test,crypto: handle a few more BoringSSL tests

PR-URL: #59030 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Filip Skokan <[email protected]>

Author: codebytere

test/parallel/test-crypto-async-sign-verify.js

@@ -88,18 +88,21 @@ test('rsa_public.pem', 'rsa_private.pem', 'sha256', false,
 
 // ED25519
 test('ed25519_public.pem','ed25519_private.pem',undefined,true);
-// ED448
-test('ed448_public.pem','ed448_private.pem',undefined,true);
 
-// ECDSA w/ der signature encoding
-test('ec_secp256k1_public.pem','ec_secp256k1_private.pem','sha384',
-false);
-test('ec_secp256k1_public.pem','ec_secp256k1_private.pem','sha384',
-false,{dsaEncoding: 'der'});
+if(!process.features.openssl_is_boringssl){
+// ED448
+test('ed448_public.pem','ed448_private.pem',undefined,true);
 
-// ECDSA w/ ieee-p1363 signature encoding
-test('ec_secp256k1_public.pem','ec_secp256k1_private.pem','sha384',false,
-{dsaEncoding: 'ieee-p1363'});
+// ECDSA w/ der signature encoding
+test('ec_secp256k1_public.pem','ec_secp256k1_private.pem','sha384',
+false);
+test('ec_secp256k1_public.pem','ec_secp256k1_private.pem','sha384',
+false,{dsaEncoding: 'der'});
+
+// ECDSA w/ ieee-p1363 signature encoding
+test('ec_secp256k1_public.pem','ec_secp256k1_private.pem','sha384',false,
+{dsaEncoding: 'ieee-p1363'});
+}
 
 // DSA w/ der signature encoding
 test('dsa_public.pem','dsa_private.pem','sha256',
@@ -150,7 +153,10 @@ MCowBQYDK2VuAyEA6pwGRbadNQAI/tYN8+/p/0/hbsdHfOEGr1ADiLVk/Gc=
 constdata=crypto.randomBytes(32);
 constsignature=crypto.randomBytes(16);
 
-constexpected=hasOpenSSL3 ? /operationnotsupportedforthiskeytype/ : /nodefaultdigest/;
+letexpected=/nodefaultdigest/;
+if(hasOpenSSL3||process.features.openssl_is_boringssl){
+expected=/operation[\s_]not[\s_]supported[\s_]for[\s_]this[\s_]keytype/i;
+}
 
 crypto.verify(undefined,data,untrustedKey,signature,common.mustCall((err)=>{
 assert.ok(err);
@@ -164,6 +170,6 @@ MCowBQYDK2VuAyEA6pwGRbadNQAI/tYN8+/p/0/hbsdHfOEGr1ADiLVk/Gc=
 });
 crypto.sign('sha512','message',privateKey,common.mustCall((err)=>{
 assert.ok(err);
-assert.match(err.message,/digesttoobigforrsakey/);
+assert.match(err.message,/digest[\s_]too[\s_]big[\s_]for[\s_]rsa[\s_]key/i);
 }));
 }

test/parallel/test-crypto-certificate.js

@@ -41,7 +41,8 @@ function copyArrayBuffer(buf){
 
 functioncheckMethods(certificate){
 
-assert.strictEqual(certificate.verifySpkac(spkacValid),true);
+if(!process.features.openssl_is_boringssl)
+assert.strictEqual(certificate.verifySpkac(spkacValid),true);
 assert.strictEqual(certificate.verifySpkac(spkacFail),false);
 
 assert.strictEqual(
@@ -56,10 +57,12 @@ function checkMethods(certificate){
 );
 assert.strictEqual(certificate.exportChallenge(spkacFail),'');
 
-constab=copyArrayBuffer(spkacValid);
-assert.strictEqual(certificate.verifySpkac(ab),true);
-assert.strictEqual(certificate.verifySpkac(newUint8Array(ab)),true);
-assert.strictEqual(certificate.verifySpkac(newDataView(ab)),true);
+if(!process.features.openssl_is_boringssl){
+constab=copyArrayBuffer(spkacValid);
+assert.strictEqual(certificate.verifySpkac(ab),true);
+assert.strictEqual(certificate.verifySpkac(newUint8Array(ab)),true);
+assert.strictEqual(certificate.verifySpkac(newDataView(ab)),true);
+}
 }
 
 {

test/parallel/test-crypto-dh-errors.js

@@ -35,7 +35,7 @@ for (const bits of [-1, 0, 1]){
 assert.throws(()=>crypto.createDiffieHellman(bits),{
 code: 'ERR_OSSL_BN_BITS_TOO_SMALL',
 name: 'Error',
-message: /bitstoosmall/,
+message: /bits[\s_]too[\s_]small/i,
 });
 }
 }

test/parallel/test-crypto-dh.js

@@ -60,18 +60,17 @@ const{
 letwrongBlockLength;
 if(hasOpenSSL3){
 wrongBlockLength={
-message: 'error:1C80006B:Provider routines::wrongfinalblocklength',
-code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
-library: 'Provider routines',
-reason: 'wrongfinalblocklength'
+message: /wrong[\s_]final[\s_]block[\s_]length/i,
+code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
+library: /Providerroutines|Cipherfunctions/,
+reason: /wrong[\s_]final[\s_]block[\s_]length/i,
 };
 }else{
 wrongBlockLength={
-message: 'error:0606506D:digital envelope'+
-' routines:EVP_DecryptFinal_ex:wrong final block length',
-code: 'ERR_OSSL_EVP_WRONG_FINAL_BLOCK_LENGTH',
-library: 'digital envelope routines',
-reason: 'wrong final block length'
+message: /wrong[\s_]final[\s_]block[\s_]length/i,
+code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
+library: /digitalenveloperoutines|Cipherfunctions/,
+reason: /wrong[\s_]final[\s_]block[\s_]length/i,
 };
 }
 

