Skip to content

test: fix crypto-dh error message for OpenSSL 3.x#50395

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nodejs-github-bot merged 1 commit into from
Oct 27, 2023
Merged

test: fix crypto-dh error message for OpenSSL 3.x #50395

nodejs-github-bot merged 1 commit into from
Oct 27, 2023

Conversation

@krk
Copy link
Contributor

@krkkrk commented Oct 25, 2023

OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause.

Error message change is test-only and uses the right error message for versions >= 3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.

With these changes to OpenSSL, error message in XX test is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'.

--

Sample failure:

Path: parallel/test-crypto-dh node:assert:635 throw err; ^ AssertionError [ERR_ASSERTION]: Expected values to be strictly deep-equal: + actual - expected Comparison{+ message: 'Supplied key is too small' - message: 'error:02800080:Diffie-Hellman routines::invalid secret' } at Object.<anonymous> (/src/node-v20.8.1/test/parallel/test-crypto-dh.js:88:10) at Module._compile (node:internal/modules/cjs/loader:1241:14) at Module._extensions..js (node:internal/modules/cjs/loader:1295:10) at Module.load (node:internal/modules/cjs/loader:1091:32) at Module._load (node:internal/modules/cjs/loader:938:12) at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:83:12) at node:internal/main/run_main_module:23:47{generatedMessage: true, code: 'ERR_ASSERTION', actual: RangeError: Supplied key is too small at DiffieHellman.dhComputeSecret [as computeSecret] (node:internal/crypto/diffiehellman:156:29) at assert.throws.message (/src/node-v20.8.1/test/parallel/test-crypto-dh.js:89:9) at getActual (node:assert:756:5) at Function.throws (node:assert:902:24) at Object.<anonymous> (/src/node-v20.8.1/test/parallel/test-crypto-dh.js:88:10) at Module._compile (node:internal/modules/cjs/loader:1241:14) at Module._extensions..js (node:internal/modules/cjs/loader:1295:10) at Module.load (node:internal/modules/cjs/loader:1091:32) at Module._load (node:internal/modules/cjs/loader:938:12) at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:83:12){code: 'ERR_CRYPTO_INVALID_KEYLEN' }, expected:{message: 'error:02800080:Diffie-Hellman routines::invalid secret' }, operator: 'throws' }

@krk
test: fix crypto-dh error message for OpenSSL 3.x
c46e946
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
@nodejs-github-botnodejs-github-bot added needs-ci PRs that need a full CI run. test Issues and PRs related to the tests. labels Oct 25, 2023
@richardlaurichardlau mentioned this pull request Oct 26, 2023
Closed
richardlau
richardlau approved these changes Oct 26, 2023
View reviewed changes
@richardlaurichardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Oct 26, 2023
@github-actionsgithub-actionsbot removed the request-ci Add this label to start a Jenkins CI on a PR. label Oct 26, 2023
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@richardlau
Copy link
Member

richardlau commented Oct 26, 2023

The https://ci.nodejs.org/job/node-test-commit-linux-containered/nodes=ubuntu1804_sharedlibs_withoutintl_x64/40113/ failure is #49988 (comment) and unrelated to this PR. Once we fix that, requesting a new Jenkins CI run should pick up the change.

@richardlaurichardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Oct 26, 2023
@github-actionsgithub-actionsbot removed the request-ci Add this label to start a Jenkins CI on a PR. label Oct 26, 2023
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 26, 2023

CI: https://ci.nodejs.org/job/node-test-pull-request/55261/

@tniessentniessen added crypto Issues and PRs related to the crypto subsystem. openssl Issues and PRs related to the OpenSSL dependency. labels Oct 26, 2023
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 26, 2023

CI: https://ci.nodejs.org/job/node-test-pull-request/55262/

@richardlaurichardlau added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Oct 26, 2023
@github-actionsgithub-actionsbot mentioned this pull request Oct 27, 2023
Open
19 tasks
@richardlaurichardlau added the commit-queue Add this label to land a pull request using GitHub Actions. label Oct 27, 2023
@nodejs-github-botnodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Oct 27, 2023
@nodejs-github-botnodejs-github-bot merged commit 8eea2d3 into nodejs:mainOct 27, 2023
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 27, 2023

Landed in 8eea2d3

This was referenced Oct 28, 2023
Open
Open
Open
Open
@richardlaurichardlau added lts-watch-v18.x lts-watch-v20.x PRs that may need to be released in v20.x labels Nov 1, 2023
alexfernandez pushed a commit to alexfernandez/node that referenced this pull request Nov 1, 2023
@krk@alexfernandez
test: fix crypto-dh error message for OpenSSL 3.x
e0853ab
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: nodejs#50395 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
targos pushed a commit that referenced this pull request Nov 11, 2023
@krk@targos
test: fix crypto-dh error message for OpenSSL 3.x
bd5b61f
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: #50395 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
@targostargos mentioned this pull request Nov 12, 2023
Merged
@UTsweetyfishUTsweetyfish mentioned this pull request Nov 15, 2023
Closed
UTsweetyfish added a commit to UTsweetyfish/nodejs that referenced this pull request Nov 15, 2023
@UTsweetyfish
Fix FTBFS with openssl 3.0.12
2eed27e
Ref: nodejs/node#50395 Ref: https://bugs.debian.org/1055416 Ref: deepin-community/sig-deepin-sysdev-team#536
@UTsweetyfishUTsweetyfish mentioned this pull request Nov 15, 2023
Merged
deepin-ci-robot pushed a commit to deepin-community/nodejs that referenced this pull request Nov 15, 2023
@UTsweetyfish@deepin-ci-robot
Fix FTBFS with openssl 3.0.12
2d5bbc7
Ref: nodejs/node#50395 Ref: https://bugs.debian.org/1055416 Ref: deepin-community/sig-deepin-sysdev-team#536
@targostargos added backported-to-v20.x PRs backported to the v20.x-staging branch. and removed lts-watch-v20.x PRs that may need to be released in v20.x labels Nov 15, 2023
targos pushed a commit that referenced this pull request Nov 15, 2023
@krk@targos
test: fix crypto-dh error message for OpenSSL 3.x
41ca113
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: #50395 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
targos pushed a commit that referenced this pull request Nov 15, 2023
@krk@targos
test: fix crypto-dh error message for OpenSSL 3.x
c6caf13
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: #50395 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
@targostargos mentioned this pull request Nov 21, 2023
Merged
@targostargos mentioned this pull request Nov 28, 2023
Merged
@juanarboljuanarbol mentioned this pull request Dec 6, 2023
Merged
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
test: fix crypto-dh error message for OpenSSL 3.x
85de635
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: nodejs/node#50395 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
test: fix crypto-dh error message for OpenSSL 3.x
0ccde35
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: nodejs/node#50395 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
@richardlaurichardlau mentioned this pull request Jun 14, 2024
Closed
richardlau added a commit to richardlau/node-1 that referenced this pull request Jun 18, 2024
@richardlau
test: fix OpenSSL version checks
e7e25ba
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395
@richardlaurichardlau mentioned this pull request Jun 18, 2024
Merged
nodejs-github-bot pushed a commit that referenced this pull request Jun 26, 2024
@richardlau
test: fix OpenSSL version checks
53ac448
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <[email protected]>
aduh95 pushed a commit that referenced this pull request Jul 12, 2024
@richardlau@aduh95
test: fix OpenSSL version checks
7811898
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <[email protected]>
aduh95 pushed a commit that referenced this pull request Jul 16, 2024
@richardlau@aduh95
test: fix OpenSSL version checks
8aab680
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <[email protected]>
marco-ippolito pushed a commit that referenced this pull request Aug 19, 2024
@richardlau@marco-ippolito
test: fix OpenSSL version checks
187ee24
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <[email protected]>
marco-ippolito pushed a commit that referenced this pull request Aug 19, 2024
@richardlau@marco-ippolito
test: fix OpenSSL version checks
a075267
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <[email protected]>
aduh95 pushed a commit to aduh95/node that referenced this pull request Sep 24, 2024
@richardlau@aduh95
test: fix OpenSSL version checks
b14e997
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395 PR-URL: nodejs#53503 Refs: nodejs#53382 Reviewed-By: Luigi Pinca <[email protected]>
aduh95 pushed a commit to aduh95/node that referenced this pull request Sep 25, 2024
@richardlau@aduh95
test: fix OpenSSL version checks
4826f3e
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395 PR-URL: nodejs#53503 Refs: nodejs#53382 Reviewed-By: Luigi Pinca <[email protected]>
richardlau added a commit to aduh95/node that referenced this pull request Sep 27, 2024
@richardlau
test: fix OpenSSL version checks
c8520ff
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395 PR-URL: nodejs#53503 Refs: nodejs#53382 Reviewed-By: Luigi Pinca <[email protected]>
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lpincalpincalpinca approved these changes

@richardlaurichardlaurichardlau approved these changes

Assignees

No one assigned

Labels

author readyPRs that have at least one approval, no pending requests for changes, and a CI started.backported-to-v20.xPRs backported to the v20.x-staging branch.cryptoIssues and PRs related to the crypto subsystem.needs-ciPRs that need a full CI run.opensslIssues and PRs related to the OpenSSL dependency.testIssues and PRs related to the tests.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@krk@nodejs-github-bot@richardlau@lpinca@targos@tniessen