: fixtures.readKey('ec_p384_private.pem', 'ascii'),
|
|
public: fixtures.readKey('ec_p384_public.pem', 'ascii'),
|
|
keyType: 'ec',
|
|
@@ -465,7 +462,25 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
|
|
y: 'Ad3flexBeAfXceNzRBH128kFbOWD6W41NjwKRqqIF26vmgW_8COldGKZjFkOSEASxPB' +
|
|
'cvA2iFJRUyQ3whC00j0Np'
|
|
} },
|
|
-].forEach((info) => {
|
|
+]
|
|
+
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
+ ecInfos.push({
|
|
+ private: fixtures.readKey('ec_secp256k1_private.pem', 'ascii'),
|
|
+ public: fixtures.readKey('ec_secp256k1_public.pem', 'ascii'),
|
|
+ keyType: 'ec',
|
|
+ namedCurve: 'secp256k1',
|
|
+ jwk: {
|
|
+ crv: 'secp256k1',
|
|
+ d: 'c34ocwTwpFa9NZZh3l88qXyrkoYSxvC0FEsU5v1v4IM',
|
|
+ kty: 'EC',
|
|
+ x: 'cOzhFSpWxhalCbWNdP2H_yUkdC81C9T2deDpfxK7owA',
|
|
+ y: '-A3DAZTk9IPppN-f03JydgHaFvL1fAHaoXf4SX4NXyo'
|
|
+ }
|
|
+ });
|
|
+}
|
|
+
|
|
+ecInfos.forEach((info) => {
|
|
const { keyType, namedCurve } = info;
|
|
|
|
{
|
|
@@ -540,7 +555,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
|
|
format: 'pem',
|
|
passphrase: Buffer.alloc(1024, 'a')
|
|
}), {
|
|
- message: /bad decrypt/
|
|
+ message: /bad.decrypt/i
|
|
});
|
|
|
|
const publicKey = createPublicKey(publicDsa);
|
|
@@ -566,7 +581,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
|
|
|
|
{
|
|
// Test RSA-PSS.
|
|
- {
|
|
+ if (!process.features.openssl_is_boringssl) {
|
|
// This key pair does not restrict the message digest algorithm or salt
|
|
// length.
|
|
const publicPem = fixtures.readKey('rsa_pss_public_2048.pem');
|
|
@@ -625,6 +640,8 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
|
|
}, {
|
|
code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS'
|
|
});
|
|
+ } else {
|
|
+ common.skip('Skipping unsupported RSA-PSS key test');
|
|
}
|
|
|
|
{
|
|
diff --git a/test/parallel/test-crypto-keygen-deprecation.js b/test/parallel/test-crypto-keygen-deprecation.js
|
|
index 926dfbbc4ae987217ab404ec25a3ca0a2ef2edcf..df0b379c1b1e982b96ea97c9814f38991d734ce4 100644
|
|
--- a/test/parallel/test-crypto-keygen-deprecation.js
|
|
+++ b/test/parallel/test-crypto-keygen-deprecation.js
|
|
@@ -4,6 +4,10 @@ const common = require('../common');
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
|
|
+if (process.features.openssl_is_boringssl) {
|
|
+ common.skip('Skipping unsupported RSA-PSS key tests');
|
|
+}
|
|
+
|
|
const DeprecationWarning = [];
|
|
DeprecationWarning.push([
|
|
'"options.hash" is deprecated, use "options.hashAlgorithm" instead.',
|
|
diff --git a/test/parallel/test-crypto-oneshot-hash-xof.js b/test/parallel/test-crypto-oneshot-hash-xof.js
|
|
index 75cb4800ff1bd51fedd7bc4e2d7e6af6f4f48346..b4363c31592763235116d970a5f45d4cf63de373 100644
|
|
--- a/test/parallel/test-crypto-oneshot-hash-xof.js
|
|
+++ b/test/parallel/test-crypto-oneshot-hash-xof.js
|
|
@@ -7,6 +7,10 @@ if (!common.hasCrypto) common.skip('missing crypto');
|
|
const assert = require('assert');
|
|
const crypto = require('crypto');
|
|
|
|
+if (process.features.openssl_is_boringssl) {
|
|
+ common.skip('BoringSSL does not support XOF hash functions');
|
|
+}
|
|
+
|
|
// Test XOF hash functions and the outputLength option.
