Skip to content

Commit

Permalink
test: fix crypto-dh error message for OpenSSL 3.x
Browse files Browse the repository at this point in the history
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs
cause. The error message in test-crypto-dh for the "empty secret" is
now 'Supplied key is too small' instead of
'error:02800080:Diffie-Hellman routines::invalid secret'.

Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.

ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363

PR-URL: nodejs/node#50395
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
  • Loading branch information
sercher committed Apr 24, 2024
1 parent 134d45b commit 85de635
Showing 1 changed file with 9 additions and 5 deletions.
14 changes: 9 additions & 5 deletions graal-nodejs/test/parallel/test-crypto-dh.js
Original file line number Diff line number Diff line change
Expand Up @@ -85,11 +85,15 @@ const crypto = require('crypto');
}, wrongBlockLength);
}

assert.throws(() => {
dh3.computeSecret('');
}, { message: common.hasOpenSSL3 ?
'error:02800080:Diffie-Hellman routines::invalid secret' :
'Supplied key is too small' });
{
const v = crypto.constants.OPENSSL_VERSION_NUMBER;
const hasOpenSSL3WithNewErrorMessage = (v >= 0x300000c0 && v <= 0x30100000) || (v >= 0x30100040 && v <= 0x30200000);
assert.throws(() => {
dh3.computeSecret('');
}, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
'error:02800080:Diffie-Hellman routines::invalid secret' :
'Supplied key is too small' });
}
}

// Through a fluke of history, g=0 defaults to DH_GENERATOR (2).
Expand Down

0 comments on commit 85de635

Please sign in to comment.