Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test: fix crypto-dh error message for OpenSSL 3.x #50395

Merged
merged 1 commit into from
Oct 27, 2023

Conversation

krk
Copy link
Contributor

@krk krk commented Oct 25, 2023

OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause.

Error message change is test-only and uses the right error message for versions >= 3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.

With these changes to OpenSSL, error message in XX test is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'.

--

Sample failure:

Path: parallel/test-crypto-dh
node:assert:635
      throw err;
      ^

AssertionError [ERR_ASSERTION]: Expected values to be strictly deep-equal:
+ actual - expected

  Comparison {
+   message: 'Supplied key is too small'
-   message: 'error:02800080:Diffie-Hellman routines::invalid secret'
  }
    at Object.<anonymous> (/src/node-v20.8.1/test/parallel/test-crypto-dh.js:88:10)
    at Module._compile (node:internal/modules/cjs/loader:1241:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1295:10)
    at Module.load (node:internal/modules/cjs/loader:1091:32)
    at Module._load (node:internal/modules/cjs/loader:938:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:83:12)
    at node:internal/main/run_main_module:23:47 {
  generatedMessage: true,
  code: 'ERR_ASSERTION',
  actual: RangeError: Supplied key is too small
      at DiffieHellman.dhComputeSecret [as computeSecret] (node:internal/crypto/diffiehellman:156:29)
      at assert.throws.message (/src/node-v20.8.1/test/parallel/test-crypto-dh.js:89:9)
      at getActual (node:assert:756:5)
      at Function.throws (node:assert:902:24)
      at Object.<anonymous> (/src/node-v20.8.1/test/parallel/test-crypto-dh.js:88:10)
      at Module._compile (node:internal/modules/cjs/loader:1241:14)
      at Module._extensions..js (node:internal/modules/cjs/loader:1295:10)
      at Module.load (node:internal/modules/cjs/loader:1091:32)
      at Module._load (node:internal/modules/cjs/loader:938:12)
      at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:83:12) {
    code: 'ERR_CRYPTO_INVALID_KEYLEN'
  },
  expected: { message: 'error:02800080:Diffie-Hellman routines::invalid secret' },
  operator: 'throws'
}

OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs
cause. The error message in test-crypto-dh for the "empty secret" is
now 'Supplied key is too small' instead of
'error:02800080:Diffie-Hellman routines::invalid secret'.

Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.

ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
@nodejs-github-bot nodejs-github-bot added needs-ci PRs that need a full CI run. test Issues and PRs related to the tests. labels Oct 25, 2023
test/parallel/test-crypto-dh.js Show resolved Hide resolved
@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Oct 26, 2023
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Oct 26, 2023
@nodejs-github-bot

This comment was marked as outdated.

@richardlau
Copy link
Member

The https://ci.nodejs.org/job/node-test-commit-linux-containered/nodes=ubuntu1804_sharedlibs_withoutintl_x64/40113/ failure is #49988 (comment) and unrelated to this PR. Once we fix that, requesting a new Jenkins CI run should pick up the change.

@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Oct 26, 2023
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Oct 26, 2023
@nodejs-github-bot
Copy link
Collaborator

@tniessen tniessen added crypto Issues and PRs related to the crypto subsystem. openssl Issues and PRs related to the OpenSSL dependency. labels Oct 26, 2023
@nodejs-github-bot
Copy link
Collaborator

@richardlau richardlau added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Oct 26, 2023
@richardlau richardlau added the commit-queue Add this label to land a pull request using GitHub Actions. label Oct 27, 2023
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Oct 27, 2023
@nodejs-github-bot nodejs-github-bot merged commit 8eea2d3 into nodejs:main Oct 27, 2023
44 checks passed
@nodejs-github-bot
Copy link
Collaborator

Landed in 8eea2d3

@richardlau richardlau added lts-watch-v18.x PRs that may need to be released in v18.x. lts-watch-v20.x PRs that may need to be released in v20.x labels Nov 1, 2023
alexfernandez pushed a commit to alexfernandez/node that referenced this pull request Nov 1, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs
cause. The error message in test-crypto-dh for the "empty secret" is
now 'Supplied key is too small' instead of
'error:02800080:Diffie-Hellman routines::invalid secret'.

Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.

ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363

PR-URL: nodejs#50395
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
targos pushed a commit that referenced this pull request Nov 11, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs
cause. The error message in test-crypto-dh for the "empty secret" is
now 'Supplied key is too small' instead of
'error:02800080:Diffie-Hellman routines::invalid secret'.

Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.

ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363

PR-URL: #50395
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
@targos targos added backported-to-v20.x PRs backported to the v20.x-staging branch. and removed lts-watch-v20.x PRs that may need to be released in v20.x labels Nov 15, 2023
targos pushed a commit that referenced this pull request Nov 15, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs
cause. The error message in test-crypto-dh for the "empty secret" is
now 'Supplied key is too small' instead of
'error:02800080:Diffie-Hellman routines::invalid secret'.

Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.

ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363

PR-URL: #50395
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
@targos targos added backported-to-v18.x PRs backported to the v18.x-staging branch. and removed lts-watch-v18.x PRs that may need to be released in v18.x. labels Nov 15, 2023
targos pushed a commit that referenced this pull request Nov 15, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs
cause. The error message in test-crypto-dh for the "empty secret" is
now 'Supplied key is too small' instead of
'error:02800080:Diffie-Hellman routines::invalid secret'.

Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.

ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363

PR-URL: #50395
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs
cause. The error message in test-crypto-dh for the "empty secret" is
now 'Supplied key is too small' instead of
'error:02800080:Diffie-Hellman routines::invalid secret'.

Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.

ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363

PR-URL: nodejs/node#50395
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs
cause. The error message in test-crypto-dh for the "empty secret" is
now 'Supplied key is too small' instead of
'error:02800080:Diffie-Hellman routines::invalid secret'.

Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.

ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363

PR-URL: nodejs/node#50395
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
richardlau added a commit to richardlau/node-1 that referenced this pull request Jun 18, 2024
As per the original pull request that introduced the OpenSSL version
check in `parallel/test-crypto-dh`:

```
Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.
```

Fix the check so that:
- The older message is expected for OpenSSL 3.1.0.
- The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x).

Refs: nodejs#50395
nodejs-github-bot pushed a commit that referenced this pull request Jun 26, 2024
As per the original pull request that introduced the OpenSSL version
check in `parallel/test-crypto-dh`:

```
Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.
```

Fix the check so that:
- The older message is expected for OpenSSL 3.1.0.
- The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x).

Refs: #50395
PR-URL: #53503
Refs: #53382
Reviewed-By: Luigi Pinca <[email protected]>
aduh95 pushed a commit that referenced this pull request Jul 12, 2024
As per the original pull request that introduced the OpenSSL version
check in `parallel/test-crypto-dh`:

```
Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.
```

Fix the check so that:
- The older message is expected for OpenSSL 3.1.0.
- The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x).

Refs: #50395
PR-URL: #53503
Refs: #53382
Reviewed-By: Luigi Pinca <[email protected]>
aduh95 pushed a commit that referenced this pull request Jul 16, 2024
As per the original pull request that introduced the OpenSSL version
check in `parallel/test-crypto-dh`:

```
Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.
```

Fix the check so that:
- The older message is expected for OpenSSL 3.1.0.
- The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x).

Refs: #50395
PR-URL: #53503
Refs: #53382
Reviewed-By: Luigi Pinca <[email protected]>
marco-ippolito pushed a commit that referenced this pull request Aug 19, 2024
As per the original pull request that introduced the OpenSSL version
check in `parallel/test-crypto-dh`:

```
Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.
```

Fix the check so that:
- The older message is expected for OpenSSL 3.1.0.
- The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x).

Refs: #50395
PR-URL: #53503
Refs: #53382
Reviewed-By: Luigi Pinca <[email protected]>
marco-ippolito pushed a commit that referenced this pull request Aug 19, 2024
As per the original pull request that introduced the OpenSSL version
check in `parallel/test-crypto-dh`:

```
Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.
```

Fix the check so that:
- The older message is expected for OpenSSL 3.1.0.
- The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x).

Refs: #50395
PR-URL: #53503
Refs: #53382
Reviewed-By: Luigi Pinca <[email protected]>
aduh95 pushed a commit to aduh95/node that referenced this pull request Sep 24, 2024
As per the original pull request that introduced the OpenSSL version
check in `parallel/test-crypto-dh`:

```
Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.
```

Fix the check so that:
- The older message is expected for OpenSSL 3.1.0.
- The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x).

Refs: nodejs#50395
PR-URL: nodejs#53503
Refs: nodejs#53382
Reviewed-By: Luigi Pinca <[email protected]>
aduh95 pushed a commit to aduh95/node that referenced this pull request Sep 25, 2024
As per the original pull request that introduced the OpenSSL version
check in `parallel/test-crypto-dh`:

```
Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.
```

Fix the check so that:
- The older message is expected for OpenSSL 3.1.0.
- The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x).

Refs: nodejs#50395
PR-URL: nodejs#53503
Refs: nodejs#53382
Reviewed-By: Luigi Pinca <[email protected]>
richardlau added a commit to aduh95/node that referenced this pull request Sep 27, 2024
As per the original pull request that introduced the OpenSSL version
check in `parallel/test-crypto-dh`:

```
Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.
```

Fix the check so that:
- The older message is expected for OpenSSL 3.1.0.
- The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x).

Refs: nodejs#50395
PR-URL: nodejs#53503
Refs: nodejs#53382
Reviewed-By: Luigi Pinca <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. backported-to-v18.x PRs backported to the v18.x-staging branch. backported-to-v20.x PRs backported to the v20.x-staging branch. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. test Issues and PRs related to the tests.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants