archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

test: move crypto related common utilities in common/crypto

Browse source 
Since `common/crypto` already exists, it makes sense to keep
crypto-related utilities there. The only exception being
common.hasCrypto which is needed up front to determine
if tests should be skipped.

Eliminate the redundant check in hasFipsCrypto and just
use crypto.getFips() directly where needed.

PR-URL: https://github.com/nodejs/node/pull/56714
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This commit is contained in:
James M Snell 2025-01-24 16:58:32 -08:00 committed by GitHub
parent c752615e2b
commit 761de815c5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
89 changed files with 506 additions and 289 deletions
Download patch file Download diff file Expand all files Collapse all files

7
test/addons/openssl-providers/providers.cjs
View file

@ -1,11 +1,14 @@
'use strict';
const common = require('../../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const { hasOpenSSL3 } = require('../../common/crypto');
if (!common.hasOpenSSL3)
if (!hasOpenSSL3) {
common.skip('this test requires OpenSSL 3.x');
}
const assert = require('node:assert');
const { createHash, getCiphers, getHashes } = require('node:crypto');
const { debuglog } = require('node:util');

5
test/benchmark/test-benchmark-crypto.js
View file

@ -5,8 +5,11 @@ const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
if (common.hasFipsCrypto)
const { getFips } = require('crypto');
if (getFips()) {
common.skip('some benchmarks are FIPS-incompatible');
}
const runBenchmark = require('../common/benchmark');

17
test/common/README.md
View file

@ -226,17 +226,6 @@ The TTY file descriptor is assumed to be capable of being writable.
Indicates whether OpenSSL is available.
### `hasFipsCrypto`
* [\<boolean>][<boolean>]
Indicates that Node.js has been linked with a FIPS compatible OpenSSL library,
and that FIPS as been enabled using `--enable-fips`.
To only detect if the OpenSSL library is FIPS compatible, regardless if it has
been enabled or not, then `process.config.variables.openssl_is_fips` can be
used to determine that situation.
### `hasIntl`
* [\<boolean>][<boolean>]
@ -417,12 +406,6 @@ Returns `true` if the exit code `exitCode` and/or signal name `signal` represent
the exit code and/or signal name of a node process that aborted, `false`
otherwise.
### `opensslCli`
* [\<boolean>][<boolean>]
Indicates whether 'opensslCli' is supported.
### `platformTimeout(ms)`
* `ms` [\<number>][<number>] | [\<bigint>][<bigint>]

52
test/common/crypto.js
View file

@ -1,8 +1,9 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const assert = require('assert');
const crypto = require('crypto');
@ -98,6 +99,27 @@ const pkcs8EncExp = getRegExpForPEM('ENCRYPTED PRIVATE KEY');
const sec1Exp = getRegExpForPEM('EC PRIVATE KEY');
const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
// Synthesize OPENSSL_VERSION_NUMBER format with the layout 0xMNN00PPSL
const opensslVersionNumber = (major = 0, minor = 0, patch = 0) => {
assert(major >= 0 && major <= 0xf);
assert(minor >= 0 && minor <= 0xff);
assert(patch >= 0 && patch <= 0xff);
return (major << 28) | (minor << 20) | (patch << 4);
};
let OPENSSL_VERSION_NUMBER;
const hasOpenSSL = (major = 0, minor = 0, patch = 0) => {
if (!common.hasCrypto) return false;
if (OPENSSL_VERSION_NUMBER === undefined) {
const regexp = /(?<m>\d+)\.(?<n>\d+)\.(?<p>\d+)/;
const { m, n, p } = process.versions.openssl.match(regexp).groups;
OPENSSL_VERSION_NUMBER = opensslVersionNumber(m, n, p);
}
return OPENSSL_VERSION_NUMBER >= opensslVersionNumber(major, minor, patch);
};
let opensslCli = null;
module.exports = {
modp2buf,
assertApproximateSize,
@ -111,4 +133,32 @@ module.exports = {
pkcs8EncExp, // used once
sec1Exp,
sec1EncExp,
hasOpenSSL,
get hasOpenSSL3() {
return hasOpenSSL(3);
},
// opensslCli defined lazily to reduce overhead of spawnSync
get opensslCli() {
if (opensslCli !== null) return opensslCli;
if (process.config.variables.node_shared_openssl) {
// Use external command
opensslCli = 'openssl';
} else {
const path = require('path');
// Use command built from sources included in Node.js repository
opensslCli = path.join(path.dirname(process.execPath), 'openssl-cli');
}
if (exports.isWindows) opensslCli += '.exe';
const { spawnSync } = require('child_process');
const opensslCmd = spawnSync(opensslCli, ['version']);
if (opensslCmd.status !== 0 || opensslCmd.error !== undefined) {
// OpenSSL command cannot be executed
opensslCli = false;
}
return opensslCli;
},
};

52
test/common/index.js
View file

@ -19,7 +19,6 @@
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
/* eslint-disable node-core/crypto-check */
'use strict';
const process = global.process; // Some tests tamper with the process global.
@ -57,25 +56,6 @@ const noop = () => {};
const hasCrypto = Boolean(process.versions.openssl) &&
!process.env.NODE_SKIP_CRYPTO;
// Synthesize OPENSSL_VERSION_NUMBER format with the layout 0xMNN00PPSL
const opensslVersionNumber = (major = 0, minor = 0, patch = 0) => {
assert(major >= 0 && major <= 0xf);
assert(minor >= 0 && minor <= 0xff);
assert(patch >= 0 && patch <= 0xff);
return (major << 28) | (minor << 20) | (patch << 4);
};
let OPENSSL_VERSION_NUMBER;
const hasOpenSSL = (major = 0, minor = 0, patch = 0) => {
if (!hasCrypto) return false;
if (OPENSSL_VERSION_NUMBER === undefined) {
const regexp = /(?<m>\d+)\.(?<n>\d+)\.(?<p>\d+)/;
const { m, n, p } = process.versions.openssl.match(regexp).groups;
OPENSSL_VERSION_NUMBER = opensslVersionNumber(m, n, p);
}
return OPENSSL_VERSION_NUMBER >= opensslVersionNumber(major, minor, patch);
};
const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;
function parseTestFlags(filename = process.argv[1]) {
@ -220,7 +200,6 @@ if (process.env.NODE_TEST_WITH_ASYNC_HOOKS) {
}).enable();
}
let opensslCli = null;
let inFreeBSDJail = null;
let localhostIPv4 = null;
@ -985,7 +964,6 @@ const common = {
getTTYfd,
hasIntl,
hasCrypto,
hasOpenSSL,
hasQuic,
hasMultiLocalhost,
invalidArgTypeHelper,
@ -1027,10 +1005,6 @@ const common = {
return require('os').totalmem() > 0x70000000; /* 1.75 Gb */
},
get hasFipsCrypto() {
return hasCrypto && require('crypto').getFips();
},
get hasIPv6() {
const iFaces = require('os').networkInterfaces();
let re;
@ -1047,10 +1021,6 @@ const common = {
});
},
get hasOpenSSL3() {
return hasOpenSSL(3);
},
get inFreeBSDJail() {
if (inFreeBSDJail !== null) return inFreeBSDJail;
@ -1100,28 +1070,6 @@ const common = {
return localhostIPv4;
},
// opensslCli defined lazily to reduce overhead of spawnSync
get opensslCli() {
if (opensslCli !== null) return opensslCli;
if (process.config.variables.node_shared_openssl) {
// Use external command
opensslCli = 'openssl';
} else {
// Use command built from sources included in Node.js repository
opensslCli = path.join(path.dirname(process.execPath), 'openssl-cli');
}
if (exports.isWindows) opensslCli += '.exe';
const opensslCmd = spawnSync(opensslCli, ['version']);
if (opensslCmd.status !== 0 || opensslCmd.error !== undefined) {
// OpenSSL command cannot be executed
opensslCli = false;
}
return opensslCli;
},
get PORT() {
if (+process.env.TEST_PARALLEL) {
throw new Error('common.PORT cannot be used in a parallelized test');

2
test/common/index.mjs
View file

@ -41,7 +41,6 @@ const {
mustNotMutateObjectDeep,
mustSucceed,
nodeProcessAborted,
opensslCli,
parseTestFlags,
PIPE,
platformTimeout,
@ -97,7 +96,6 @@ export {
mustNotMutateObjectDeep,
mustSucceed,
nodeProcessAborted,
opensslCli,
parseTestFlags,
PIPE,
platformTimeout,

3
test/parallel/test-cli-node-options.js
View file

@ -12,6 +12,7 @@ const { Worker } = require('worker_threads');
const fixtures = require('../common/fixtures');
const tmpdir = require('../common/tmpdir');
const { hasOpenSSL3 } = require('../common/crypto');
tmpdir.refresh();
const printA = path.relative(tmpdir.path, fixtures.path('printA.js'));
@ -64,7 +65,7 @@ if (common.isLinux) {
if (common.hasCrypto) {
expectNoWorker('--use-openssl-ca', 'B\n');
expectNoWorker('--use-bundled-ca', 'B\n');
if (!common.hasOpenSSL3)
if (!hasOpenSSL3)
expectNoWorker('--openssl-config=_ossl_cfg', 'B\n');
}

