|
|
13eaef |
diff --git a/test/parallel/test-crypto-aes-wrap.js b/test/known_issues/test-crypto-aes-wrap.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/parallel/test-crypto-aes-wrap.js
|
|
|
13eaef |
rename to test/known_issues/test-crypto-aes-wrap.js
|
|
|
13eaef |
diff --git a/test/parallel/test-crypto-des3-wrap.js b/test/known_issues/test-crypto-des3-wrap.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/parallel/test-crypto-des3-wrap.js
|
|
|
13eaef |
rename to test/known_issues/test-crypto-des3-wrap.js
|
|
|
13eaef |
diff --git a/test/parallel/test-crypto-hash-stream-pipe.js b/test/known_issues/test-crypto-hash-stream-pipe.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/parallel/test-crypto-hash-stream-pipe.js
|
|
|
13eaef |
rename to test/known_issues/test-crypto-hash-stream-pipe.js
|
|
|
13eaef |
diff --git a/test/doctool/test-make-doc.js b/test/known_issues/test-make-doc.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/doctool/test-make-doc.js
|
|
|
13eaef |
rename to test/known_issues/test-make-doc.js
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-cli-max-version-1.3.js b/test/known_issues/test-tls-cli-max-version-1.3.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/parallel/test-tls-cli-max-version-1.3.js
|
|
|
13eaef |
rename to test/known_issues/test-tls-cli-max-version-1.3.js
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-cli-min-max-conflict.js b/test/known_issues/test-tls-cli-min-max-conflict.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/parallel/test-tls-cli-min-max-conflict.js
|
|
|
13eaef |
rename to test/known_issues/test-tls-cli-min-max-conflict.js
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-cli-min-version-1.3.js b/test/known_issues/test-tls-cli-min-version-1.3.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/parallel/test-tls-cli-min-version-1.3.js
|
|
|
13eaef |
rename to test/known_issues/test-tls-cli-min-version-1.3.js
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-client-renegotiation-13.js b/test/known_issues/test-tls-client-renegotiation-13.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/parallel/test-tls-client-renegotiation-13.js
|
|
|
13eaef |
rename to test/known_issues/test-tls-client-renegotiation-13.js
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-keylog-tlsv13.js b/test/known_issues/test-tls-keylog-tlsv13.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/parallel/test-tls-keylog-tlsv13.js
|
|
|
13eaef |
rename to test/known_issues/test-tls-keylog-tlsv13.js
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-no-sslv3.js b/test/known_issues/test-tls-no-sslv3.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/parallel/test-tls-no-sslv3.js
|
|
|
13eaef |
rename to test/known_issues/test-tls-no-sslv3.js
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-ticket-12.js b/test/known_issues/test-tls-ticket-12.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/parallel/test-tls-ticket-12.js
|
|
|
13eaef |
rename to test/known_issues/test-tls-ticket-12.js
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-ticket-cluster.js b/test/known_issues/test-tls-ticket-cluster.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/parallel/test-tls-ticket-cluster.js
|
|
|
13eaef |
rename to test/known_issues/test-tls-ticket-cluster.js
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-ticket.js b/test/known_issues/test-tls-ticket.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/parallel/test-tls-ticket.js
|
|
|
13eaef |
rename to test/known_issues/test-tls-ticket.js
|
|
|
13eaef |
diff --git a/test/parallel/test-v8-serdes.js b/test/known_issues/test-v8-serdes.js
|
|
|
13eaef |
similarity index 100%
|
|
|
13eaef |
rename from test/parallel/test-v8-serdes.js
|
|
|
13eaef |
rename to test/known_issues/test-v8-serdes.js
|
|
|
13eaef |
diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
|
|
|
13eaef |
index 8be7296c69..c9bf9612cb 100644
|
|
|
13eaef |
--- a/test/parallel/test-crypto-authenticated.js
|
|
|
13eaef |
+++ b/test/parallel/test-crypto-authenticated.js
|
|
|
13eaef |
@@ -404,7 +404,7 @@ for (const test of TEST_CASES) {
|
|
|
13eaef |
// Test that create(De|C)ipher(iv)? throws if the mode is CCM or OCB and no
|
|
|
13eaef |
// authentication tag has been specified.