|
|
{
|
|
// Default outputLengths.
|
|
diff --git a/test/parallel/test-crypto-pqc-key-objects-ml-dsa.js b/test/parallel/test-crypto-pqc-key-objects-ml-dsa.js
|
|
index 37eab463deae472a78102c9fc6e03d4b642854ce..99e8c47702c55a9518ff093a58d87c753bec3aa8 100644
|
|
--- a/test/parallel/test-crypto-pqc-key-objects-ml-dsa.js
|
|
+++ b/test/parallel/test-crypto-pqc-key-objects-ml-dsa.js
|
|
@@ -4,6 +4,10 @@ const common = require('../common');
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
|
|
+if (process.features.openssl_is_boringssl) {
|
|
+ common.skip('Skipping unsupported ML-DSA key tests');
|
|
+}
|
|
+
|
|
const { hasOpenSSL } = require('../common/crypto');
|
|
|
|
const assert = require('assert');
|
|
diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
|
|
index 119bc3c2d20ea7d681f0b579f9d91ad46cdc3634..ad9cd4fd81aff32ec175f469176e1012b81872ac 100644
|
|
--- a/test/parallel/test-crypto-rsa-dsa.js
|
|
+++ b/test/parallel/test-crypto-rsa-dsa.js
|
|
@@ -29,12 +29,11 @@ const dsaPkcs8KeyPem = fixtures.readKey('dsa_private_pkcs8.pem');
|
|
const ec = new TextEncoder();
|
|
|
|
const openssl1DecryptError = {
|
|
- message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
|
|
- 'bad decrypt',
|
|
- code: 'ERR_OSSL_EVP_BAD_DECRYPT',
|
|
- reason: 'bad decrypt',
|
|
- function: 'EVP_DecryptFinal_ex',
|
|
- library: 'digital envelope routines',
|
|
+ message: /bad decrypt|BAD_DECRYPT/i,
|
|
+ code: /ERR_OSSL_(EVP_)?BAD_DECRYPT/,
|
|
+ reason: /bad decrypt|BAD_DECRYPT/i,
|
|
+ function: /EVP_DecryptFinal_ex|OPENSSL_internal/,
|
|
+ library: /digital envelope routines|Cipher functions/,
|
|
};
|
|
|
|
const decryptError = hasOpenSSL3 ?
|
|
@@ -325,9 +324,12 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) {
|
|
}
|
|
|
|
test_rsa('RSA_NO_PADDING');
|
|
-test_rsa('RSA_PKCS1_PADDING');
|
|
test_rsa('RSA_PKCS1_OAEP_PADDING');
|
|
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
+ test_rsa('RSA_PKCS1_PADDING');
|
|
+}
|
|
+
|
|
// Test OAEP with different hash functions.
|
|
test_rsa('RSA_PKCS1_OAEP_PADDING', undefined, 'sha1');
|
|
test_rsa('RSA_PKCS1_OAEP_PADDING', 'sha1', undefined);
|
|
@@ -489,7 +491,7 @@ assert.throws(() => {
|
|
//
|
|
// Test DSA signing and verification
|
|
//
|
|
-{
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
const input = 'I AM THE WALRUS';
|
|
|
|
// DSA signatures vary across runs so there is no static string to verify
|
|
@@ -512,13 +514,15 @@ assert.throws(() => {
|
|
verify2.update(input);
|
|
|
|
assert.strictEqual(verify2.verify(dsaPubPem, signature2, 'hex'), true);
|
|
+} else {
|
|
+ common.printSkipMessage('Skipping unsupported DSA test case');
|
|
}
|
|
|
|
|
|
//
|
|
// Test DSA signing and verification with PKCS#8 private key
|
|
//
|
|
-{
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
const input = 'I AM THE WALRUS';
|
|
|
|
// DSA signatures vary across runs so there is no static string to verify
|
|
@@ -531,6 +535,8 @@ assert.throws(() => {
|
|
verify.update(input);
|
|
|
|
assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
|
|
+} else {
|
|
+ common.printSkipMessage('Skipping unsupported DSA test case');
|
|
}
|
|
|
|
|
|
@@ -547,7 +553,7 @@ const input = 'I AM THE WALRUS';
|
|
}, decryptPrivateKeyError);
|
|
}
|
|
|
|
-{
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
// DSA signatures vary across runs so there is no static string to verify
|
|
// against.
|
|
const sign = crypto.createSign('SHA1');
|
|
@@ -559,4 +565,6 @@ const input = 'I AM THE WALRUS';
|
|
verify.update(input);
|
|
|
|
assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
|
|
+} else {
|
|
+ common.printSkipMessage('Skipping unsupported DSA test case');
|
|
}
|
|
diff --git a/test/parallel/test-crypto-scrypt.js b/test/parallel/test-crypto-scrypt.js
|
|
index eafdfe392bde8eb1fde1dc7e7e9ae51682c74b87..2907e0175379266c90acb9df829d10283bd46652 100644
|
|
--- a/test/parallel/test-crypto-scrypt.js
|
|
+++ b/test/parallel/test-crypto-scrypt.js
|
|
@@ -192,7 +192,7 @@ for (const options of incompatibleOptions) {
|
|
|
|
for (const options of toobig) {
|
|
const expected = {
|
|
- message: /Invalid scrypt params:.*memory limit exceeded/,
|
|
+ message: /Invalid scrypt params/,
|
|
code: 'ERR_CRYPTO_INVALID_SCRYPT_PARAMS',
|
|
};
|
|
assert.throws(() => crypto.scrypt('pass', 'salt', 1, options, () => {}),
|
|
diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
|
|
index a66f0a94efd7c952c1d2320fbc7a39fe3a88a8a1..dc5846db0e3dcf8f7cb5f7efcdbc81c1d767ab88 100644
|
|
--- a/test/parallel/test-crypto-sign-verify.js
|
|
+++ b/test/parallel/test-crypto-sign-verify.js
|
|
@@ -33,7 +33,7 @@ const keySize = 2048;
|
|
}
|
|
|
|
// Test handling of exceptional conditions
|
|
-{
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
const library = {
|
|
configurable: true,
|
|
set() {
|
|
@@ -345,15 +345,15 @@ assert.throws(
|
|
padding: crypto.constants.RSA_PKCS1_OAEP_PADDING
|
|
});
|
|
}, hasOpenSSL(3) ? {
|
|
- code: 'ERR_OSSL_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
|
|
- message: /illegal or unsupported padding mode/,
|
|
+ code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
|
|
+ message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
|
|
} : {
|
|
- code: 'ERR_OSSL_RSA_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
|
|
- message: /illegal or unsupported padding mode/,
|
|
- opensslErrorStack: [
|
|
+ code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
|
|
+ message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
|
|
+ /*opensslErrorStack: [
|
|
'error:06089093:digital envelope routines:EVP_PKEY_CTX_ctrl:' +
|
|
'command not supported',
|
|
- ],
|
|
+ ],*/
|
|
});
|
|
}
|
|
|
|
@@ -423,11 +423,13 @@ assert.throws(
|
|
public: fixtures.readKey('ed25519_public.pem', 'ascii'),
|
|
algo: null,
|
|
sigLen: 64 },
|
|
+ /*
|
|
{ private: fixtures.readKey('ed448_private.pem', 'ascii'),
|
|
public: fixtures.readKey('ed448_public.pem', 'ascii'),
|
|
algo: null,
|
|
supportsContext: true,
|
|
sigLen: 114 },
|
|
+ */
|
|
{ private: fixtures.readKey('rsa_private_2048.pem', 'ascii'),
|
|
public: fixtures.readKey('rsa_public_2048.pem', 'ascii'),
|
|
algo: 'sha1',
|
|
@@ -547,7 +549,7 @@ assert.throws(
|
|
|
|
{
|
|
const data = Buffer.from('Hello world');
|
|
- const keys = [['ec-key.pem', 64], ['dsa_private_1025.pem', 40]];
|
|
+ const keys = [['ec-key.pem', 64]/*, ['dsa_private_1025.pem', 40]*/];
|
|
|
|
for (const [file, length] of keys) {
|
|
const privKey = fixtures.readKey(file);
|
|
diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js
|
|
index d21a6bd3d98d6db26cc82896e62da2869cf22842..21553911f8e16a76187bfff120dfbeead04e6269 100644
|
|
--- a/test/parallel/test-crypto.js
|
|
+++ b/test/parallel/test-crypto.js
|
|
@@ -62,7 +62,7 @@ assert.throws(() => {
|
|
// Throws general Error, so there is no opensslErrorStack property.
|
|
return err instanceof Error &&
|
|
err.name === 'Error' &&
|
|
- /^Error: mac verify failure$/.test(err) &&
|
|
+ (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
|
|
!('opensslErrorStack' in err);
|
|
});
|
|
|
|
@@ -72,7 +72,7 @@ assert.throws(() => {
|
|
// Throws general Error, so there is no opensslErrorStack property.
|
|
return err instanceof Error &&
|
|
err.name === 'Error' &&
|
|
- /^Error: mac verify failure$/.test(err) &&
|
|
+ (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
|
|
!('opensslErrorStack' in err);
|
|
});
|
|
|
|
@@ -82,7 +82,7 @@ assert.throws(() => {
|
|
// Throws general Error, so there is no opensslErrorStack property.
|
|
return err instanceof Error &&
|
|
err.name === 'Error' &&
|
|
- /^Error: not enough data$/.test(err) &&
|
|
+ /^Error: (not enough data|BAD_PKCS12_DATA)$/.test(err) &&
|
|
!('opensslErrorStack' in err);
|
|
});
|
|
|
|
@@ -145,8 +145,6 @@ assert(crypto.getHashes().includes('sha1'));
|
|
assert(crypto.getHashes().includes('sha256'));
|
|
assert(!crypto.getHashes().includes('SHA1'));
|
|
assert(!crypto.getHashes().includes('SHA256'));
|
|
-assert(crypto.getHashes().includes('RSA-SHA1'));
|
|
-assert(!crypto.getHashes().includes('rsa-sha1'));
|
|
validateList(crypto.getHashes());
|
|
// Make sure all of the hashes are supported by OpenSSL
|
|
for (const algo of crypto.getHashes())
|
|
@@ -197,61 +195,63 @@ assert.throws(
|
|
}
|
|
);
|
|
|
|
-assert.throws(() => {
|
|
- const priv = [
|
|
- '-----BEGIN RSA PRIVATE KEY-----',
|
|
- 'MIGrAgEAAiEA+3z+1QNF2/unumadiwEr+C5vfhezsb3hp4jAnCNRpPcCAwEAAQIgQNriSQK4',
|
|
- 'EFwczDhMZp2dvbcz7OUUyt36z3S4usFPHSECEQD/41K7SujrstBfoCPzwC1xAhEA+5kt4BJy',
|
|
- 'eKN7LggbF3Dk5wIQN6SL+fQ5H/+7NgARsVBp0QIRANxYRukavs4QvuyNhMx+vrkCEQCbf6j/',
|
|
- 'Ig6/HueCK/0Jkmp+',
|
|
- '-----END RSA PRIVATE KEY-----',
|
|
- '',
|
|
- ].join('\n');
|
|
- crypto.createSign('SHA256').update('test').sign(priv);
|
|
-}, (err) => {
|
|
- if (!hasOpenSSL3)
|
|
- assert.ok(!('opensslErrorStack' in err));
|
|
- assert.throws(() => { throw err; }, hasOpenSSL3 ? {
|
|
- name: 'Error',
|
|
- message: 'error:02000070:rsa routines::digest too big for rsa key',
|
|
- library: 'rsa routines',
|
|
- } : {
|
|
- name: 'Error',
|
|
- message: /routines:RSA_sign:digest too big for rsa key$/,
|
|
- library: /rsa routines/i,
|
|
- function: 'RSA_sign',
|
|
- reason: /digest[\s_]too[\s_]big[\s_]for[\s_]rsa[\s_]key/i,
|
|
- code: 'ERR_OSSL_RSA_DIGEST_TOO_BIG_FOR_RSA_KEY'
|
|
- });
|
|
- return true;
|
|
-});
|
|
-
|
|
-if (!hasOpenSSL3) {
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
assert.throws(() => {
|
|
- // The correct header inside `rsa_private_pkcs8_bad.pem` should have been
|
|
- // -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----
|
|
- // instead of
|
|
- // -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----
|
|
- const sha1_privateKey = fixtures.readKey('rsa_private_pkcs8_bad.pem',
|
|
- 'ascii');
|
|
- // This would inject errors onto OpenSSL's error stack
|
|
- crypto.createSign('sha1').sign(sha1_privateKey);
|
|
+ const priv = [
|
|
+ '-----BEGIN RSA PRIVATE KEY-----',
|
|
+ 'MIGrAgEAAiEA+3z+1QNF2/unumadiwEr+C5vfhezsb3hp4jAnCNRpPcCAwEAAQIgQNriSQK4',
|
|
+ 'EFwczDhMZp2dvbcz7OUUyt36z3S4usFPHSECEQD/41K7SujrstBfoCPzwC1xAhEA+5kt4BJy',
|
|
+ 'eKN7LggbF3Dk5wIQN6SL+fQ5H/+7NgARsVBp0QIRANxYRukavs4QvuyNhMx+vrkCEQCbf6j/',
|
|
+ 'Ig6/HueCK/0Jkmp+',
|
|
+ '-----END RSA PRIVATE KEY-----',
|
|
+ '',
|
|
+ ].join('\n');
|
|
+ crypto.createSign('SHA256').update('test').sign(priv);
|
|
}, (err) => {
|
|
- // Do the standard checks, but then do some custom checks afterwards.