20
test/parallel/test-crypto-authenticated.js
View file

@ -21,13 +21,17 @@
// Flags: --no-warnings
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const assert = require('assert');
const crypto = require('crypto');
const { inspect } = require('util');
const fixtures = require('../common/fixtures');
const { hasOpenSSL3 } = require('../common/crypto');
const isFipsEnabled = crypto.getFips();
//
// Test authenticated encryption modes.
@ -53,7 +57,7 @@ for (const test of TEST_CASES) {
continue;
}
if (common.hasFipsCrypto && test.iv.length < 24) {
if (isFipsEnabled && test.iv.length < 24) {
common.printSkipMessage('IV len < 12 bytes unsupported in FIPS mode');
continue;
}
@ -95,7 +99,7 @@ for (const test of TEST_CASES) {
}
{
if (isCCM && common.hasFipsCrypto) {
if (isCCM && isFipsEnabled) {
assert.throws(() => {
crypto.createDecipheriv(test.algo,
Buffer.from(test.key, 'hex'),
@ -286,7 +290,7 @@ for (const test of TEST_CASES) {
});
}, errMessages.authTagLength);
if (!common.hasFipsCrypto) {
if (!isFipsEnabled) {
assert.throws(() => {
crypto.createDecipheriv('aes-256-ccm',
'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
@ -312,7 +316,7 @@ for (const test of TEST_CASES) {
});
// CCM decryption and create(De|C)ipher are unsupported in FIPS mode.
if (!common.hasFipsCrypto) {
if (!isFipsEnabled) {
assert.throws(() => {
crypto.createDecipheriv(`aes-256-${mode}`,
'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
@ -388,7 +392,7 @@ for (const test of TEST_CASES) {
cipher.setAAD(Buffer.from('0123456789', 'hex'));
}, /options\.plaintextLength required for CCM mode with AAD/);
if (!common.hasFipsCrypto) {
if (!isFipsEnabled) {
assert.throws(() => {
const cipher = crypto.createDecipheriv('aes-256-ccm',
'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
@ -403,7 +407,7 @@ for (const test of TEST_CASES) {
// Test that final() throws in CCM mode when no authentication tag is provided.
{
if (!common.hasFipsCrypto) {
if (!isFipsEnabled) {
const key = Buffer.from('1ed2233fa2223ef5d7df08546049406c', 'hex');
const iv = Buffer.from('7305220bca40d4c90e1791e9', 'hex');
const ct = Buffer.from('8beba09d4d4d861f957d51c0794f4abf8030848e', 'hex');
@ -562,7 +566,7 @@ for (const test of TEST_CASES) {
]) {
assert.throws(() => {
cipher.final();
}, common.hasOpenSSL3 ? {
}, hasOpenSSL3 ? {
code: 'ERR_OSSL_TAG_NOT_SET'
} : {
message: /Unsupported state/

10
test/parallel/test-crypto-cipheriv-decipheriv.js
View file

@ -5,6 +5,8 @@ if (!common.hasCrypto)
const assert = require('assert');
const crypto = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
const isFipsEnabled = crypto.getFips();
function testCipher1(key, iv) {
// Test encryption and decryption with explicit key and iv
@ -150,7 +152,7 @@ testCipher1(Buffer.from('0123456789abcd0123456789'), '12345678');
testCipher1(Buffer.from('0123456789abcd0123456789'), Buffer.from('12345678'));
testCipher2(Buffer.from('0123456789abcd0123456789'), Buffer.from('12345678'));
if (!common.hasFipsCrypto) {
if (!isFipsEnabled) {
testCipher3(Buffer.from('000102030405060708090A0B0C0D0E0F', 'hex'),
Buffer.from('A6A6A6A6A6A6A6A6', 'hex'));
}
@ -193,10 +195,10 @@ assert.throws(
errMessage);
// But all other IV lengths should be accepted.
const minIvLength = common.hasOpenSSL3 ? 8 : 1;
const maxIvLength = common.hasOpenSSL3 ? 64 : 256;
const minIvLength = hasOpenSSL3 ? 8 : 1;
const maxIvLength = hasOpenSSL3 ? 64 : 256;
for (let n = minIvLength; n < maxIvLength; n += 1) {
if (common.hasFipsCrypto && n < 12) continue;
if (isFipsEnabled && n < 12) continue;
crypto.createCipheriv('aes-128-gcm', Buffer.alloc(16), Buffer.alloc(n));
}

6
test/parallel/test-crypto-classes.js
View file

@ -4,9 +4,9 @@ const assert = require('assert');
if (!common.hasCrypto) {
common.skip('missing crypto');
return;
}
const crypto = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
// 'ClassName' : ['args', 'for', 'constructor']
const TEST_CASES = {
@ -21,8 +21,8 @@ const TEST_CASES = {
'ECDH': ['prime256v1'],
};
if (!common.hasFipsCrypto) {
TEST_CASES.DiffieHellman = [common.hasOpenSSL3 ? 1024 : 256];
if (!crypto.getFips()) {
TEST_CASES.DiffieHellman = [hasOpenSSL3 ? 1024 : 256];
}
for (const [clazz, args] of Object.entries(TEST_CASES)) {

3
test/parallel/test-crypto-dh-constructor.js
View file

@ -5,8 +5,9 @@ if (!common.hasCrypto)
const assert = require('assert');
const crypto = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
const size = common.hasFipsCrypto || common.hasOpenSSL3 ? 1024 : 256;
const size = crypto.getFips() || hasOpenSSL3 ? 1024 : 256;
const dh1 = crypto.createDiffieHellman(size);
const p1 = dh1.getPrime('buffer');

3
test/parallel/test-crypto-dh-errors.js
View file

@ -5,6 +5,7 @@ if (!common.hasCrypto)
const assert = require('assert');
const crypto = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
// https://github.com/nodejs/node/issues/32738
// XXX(bnoordhuis) validateInt32() throwing ERR_OUT_OF_RANGE and RangeError
@ -24,7 +25,7 @@ assert.throws(() => crypto.createDiffieHellman('abcdef', 13.37), {
});
for (const bits of [-1, 0, 1]) {
if (common.hasOpenSSL3) {
if (hasOpenSSL3) {
assert.throws(() => crypto.createDiffieHellman(bits), {
code: 'ERR_OSSL_DH_MODULUS_TOO_SMALL',
name: 'Error',

3
test/parallel/test-crypto-dh-generate-keys.js
View file

@ -6,9 +6,10 @@ if (!common.hasCrypto)
const assert = require('assert');
const crypto = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
{
const size = common.hasFipsCrypto || common.hasOpenSSL3 ? 1024 : 256;
const size = crypto.getFips() || hasOpenSSL3 ? 1024 : 256;
function unlessInvalidState(f) {
try {

3
test/parallel/test-crypto-dh-leak.js
View file

@ -9,10 +9,11 @@ if (common.isASan)
const assert = require('assert');
const crypto = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
const before = process.memoryUsage.rss();
{
const size = common.hasFipsCrypto || common.hasOpenSSL3 ? 1024 : 256;
const size = crypto.getFips() || hasOpenSSL3 ? 1024 : 256;
const dh = crypto.createDiffieHellman(size);
const publicKey = dh.generateKeys();
const privateKey = dh.getPrivateKey();

8
test/parallel/test-crypto-dh-odd-key.js
View file

@ -21,22 +21,24 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const assert = require('assert');
const crypto = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
function test() {
const odd = Buffer.alloc(39, 'A');
const c = crypto.createDiffieHellman(common.hasOpenSSL3 ? 1024 : 32);
const c = crypto.createDiffieHellman(hasOpenSSL3 ? 1024 : 32);
c.setPrivateKey(odd);
c.generateKeys();
}
// FIPS requires a length of at least 1024
if (!common.hasFipsCrypto) {
if (!crypto.getFips()) {
test();
} else {
assert.throws(function() { test(); }, /key size too small/);

7
test/parallel/test-crypto-dh-stateless.js
View file

@ -5,6 +5,7 @@ if (!common.hasCrypto)
const assert = require('assert');
const crypto = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
assert.throws(() => crypto.diffieHellman(), {
name: 'TypeError',
@ -150,7 +151,7 @@ const list = [
// TODO(danbev): Take a closer look if there should be a check in OpenSSL3
// when the dh parameters differ.
if (!common.hasOpenSSL3) {
if (!hasOpenSSL3) {
// Same primes, but different generator.
list.push([{ group: 'modp5' }, { prime: group.getPrime(), generator: 5 }]);
// Same generator, but different primes.
@ -161,7 +162,7 @@ for (const [params1, params2] of list) {
assert.throws(() => {
test(crypto.generateKeyPairSync('dh', params1),
crypto.generateKeyPairSync('dh', params2));
}, common.hasOpenSSL3 ? {
}, hasOpenSSL3 ? {
name: 'Error',
code: 'ERR_OSSL_MISMATCHING_DOMAIN_PARAMETERS'
} : {
@ -220,7 +221,7 @@ const not256k1 = crypto.getCurves().find((c) => /^sec.*(224|384|512)/.test(c));
assert.throws(() => {
test(crypto.generateKeyPairSync('ec', { namedCurve: 'secp256k1' }),
crypto.generateKeyPairSync('ec', { namedCurve: not256k1 }));
}, common.hasOpenSSL3 ? {
}, hasOpenSSL3 ? {
name: 'Error',
code: 'ERR_OSSL_MISMATCHING_DOMAIN_PARAMETERS'
} : {

17
test/parallel/test-crypto-dh.js
View file

@ -1,13 +1,18 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const assert = require('assert');
const crypto = require('crypto');
const {
hasOpenSSL3,
hasOpenSSL,
} = require('../common/crypto');
{
const size = common.hasFipsCrypto || common.hasOpenSSL3 ? 1024 : 256;
const size = crypto.getFips() || hasOpenSSL3 ? 1024 : 256;
const dh1 = crypto.createDiffieHellman(size);
const p1 = dh1.getPrime('buffer');
const dh2 = crypto.createDiffieHellman(p1, 'buffer');
@ -53,7 +58,7 @@ const crypto = require('crypto');
assert.strictEqual(secret1, secret4);
let wrongBlockLength;
if (common.hasOpenSSL3) {
if (hasOpenSSL3) {
wrongBlockLength = {
message: 'error:1C80006B:Provider routines::wrong final block length',
code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
@ -87,11 +92,11 @@ const crypto = require('crypto');
{
// Error message was changed in OpenSSL 3.0.x from 3.0.12, and 3.1.x from 3.1.4.
const hasOpenSSL3WithNewErrorMessage = (common.hasOpenSSL(3, 0, 12) && !common.hasOpenSSL(3, 1, 0)) ||
(common.hasOpenSSL(3, 1, 4));
const hasOpenSSL3WithNewErrorMessage = (hasOpenSSL(3, 0, 12) && !hasOpenSSL(3, 1, 0)) ||
(hasOpenSSL(3, 1, 4));
assert.throws(() => {
dh3.computeSecret('');
}, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
}, { message: hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
'Unspecified validation error' :
'Supplied key is too small' });
}

