Skip to content

Commit

Permalink
test: fix crypto-dh error message for OpenSSL 3.x
Browse files Browse the repository at this point in the history
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs
cause. The error message in test-crypto-dh for the "empty secret" is
now 'Supplied key is too small' instead of
'error:02800080:Diffie-Hellman routines::invalid secret'.

Error message change is test-only and uses the right error message for
versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.

ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363

PR-URL: #50395
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
  • Loading branch information
krk authored and targos committed Nov 11, 2023
1 parent 7c35055 commit bd5b61f
Showing 1 changed file with 9 additions and 5 deletions.
14 changes: 9 additions & 5 deletions test/parallel/test-crypto-dh.js
Original file line number Diff line number Diff line change
Expand Up @@ -85,11 +85,15 @@ const crypto = require('crypto');
}, wrongBlockLength);
}

assert.throws(() => {
dh3.computeSecret('');
}, { message: common.hasOpenSSL3 ?
'error:02800080:Diffie-Hellman routines::invalid secret' :
'Supplied key is too small' });
{
const v = crypto.constants.OPENSSL_VERSION_NUMBER;
const hasOpenSSL3WithNewErrorMessage = (v >= 0x300000c0 && v <= 0x30100000) || (v >= 0x30100040 && v <= 0x30200000);
assert.throws(() => {
dh3.computeSecret('');
}, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
'error:02800080:Diffie-Hellman routines::invalid secret' :
'Supplied key is too small' });
}
}

// Through a fluke of history, g=0 defaults to DH_GENERATOR (2).
Expand Down

0 comments on commit bd5b61f

Please sign in to comment.