|
|
- assert.throws(() => { throw err; }, {
|
|
- message: 'error:0D0680A8:asn1 encoding routines:asn1_check_tlen:' +
|
|
- 'wrong tag',
|
|
- library: 'asn1 encoding routines',
|
|
- function: 'asn1_check_tlen',
|
|
- reason: 'wrong tag',
|
|
- code: 'ERR_OSSL_ASN1_WRONG_TAG',
|
|
+ if (!hasOpenSSL3)
|
|
+ assert.ok(!('opensslErrorStack' in err));
|
|
+ assert.throws(() => { throw err; }, hasOpenSSL3 ? {
|
|
+ name: 'Error',
|
|
+ message: 'error:02000070:rsa routines::digest too big for rsa key',
|
|
+ library: 'rsa routines',
|
|
+ } : {
|
|
+ name: 'Error',
|
|
+ message: /routines:RSA_sign:digest too big for rsa key$/,
|
|
+ library: /rsa routines/i,
|
|
+ function: 'RSA_sign',
|
|
+ reason: /digest[\s_]too[\s_]big[\s_]for[\s_]rsa[\s_]key/i,
|
|
+ code: 'ERR_OSSL_RSA_DIGEST_TOO_BIG_FOR_RSA_KEY'
|
|
});
|
|
- // Throws crypto error, so there is an opensslErrorStack property.
|
|
- // The openSSL stack should have content.
|
|
- assert(Array.isArray(err.opensslErrorStack));
|
|
- assert(err.opensslErrorStack.length > 0);
|
|
return true;
|
|
});
|
|
+
|
|
+ if (!hasOpenSSL3) {
|
|
+ assert.throws(() => {
|
|
+ // The correct header inside `rsa_private_pkcs8_bad.pem` should have been
|
|
+ // -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----
|
|
+ // instead of
|
|
+ // -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----
|
|
+ const sha1_privateKey = fixtures.readKey('rsa_private_pkcs8_bad.pem',
|
|
+ 'ascii');
|
|
+ // This would inject errors onto OpenSSL's error stack
|
|
+ crypto.createSign('sha1').sign(sha1_privateKey);
|
|
+ }, (err) => {
|
|
+ // Do the standard checks, but then do some custom checks afterwards.
|
|
+ assert.throws(() => { throw err; }, {
|
|
+ message: 'error:0D0680A8:asn1 encoding routines:asn1_check_tlen:' +
|
|
+ 'wrong tag',
|
|
+ library: 'asn1 encoding routines',
|
|
+ function: 'asn1_check_tlen',
|
|
+ reason: 'wrong tag',
|
|
+ code: 'ERR_OSSL_ASN1_WRONG_TAG',
|
|
+ });
|
|
+ // Throws crypto error, so there is an opensslErrorStack property.
|
|
+ // The openSSL stack should have content.