13
test/parallel/test-crypto-ecb.js
View file

@ -21,18 +21,23 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (common.hasFipsCrypto)
const { hasOpenSSL3 } = require('../common/crypto');
const crypto = require('crypto');
if (crypto.getFips()) {
common.skip('BF-ECB is not FIPS 140-2 compatible');
}
if (common.hasOpenSSL3)
if (hasOpenSSL3) {
common.skip('Blowfish is only available with the legacy provider in ' +
'OpenSSl 3.x');
}
const assert = require('assert');
const crypto = require('crypto');
// Testing whether EVP_CipherInit_ex is functioning correctly.
// Reference: bug#1997

5
test/parallel/test-crypto-fips.js
View file

@ -10,6 +10,7 @@ const path = require('path');
const fixtures = require('../common/fixtures');
const { internalBinding } = require('internal/test/binding');
const { testFipsCrypto } = internalBinding('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
const FIPS_ENABLED = 1;
const FIPS_DISABLED = 0;
@ -114,7 +115,7 @@ assert.ok(test_result === 1 || test_result === 0);
// ("Error: Cannot set FIPS mode in a non-FIPS build.").
// Due to this uncertainty the following tests are skipped when configured
// with --shared-openssl.
if (!sharedOpenSSL() && !common.hasOpenSSL3) {
if (!sharedOpenSSL() && !hasOpenSSL3) {
// OpenSSL config file should be able to turn on FIPS mode
testHelper(
'stdout',
@ -144,7 +145,7 @@ if (!sharedOpenSSL() && !common.hasOpenSSL3) {
// will not work as expected with that version.
// TODO(danbev) Revisit these test once FIPS support is available in
// OpenSSL 3.x.
if (!common.hasOpenSSL3) {
if (!hasOpenSSL3) {
testHelper(
'stdout',
[`--openssl-config=${CNF_FIPS_OFF}`],

7
test/parallel/test-crypto-hash.js
View file

@ -1,13 +1,14 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const assert = require('assert');
const crypto = require('crypto');
const fs = require('fs');
const { hasOpenSSL } = common;
const { hasOpenSSL } = require('../common/crypto');
const fixtures = require('../common/fixtures');
let cryptoType;
@ -40,7 +41,7 @@ a8.write('');
a8.end();
a8 = a8.read();
if (!common.hasFipsCrypto) {
if (!crypto.getFips()) {
cryptoType = 'md5';
digest = 'latin1';
const a0 = crypto.createHash(cryptoType).update('Test123').digest(digest);

5
test/parallel/test-crypto-hkdf.js
View file

@ -13,6 +13,7 @@ const {
hkdfSync,
getHashes
} = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
{
assert.throws(() => hkdf(), {
@ -124,7 +125,7 @@ const algorithms = [
['sha256', '', 'salt', '', 10],
['sha512', 'secret', 'salt', '', 15],
];
if (!common.hasOpenSSL3)
if (!hasOpenSSL3)
algorithms.push(['whirlpool', 'secret', '', 'info', 20]);
algorithms.forEach(([ hash, secret, salt, info, length ]) => {
@ -215,7 +216,7 @@ algorithms.forEach(([ hash, secret, salt, info, length ]) => {
});
if (!common.hasOpenSSL3) {
if (!hasOpenSSL3) {
const kKnownUnsupported = ['shake128', 'shake256'];
getHashes()
.filter((hash) => !kKnownUnsupported.includes(hash))

5
test/parallel/test-crypto-hmac.js
View file

@ -1,7 +1,8 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const assert = require('assert');
const crypto = require('crypto');
@ -40,7 +41,7 @@ assert.throws(
function testHmac(algo, key, data, expected) {
// FIPS does not support MD5.
if (common.hasFipsCrypto && algo === 'md5')
if (crypto.getFips() && algo === 'md5')
return;
if (!Array.isArray(data))

10
test/parallel/test-crypto-key-objects.js
View file

@ -24,6 +24,8 @@ const {
generateKeyPairSync,
} = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
const fixtures = require('../common/fixtures');
const publicPem = fixtures.readKey('rsa_public.pem', 'ascii');
@ -297,7 +299,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
// This should not cause a crash: https://github.com/nodejs/node/issues/25247
assert.throws(() => {
createPrivateKey({ key: '' });
}, common.hasOpenSSL3 ? {
}, hasOpenSSL3 ? {
message: 'error:1E08010C:DECODER routines::unsupported',
} : {
message: 'error:0909006C:PEM routines:get_name:no start line',
@ -323,7 +325,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
type: 'pkcs1'
});
createPrivateKey({ key, format: 'der', type: 'pkcs1' });
}, common.hasOpenSSL3 ? {
}, hasOpenSSL3 ? {
message: /error:1E08010C:DECODER routines::unsupported/,
library: 'DECODER routines'
} : {
@ -510,7 +512,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
{
// Reading an encrypted key without a passphrase should fail.
assert.throws(() => createPrivateKey(privateDsa), common.hasOpenSSL3 ? {
assert.throws(() => createPrivateKey(privateDsa), hasOpenSSL3 ? {
name: 'Error',
message: 'error:07880109:common libcrypto routines::interrupted or ' +
'cancelled',
@ -526,7 +528,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
key: privateDsa,
format: 'pem',
passphrase: Buffer.alloc(1025, 'a')
}), common.hasOpenSSL3 ? { name: 'Error' } : {
}), hasOpenSSL3 ? { name: 'Error' } : {
code: 'ERR_OSSL_PEM_BAD_PASSWORD_READ',
name: 'Error'
});

8
test/parallel/test-crypto-keygen-async-dsa-key-object.js
View file

@ -9,23 +9,25 @@ const {
generateKeyPair,
} = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
// Test async DSA key object generation.
{
generateKeyPair('dsa', {
modulusLength: common.hasOpenSSL3 ? 2048 : 512,
modulusLength: hasOpenSSL3 ? 2048 : 512,
divisorLength: 256
}, common.mustSucceed((publicKey, privateKey) => {
assert.strictEqual(publicKey.type, 'public');
assert.strictEqual(publicKey.asymmetricKeyType, 'dsa');
assert.deepStrictEqual(publicKey.asymmetricKeyDetails, {
modulusLength: common.hasOpenSSL3 ? 2048 : 512,
modulusLength: hasOpenSSL3 ? 2048 : 512,
divisorLength: 256
});
assert.strictEqual(privateKey.type, 'private');
assert.strictEqual(privateKey.asymmetricKeyType, 'dsa');
assert.deepStrictEqual(privateKey.asymmetricKeyDetails, {
modulusLength: common.hasOpenSSL3 ? 2048 : 512,
modulusLength: hasOpenSSL3 ? 2048 : 512,
divisorLength: 256
});
}));

8
test/parallel/test-crypto-keygen-async-dsa.js
View file

@ -14,6 +14,8 @@ const {
spkiExp,
} = require('../common/crypto');
const { hasOpenSSL3 } = require('../common/crypto');
// Test async DSA key generation.
{
const privateKeyEncoding = {
@ -22,7 +24,7 @@ const {
};
generateKeyPair('dsa', {
modulusLength: common.hasOpenSSL3 ? 2048 : 512,
modulusLength: hasOpenSSL3 ? 2048 : 512,
divisorLength: 256,
publicKeyEncoding: {
type: 'spki',
@ -39,8 +41,8 @@ const {
// The private key is DER-encoded.
assert(Buffer.isBuffer(privateKeyDER));
assertApproximateSize(publicKey, common.hasOpenSSL3 ? 1194 : 440);
assertApproximateSize(privateKeyDER, common.hasOpenSSL3 ? 721 : 336);
assertApproximateSize(publicKey, hasOpenSSL3 ? 1194 : 440);
assertApproximateSize(privateKeyDER, hasOpenSSL3 ? 721 : 336);
// Since the private key is encrypted, signing shouldn't work anymore.
assert.throws(() => {

4
test/parallel/test-crypto-keygen-async-explicit-elliptic-curve-encrypted-p256.js
View file

@ -14,6 +14,8 @@ const {
pkcs8EncExp,
} = require('../common/crypto');
const { hasOpenSSL3 } = require('../common/crypto');
// Test async elliptic curve key generation, e.g. for ECDSA, with an encrypted
// private key with paramEncoding explicit.
{
@ -38,7 +40,7 @@ const {
// Since the private key is encrypted, signing shouldn't work anymore.
assert.throws(() => testSignVerify(publicKey, privateKey),
common.hasOpenSSL3 ? {
hasOpenSSL3 ? {
message: 'error:07880109:common libcrypto ' +
'routines::interrupted or cancelled'
} : {

3
test/parallel/test-crypto-keygen-async-explicit-elliptic-curve-encrypted.js.js
View file

@ -12,6 +12,7 @@ const {
testSignVerify,
spkiExp,
sec1EncExp,
hasOpenSSL3,
} = require('../common/crypto');
{
@ -38,7 +39,7 @@ const {
// Since the private key is encrypted, signing shouldn't work anymore.
assert.throws(() => testSignVerify(publicKey, privateKey),
common.hasOpenSSL3 ? {
hasOpenSSL3 ? {
message: 'error:07880109:common libcrypto ' +
'routines::interrupted or cancelled'
} : {

3
test/parallel/test-crypto-keygen-async-named-elliptic-curve-encrypted-p256.js
View file

@ -12,6 +12,7 @@ const {
testSignVerify,
spkiExp,
pkcs8EncExp,
hasOpenSSL3,
} = require('../common/crypto');
// Test async elliptic curve key generation, e.g. for ECDSA, with an encrypted
@ -38,7 +39,7 @@ const {
// Since the private key is encrypted, signing shouldn't work anymore.
assert.throws(() => testSignVerify(publicKey, privateKey),
common.hasOpenSSL3 ? {
hasOpenSSL3 ? {
message: 'error:07880109:common libcrypto ' +
'routines::interrupted or cancelled'
} : {

3
test/parallel/test-crypto-keygen-async-named-elliptic-curve-encrypted.js
View file

@ -12,6 +12,7 @@ const {
testSignVerify,
spkiExp,
sec1EncExp,
hasOpenSSL3,
} = require('../common/crypto');
{
@ -38,7 +39,7 @@ const {
// Since the private key is encrypted, signing shouldn't work anymore.
assert.throws(() => testSignVerify(publicKey, privateKey),
common.hasOpenSSL3 ? {
hasOpenSSL3 ? {
message: 'error:07880109:common libcrypto ' +
'routines::interrupted or cancelled'
} : {

3
test/parallel/test-crypto-keygen-async-rsa.js
View file

@ -13,6 +13,7 @@ const {
testEncryptDecrypt,
testSignVerify,
pkcs1EncExp,
hasOpenSSL3,
} = require('../common/crypto');
// Test async RSA key generation with an encrypted private key.
@ -43,7 +44,7 @@ const {
type: 'pkcs1',
format: 'der',
};
const expectedError = common.hasOpenSSL3 ? {
const expectedError = hasOpenSSL3 ? {
name: 'Error',
message: 'error:07880109:common libcrypto routines::interrupted or ' +
'cancelled'

3
test/parallel/test-crypto-keygen-bit-length.js
View file

@ -8,6 +8,7 @@ const assert = require('assert');
const {
generateKeyPair,
} = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
// This tests check that generateKeyPair returns correct bit length in
// KeyObject's asymmetricKeyDetails.
@ -27,7 +28,7 @@ const {
assert.strictEqual(publicKey.asymmetricKeyDetails.modulusLength, 513);
}));
if (common.hasOpenSSL3) {
if (hasOpenSSL3) {
generateKeyPair('dsa', {
modulusLength: 2049,
divisorLength: 256,

3
test/parallel/test-crypto-keygen-empty-passphrase-no-prompt.js
View file

@ -11,6 +11,7 @@ const {
} = require('crypto');
const {
testSignVerify,
hasOpenSSL3,
} = require('../common/crypto');
// Passing an empty passphrase string should not cause OpenSSL's default
@ -40,7 +41,7 @@ for (const type of ['pkcs1', 'pkcs8']) {
// the key, and not specifying a passphrase should fail when decoding it.
assert.throws(() => {
return testSignVerify(publicKey, privateKey);
}, common.hasOpenSSL3 ? {
}, hasOpenSSL3 ? {
name: 'Error',
code: 'ERR_OSSL_CRYPTO_INTERRUPTED_OR_CANCELLED',
message: 'error:07880109:common libcrypto routines::interrupted or cancelled'

4
test/parallel/test-crypto-keygen-missing-oid.js
View file

@ -11,6 +11,8 @@ const {
getCurves,
} = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
// This test creates EC key pairs on curves without associated OIDs.
// Specifying a key encoding should not crash.
{
@ -20,7 +22,7 @@ const {
continue;
const expectedErrorCode =
common.hasOpenSSL3 ? 'ERR_OSSL_MISSING_OID' : 'ERR_OSSL_EC_MISSING_OID';
hasOpenSSL3 ? 'ERR_OSSL_MISSING_OID' : 'ERR_OSSL_EC_MISSING_OID';
const params = {
namedCurve,
publicKeyEncoding: {

3
test/parallel/test-crypto-keygen.js
View file

@ -14,6 +14,7 @@ const {
} = require('crypto');
const { inspect } = require('util');
const { hasOpenSSL3 } = require('../common/crypto');
// Test invalid parameter encoding.
{
@ -351,7 +352,7 @@ const { inspect } = require('util');
publicExponent
}, common.mustCall((err) => {
assert.strictEqual(err.name, 'Error');
assert.match(err.message, common.hasOpenSSL3 ? /exponent/ : /bad e value/);
assert.match(err.message, hasOpenSSL3 ? /exponent/ : /bad e value/);
}));
}
}

4
test/parallel/test-crypto-no-algorithm.js
View file

@ -4,7 +4,9 @@ const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
if (!common.hasOpenSSL3)
const { hasOpenSSL3 } = require('../common/crypto');
if (!hasOpenSSL3)
common.skip('this test requires OpenSSL 3.x');
const assert = require('node:assert/strict');

3
test/parallel/test-crypto-oneshot-hash.js
View file

@ -8,6 +8,7 @@ if (!common.hasCrypto)
const assert = require('assert');
const crypto = require('crypto');
const fixtures = require('../common/fixtures');
const { hasOpenSSL } = require('../common/crypto');
const fs = require('fs');
// Test errors for invalid arguments.
@ -32,7 +33,7 @@ const input = fs.readFileSync(fixtures.path('utf8_test_text.txt'));
for (const method of methods) {
// Skip failing tests on OpenSSL 3.4.0
if (method.startsWith('shake') && common.hasOpenSSL(3, 4))
if (method.startsWith('shake') && hasOpenSSL(3, 4))
continue;
for (const outputEncoding of ['buffer', 'hex', 'base64', undefined]) {
const oldDigest = crypto.createHash(method).update(input).digest(outputEncoding || 'hex');

5
test/parallel/test-crypto-padding.js
View file

@ -26,6 +26,7 @@ if (!common.hasCrypto)
const assert = require('assert');
const crypto = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
// Input data.
const ODD_LENGTH_PLAIN = 'Hello node world!';
@ -82,7 +83,7 @@ assert.strictEqual(enc(EVEN_LENGTH_PLAIN, true), EVEN_LENGTH_ENCRYPTED);
assert.throws(function() {
// Input must have block length %.
enc(ODD_LENGTH_PLAIN, false);
}, common.hasOpenSSL3 ? {
}, hasOpenSSL3 ? {
message: 'error:1C80006B:Provider routines::wrong final block length',
code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
reason: 'wrong final block length',
@ -109,7 +110,7 @@ assert.strictEqual(dec(EVEN_LENGTH_ENCRYPTED, false).length, 48);
assert.throws(function() {
// Must have at least 1 byte of padding (PKCS):
assert.strictEqual(dec(EVEN_LENGTH_ENCRYPTED_NOPAD, true), EVEN_LENGTH_PLAIN);
}, common.hasOpenSSL3 ? {
}, hasOpenSSL3 ? {
message: 'error:1C800064:Provider routines::bad decrypt',
reason: 'bad decrypt',
code: 'ERR_OSSL_BAD_DECRYPT',

3
test/parallel/test-crypto-pbkdf2.js
View file

@ -5,6 +5,7 @@ if (!common.hasCrypto)
const assert = require('assert');
const crypto = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
function runPBKDF2(password, salt, iterations, keylen, hash) {
const syncResult =
@ -219,7 +220,7 @@ assert.throws(
}
);
if (!common.hasOpenSSL3) {
if (!hasOpenSSL3) {
const kNotPBKDF2Supported = ['shake128', 'shake256'];
crypto.getHashes()
.filter((hash) => !kNotPBKDF2Supported.includes(hash))

4
test/parallel/test-crypto-private-decrypt-gh32240.js
View file

@ -14,6 +14,8 @@ const {
privateDecrypt,
} = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
const pair = generateKeyPairSync('rsa', { modulusLength: 512 });
const expected = Buffer.from('shibboleth');
@ -34,7 +36,7 @@ function decrypt(key) {
}
decrypt(pkey);
assert.throws(() => decrypt(pkeyEncrypted), common.hasOpenSSL3 ?
assert.throws(() => decrypt(pkeyEncrypted), hasOpenSSL3 ?
{ message: 'error:07880109:common libcrypto routines::interrupted or ' +
'cancelled' } :
{ code: 'ERR_MISSING_PASSPHRASE' });

8
test/parallel/test-crypto-publicDecrypt-fails-first-time.js
View file

@ -3,11 +3,15 @@ const common = require('../common');
// Test for https://github.com/nodejs/node/issues/40814
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (!common.hasOpenSSL3)
const { hasOpenSSL3 } = require('../common/crypto');
if (!hasOpenSSL3) {
common.skip('only openssl3'); // https://github.com/nodejs/node/pull/42793#issuecomment-1107491901
}
const assert = require('assert');
const crypto = require('crypto');

7
test/parallel/test-crypto-rsa-dsa.js
View file

@ -9,6 +9,7 @@ const crypto = require('crypto');
const constants = crypto.constants;
const fixtures = require('../common/fixtures');
const { hasOpenSSL3 } = require('../common/crypto');
// Test certificates
const certPem = fixtures.readKey('rsa_cert.crt');
@ -36,11 +37,11 @@ const openssl1DecryptError = {
library: 'digital envelope routines',
};
const decryptError = common.hasOpenSSL3 ?
const decryptError = hasOpenSSL3 ?
{ message: 'error:1C800064:Provider routines::bad decrypt' } :
openssl1DecryptError;
const decryptPrivateKeyError = common.hasOpenSSL3 ? {
const decryptPrivateKeyError = hasOpenSSL3 ? {
message: 'error:1C800064:Provider routines::bad decrypt',
} : openssl1DecryptError;
@ -146,7 +147,7 @@ function getBufferCopy(buf) {
// Now with RSA_NO_PADDING. Plaintext needs to match key size.
// OpenSSL 3.x has a rsa_check_padding that will cause an error if
// RSA_NO_PADDING is used.
if (!common.hasOpenSSL3) {
if (!hasOpenSSL3) {
{
const plaintext = 'x'.repeat(rsaKeySize / 8);
encryptedBuffer = crypto.privateEncrypt({

13
test/parallel/test-crypto-secure-heap.js
View file

@ -1,21 +1,26 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (common.isWindows)
if (common.isWindows) {
common.skip('Not supported on Windows');
}
if (common.isASan)
if (common.isASan) {
common.skip('ASan does not play well with secure heap allocations');
}
const assert = require('assert');
const { fork } = require('child_process');
const fixtures = require('../common/fixtures');
const { hasOpenSSL3 } = require('../common/crypto');
const {
secureHeapUsed,
createDiffieHellman,
getFips,
} = require('crypto');
if (process.argv[2] === 'child') {
@ -29,7 +34,7 @@ if (process.argv[2] === 'child') {
assert.strictEqual(a.used, 0);
{
const size = common.hasFipsCrypto || common.hasOpenSSL3 ? 1024 : 256;
const size = getFips() || hasOpenSSL3 ? 1024 : 256;
const dh1 = createDiffieHellman(size);
const p1 = dh1.getPrime('buffer');
const dh2 = createDiffieHellman(p1, 'buffer');

