test: check against run-time OpenSSL version

richardlau · nodejs-github-bot · commit 3e7129e5d60d · 2024-06-18T14:48:25.000Z
Update `common.hasOpenSSL3*` to check against the run-time version of OpenSSL instead of the version of OpenSSL that Node.js was compiled against. Add a generalized `common.hasOpenSSL()` so we do not need to keep adding new checks for each new major/minor of OpenSSL. PR-URL: #53456 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
diff --git a/test/common/index.js b/test/common/index.js
@@ -57,14 +57,24 @@ const noop = () => {};
 const hasCrypto = Boolean(process.versions.openssl) &&
                   !process.env.NODE_SKIP_CRYPTO;
 
-const hasOpenSSL3 = hasCrypto &&
-    require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30000000;
-
-const hasOpenSSL31 = hasCrypto &&
-    require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000;
+// Synthesize OPENSSL_VERSION_NUMBER format with the layout 0xMNN00PPSL
+const opensslVersionNumber = (major = 0, minor = 0, patch = 0) => {
+  assert(major >= 0 && major <= 0xf);
+  assert(minor >= 0 && minor <= 0xff);
+  assert(patch >= 0 && patch <= 0xff);
+  return (major << 28) | (minor << 20) | (patch << 4);
+};
 
-const hasOpenSSL32 = hasCrypto &&
-    require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30200000;
+let OPENSSL_VERSION_NUMBER;
+const hasOpenSSL = (major = 0, minor = 0, patch = 0) => {
+  if (!hasCrypto) return false;
+  if (OPENSSL_VERSION_NUMBER === undefined) {
+    const regexp = /(?<m>\d+)\.(?<n>\d+)\.(?<p>\d+)/;
+    const { m, n, p } = process.versions.openssl.match(regexp).groups;
+    OPENSSL_VERSION_NUMBER = opensslVersionNumber(m, n, p);
+  }
+  return OPENSSL_VERSION_NUMBER >= opensslVersionNumber(major, minor, patch);
+};
 
 const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;
 
@@ -977,9 +987,7 @@ const common = {
   getTTYfd,
   hasIntl,
   hasCrypto,
-  hasOpenSSL3,
-  hasOpenSSL31,
-  hasOpenSSL32,
+  hasOpenSSL,
   hasQuic,
   hasMultiLocalhost,
   invalidArgTypeHelper,
@@ -1040,6 +1048,18 @@ const common = {
     });
   },
 
+  get hasOpenSSL3() {
+    return hasOpenSSL(3);
+  },
+
+  get hasOpenSSL31() {
+    return hasOpenSSL(3, 1);
+  },
+
+  get hasOpenSSL32() {
+    return hasOpenSSL(3, 2);
+  },
+
   get inFreeBSDJail() {
     if (inFreeBSDJail !== null) return inFreeBSDJail;
 
diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
@@ -86,8 +86,8 @@ const crypto = require('crypto');
   }
 
   {
-    const v = crypto.constants.OPENSSL_VERSION_NUMBER;
-    const hasOpenSSL3WithNewErrorMessage = (v >= 0x300000c0 && v <= 0x30100000) || (v >= 0x30100040 && v <= 0x30200000);
+    const hasOpenSSL3WithNewErrorMessage = (common.hasOpenSSL(3, 0, 12) && !common.hasOpenSSL(3, 1, 1)) ||
+                                           (common.hasOpenSSL(3, 1, 4) && !common.hasOpenSSL(3, 2, 1));
     assert.throws(() => {
       dh3.computeSecret('');
     }, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?

Original file line number	Diff line number	Diff line change
`@@ -86,8 +86,8 @@ const crypto = require('crypto');`
`86`	`86`	`}`
`87`	`87`
`88`	`88`	`{`
`89`		`- const v = crypto.constants.OPENSSL_VERSION_NUMBER;`
`90`		`- const hasOpenSSL3WithNewErrorMessage = (v >= 0x300000c0 && v <= 0x30100000) \|\| (v >= 0x30100040 && v <= 0x30200000);`
	`89`	`+ const hasOpenSSL3WithNewErrorMessage = (common.hasOpenSSL(3, 0, 12) && !common.hasOpenSSL(3, 1, 1)) \|\|`
	`90`	`+ (common.hasOpenSSL(3, 1, 4) && !common.hasOpenSSL(3, 2, 1));`
`91`	`91`	`assert.throws(() => {`
`92`	`92`	`dh3.computeSecret('');`
`93`	`93`	`}, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?`