From 13d8549abdb2b6aa6137637193b1815a14a5f9a8 Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Fri, 13 Sep 2019 13:19:06 -0700 Subject: [PATCH] test: well-defined DH groups now verify clean OpenSSL 1.1.1d no longer generates warnings for some DH groups that used to be considered unsafe. See below for discussion. This is considered a bug fix. See: - https://github.com/openssl/openssl/pull/9363 - https://github.com/openssl/openssl/pull/9363#discussion_r324802618 PR-URL: https://github.com/nodejs/node/pull/29550 Reviewed-By: Ben Noordhuis Reviewed-By: Anna Henningsen --- test/parallel/test-crypto-binary-default.js | 4 +--- test/parallel/test-crypto-dh.js | 19 +++++++------------ 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/test/parallel/test-crypto-binary-default.js b/test/parallel/test-crypto-binary-default.js index 228e2cc8abdc81..5f59416c62fbda 100644 --- a/test/parallel/test-crypto-binary-default.js +++ b/test/parallel/test-crypto-binary-default.js @@ -36,7 +36,6 @@ const crypto = require('crypto'); const fs = require('fs'); const tls = require('tls'); const fixtures = require('../common/fixtures'); -const DH_NOT_SUITABLE_GENERATOR = crypto.constants.DH_NOT_SUITABLE_GENERATOR; require('internal/crypto/util').setDefaultEncoding('latin1'); @@ -615,8 +614,7 @@ common.expectsError( '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF'; - const d = crypto.createDiffieHellman(p, 'hex'); - assert.strictEqual(d.verifyError, DH_NOT_SUITABLE_GENERATOR); + crypto.createDiffieHellman(p, 'hex'); // Test RSA key signing/verification const rsaSign = crypto.createSign('SHA1'); diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js index 8e584100d9913b..cd5dda59fb07d4 100644 --- a/test/parallel/test-crypto-dh.js +++ b/test/parallel/test-crypto-dh.js @@ -6,8 +6,6 @@ if (!common.hasCrypto) const assert = require('assert'); const crypto = require('crypto'); -const DH_NOT_SUITABLE_GENERATOR = crypto.constants.DH_NOT_SUITABLE_GENERATOR; - // Test Diffie-Hellman with two parties sharing a secret, // using various encodings as we go along const dh1 = crypto.createDiffieHellman(common.hasFipsCrypto ? 1024 : 256); @@ -121,8 +119,6 @@ bob.generateKeys(); const aSecret = alice.computeSecret(bob.getPublicKey()).toString('hex'); const bSecret = bob.computeSecret(alice.getPublicKey()).toString('hex'); assert.strictEqual(aSecret, bSecret); -assert.strictEqual(alice.verifyError, DH_NOT_SUITABLE_GENERATOR); -assert.strictEqual(bob.verifyError, DH_NOT_SUITABLE_GENERATOR); /* Ensure specific generator (buffer) works as expected. * The values below (modp2/modp2buf) are for a 1024 bits long prime from @@ -153,8 +149,6 @@ const modp2buf = Buffer.from([ const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey()) .toString('hex'); assert.strictEqual(modp2Secret, exmodp2Secret); - assert.strictEqual(modp2.verifyError, DH_NOT_SUITABLE_GENERATOR); - assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR); } for (const buf of [modp2buf, ...common.getArrayBufferViews(modp2buf)]) { @@ -167,7 +161,6 @@ for (const buf of [modp2buf, ...common.getArrayBufferViews(modp2buf)]) { const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey()) .toString('hex'); assert.strictEqual(modp2Secret, exmodp2Secret); - assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR); } { @@ -179,7 +172,6 @@ for (const buf of [modp2buf, ...common.getArrayBufferViews(modp2buf)]) { const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey()) .toString('hex'); assert.strictEqual(modp2Secret, exmodp2Secret); - assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR); } { @@ -191,17 +183,20 @@ for (const buf of [modp2buf, ...common.getArrayBufferViews(modp2buf)]) { const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey()) .toString('hex'); assert.strictEqual(modp2Secret, exmodp2Secret); - assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR); } - +// Second OAKLEY group, see +// https://github.com/nodejs/node-v0.x-archive/issues/2338 and +// https://xml2rfc.tools.ietf.org/public/rfc/html/rfc2412.html#anchor49 const p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' + '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' + '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF'; -const bad_dh = crypto.createDiffieHellman(p, 'hex'); -assert.strictEqual(bad_dh.verifyError, DH_NOT_SUITABLE_GENERATOR); +crypto.createDiffieHellman(p, 'hex'); +// Confirm DH_check() results are exposed for optional examination. +const bad_dh = crypto.createDiffieHellman('02', 'hex'); +assert.notStrictEqual(bad_dh.verifyError, 0); const availableCurves = new Set(crypto.getCurves()); const availableHashes = new Set(crypto.getHashes());