Skip to content

Commit

Permalink
test: fix crypto-dh error message for OpenSSL 3.x
Browse files Browse the repository at this point in the history
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs
cause. The error message in test-crypto-dh for the "empty secret" is
now 'Supplied key is too small' instead of
'error:02800080:Diffie-Hellman routines::invalid secret'.

Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.

ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363

PR-URL: #50395
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
  • Loading branch information
krk authored and targos committed Nov 15, 2023
1 parent a6a05e8 commit 41ca113
Showing 1 changed file with 9 additions and 5 deletions.
14 changes: 9 additions & 5 deletions test/parallel/test-crypto-dh.js
Original file line number Diff line number Diff line change
Expand Up @@ -85,11 +85,15 @@ const crypto = require('crypto');
}, wrongBlockLength);
}

assert.throws(() => {
dh3.computeSecret('');
}, { message: common.hasOpenSSL3 ?
'error:02800080:Diffie-Hellman routines::invalid secret' :
'Supplied key is too small' });
{
const v = crypto.constants.OPENSSL_VERSION_NUMBER;
const hasOpenSSL3WithNewErrorMessage = (v >= 0x300000c0 && v <= 0x30100000) || (v >= 0x30100040 && v <= 0x30200000);
assert.throws(() => {
dh3.computeSecret('');
}, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
'error:02800080:Diffie-Hellman routines::invalid secret' :
'Supplied key is too small' });
}
}

// Through a fluke of history, g=0 defaults to DH_GENERATOR (2).
Expand Down

0 comments on commit 41ca113

Please sign in to comment.