|
|
|
13eaef |
{
|
|
|
13eaef |
- for (const mode of ['ccm', 'ocb']) {
|
|
|
13eaef |
+ for (const mode of ['ccm']) {
|
|
|
13eaef |
assert.throws(() => {
|
|
|
13eaef |
crypto.createCipheriv(`aes-256-${mode}`,
|
|
|
13eaef |
'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
|
|
|
13eaef |
@@ -564,7 +564,7 @@ for (const test of TEST_CASES) {
|
|
|
13eaef |
const key = Buffer.from('0123456789abcdef', 'utf8');
|
|
|
13eaef |
const iv = Buffer.from('0123456789ab', 'utf8');
|
|
|
13eaef |
|
|
|
13eaef |
- for (const mode of ['gcm', 'ocb']) {
|
|
|
13eaef |
+ for (const mode of ['gcm']) {
|
|
|
13eaef |
for (const authTagLength of mode === 'gcm' ? [undefined, 8] : [8]) {
|
|
|
13eaef |
const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, {
|
|
|
13eaef |
authTagLength
|
|
|
13eaef |
@@ -598,7 +598,7 @@ for (const test of TEST_CASES) {
|
|
|
13eaef |
const iv = Buffer.from('0123456789ab', 'utf8');
|
|
|
13eaef |
const opts = { authTagLength: 8 };
|
|
|
13eaef |
|
|
|
13eaef |
- for (const mode of ['gcm', 'ccm', 'ocb']) {
|
|
|
13eaef |
+ for (const mode of ['gcm', 'ccm']) {
|
|
|
13eaef |
const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, opts);
|
|
|
13eaef |
const ciphertext = Buffer.concat([cipher.update(plain), cipher.final()]);
|
|
|
13eaef |
const tag = cipher.getAuthTag();
|
|
|
13eaef |
@@ -616,51 +616,3 @@ for (const test of TEST_CASES) {
|
|
|
13eaef |
assert(plain.equals(plaintext));
|
|
|
13eaef |
}
|
|
|
13eaef |
}
|
|
|
13eaef |
-
|
|
|
13eaef |
-
|
|
|
13eaef |
-// Test chacha20-poly1305 rejects invalid IV lengths of 13, 14, 15, and 16 (a
|
|
|
13eaef |
-// length of 17 or greater was already rejected).
|
|
|
13eaef |
-// - https://www.openssl.org/news/secadv/20190306.txt
|
|
|
13eaef |
-{
|
|
|
13eaef |
- // Valid extracted from TEST_CASES, check that it detects IV tampering.
|
|
|
13eaef |
- const valid = {
|
|
|
13eaef |
- algo: 'chacha20-poly1305',
|
|
|
13eaef |
- key: '808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f',
|
|
|
13eaef |
- iv: '070000004041424344454647',
|
|
|
13eaef |
- plain: '4c616469657320616e642047656e746c656d656e206f662074686520636c6173' +
|
|
|
13eaef |
- '73206f66202739393a204966204920636f756c64206f6666657220796f75206f' +
|
|
|
13eaef |
- '6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73' +
|
|
|
13eaef |
- '637265656e20776f756c642062652069742e',
|
|
|
13eaef |
- plainIsHex: true,
|
|
|
13eaef |
- aad: '50515253c0c1c2c3c4c5c6c7',
|
|
|
13eaef |
- ct: 'd31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5' +
|
|
|
13eaef |
- 'a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e06' +
|
|
|
13eaef |
- '0b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fa' +
|
|
|
13eaef |
- 'b324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d265' +
|
|
|
13eaef |
- '86cec64b6116',
|
|
|
13eaef |
- tag: '1ae10b594f09e26a7e902ecbd0600691',
|
|
|
13eaef |
- tampered: false,
|
|
|
13eaef |
- };
|
|
|
13eaef |
-
|
|
|
13eaef |
- // Invalid IV lengths should be detected:
|
|
|
13eaef |
- // - 12 and below are valid.
|
|
|
13eaef |
- // - 13-16 are not detected as invalid by some OpenSSL versions.
|
|
|
13eaef |
- check(13);
|
|
|
13eaef |
- check(14);
|
|
|
13eaef |
- check(15);
|
|
|
13eaef |
- check(16);
|
|
|
13eaef |
- // - 17 and above were always detected as invalid by OpenSSL.
|
|
|
13eaef |
- check(17);
|
|
|
13eaef |
-
|
|
|
13eaef |
- function check(ivLength) {
|
|
|
13eaef |
- const prefix = ivLength - valid.iv.length / 2;
|
|
|
13eaef |
- assert.throws(() => crypto.createCipheriv(
|
|
|
13eaef |
- valid.algo,
|
|
|
13eaef |
- Buffer.from(valid.key, 'hex'),
|
|
|
13eaef |
- Buffer.from(H(prefix) + valid.iv, 'hex'),
|
|
|
13eaef |
- { authTagLength: valid.tag.length / 2 }
|
|
|
13eaef |
- ), errMessages.length, `iv length ${ivLength} was not rejected`);
|
|
|
13eaef |
-
|
|
|
13eaef |
- function H(length) { return '00'.repeat(length); }
|
|
|
13eaef |
- }
|
|
|
13eaef |
-}
|
|
|
13eaef |
diff --git a/test/parallel/test-crypto-hash.js b/test/parallel/test-crypto-hash.js
|
|
|
13eaef |
index 4d3214adb2..de15f00bc9 100644
|
|
|
13eaef |
--- a/test/parallel/test-crypto-hash.js
|
|
|
13eaef |
+++ b/test/parallel/test-crypto-hash.js
|
|
|
13eaef |
@@ -185,71 +185,3 @@ common.expectsError(
|
|
|
13eaef |
assert(instance instanceof Hash, 'Hash is expected to return a new instance' +
|
|
|
13eaef |
' when called without `new`');
|
|
|
13eaef |
}
|
|
|
13eaef |
-
|
|
|
13eaef |
-// Test XOF hash functions and the outputLength option.
|
|
|
13eaef |
-{
|
|
|
13eaef |
- // Default outputLengths.
|
|
|
13eaef |
- assert.strictEqual(crypto.createHash('shake128').digest('hex'),
|
|
|
13eaef |
- '7f9c2ba4e88f827d616045507605853e');
|
|
|
13eaef |
- assert.strictEqual(crypto.createHash('shake128', null).digest('hex'),
|
|
|
13eaef |
- '7f9c2ba4e88f827d616045507605853e');
|
|
|
13eaef |
- assert.strictEqual(crypto.createHash('shake256').digest('hex'),
|
|
|
13eaef |
- '46b9dd2b0ba88d13233b3feb743eeb24' +
|
|
|
13eaef |
- '3fcd52ea62b81b82b50c27646ed5762f');
|
|
|
13eaef |
-
|
|
|
13eaef |
- // Short outputLengths.
|
|
|
13eaef |
- assert.strictEqual(crypto.createHash('shake128', { outputLength: 0 })
|
|
|
13eaef |
- .digest('hex'),
|
|
|
13eaef |
- '');
|
|
|
13eaef |
- assert.strictEqual(crypto.createHash('shake128', { outputLength: 5 })
|
|
|
13eaef |
- .digest('hex'),
|
|
|
13eaef |
- '7f9c2ba4e8');
|
|
|
13eaef |
- assert.strictEqual(crypto.createHash('shake128', { outputLength: 15 })
|
|
|
13eaef |
- .digest('hex'),
|
|
|
13eaef |
- '7f9c2ba4e88f827d61604550760585');
|
|
|
13eaef |
- assert.strictEqual(crypto.createHash('shake256', { outputLength: 16 })
|
|
|
13eaef |
- .digest('hex'),
|
|
|
13eaef |
- '46b9dd2b0ba88d13233b3feb743eeb24');
|
|
|
13eaef |
-
|
|
|
13eaef |
- // Large outputLengths.
|
|
|
13eaef |
- assert.strictEqual(crypto.createHash('shake128', { outputLength: 128 })
|
|
|
13eaef |
- .digest('hex'),
|
|
|
13eaef |
- '7f9c2ba4e88f827d616045507605853e' +
|
|
|
13eaef |
- 'd73b8093f6efbc88eb1a6eacfa66ef26' +
|
|
|
13eaef |
- '3cb1eea988004b93103cfb0aeefd2a68' +
|
|
|
13eaef |
- '6e01fa4a58e8a3639ca8a1e3f9ae57e2' +
|
|
|
13eaef |
- '35b8cc873c23dc62b8d260169afa2f75' +
|
|
|
13eaef |
- 'ab916a58d974918835d25e6a435085b2' +
|
|
|
13eaef |
- 'badfd6dfaac359a5efbb7bcc4b59d538' +
|
|
|
13eaef |
- 'df9a04302e10c8bc1cbf1a0b3a5120ea');
|
|
|
13eaef |
- const superLongHash = crypto.createHash('shake256', {
|
|
|
13eaef |
- outputLength: 1024 * 1024
|
|
|
13eaef |
- }).update('The message is shorter than the hash!')