13
test/parallel/test-crypto-sign-verify.js
View file

@ -8,6 +8,10 @@ const fs = require('fs');
const exec = require('child_process').exec;
const crypto = require('crypto');
const fixtures = require('../common/fixtures');
const {
hasOpenSSL3,
opensslCli,
} = require('../common/crypto');
// Test certificates
const certPem = fixtures.readKey('rsa_cert.crt');
@ -62,7 +66,7 @@ const keySize = 2048;
key: keyPem,
padding: crypto.constants.RSA_PKCS1_OAEP_PADDING
});
}, { message: common.hasOpenSSL3 ?
}, { message: hasOpenSSL3 ?
'error:1C8000A5:Provider routines::illegal or unsupported padding mode' :
'bye, bye, error stack' });
@ -340,7 +344,7 @@ assert.throws(
key: keyPem,
padding: crypto.constants.RSA_PKCS1_OAEP_PADDING
});
}, common.hasOpenSSL3 ? {
}, hasOpenSSL3 ? {
code: 'ERR_OSSL_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
message: /illegal or unsupported padding mode/,
} : {
@ -599,8 +603,9 @@ assert.throws(
// Note: this particular test *must* be the last in this file as it will exit
// early if no openssl binary is found
{
if (!common.opensslCli)
if (!opensslCli) {
common.skip('node compiled without OpenSSL CLI.');
}
const pubfile = fixtures.path('keys', 'rsa_public_2048.pem');
const privkey = fixtures.readKey('rsa_private_2048.pem');
@ -622,7 +627,7 @@ assert.throws(
fs.writeFileSync(msgfile, msg);
exec(...common.escapePOSIXShell`"${
common.opensslCli}" dgst -sha256 -verify "${pubfile}" -signature "${
opensslCli}" dgst -sha256 -verify "${pubfile}" -signature "${
sigfile}" -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-2 "${msgfile
}"`, common.mustCall((err, stdout, stderr) => {
assert(stdout.includes('Verified OK'));

8
test/parallel/test-crypto-stream.js
View file

@ -21,14 +21,16 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const assert = require('assert');
const stream = require('stream');
const crypto = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
if (!common.hasFipsCrypto) {
if (!crypto.getFips()) {
// Small stream to buffer converter
class Stream2buffer extends stream.Writable {
constructor(callback) {
@ -71,7 +73,7 @@ const cipher = crypto.createCipheriv('aes-128-cbc', key, iv);
const decipher = crypto.createDecipheriv('aes-128-cbc', badkey, iv);
cipher.pipe(decipher)
.on('error', common.expectsError(common.hasOpenSSL3 ? {
.on('error', common.expectsError(hasOpenSSL3 ? {
message: /bad decrypt/,
library: 'Provider routines',
reason: 'bad decrypt',

5
test/parallel/test-crypto-x509.js
View file

@ -18,6 +18,7 @@ const {
const assert = require('assert');
const fixtures = require('../common/fixtures');
const { hasOpenSSL3 } = require('../common/crypto');
const { readFileSync } = require('fs');
const cert = readFileSync(fixtures.path('keys', 'agent1-cert.pem'));
@ -50,7 +51,7 @@ emailAddress=ry@tinyclouds.org`;
let infoAccessCheck = `OCSP - URI:http://ocsp.nodejs.org/
CA Issuers - URI:http://ca.nodejs.org/ca.cert`;
if (!common.hasOpenSSL3)
if (!hasOpenSSL3)
infoAccessCheck += '\n';
const der = Buffer.from(
@ -357,7 +358,7 @@ UcXd/5qu2GhokrKU2cPttU+XAN2Om6a0
const cert = new X509Certificate(certPem);
assert.throws(() => cert.publicKey, {
message: common.hasOpenSSL3 ? /decode error/ : /wrong tag/,
message: hasOpenSSL3 ? /decode error/ : /wrong tag/,
name: 'Error'
});

7
test/parallel/test-crypto.js
View file

@ -29,6 +29,7 @@ const assert = require('assert');
const crypto = require('crypto');
const tls = require('tls');
const fixtures = require('../common/fixtures');
const { hasOpenSSL3 } = require('../common/crypto');
// Test Certificates
const certPfx = fixtures.readKey('rsa_cert.pfx');
@ -208,9 +209,9 @@ assert.throws(() => {
].join('\n');
crypto.createSign('SHA256').update('test').sign(priv);
}, (err) => {
if (!common.hasOpenSSL3)
if (!hasOpenSSL3)
assert.ok(!('opensslErrorStack' in err));
assert.throws(() => { throw err; }, common.hasOpenSSL3 ? {
assert.throws(() => { throw err; }, hasOpenSSL3 ? {
name: 'Error',
message: 'error:02000070:rsa routines::digest too big for rsa key',
library: 'rsa routines',
@ -225,7 +226,7 @@ assert.throws(() => {
return true;
});
if (!common.hasOpenSSL3) {
if (!hasOpenSSL3) {
assert.throws(() => {
// The correct header inside `rsa_private_pkcs8_bad.pem` should have been
// -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----

12
test/parallel/test-dsa-fips-invalid-key.js
View file

@ -1,12 +1,18 @@
'use strict';
const common = require('../common');
const fixtures = require('../common/fixtures');
if (!common.hasFipsCrypto)
if (!common.hasCrypto) {
common.skip('no crypto');
}
const fixtures = require('../common/fixtures');
const crypto = require('crypto');
if (!crypto.getFips()) {
common.skip('node compiled without FIPS OpenSSL.');
}
const assert = require('assert');
const crypto = require('crypto');
const input = 'hello';

9
test/parallel/test-https-agent-session-eviction.js
View file

@ -2,10 +2,13 @@
'use strict';
const common = require('../common');
const { readKey } = require('../common/fixtures');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const { readKey } = require('../common/fixtures');
const { hasOpenSSL } = require('../common/crypto');
const https = require('https');
const { SSL_OP_NO_TICKET } = require('crypto').constants;
@ -56,7 +59,7 @@ function faultyServer(port) {
function second(server, session) {
const req = https.request({
port: server.address().port,
ciphers: (common.hasOpenSSL(3, 1) ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
ciphers: (hasOpenSSL(3, 1) ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
rejectUnauthorized: false
}, function(res) {
res.resume();

8
test/parallel/test-https-client-renegotiation-limit.js
View file

@ -21,11 +21,15 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (!common.opensslCli)
const { opensslCli } = require('../common/crypto');
if (!opensslCli) {
common.skip('node compiled without OpenSSL CLI.');
}
const assert = require('assert');
const tls = require('tls');

10
test/parallel/test-https-foafssl.js
View file

@ -21,11 +21,15 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (!common.opensslCli)
const { opensslCli } = require('../common/crypto');
if (!opensslCli) {
common.skip('node compiled without OpenSSL CLI.');
}
const assert = require('assert');
const fixtures = require('../common/fixtures');
@ -67,7 +71,7 @@ server.listen(0, function() {
'-cert', fixtures.path('keys/rsa_cert_foafssl_b.crt'),
'-key', fixtures.path('keys/rsa_private_b.pem')];
const client = spawn(common.opensslCli, args);
const client = spawn(opensslCli, args);
client.stdout.on('data', function(data) {
console.log('response received');

7
test/parallel/test-process-env-allowed-flags-are-documented.js
View file

@ -5,6 +5,7 @@ const common = require('../common');
const assert = require('assert');
const fs = require('fs');
const path = require('path');
const { hasOpenSSL3 } = require('../common/crypto');
const rootDir = path.resolve(__dirname, '..', '..');
const cliMd = path.join(rootDir, 'doc', 'api', 'cli.md');
@ -43,7 +44,7 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) {
}
}
if (!common.hasOpenSSL3) {
if (!hasOpenSSL3) {
documented.delete('--openssl-legacy-provider');
documented.delete('--openssl-shared-config');
}
@ -55,8 +56,8 @@ const conditionalOpts = [
filter: (opt) => {
return [
'--openssl-config',
common.hasOpenSSL3 ? '--openssl-legacy-provider' : '',
common.hasOpenSSL3 ? '--openssl-shared-config' : '',
hasOpenSSL3 ? '--openssl-legacy-provider' : '',
hasOpenSSL3 ? '--openssl-shared-config' : '',
'--tls-cipher-list',
'--use-bundled-ca',
'--use-openssl-ca',

3
test/parallel/test-process-versions.js
View file

@ -85,11 +85,12 @@ assert.match(process.versions.modules, /^\d+$/);
assert.match(process.versions.cjs_module_lexer, commonTemplate);
if (common.hasCrypto) {
const { hasOpenSSL3 } = require('../common/crypto');
assert.match(process.versions.ncrypto, commonTemplate);
if (process.config.variables.node_shared_openssl) {
assert.ok(process.versions.openssl);
} else {
const versionRegex = common.hasOpenSSL3 ?
const versionRegex = hasOpenSSL3 ?
// The following also matches a development version of OpenSSL 3.x which
// can be in the format '3.0.0-alpha4-dev'. This can be handy when
// building and linking against the main development branch of OpenSSL.

