From fec92e8b6bd94879b6cbf67cccf55fe9ce66b80b Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Wed, 1 May 2024 16:39:34 +0000 Subject: [PATCH 1/2] test: crypto-rsa-dsa testing for dynamic openssl Fixes: https://github.com/nodejs/node/issues/52537 Signed-off-by: Michael Dawson --- test/parallel/test-crypto-rsa-dsa.js | 51 ++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js index ecda345989789d..846e559be8a5b3 100644 --- a/test/parallel/test-crypto-rsa-dsa.js +++ b/test/parallel/test-crypto-rsa-dsa.js @@ -223,8 +223,6 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) { if (padding === constants.RSA_PKCS1_PADDING) { - // TODO(richardlau): see if it's possible to determine implicit rejection - // support when dynamically linked against OpenSSL. if (!process.config.variables.node_shared_openssl) { assert.throws(() => { crypto.privateDecrypt({ @@ -240,6 +238,55 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) { oaepHash: decryptOaepHash }, encryptedBuffer); }, { code: 'ERR_INVALID_ARG_VALUE' }); + } else { + // The version of a linked against OpenSSL. May + // or may not support implicit rejection. Figuring + // this out in the test is not feasible but we + // require that it pass based on one of the two + // cases of supporting it or not. + try { + // The expected exceptions should be thrown if implicit rejection + // is not supported + assert.throws(() => { + crypto.privateDecrypt({ + key: rsaKeyPem, + padding: padding, + oaepHash: decryptOaepHash + }, encryptedBuffer); + }, { code: 'ERR_INVALID_ARG_VALUE' }); + assert.throws(() => { + crypto.privateDecrypt({ + key: rsaPkcs8KeyPem, + padding: padding, + oaepHash: decryptOaepHash + }, encryptedBuffer); + }, { code: 'ERR_INVALID_ARG_VALUE' }); + } catch (e) { + if (e.toString() === + 'AssertionError [ERR_ASSERTION]: Missing expected exception.') { + // Implicit rejection must be supported since + // we did not get the exceptions that are thrown + // when it is not, we should be able to decrypt + let decryptedBuffer = crypto.privateDecrypt({ + key: rsaKeyPem, + padding: padding, + oaepHash: decryptOaepHash + }, encryptedBuffer); + assert.deepStrictEqual(decryptedBuffer, input); + + decryptedBuffer = crypto.privateDecrypt({ + key: rsaPkcs8KeyPem, + padding: padding, + oaepHash: decryptOaepHash + }, encryptedBuffer); + assert.deepStrictEqual(decryptedBuffer, input); + } else { + // There was an exception but it not the one we expect if implicit + // rejection is not supported so there was some other failure, + // re-throw it so the test fails + throw e; + } + } } } else { let decryptedBuffer = crypto.privateDecrypt({ From 4042b919df33de4297533894387fa9f4af2a25ae Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Wed, 1 May 2024 17:20:52 -0400 Subject: [PATCH 2/2] Update test/parallel/test-crypto-rsa-dsa.js Co-authored-by: Luigi Pinca --- test/parallel/test-crypto-rsa-dsa.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js index 846e559be8a5b3..5f4fafdfffbf72 100644 --- a/test/parallel/test-crypto-rsa-dsa.js +++ b/test/parallel/test-crypto-rsa-dsa.js @@ -281,7 +281,7 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) { }, encryptedBuffer); assert.deepStrictEqual(decryptedBuffer, input); } else { - // There was an exception but it not the one we expect if implicit + // There was an exception but it is not the one we expect if implicit // rejection is not supported so there was some other failure, // re-throw it so the test fails throw e;