|
|
|
13eaef |
- .digest('hex');
|
|
|
13eaef |
- assert.strictEqual(superLongHash.length, 2 * 1024 * 1024);
|
|
|
13eaef |
- assert.ok(superLongHash.endsWith('193414035ddba77bf7bba97981e656ec'));
|
|
|
13eaef |
- assert.ok(superLongHash.startsWith('a2a28dbc49cfd6e5d6ceea3d03e77748'));
|
|
|
13eaef |
-
|
|
|
13eaef |
- // Non-XOF hash functions should accept valid outputLength options as well.
|
|
|
13eaef |
- assert.strictEqual(crypto.createHash('sha224', { outputLength: 28 })
|
|
|
13eaef |
- .digest('hex'),
|
|
|
13eaef |
- 'd14a028c2a3a2bc9476102bb288234c4' +
|
|
|
13eaef |
- '15a2b01f828ea62ac5b3e42f');
|
|
|
13eaef |
-
|
|
|
13eaef |
- // Passing invalid sizes should throw during creation.
|
|
|
13eaef |
- common.expectsError(() => {
|
|
|
13eaef |
- crypto.createHash('sha256', { outputLength: 28 });
|
|
|
13eaef |
- }, {
|
|
|
13eaef |
- code: 'ERR_OSSL_EVP_NOT_XOF_OR_INVALID_LENGTH'
|
|
|
13eaef |
- });
|
|
|
13eaef |
-
|
|
|
13eaef |
- for (const outputLength of [null, {}, 'foo', false]) {
|
|
|
13eaef |
- common.expectsError(() => crypto.createHash('sha256', { outputLength }),
|
|
|
13eaef |
- { code: 'ERR_INVALID_ARG_TYPE' });
|
|
|
13eaef |
- }
|
|
|
13eaef |
-
|
|
|
13eaef |
- for (const outputLength of [-1, .5, Infinity, 2 ** 90]) {
|
|
|
13eaef |
- common.expectsError(() => crypto.createHash('sha256', { outputLength }),
|
|
|
13eaef |
- { code: 'ERR_OUT_OF_RANGE' });
|
|
|
13eaef |
- }
|
|
|
13eaef |
-}
|
|
|
13eaef |
diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js
|
|
|
13eaef |
index 558f7dc1f4..c94aae025e 100644
|
|
|
13eaef |
--- a/test/parallel/test-crypto-key-objects.js
|
|
|
13eaef |
+++ b/test/parallel/test-crypto-key-objects.js
|
|
|
13eaef |
@@ -202,42 +202,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
|
|
|
13eaef |
});
|
|
|
13eaef |
}
|
|
|
13eaef |
|
|
|
13eaef |
-[
|
|
|
13eaef |
- { private: fixtures.readKey('ed25519_private.pem', 'ascii'),
|
|
|
13eaef |
- public: fixtures.readKey('ed25519_public.pem', 'ascii'),
|
|
|
13eaef |
- keyType: 'ed25519' },
|
|
|
13eaef |
- { private: fixtures.readKey('ed448_private.pem', 'ascii'),
|
|
|
13eaef |
- public: fixtures.readKey('ed448_public.pem', 'ascii'),
|
|
|
13eaef |
- keyType: 'ed448' },
|
|
|
13eaef |
- { private: fixtures.readKey('x25519_private.pem', 'ascii'),
|
|
|
13eaef |
- public: fixtures.readKey('x25519_public.pem', 'ascii'),
|
|
|
13eaef |
- keyType: 'x25519' },
|
|
|
13eaef |
- { private: fixtures.readKey('x448_private.pem', 'ascii'),
|
|
|
13eaef |
- public: fixtures.readKey('x448_public.pem', 'ascii'),
|
|
|
13eaef |
- keyType: 'x448' },
|
|
|
13eaef |
-].forEach((info) => {
|
|
|
13eaef |
- const keyType = info.keyType;
|
|
|
13eaef |
-
|
|
|
13eaef |
- {
|
|
|
13eaef |
- const exportOptions = { type: 'pkcs8', format: 'pem' };
|
|
|
13eaef |
- const key = createPrivateKey(info.private);
|
|
|
13eaef |
- assert.strictEqual(key.type, 'private');
|
|
|
13eaef |
- assert.strictEqual(key.asymmetricKeyType, keyType);
|
|
|
13eaef |
- assert.strictEqual(key.symmetricKeySize, undefined);
|
|
|
13eaef |
- assert.strictEqual(key.export(exportOptions), info.private);
|
|
|
13eaef |
- }
|
|
|
13eaef |
-
|
|
|
13eaef |
- {
|
|
|
13eaef |
- const exportOptions = { type: 'spki', format: 'pem' };
|
|
|
13eaef |
- [info.private, info.public].forEach((pem) => {
|
|
|
13eaef |
- const key = createPublicKey(pem);
|
|
|
13eaef |
- assert.strictEqual(key.type, 'public');
|
|
|
13eaef |
- assert.strictEqual(key.asymmetricKeyType, keyType);
|
|
|
13eaef |
- assert.strictEqual(key.symmetricKeySize, undefined);
|
|
|
13eaef |
- assert.strictEqual(key.export(exportOptions), info.public);
|
|
|
13eaef |
- });
|
|
|
13eaef |
- }
|
|
|
13eaef |
-});
|
|
|
13eaef |
|
|
|
13eaef |
{
|
|
|
13eaef |
// Reading an encrypted key without a passphrase should fail.