20
test/parallel/test-tls-alert-handling.js
View file

@ -1,11 +1,19 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (!common.opensslCli)
const {
hasOpenSSL,
hasOpenSSL3,
opensslCli,
} = require('../common/crypto');
if (!opensslCli) {
common.skip('node compiled without OpenSSL CLI');
}
const assert = require('assert');
const net = require('net');
@ -33,14 +41,14 @@ let iter = 0;
const errorHandler = common.mustCall((err) => {
let expectedErrorCode = 'ERR_SSL_WRONG_VERSION_NUMBER';
let expectedErrorReason = 'wrong version number';
if (common.hasOpenSSL(3, 2)) {
if (hasOpenSSL(3, 2)) {
expectedErrorCode = 'ERR_SSL_PACKET_LENGTH_TOO_LONG';
expectedErrorReason = 'packet length too long';
};
assert.strictEqual(err.code, expectedErrorCode);
assert.strictEqual(err.library, 'SSL routines');
if (!common.hasOpenSSL3) assert.strictEqual(err.function, 'ssl3_get_record');
if (!hasOpenSSL3) assert.strictEqual(err.function, 'ssl3_get_record');
assert.strictEqual(err.reason, expectedErrorReason);
errorReceived = true;
if (canCloseServer())
@ -96,13 +104,13 @@ function sendBADTLSRecord() {
client.on('error', common.mustCall((err) => {
let expectedErrorCode = 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION';
let expectedErrorReason = 'tlsv1 alert protocol version';
if (common.hasOpenSSL(3, 2)) {
if (hasOpenSSL(3, 2)) {
expectedErrorCode = 'ERR_SSL_TLSV1_ALERT_RECORD_OVERFLOW';
expectedErrorReason = 'tlsv1 alert record overflow';
}
assert.strictEqual(err.code, expectedErrorCode);
assert.strictEqual(err.library, 'SSL routines');
if (!common.hasOpenSSL3)
if (!hasOpenSSL3)
assert.strictEqual(err.function, 'ssl3_read_bytes');
assert.strictEqual(err.reason, expectedErrorReason);
}));

15
test/parallel/test-tls-alert.js
View file

@ -21,11 +21,18 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (!common.opensslCli)
const {
hasOpenSSL,
opensslCli,
} = require('../common/crypto');
if (!opensslCli) {
common.skip('node compiled without OpenSSL CLI.');
}
const assert = require('assert');
const { execFile } = require('child_process');
@ -42,10 +49,10 @@ const server = tls.Server({
cert: loadPEM('agent2-cert')
}, null).listen(0, common.mustCall(() => {
const args = ['s_client', '-quiet', '-tls1_1',
'-cipher', (common.hasOpenSSL(3, 1) ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
'-cipher', (hasOpenSSL(3, 1) ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
'-connect', `127.0.0.1:${server.address().port}`];
execFile(common.opensslCli, args, common.mustCall((err, _, stderr) => {
execFile(opensslCli, args, common.mustCall((err, _, stderr) => {
assert.strictEqual(err.code, 1);
assert.match(stderr, /SSL alert number 70/);
server.close();

5
test/parallel/test-tls-alpn-server-client.js
View file

@ -1,8 +1,9 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const assert = require('assert');
const { spawn } = require('child_process');
@ -198,7 +199,7 @@ function TestFatalAlert() {
// OpenSSL's s_client should output the TLS alert number, which is 120
// for the 'no_application_protocol' alert.
const { opensslCli } = common;
const { opensslCli } = require('../common/crypto');
if (opensslCli) {
const addr = `${serverIP}:${port}`;
let stderr = '';

4
test/parallel/test-tls-cert-ext-encoding.js
View file

@ -3,7 +3,9 @@ const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
if (common.hasOpenSSL3)
const { hasOpenSSL3 } = require('../common/crypto');
if (hasOpenSSL3)
// TODO(danbev) This test fails with the following error:
// error:0D00008F:asn1 encoding routines::no matching choice type
//

7
test/parallel/test-tls-client-auth.js
View file

@ -3,6 +3,11 @@
const common = require('../common');
const fixtures = require('../common/fixtures');
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const { hasOpenSSL } = require('../common/crypto');
const {
assert, connect, keys, tls
} = require(fixtures.path('tls-connect'));
@ -79,7 +84,7 @@ connect({
}, function(err, pair, cleanup) {
assert.strictEqual(pair.server.err.code,
'ERR_SSL_PEER_DID_NOT_RETURN_A_CERTIFICATE');
const expectedErr = common.hasOpenSSL(3, 2) ?
const expectedErr = hasOpenSSL(3, 2) ?
'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
assert.strictEqual(pair.client.err.code,
expectedErr);

3
test/parallel/test-tls-client-getephemeralkeyinfo.js
View file

@ -3,6 +3,7 @@ const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const fixtures = require('../common/fixtures');
const { hasOpenSSL } = require('../common/crypto');
const assert = require('assert');
const { X509Certificate } = require('crypto');
@ -69,7 +70,7 @@ function test(size, type, name, cipher) {
test(undefined, undefined, undefined, 'AES256-SHA256');
test('auto', 'DH', undefined, 'DHE-RSA-AES256-GCM-SHA384');
if (!common.hasOpenSSL(3, 2)) {
if (!hasOpenSSL(3, 2)) {
test(1024, 'DH', undefined, 'DHE-RSA-AES256-GCM-SHA384');
} else {
test(3072, 'DH', undefined, 'DHE-RSA-AES256-GCM-SHA384');

5
test/parallel/test-tls-client-mindhsize.js
View file

@ -3,6 +3,7 @@ const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const { hasOpenSSL } = require('../common/crypto');
const assert = require('assert');
const tls = require('tls');
const fixtures = require('../common/fixtures');
@ -38,7 +39,7 @@ function test(size, err, next) {
// Client set minimum DH parameter size to 2048 or 3072 bits
// so that it fails when it makes a connection to the tls
// server where is too small
const minDHSize = common.hasOpenSSL(3, 2) ? 3072 : 2048;
const minDHSize = hasOpenSSL(3, 2) ? 3072 : 2048;
const client = tls.connect({
minDHSize: minDHSize,
port: this.address().port,
@ -76,7 +77,7 @@ function testDHE3072() {
test(3072, false, null);
}
if (common.hasOpenSSL(3, 2)) {
if (hasOpenSSL(3, 2)) {
// Minimum size for OpenSSL 3.2 is 2048 by default
testDHE2048(true, testDHE3072);
} else {

8
test/parallel/test-tls-client-renegotiation-13.js
View file

@ -1,6 +1,12 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const { hasOpenSSL3 } = require('../common/crypto');
const fixtures = require('../common/fixtures');
// Confirm that for TLSv1.3, renegotiate() is disallowed.
@ -29,7 +35,7 @@ connect({
const ok = client.renegotiate({}, common.mustCall((err) => {
assert.throws(() => { throw err; }, {
message: common.hasOpenSSL3 ?
message: hasOpenSSL3 ?
'error:0A00010A:SSL routines::wrong ssl version' :
'error:1420410A:SSL routines:SSL_renegotiate:wrong ssl version',
code: 'ERR_SSL_WRONG_SSL_VERSION',

8
test/parallel/test-tls-client-renegotiation-limit.js
View file

@ -21,11 +21,15 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (!common.opensslCli)
const { opensslCli } = require('../common/crypto');
if (!opensslCli) {
common.skip('node compiled without OpenSSL CLI.');
}
const assert = require('assert');
const tls = require('tls');

17
test/parallel/test-tls-dhe.js
View file

@ -22,11 +22,18 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (!common.opensslCli)
const {
hasOpenSSL,
opensslCli,
} = require('../common/crypto');
if (!opensslCli) {
common.skip('missing openssl-cli');
}
const assert = require('assert');
const { X509Certificate } = require('crypto');
@ -43,7 +50,7 @@ const dheCipher = 'DHE-RSA-AES128-SHA256';
const ecdheCipher = 'ECDHE-RSA-AES128-SHA256';
const ciphers = `${dheCipher}:${ecdheCipher}`;
if (!common.hasOpenSSL(3, 2)) {
if (!hasOpenSSL(3, 2)) {
// Test will emit a warning because the DH parameter size is < 2048 bits
// when the test is run on versions lower than OpenSSL32
common.expectWarning('SecurityWarning',
@ -70,7 +77,7 @@ function test(dhparam, keylen, expectedCipher) {
const args = ['s_client', '-connect', `127.0.0.1:${server.address().port}`,
'-cipher', `${ciphers}:@SECLEVEL=1`];
execFile(common.opensslCli, args, common.mustSucceed((stdout) => {
execFile(opensslCli, args, common.mustSucceed((stdout) => {
assert(keylen === null ||
stdout.includes(`Server Temp Key: DH, ${keylen} bits`));
assert(stdout.includes(`Cipher : ${expectedCipher}`));
@ -107,7 +114,7 @@ function testCustomParam(keylen, expectedCipher) {
}, /DH parameter is less than 1024 bits/);
// Custom DHE parameters are supported (but discouraged).
if (!common.hasOpenSSL(3, 2)) {
if (!hasOpenSSL(3, 2)) {
await testCustomParam(1024, dheCipher);
} else {
await testCustomParam(3072, dheCipher);

10
test/parallel/test-tls-ecdh-auto.js
View file

@ -4,11 +4,15 @@ const common = require('../common');
// This test ensures that the value "auto" on ecdhCurve option is
// supported to enable automatic curve selection in TLS server.
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (!common.opensslCli)
const { opensslCli } = require('../common/crypto');
if (!opensslCli) {
common.skip('missing openssl-cli');
}
const assert = require('assert');
const tls = require('tls');
@ -36,7 +40,7 @@ const server = tls.createServer(options, (conn) => {
'-cipher', `${options.ciphers}`,
'-connect', `127.0.0.1:${server.address().port}`];
execFile(common.opensslCli, args, common.mustSucceed((stdout) => {
execFile(opensslCli, args, common.mustSucceed((stdout) => {
assert(stdout.includes(reply));
server.close();
}));

14
test/parallel/test-tls-ecdh-multiple.js
View file

@ -4,11 +4,16 @@ const common = require('../common');
// This test ensures that ecdhCurve option of TLS server supports colon
// separated ECDH curve names as value.
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (!common.opensslCli)
const { opensslCli } = require('../common/crypto');
const crypto = require('crypto');
if (!opensslCli) {
common.skip('missing openssl-cli');
}
const assert = require('assert');
const tls = require('tls');
@ -36,7 +41,7 @@ const server = tls.createServer(options, (conn) => {
'-cipher', `${options.ciphers}`,
'-connect', `127.0.0.1:${server.address().port}`];
execFile(common.opensslCli, args, common.mustSucceed((stdout) => {
execFile(opensslCli, args, common.mustSucceed((stdout) => {
assert(stdout.includes(reply));
server.close();
}));
@ -51,8 +56,9 @@ const server = tls.createServer(options, (conn) => {
];
// Brainpool is not supported in FIPS mode.
if (common.hasFipsCrypto)
if (crypto.getFips()) {
unsupportedCurves.push('brainpoolP256r1');
}
unsupportedCurves.forEach((ecdhCurve) => {
assert.throws(() => tls.createServer({ ecdhCurve }),

10
test/parallel/test-tls-ecdh.js
View file

@ -23,11 +23,15 @@
const common = require('../common');
const fixtures = require('../common/fixtures');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (!common.opensslCli)
const { opensslCli } = require('../common/crypto');
if (!opensslCli) {
common.skip('missing openssl-cli');
}
const assert = require('assert');
const tls = require('tls');
@ -49,7 +53,7 @@ const server = tls.createServer(options, common.mustCall(function(conn) {
}));
server.listen(0, '127.0.0.1', common.mustCall(function() {
const cmd = common.escapePOSIXShell`"${common.opensslCli}" s_client -cipher ${
const cmd = common.escapePOSIXShell`"${opensslCli}" s_client -cipher ${
options.ciphers} -connect 127.0.0.1:${this.address().port}`;
exec(...cmd, common.mustSucceed((stdout, stderr) => {

4
test/parallel/test-tls-empty-sni-context.js
View file

@ -3,7 +3,7 @@
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const { hasOpenSSL } = require('../common/crypto');
const assert = require('assert');
const tls = require('tls');
@ -26,7 +26,7 @@ const server = tls.createServer(options, (c) => {
}, common.mustNotCall());
c.on('error', common.mustCall((err) => {
const expectedErr = common.hasOpenSSL(3, 2) ?
const expectedErr = hasOpenSSL(3, 2) ?
'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
assert.strictEqual(err.code, expectedErr);
}));

6
test/parallel/test-tls-getprotocol.js
View file

@ -3,6 +3,8 @@ const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const { hasOpenSSL } = require('../common/crypto');
// This test ensures that `getProtocol` returns the right protocol
// from a TLS connection
@ -14,11 +16,11 @@ const clientConfigs = [
{
secureProtocol: 'TLSv1_method',
version: 'TLSv1',
ciphers: (common.hasOpenSSL(3, 1) ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT')
ciphers: (hasOpenSSL(3, 1) ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT')
}, {
secureProtocol: 'TLSv1_1_method',
version: 'TLSv1.1',
ciphers: (common.hasOpenSSL(3, 1) ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT')
ciphers: (hasOpenSSL(3, 1) ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT')
}, {
secureProtocol: 'TLSv1_2_method',
version: 'TLSv1.2'

7
test/parallel/test-tls-junk-server.js
View file

@ -1,8 +1,11 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const { hasOpenSSL } = require('../common/crypto');
const assert = require('assert');
const https = require('https');
@ -21,7 +24,7 @@ server.listen(0, function() {
req.end();
let expectedErrorMessage = new RegExp('wrong version number');
if (common.hasOpenSSL(3, 2)) {
if (hasOpenSSL(3, 2)) {
expectedErrorMessage = new RegExp('packet length too long');
};
req.once('error', common.mustCall(function(err) {

6
test/parallel/test-tls-key-mismatch.js
View file

@ -22,14 +22,16 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const fixtures = require('../common/fixtures');
const { hasOpenSSL3 } = require('../common/crypto');
const assert = require('assert');
const tls = require('tls');
const errorMessageRegex = common.hasOpenSSL3 ?
const errorMessageRegex = hasOpenSSL3 ?
/^Error: error:05800074:x509 certificate routines::key values mismatch$/ :
/^Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch$/;

9
test/parallel/test-tls-legacy-pfx.js
View file

@ -1,9 +1,14 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
if (!common.hasOpenSSL3)
}
const { hasOpenSSL3 } = require('../common/crypto');
if (!hasOpenSSL3) {
common.skip('OpenSSL legacy failures are only testable with OpenSSL 3+');
}
const fixtures = require('../common/fixtures');

16
test/parallel/test-tls-min-max-version.js
View file

@ -1,5 +1,13 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const {
hasOpenSSL,
hasOpenSSL3,
} = require('../common/crypto');
const fixtures = require('../common/fixtures');
const { inspect } = require('util');
@ -16,13 +24,13 @@ function test(cmin, cmax, cprot, smin, smax, sprot, proto, cerr, serr) {
assert(proto || cerr || serr, 'test missing any expectations');
let ciphers;
if (common.hasOpenSSL3 && (proto === 'TLSv1' || proto === 'TLSv1.1' ||
if (hasOpenSSL3 && (proto === 'TLSv1' || proto === 'TLSv1.1' ||
proto === 'TLSv1_1_method' || proto === 'TLSv1_method' ||
sprot === 'TLSv1_1_method' || sprot === 'TLSv1_method')) {
if (serr !== 'ERR_SSL_UNSUPPORTED_PROTOCOL')
ciphers = 'ALL@SECLEVEL=0';
}
if (common.hasOpenSSL(3, 1) && cerr === 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION') {
if (hasOpenSSL(3, 1) && cerr === 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION') {
ciphers = 'DEFAULT@SECLEVEL=0';
}
// Report where test was called from. Strip leading garbage from
@ -125,9 +133,9 @@ test(U, U, 'TLS_method', U, U, 'TLSv1_method', 'TLSv1');
// OpenSSL 1.1.1 and 3.0 use a different error code and alert (sent to the
// client) when no protocols are enabled on the server.
const NO_PROTOCOLS_AVAILABLE_SERVER = common.hasOpenSSL3 ?
const NO_PROTOCOLS_AVAILABLE_SERVER = hasOpenSSL3 ?
'ERR_SSL_NO_PROTOCOLS_AVAILABLE' : 'ERR_SSL_INTERNAL_ERROR';
const NO_PROTOCOLS_AVAILABLE_SERVER_ALERT = common.hasOpenSSL3 ?
const NO_PROTOCOLS_AVAILABLE_SERVER_ALERT = hasOpenSSL3 ?
'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION' : 'ERR_SSL_TLSV1_ALERT_INTERNAL_ERROR';
// SSLv23 also means "any supported protocol" greater than the default

10
test/parallel/test-tls-no-sslv3.js
View file

@ -1,10 +1,14 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (common.opensslCli === false)
const { opensslCli } = require('../common/crypto');
if (opensslCli === false) {
common.skip('node compiled without OpenSSL CLI.');
}
const assert = require('assert');
const tls = require('tls');
@ -23,7 +27,7 @@ server.listen(0, '127.0.0.1', function() {
'-ssl3',
'-connect', address];
const client = spawn(common.opensslCli, args, { stdio: 'pipe' });
const client = spawn(opensslCli, args, { stdio: 'pipe' });
client.stdout.pipe(process.stdout);
client.stderr.pipe(process.stderr);
client.stderr.setEncoding('utf8');

15
test/parallel/test-tls-ocsp-callback.js
View file

@ -22,12 +22,17 @@
'use strict';
const common = require('../common');
if (!common.opensslCli)
common.skip('node compiled without OpenSSL CLI.');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const { opensslCli } = require('../common/crypto');
if (!opensslCli) {
common.skip('node compiled without OpenSSL CLI.');
}
const crypto = require('crypto');
const tls = require('tls');
const fixtures = require('../common/fixtures');
@ -108,6 +113,6 @@ test({ ocsp: true, response: false });
test({ ocsp: true, response: 'hello world' });
test({ ocsp: false });
if (!common.hasFipsCrypto) {
if (!crypto.getFips()) {
test({ ocsp: true, response: 'hello pfx', pfx: pfx, passphrase: 'sample' });
}

10
test/parallel/test-tls-psk-circuit.js
View file

@ -1,9 +1,11 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const { hasOpenSSL } = require('../common/crypto');
const assert = require('assert');
const tls = require('tls');
@ -62,12 +64,12 @@ test({ psk: USERS.UserA, identity: 'UserA' }, { minVersion: 'TLSv1.3' });
test({ psk: USERS.UserB, identity: 'UserB' });
test({ psk: USERS.UserB, identity: 'UserB' }, { minVersion: 'TLSv1.3' });
// Unrecognized user should fail handshake
const expectedHandshakeErr = common.hasOpenSSL(3, 2) ?
const expectedHandshakeErr = hasOpenSSL(3, 2) ?
'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
test({ psk: USERS.UserB, identity: 'UserC' }, {}, expectedHandshakeErr);
// Recognized user but incorrect secret should fail handshake
const expectedIllegalParameterErr = common.hasOpenSSL(3, 4) ? 'ERR_SSL_TLSV1_ALERT_DECRYPT_ERROR' :
common.hasOpenSSL(3, 2) ?
const expectedIllegalParameterErr = hasOpenSSL(3, 4) ? 'ERR_SSL_TLSV1_ALERT_DECRYPT_ERROR' :
hasOpenSSL(3, 2) ?
'ERR_SSL_SSL/TLS_ALERT_ILLEGAL_PARAMETER' : 'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER';
test({ psk: USERS.UserA, identity: 'UserB' }, {}, expectedIllegalParameterErr);
test({ psk: USERS.UserB, identity: 'UserB' });

11
test/parallel/test-tls-psk-server.js
View file

@ -1,10 +1,15 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
if (!common.opensslCli)
}
const { opensslCli } = require('../common/crypto');
if (!opensslCli) {
common.skip('missing openssl cli');
}
const assert = require('assert');
@ -41,7 +46,7 @@ let sentWorld = false;
let gotWorld = false;
server.listen(0, () => {
const client = spawn(common.opensslCli, [
const client = spawn(opensslCli, [
's_client',
'-connect', `127.0.0.1:${server.address().port}`,
'-cipher', CIPHERS,

10
test/parallel/test-tls-securepair-server.js
View file

@ -21,11 +21,15 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (!common.opensslCli)
const { opensslCli } = require('../common/crypto');
if (!opensslCli) {
common.skip('missing openssl-cli');
}
const assert = require('assert');
const tls = require('tls');
@ -109,7 +113,7 @@ server.listen(0, common.mustCall(function() {
const args = ['s_client', '-connect', `127.0.0.1:${this.address().port}`];
const client = spawn(common.opensslCli, args);
const client = spawn(opensslCli, args);
let out = '';

