test: check against run-time OpenSSL version

richardlau · bmeck · commit c7cf4e839dcc · 2024-06-22T09:11:09.000-05:00
Update `common.hasOpenSSL3*` to check against the run-time version of OpenSSL instead of the version of OpenSSL that Node.js was compiled against. Add a generalized `common.hasOpenSSL()` so we do not need to keep adding new checks for each new major/minor of OpenSSL. PR-URL: nodejs#53456 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
diff --git a/test/common/index.js b/test/common/index.js
@@ -57,14 +57,24 @@ const noop = () =>{};
 const hasCrypto = Boolean(process.versions.openssl) &&
 !process.env.NODE_SKIP_CRYPTO;
 
-const hasOpenSSL3 = hasCrypto &&
- require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30000000;
-
-const hasOpenSSL31 = hasCrypto &&
- require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000;
+// Synthesize OPENSSL_VERSION_NUMBER format with the layout 0xMNN00PPSL
+const opensslVersionNumber = (major = 0, minor = 0, patch = 0) =>{
+ assert(major >= 0 && major <= 0xf);
+ assert(minor >= 0 && minor <= 0xff);
+ assert(patch >= 0 && patch <= 0xff);
+ return (major << 28) | (minor << 20) | (patch << 4);
+};
 
-const hasOpenSSL32 = hasCrypto &&
- require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30200000;
+let OPENSSL_VERSION_NUMBER;
+const hasOpenSSL = (major = 0, minor = 0, patch = 0) =>{
+ if (!hasCrypto) return false;
+ if (OPENSSL_VERSION_NUMBER === undefined){
+ const regexp = /(?<m>\d+)\.(?<n>\d+)\.(?<p>\d+)/;
+ const{m, n, p } = process.versions.openssl.match(regexp).groups;
+ OPENSSL_VERSION_NUMBER = opensslVersionNumber(m, n, p);
+ }
+ return OPENSSL_VERSION_NUMBER >= opensslVersionNumber(major, minor, patch);
+};
 
 const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;
 
@@ -977,9 +987,7 @@ const common ={
 getTTYfd,
 hasIntl,
 hasCrypto,
- hasOpenSSL3,
- hasOpenSSL31,
- hasOpenSSL32,
+ hasOpenSSL,
 hasQuic,
 hasMultiLocalhost,
 invalidArgTypeHelper,
@@ -1040,6 +1048,18 @@ const common ={
 });
 },
 
+ get hasOpenSSL3(){
+ return hasOpenSSL(3);
+ },
+
+ get hasOpenSSL31(){
+ return hasOpenSSL(3, 1);
+ },
+
+ get hasOpenSSL32(){
+ return hasOpenSSL(3, 2);
+ },
+
 get inFreeBSDJail(){
 if (inFreeBSDJail !== null) return inFreeBSDJail;
 
diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
@@ -86,8 +86,8 @@ const crypto = require('crypto');
 }
 
{
- const v = crypto.constants.OPENSSL_VERSION_NUMBER;
- const hasOpenSSL3WithNewErrorMessage = (v >= 0x300000c0 && v <= 0x30100000) || (v >= 0x30100040 && v <= 0x30200000);
+ const hasOpenSSL3WithNewErrorMessage = (common.hasOpenSSL(3, 0, 12) && !common.hasOpenSSL(3, 1, 1)) ||
+ (common.hasOpenSSL(3, 1, 4) && !common.hasOpenSSL(3, 2, 1));
 assert.throws(() =>{
 dh3.computeSecret('');
 },{message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?

-Original file line number
+Diff line change
 consthasCrypto=Boolean(process.versions.openssl)&&
 !process.env.NODE_SKIP_CRYPTO;
 -consthasOpenSSL3=hasCrypto&&
 -require('crypto').constants.OPENSSL_VERSION_NUMBER>=0x30000000;
+-
 -consthasOpenSSL31=hasCrypto&&
 -require('crypto').constants.OPENSSL_VERSION_NUMBER>=0x30100000;
 +// Synthesize OPENSSL_VERSION_NUMBER format with the layout 0xMNN00PPSL
 +constopensslVersionNumber=(major=0,minor=0,patch=0)=>{
 +assert(major>=0&&major<=0xf);
 +assert(minor>=0&&minor<=0xff);
 +assert(patch>=0&&patch<=0xff);
 +return(major<<28)|(minor<<20)|(patch<<4);
 +};
 -consthasOpenSSL32=hasCrypto&&
 -require('crypto').constants.OPENSSL_VERSION_NUMBER>=0x30200000;
 +letOPENSSL_VERSION_NUMBER;
 +consthasOpenSSL=(major=0,minor=0,patch=0)=>{
 +if(!hasCrypto)returnfalse;
 +if(OPENSSL_VERSION_NUMBER===undefined){
 +constregexp=/(?<m>\d+)\.(?<n>\d+)\.(?<p>\d+)/;
 +const{ m, n, p }=process.versions.openssl.match(regexp).groups;
 +OPENSSL_VERSION_NUMBER=opensslVersionNumber(m,n,p);
 +}
 +returnOPENSSL_VERSION_NUMBER>=opensslVersionNumber(major,minor,patch);
 +};
 consthasQuic=hasCrypto&&!!process.config.variables.openssl_quic;
  getTTYfd,
  hasIntl,
  hasCrypto,
 - hasOpenSSL3,
 - hasOpenSSL31,
 - hasOpenSSL32,
 + hasOpenSSL,
  hasQuic,
  hasMultiLocalhost,
  invalidArgTypeHelper,
 });
 },
 +gethasOpenSSL3(){
 +returnhasOpenSSL(3);
 +},
++
 +gethasOpenSSL31(){
 +returnhasOpenSSL(3,1);
 +},
++
 +gethasOpenSSL32(){
 +returnhasOpenSSL(3,2);
 +},
++
 getinFreeBSDJail(){
 if(inFreeBSDJail!==null)returninFreeBSDJail;
Original file line number	Diff line number	Diff line change
`@@ -86,8 +86,8 @@ const crypto = require('crypto');`
`86`	`86`	`}`
`87`	`87`
`88`	`88`	`{`
`89`		`-constv=crypto.constants.OPENSSL_VERSION_NUMBER;`
`90`		`-consthasOpenSSL3WithNewErrorMessage=(v>=0x300000c0&&v<=0x30100000)\|\|(v>=0x30100040&&v<=0x30200000);`
	`89`	`+consthasOpenSSL3WithNewErrorMessage=(common.hasOpenSSL(3,0,12)&&!common.hasOpenSSL(3,1,1))\|\|`
	`90`	`+(common.hasOpenSSL(3,1,4)&&!common.hasOpenSSL(3,2,1));`
`91`	`91`	`assert.throws(()=>{`
`92`	`92`	`dh3.computeSecret('');`
`93`	`93`	`},{message: common.hasOpenSSL3&&!hasOpenSSL3WithNewErrorMessage ?`