|
|
+ assert(Array.isArray(err.opensslErrorStack));
|
|
+ assert(err.opensslErrorStack.length > 0);
|
|
+ return true;
|
|
+ });
|
|
+ }
|
|
}
|
|
|
|
// Make sure memory isn't released before being returned
|
|
diff --git a/test/parallel/test-tls-client-auth.js b/test/parallel/test-tls-client-auth.js
|
|
index b347c0a88df571296127985f8e7b70de66726cc0..66465783d344dab1330069e36577d41fc75db962 100644
|
|
--- a/test/parallel/test-tls-client-auth.js
|
|
+++ b/test/parallel/test-tls-client-auth.js
|
|
@@ -112,7 +112,7 @@ if (tls.DEFAULT_MAX_VERSION === 'TLSv1.3') connect({
|
|
// and sends a fatal Alert to the client that the client discovers there has
|
|
// been a fatal error.
|
|
pair.client.conn.once('error', common.mustCall((err) => {
|
|
- assert.strictEqual(err.code, 'ERR_SSL_TLSV13_ALERT_CERTIFICATE_REQUIRED');
|
|
+ //assert.strictEqual(err.code, 'ERR_SSL_TLSV13_ALERT_CERTIFICATE_REQUIRED');
|
|
cleanup();
|
|
}));
|
|
});
|
|
diff --git a/test/parallel/test-tls-peer-certificate.js b/test/parallel/test-tls-peer-certificate.js
|
|
index 41e3c883d950e074dffcdd6df888eaf47696039c..304724b564956ff3c38cb42793141ddcc57dfd75 100644
|
|
--- a/test/parallel/test-tls-peer-certificate.js
|
|
+++ b/test/parallel/test-tls-peer-certificate.js
|
|
@@ -55,7 +55,7 @@ connect({
|
|
assert.strictEqual(peerCert.ca, false);
|
|
assert.strictEqual(peerCert.issuerCertificate.ca, true);
|
|
assert.strictEqual(peerCert.subject.emailAddress, 'ry@tinyclouds.org');
|
|
- assert.strictEqual(peerCert.serialNumber, '147D36C1C2F74206DE9FAB5F2226D78ADB00A426');
|
|
+ assert.match(peerCert.serialNumber, /147D36C1C2F74206DE9FAB5F2226D78ADB00A426/i);
|
|
assert.strictEqual(peerCert.exponent, '0x10001');
|
|
assert.strictEqual(peerCert.bits, 2048);
|
|
// The conversion to bits is odd because modulus isn't a buffer, its a hex
|
|
@@ -95,7 +95,7 @@ connect({
|
|
|
|
const issuer = peerCert.issuerCertificate;
|
|
assert.strictEqual(issuer.issuerCertificate, issuer);
|
|
- assert.strictEqual(issuer.serialNumber, '4AB16C8DFD6A7D0D2DFCABDF9C4B0E92C6AD0229');
|
|
+ assert.match(issuer.serialNumber, /4AB16C8DFD6A7D0D2DFCABDF9C4B0E92C6AD0229/i);
|
|
|
|
return cleanup();
|
|
});
|
|
@@ -114,7 +114,7 @@ connect({
|
|
|
|
assert.ok(peerCert.issuerCertificate);
|
|
assert.strictEqual(peerCert.subject.emailAddress, 'ry@tinyclouds.org');
|
|
- assert.strictEqual(peerCert.serialNumber, '32E8197681DA33185867B52885F678BFDBA51727');
|
|
+ assert.match(peerCert.serialNumber, /32E8197681DA33185867B52885F678BFDBA51727/i);
|
|
assert.strictEqual(peerCert.exponent, undefined);
|
|
assert.strictEqual(peerCert.pubKey, undefined);
|
|
assert.strictEqual(peerCert.modulus, undefined);
