From 41ca1132ebb21442339d59cbf1497368ae370bc8 Mon Sep 17 00:00:00 2001 From: Kerem Kat Date: Fri, 27 Oct 2023 19:01:10 +0100 Subject: [PATCH] test: fix crypto-dh error message for OpenSSL 3.x OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: https://github.com/nodejs/node/pull/50395 Reviewed-By: Richard Lau Reviewed-By: Luigi Pinca --- test/parallel/test-crypto-dh.js | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js index abbe1abe7e53d7..3b738b7f47ec59 100644 --- a/test/parallel/test-crypto-dh.js +++ b/test/parallel/test-crypto-dh.js @@ -85,11 +85,15 @@ const crypto = require('crypto'); }, wrongBlockLength); } - assert.throws(() => { - dh3.computeSecret(''); - }, { message: common.hasOpenSSL3 ? - 'error:02800080:Diffie-Hellman routines::invalid secret' : - 'Supplied key is too small' }); + { + const v = crypto.constants.OPENSSL_VERSION_NUMBER; + const hasOpenSSL3WithNewErrorMessage = (v >= 0x300000c0 && v <= 0x30100000) || (v >= 0x30100040 && v <= 0x30200000); + assert.throws(() => { + dh3.computeSecret(''); + }, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ? + 'error:02800080:Diffie-Hellman routines::invalid secret' : + 'Supplied key is too small' }); + } } // Through a fluke of history, g=0 defaults to DH_GENERATOR (2).