test/parallel/test-crypto-hash.js

@@ -191,7 +191,7 @@ assert.throws(
 }
 
 // Test XOF hash functions and the outputLength option.
-{
+if(!process.features.openssl_is_boringssl){
 // Default outputLengths.
 assert.strictEqual(crypto.createHash('shake128').digest('hex'),
 '7f9c2ba4e88f827d616045507605853e');

test/parallel/test-crypto-padding.js

@@ -84,14 +84,13 @@ assert.throws(function(){
 // Input must have block length %.
 enc(ODD_LENGTH_PLAIN,false);
 },hasOpenSSL3 ? {
-message: 'error:1C80006B:Provider routines::wrongfinalblocklength',
-code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
-reason: 'wrongfinalblocklength',
+message: /wrong[\s_]final[\s_]block[\s_]length/i,
+code: /ERR_OSSL(_EVP)?_WRONG_FINAL_BLOCK_LENGTH/,
+reason: /wrong[\s_]final[\s_]block[\s_]length/i,
 } : {
-message: 'error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:'+
-'data not multiple of block length',
-code: 'ERR_OSSL_EVP_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH',
-reason: 'data not multiple of block length',
+message: /data[\s_]not[\s_]multiple[\s_]of[\s_]block[\s_]length/i,
+code: /ERR_OSSL(_EVP)?_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
+reason: /data[\s_]not[\s_]multiple[\s_]of[\s_]block[\s_]length/i,
 }
 );
 
@@ -110,15 +109,10 @@ assert.strictEqual(dec(EVEN_LENGTH_ENCRYPTED, false).length, 48);
 assert.throws(function(){
 // Must have at least 1 byte of padding (PKCS):
 assert.strictEqual(dec(EVEN_LENGTH_ENCRYPTED_NOPAD,true),EVEN_LENGTH_PLAIN);
-},hasOpenSSL3 ? {
-message: 'error:1C800064:Provider routines::bad decrypt',
-reason: 'bad decrypt',
-code: 'ERR_OSSL_BAD_DECRYPT',
-} : {
-message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:'+
-'bad decrypt',
-reason: 'bad decrypt',
-code: 'ERR_OSSL_EVP_BAD_DECRYPT',
+},{
+message: /bad[\s_]decrypt/i,
+reason: /bad[\s_]decrypt/i,
+code: /ERR_OSSL(_EVP)?_BAD_DECRYPT/,
 });
 
 // No-pad encrypted string should return the same:

test/parallel/test-crypto-stream.js

@@ -73,9 +73,9 @@ const cipher = crypto.createCipheriv('aes-128-cbc', key, iv);
 constdecipher=crypto.createDecipheriv('aes-128-cbc',badkey,iv);
 
 cipher.pipe(decipher)
-.on('error',common.expectsError(hasOpenSSL3 ? {
-message: /bad[\s_]decrypt/,
-library: 'Provider routines',
+.on('error',common.expectsError((hasOpenSSL3||process.features.openssl_is_boringssl) ? {
+message: /bad[\s_]decrypt/i,
+library: /Providerroutines|Cipherfunctions/,
 reason: /bad[\s_]decrypt/i,
 } : {
 message: /bad[\s_]decrypt/i,

test/parallel/test-tls-alert-handling.js

@@ -43,7 +43,8 @@ const errorHandler = common.mustCall((err) =>{
 
 assert.strictEqual(err.code,expectedErrorCode);
 assert.strictEqual(err.library,'SSL routines');
-if(!hasOpenSSL3)assert.strictEqual(err.function,'ssl3_get_record');
+if(!hasOpenSSL3&&!process.features.openssl_is_boringssl)
+assert.strictEqual(err.function,'ssl3_get_record');
 assert.match(err.reason,expectedErrorReason);
 errorReceived=true;
 if(canCloseServer())
@@ -105,7 +106,7 @@ function sendBADTLSRecord(){
 }
 assert.strictEqual(err.code,expectedErrorCode);
 assert.strictEqual(err.library,'SSL routines');
-if(!hasOpenSSL3)
+if(!hasOpenSSL3&&!process.features.openssl_is_boringssl)
 assert.strictEqual(err.function,'ssl3_read_bytes');
 assert.match(err.reason,expectedErrorReason);
 }));

test/parallel/test-x509-escaping.js

@@ -438,7 +438,7 @@ const{hasOpenSSL3 } = require('../common/crypto');
 constcert=fixtures.readKey('incorrect_san_correct_subject-cert.pem');
 
 // The hostname is the CN, but not a SAN entry.
-constservername='good.example.com';
+constservername=process.features.openssl_is_boringssl ? undefined : 'good.example.com';
 constcertX509=newX509Certificate(cert);
 assert.strictEqual(certX509.subject,`CN=${servername}`);
 assert.strictEqual(certX509.subjectAltName,'DNS:evil.example.com');