|
|
@@ -146,7 +146,6 @@ connect({
|
|
|
|
const issuer = peerCert.issuerCertificate;
|
|
assert.strictEqual(issuer.issuerCertificate, issuer);
|
|
- assert.strictEqual(issuer.serialNumber, '32E8197681DA33185867B52885F678BFDBA51727');
|
|
-
|
|
+ assert.match(issuer.serialNumber, /32E8197681DA33185867B52885F678BFDBA51727/i);
|
|
return cleanup();
|
|
});
|
|
diff --git a/test/parallel/test-tls-pfx-authorizationerror.js b/test/parallel/test-tls-pfx-authorizationerror.js
|
|
index eb705d591ef23a90bd78d52797fd1a58bc84a7dd..da428f1320e9e7bd1683724806a7438ed5aa38cc 100644
|
|
--- a/test/parallel/test-tls-pfx-authorizationerror.js
|
|
+++ b/test/parallel/test-tls-pfx-authorizationerror.js
|
|
@@ -22,13 +22,13 @@ const server = tls
|
|
rejectUnauthorized: false
|
|
},
|
|
common.mustCall(function(c) {
|
|
- assert.strictEqual(c.getPeerCertificate().serialNumber,
|
|
- '147D36C1C2F74206DE9FAB5F2226D78ADB00A426');
|
|
+ assert.match(c.getPeerCertificate().serialNumber,
|
|
+ /147D36C1C2F74206DE9FAB5F2226D78ADB00A426/i);
|
|
assert.strictEqual(c.authorizationError, null);
|
|
c.end();
|
|
})
|
|
)
|
|
- .listen(0, function() {
|
|
+ .listen(0, common.mustCall(function() {
|
|
const client = tls.connect(
|
|
{
|
|
port: this.address().port,
|
|
@@ -36,16 +36,16 @@ const server = tls
|
|
passphrase: 'sample',
|
|
rejectUnauthorized: false
|
|
},
|
|
- function() {
|
|
+ common.mustCall(() => {
|
|
for (let i = 0; i < 10; ++i) {
|
|
// Calling this repeatedly is a regression test that verifies
|
|
// that .getCertificate() does not accidentally decrease the
|
|
// reference count of the X509* certificate on the native side.
|
|
- assert.strictEqual(client.getCertificate().serialNumber,
|
|
- '147D36C1C2F74206DE9FAB5F2226D78ADB00A426');
|
|
+ assert.match(client.getCertificate().serialNumber,
|
|
+ /147D36C1C2F74206DE9FAB5F2226D78ADB00A426/i);
|
|
}
|
|
client.end();
|
|
server.close();
|
|
- }
|
|
+ }),
|
|
);
|
|
- });
|
|
+ }));
|
|
diff --git a/test/parallel/test-tls-set-sigalgs.js b/test/parallel/test-tls-set-sigalgs.js
|
|
index 985ca13ba2ac7d58f87c263c7654c4f4087efddf..21c199bdb12739f82a075c4e10e08faf8c587cf4 100644
|
|
--- a/test/parallel/test-tls-set-sigalgs.js
|
|
+++ b/test/parallel/test-tls-set-sigalgs.js
|
|
@@ -65,13 +65,14 @@ test('RSA-PSS+SHA256:RSA-PSS+SHA512:ECDSA+SHA256',
|
|
'RSA-PSS+SHA256:ECDSA+SHA256',
|
|
['RSA-PSS+SHA256', 'ECDSA+SHA256']);
|
|
|
|
+const cerr = process.features.openssl_is_boringssl ?
|
|
+ 'ERR_SSL_NO_COMMON_SIGNATURE_ALGORITHMS' : 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITHMS';
|
|
+
|
|
// Do not have shared sigalgs.
|
|
const handshakeErr = hasOpenSSL(3, 2) ?
|
|
'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
|
|
test('RSA-PSS+SHA384', 'ECDSA+SHA256',
|
|
- undefined, handshakeErr,
|
|
- 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITHMS');
|
|
+ undefined, handshakeErr, cerr);
|
|
|
|
test('RSA-PSS+SHA384:ECDSA+SHA256', 'ECDSA+SHA384:RSA-PSS+SHA256',
|
|
- undefined, handshakeErr,
|
|
- 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITHMS');
|
|
+ undefined, handshakeErr, cerr);
|
|
\ No newline at end of file
|
|
diff --git a/test/parallel/test-webcrypto-export-import-cfrg.js b/test/parallel/test-webcrypto-export-import-cfrg.js
|
|
index ae203e1005de0ab4370bd611f4f2ae64bb7a9a6a..216ce5fd14001183e7deb2abadc93178e7a18a58 100644
|
|
--- a/test/parallel/test-webcrypto-export-import-cfrg.js
|
|
+++ b/test/parallel/test-webcrypto-export-import-cfrg.js
|
|
@@ -411,7 +411,7 @@ async function testImportRaw({ name, publicUsages }) {
|
|
await Promise.all(tests);
|
|
})().then(common.mustCall());
|
|
|
|
-{
|
|
+if (!process.features.openssl_is_boringssl) {
|
|
const rsaPublic = crypto.createPublicKey(
|
|
fixtures.readKey('rsa_public_2048.pem'));
|
|
const rsaPrivate = crypto.createPrivateKey(
|
|
@@ -432,4 +432,6 @@ async function testImportRaw({ name, publicUsages }) {
|
|
{ name },
|
|
true, privateUsages), { message: /Invalid key type/ }).then(common.mustCall());
|
|
}
|
|
+} else {
|
|
+ common.printSkipMessage('Skipping RSA key import tests');
|
|
}
|
|
diff --git a/test/parallel/test-webcrypto-wrap-unwrap.js b/test/parallel/test-webcrypto-wrap-unwrap.js
|
|
index bd788ec4ed88289d35798b8af8c9490a68e081a2..c6a6f33490595faabaefc9b58afdd813f0887258 100644
|
|
--- a/test/parallel/test-webcrypto-wrap-unwrap.js
|
|
+++ b/test/parallel/test-webcrypto-wrap-unwrap.js
|
|
@@ -179,13 +179,6 @@ async function generateKeysToWrap() {
|
|
usages: ['encrypt', 'decrypt'],
|
|
pair: false,
|
|
},
|
|
- {
|
|
- algorithm: {
|
|
- name: 'ChaCha20-Poly1305'
|
|
- },
|
|
- usages: ['encrypt', 'decrypt'],
|
|
- pair: false,
|
|
- },
|
|
{
|
|
algorithm: {
|
|
name: 'HMAC',
|
|
@@ -210,6 +203,18 @@ async function generateKeysToWrap() {
|
|
common.printSkipMessage('Skipping unsupported AES-KW test case');
|
|
}
|
|
|
|
+ if (!process.features.openssl_is_boringssl) {
|
|
+ parameters.push({
|
|
+ algorithm: {
|
|
+ name: 'ChaCha20-Poly1305'
|
|
+ },
|
|
+ usages: ['encrypt', 'decrypt'],
|
|
+ pair: false,
|
|
+ });
|
|
+ } else {
|
|
+ common.printSkipMessage('Skipping unsupported ChaCha20-Poly1305 test case');
|
|
+ }
|
|
+
|
|
if (hasOpenSSL(3, 5)) {
|
|
for (const name of ['ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87']) {
|
|
parameters.push({
|
|
diff --git a/test/parallel/test-x509-escaping.js b/test/parallel/test-x509-escaping.js
|
|
index c8fc4abbb108a6d6849e8452d97d29187da2ebe6..825ba4c8dce775f401080a0522565bb7a087bcc3 100644
|
|
--- a/test/parallel/test-x509-escaping.js
|
|
+++ b/test/parallel/test-x509-escaping.js
|
|
@@ -438,7 +438,7 @@ const { hasOpenSSL3 } = require('../common/crypto');
|
|
const cert = fixtures.readKey('incorrect_san_correct_subject-cert.pem');
|
|
|
|
// The hostname is the CN, but not a SAN entry.
|
|
- const servername = process.features.openssl_is_boringssl ? undefined : 'good.example.com';
|
|
+ const servername = 'good.example.com';
|
|
const certX509 = new X509Certificate(cert);
|
|
assert.strictEqual(certX509.subject, `CN=${servername}`);
|
|
assert.strictEqual(certX509.subjectAltName, 'DNS:evil.example.com');
|
|
@@ -448,7 +448,7 @@ const { hasOpenSSL3 } = require('../common/crypto');
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
|
|
undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
|
|
- servername);
|
|
+ undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
|
|
undefined);
|
|
|
|
@@ -483,11 +483,11 @@ const { hasOpenSSL3 } = require('../common/crypto');
|
|
assert.strictEqual(certX509.subjectAltName, 'IP Address:1.2.3.4');
|
|
|
|
// The newer X509Certificate API allows customizing this behavior:
|
|
- assert.strictEqual(certX509.checkHost(servername), servername);
|
|
+ assert.strictEqual(certX509.checkHost(servername), undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
|
|
- servername);
|
|
+ undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
|
|
- servername);
|
|
+ undefined);
|
|
assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
|
|
undefined);
|
|
|