10
test/parallel/test-tls-server-verify.js
View file

@ -22,11 +22,15 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (!common.opensslCli)
const { opensslCli } = require('../common/crypto');
if (!opensslCli) {
common.skip('node compiled without OpenSSL CLI.');
}
// This is a rather complex test which sets up various TLS servers with node
// and connects to them using the 'openssl s_client' command line utility
@ -188,7 +192,7 @@ function runClient(prefix, port, options, cb) {
}
// To test use: openssl s_client -connect localhost:8000
const client = spawn(common.opensslCli, args);
const client = spawn(opensslCli, args);
let out = '';

20
test/parallel/test-tls-session-cache.js
View file

@ -21,17 +21,23 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const {
hasOpenSSL,
opensslCli,
} = require('../common/crypto');
if (!opensslCli) {
common.skip('node compiled without OpenSSL CLI.');
}
const fixtures = require('../common/fixtures');
const assert = require('assert');
const tls = require('tls');
const { spawn } = require('child_process');
if (!common.opensslCli)
common.skip('node compiled without OpenSSL CLI.');
doTest({ tickets: false }, function() {
doTest({ tickets: true }, function() {
doTest({ tickets: false, invalidSession: true }, function() {
@ -100,7 +106,7 @@ function doTest(testOptions, callback) {
const args = [
's_client',
'-tls1',
'-cipher', (common.hasOpenSSL(3, 1) ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
'-cipher', (hasOpenSSL(3, 1) ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
'-connect', `localhost:${this.address().port}`,
'-servername', 'ohgod',
'-key', fixtures.path('keys/rsa_private.pem'),
@ -109,7 +115,7 @@ function doTest(testOptions, callback) {
].concat(testOptions.tickets ? [] : '-no_ticket');
function spawnClient() {
const client = spawn(common.opensslCli, args, {
const client = spawn(opensslCli, args, {
stdio: [ 0, 1, 'pipe' ]
});
let err = '';

16
test/parallel/test-tls-set-ciphers.js
View file

@ -1,7 +1,17 @@
'use strict';
const common = require('../common');
if (!common.hasOpenSSL3)
if (!common.hasCrypto) {
common.skip('missing crypto, or OpenSSL version lower than 3');
}
const {
hasOpenSSL,
hasOpenSSL3,
} = require('../common/crypto');
if (!hasOpenSSL3) {
common.skip('missing crypto, or OpenSSL version lower than 3');
}
const fixtures = require('../common/fixtures');
const { inspect } = require('util');
@ -80,7 +90,7 @@ function test(cciphers, sciphers, cipher, cerr, serr, options) {
const U = undefined;
let expectedTLSAlertError = 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
if (common.hasOpenSSL(3, 2)) {
if (hasOpenSSL(3, 2)) {
expectedTLSAlertError = 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE';
}
@ -117,7 +127,7 @@ test(U, 'AES256-SHA', 'TLS_AES_256_GCM_SHA384', U, U, { maxVersion: 'TLSv1.3' })
// default, but work.
// However, for OpenSSL32 AES_128 is not enabled due to the
// default security level
if (!common.hasOpenSSL(3, 2)) {
if (!hasOpenSSL(3, 2)) {
test('TLS_AES_128_CCM_8_SHA256', U,
U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');

6
test/parallel/test-tls-set-secure-context.js
View file

@ -1,8 +1,9 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
// This test verifies the behavior of the tls setSecureContext() method.
// It also verifies that existing connections are not disrupted when the
@ -12,6 +13,7 @@ const assert = require('assert');
const events = require('events');
const https = require('https');
const timers = require('timers/promises');
const { hasOpenSSL3 } = require('../common/crypto');
const fixtures = require('../common/fixtures');
const credentialOptions = [
{
@ -55,7 +57,7 @@ server.listen(0, common.mustCall(() => {
server.setSecureContext(credentialOptions[1]);
firstResponse.write('request-');
const errorMessageRegex = common.hasOpenSSL3 ?
const errorMessageRegex = hasOpenSSL3 ?
/^Error: self-signed certificate$/ :
/^Error: self signed certificate$/;
await assert.rejects(makeRequest(port, 3), errorMessageRegex);

7
test/parallel/test-tls-set-sigalgs.js
View file

@ -1,6 +1,9 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto) common.skip('missing crypto');
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const { hasOpenSSL } = require('../common/crypto');
const fixtures = require('../common/fixtures');
// Test sigalgs: option for TLS.
@ -63,7 +66,7 @@ test('RSA-PSS+SHA256:RSA-PSS+SHA512:ECDSA+SHA256',
['RSA-PSS+SHA256', 'ECDSA+SHA256']);
// Do not have shared sigalgs.
const handshakeErr = common.hasOpenSSL(3, 2) ?
const handshakeErr = hasOpenSSL(3, 2) ?
'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
test('RSA-PSS+SHA384', 'ECDSA+SHA256',
undefined, handshakeErr,

8
test/parallel/test-trace-env.js
View file

@ -18,9 +18,11 @@ spawnSyncAndAssert(process.execPath, ['--trace-env', fixtures.path('empty.js')],
}
if (common.hasCrypto) {
assert.match(output, /get "NODE_EXTRA_CA_CERTS"/);
}
if (common.hasOpenSSL3) {
assert.match(output, /get "OPENSSL_CONF"/);
const { hasOpenSSL3 } = require('../common/crypto');
if (hasOpenSSL3) {
assert.match(output, /get "OPENSSL_CONF"/);
}
}
assert.match(output, /get "NODE_DEBUG_NATIVE"/);
assert.match(output, /get "NODE_COMPILE_CACHE"/);

5
test/parallel/test-x509-escaping.js
View file

@ -1,15 +1,16 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const assert = require('assert');
const { X509Certificate } = require('crypto');
const tls = require('tls');
const fixtures = require('../common/fixtures');
const { hasOpenSSL3 } = common;
const { hasOpenSSL3 } = require('../common/crypto');
// Test that all certificate chains provided by the reporter are rejected.
{

4
test/pummel/test-crypto-dh-hash.js
View file

@ -30,7 +30,9 @@ if (common.isPi) {
common.skip('Too slow for Raspberry Pi devices');
}
if (!common.hasOpenSSL3) {
const { hasOpenSSL3 } = require('../common/crypto');
if (!hasOpenSSL3) {
common.skip('Too slow when dynamically linked against OpenSSL 1.1.1');
}

3
test/pummel/test-crypto-dh-keys.js
View file

@ -36,8 +36,9 @@ const crypto = require('crypto');
[ 'modp1', 'modp2', 'modp5', 'modp14', 'modp15', 'modp16', 'modp17' ]
.forEach((name) => {
// modp1 is 768 bits, FIPS requires >= 1024
if (name === 'modp1' && common.hasFipsCrypto)
if (name === 'modp1' && crypto.getFips()) {
return;
}
const group1 = crypto.getDiffieHellman(name);
const group2 = crypto.getDiffieHellman(name);
group1.generateKeys();

3
test/pummel/test-dh-regr.js
View file

@ -32,10 +32,11 @@ if (common.isPi) {
const assert = require('assert');
const crypto = require('crypto');
const { hasOpenSSL3 } = require('../common/crypto');
// FIPS requires length >= 1024 but we use 512/256 in this test to keep it from
// taking too long and timing out in CI.
const length = (common.hasFipsCrypto) ? 1024 : common.hasOpenSSL3 ? 512 : 256;
const length = crypto.getFips() ? 1024 : hasOpenSSL3 ? 512 : 256;
const p = crypto.createDiffieHellman(length).getPrime();

11
test/sequential/test-tls-psk-client.js
View file

@ -1,10 +1,15 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
if (!common.opensslCli)
}
const { opensslCli } = require('../common/crypto');
if (!opensslCli) {
common.skip('missing openssl cli');
}
const assert = require('assert');
const tls = require('tls');
@ -16,7 +21,7 @@ const KEY = 'd731ef57be09e5204f0b205b60627028';
const IDENTITY = 'Client_identity'; // Hardcoded by `openssl s_server`
const useIPv4 = !common.hasIPv6;
const server = spawn(common.opensslCli, [
const server = spawn(opensslCli, [
's_server',
'-accept', common.PORT,
'-cipher', CIPHERS,

25
test/sequential/test-tls-securepair-client.js
View file

@ -23,14 +23,19 @@
const common = require('../common');
if (!common.opensslCli)
common.skip('node compiled without OpenSSL CLI.');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
if (common.isWindows)
const { opensslCli } = require('../common/crypto');
if (!opensslCli) {
common.skip('node compiled without OpenSSL CLI.');
}
if (common.isWindows) {
common.skip('test does not work on Windows'); // ...but it should!
}
const net = require('net');
const assert = require('assert');
@ -63,11 +68,11 @@ function test(keyPath, certPath, check, next) {
const key = fixtures.readSync(keyPath).toString();
const cert = fixtures.readSync(certPath).toString();
const server = spawn(common.opensslCli, ['s_server',
'-accept', 0,
'-cert', fixtures.path(certPath),
'-key', fixtures.path(keyPath),
...(useIPv4 ? ['-4'] : []),
const server = spawn(opensslCli, ['s_server',
'-accept', 0,
'-cert', fixtures.path(certPath),
'-key', fixtures.path(keyPath),
...(useIPv4 ? ['-4'] : []),
]);
server.stdout.pipe(process.stdout);
server.stderr.pipe(process.stdout);

10
test/sequential/test-tls-session-timeout.js
View file

@ -22,8 +22,11 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto)
if (!common.hasCrypto) {
common.skip('missing crypto');
}
const { opensslCli } = require('../common/crypto');
const tmpdir = require('../common/tmpdir');
tmpdir.refresh();
@ -56,8 +59,9 @@ const cert = fixtures.readKey('rsa_cert.crt');
}
}
if (!common.opensslCli)
if (!opensslCli) {
common.skip('node compiled without OpenSSL CLI.');
}
doTest();
@ -105,7 +109,7 @@ function doTest() {
'-sess_in', sessionFileName,
'-sess_out', sessionFileName,
];
const client = spawn(common.opensslCli, flags, {
const client = spawn(opensslCli, flags, {
stdio: ['ignore', 'pipe', 'ignore']
});