|
|
|
13eaef |
@@ -284,145 +248,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
|
|
|
13eaef |
|
|
|
13eaef |
}
|
|
|
13eaef |
|
|
|
13eaef |
-{
|
|
|
13eaef |
- // Test RSA-PSS.
|
|
|
13eaef |
- {
|
|
|
13eaef |
- // This key pair does not restrict the message digest algorithm or salt
|
|
|
13eaef |
- // length.
|
|
|
13eaef |
- const publicPem = fixtures.readKey('rsa_pss_public_2048.pem');
|
|
|
13eaef |
- const privatePem = fixtures.readKey('rsa_pss_private_2048.pem');
|
|
|
13eaef |
-
|
|
|
13eaef |
- const publicKey = createPublicKey(publicPem);
|
|
|
13eaef |
- const privateKey = createPrivateKey(privatePem);
|
|
|
13eaef |
-
|
|
|
13eaef |
- assert.strictEqual(publicKey.type, 'public');
|
|
|
13eaef |
- assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
|
|
|
13eaef |
-
|
|
|
13eaef |
- assert.strictEqual(privateKey.type, 'private');
|
|
|
13eaef |
- assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
|
|
|
13eaef |
-
|
|
|
13eaef |
- for (const key of [privatePem, privateKey]) {
|
|
|
13eaef |
- // Any algorithm should work.
|
|
|
13eaef |
- for (const algo of ['sha1', 'sha256']) {
|
|
|
13eaef |
- // Any salt length should work.
|
|
|
13eaef |
- for (const saltLength of [undefined, 8, 10, 12, 16, 18, 20]) {
|
|
|
13eaef |
- const signature = createSign(algo)
|
|
|
13eaef |
- .update('foo')
|
|
|
13eaef |
- .sign({ key, saltLength });
|
|
|
13eaef |
-
|
|
|
13eaef |
- for (const pkey of [key, publicKey, publicPem]) {
|
|
|
13eaef |
- const okay = createVerify(algo)
|
|
|
13eaef |
- .update('foo')
|
|
|
13eaef |
- .verify({ key: pkey, saltLength }, signature);
|
|
|
13eaef |
-
|
|
|
13eaef |
- assert.ok(okay);
|
|
|
13eaef |
- }
|
|
|
13eaef |
- }
|
|
|
13eaef |
- }
|
|
|
13eaef |
- }
|
|
|
13eaef |
-
|
|
|
13eaef |
- // Exporting the key using PKCS#1 should not work since this would discard
|
|
|
13eaef |
- // any algorithm restrictions.
|
|
|
13eaef |
- common.expectsError(() => {
|
|
|
13eaef |
- publicKey.export({ format: 'pem', type: 'pkcs1' });
|
|
|
13eaef |
- }, {
|
|
|
13eaef |
- code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS'
|
|
|
13eaef |
- });
|
|
|
13eaef |
- }
|
|
|
13eaef |
-
|
|
|
13eaef |
- {
|
|
|
13eaef |
- // This key pair enforces sha256 as the message digest and the MGF1
|
|
|
13eaef |
- // message digest and a salt length of at least 16 bytes.
|
|
|
13eaef |
- const publicPem =
|
|
|
13eaef |
- fixtures.readKey('rsa_pss_public_2048_sha256_sha256_16.pem');
|
|
|
13eaef |
- const privatePem =
|
|
|
13eaef |
- fixtures.readKey('rsa_pss_private_2048_sha256_sha256_16.pem');
|
|
|
13eaef |
-
|
|
|
13eaef |
- const publicKey = createPublicKey(publicPem);
|
|
|
13eaef |
- const privateKey = createPrivateKey(privatePem);
|
|
|
13eaef |
-
|
|
|
13eaef |
- assert.strictEqual(publicKey.type, 'public');
|
|
|
13eaef |
- assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
|
|
|
13eaef |
-
|
|
|
13eaef |
- assert.strictEqual(privateKey.type, 'private');
|
|
|
13eaef |
- assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
|
|
|
13eaef |
-
|
|
|
13eaef |
- for (const key of [privatePem, privateKey]) {
|
|
|
13eaef |
- // Signing with anything other than sha256 should fail.
|
|
|
13eaef |
- assert.throws(() => {
|
|
|
13eaef |
- createSign('sha1').sign(key);
|
|
|
13eaef |
- }, /digest not allowed/);
|
|
|
13eaef |
-
|
|
|
13eaef |
- // Signing with salt lengths less than 16 bytes should fail.
|
|
|
13eaef |
- for (const saltLength of [8, 10, 12]) {
|
|
|
13eaef |
- assert.throws(() => {
|
|
|
13eaef |
- createSign('sha1').sign({ key, saltLength });
|
|
|
13eaef |
- }, /pss saltlen too small/);
|
|
|
13eaef |
- }
|
|
|
13eaef |
-
|
|
|
13eaef |
- // Signing with sha256 and appropriate salt lengths should work.
|
|
|
13eaef |
- for (const saltLength of [undefined, 16, 18, 20]) {
|
|
|
13eaef |
- const signature = createSign('sha256')
|
|
|
13eaef |
- .update('foo')
|
|
|
13eaef |
- .sign({ key, saltLength });
|
|
|
13eaef |
-
|
|
|
13eaef |
- for (const pkey of [key, publicKey, publicPem]) {
|
|
|
13eaef |
- const okay = createVerify('sha256')
|
|
|
13eaef |
- .update('foo')
|
|
|
13eaef |
- .verify({ key: pkey, saltLength }, signature);
|
|
|
13eaef |
-
|
|
|
13eaef |
- assert.ok(okay);
|
|
|
13eaef |
- }
|
|
|
13eaef |
- }
|
|
|
13eaef |
- }
|
|
|
13eaef |
- }
|
|
|
13eaef |
-
|
|
|
13eaef |
- {
|
|
|
13eaef |
- // This key enforces sha512 as the message digest and sha256 as the MGF1
|
|
|
13eaef |
- // message digest.
|
|
|
13eaef |
- const publicPem =
|
|
|
13eaef |
- fixtures.readKey('rsa_pss_public_2048_sha512_sha256_20.pem');
|
|
|
13eaef |
- const privatePem =
|
|
|
13eaef |
- fixtures.readKey('rsa_pss_private_2048_sha512_sha256_20.pem');
|
|
|
13eaef |
-
|
|
|
13eaef |
- const publicKey = createPublicKey(publicPem);
|
|
|
13eaef |
- const privateKey = createPrivateKey(privatePem);
|
|
|
13eaef |
-
|
|
|
13eaef |
- assert.strictEqual(publicKey.type, 'public');
|
|
|
13eaef |
- assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
|
|
|
13eaef |
-
|
|
|
13eaef |
- assert.strictEqual(privateKey.type, 'private');
|
|
|
13eaef |
- assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
|
|
|
13eaef |
-
|
|
|
13eaef |
- // Node.js usually uses the same hash function for the message and for MGF1.
|
|
|
13eaef |
- // However, when a different MGF1 message digest algorithm has been
|
|
|
13eaef |
- // specified as part of the key, it should automatically switch to that.
|
|
|
13eaef |
- // This behavior is required by sections 3.1 and 3.3 of RFC4055.
|
|
|
13eaef |
- for (const key of [privatePem, privateKey]) {
|
|
|
13eaef |
- // sha256 matches the MGF1 hash function and should be used internally,
|
|
|
13eaef |
- // but it should not be permitted as the main message digest algorithm.
|
|
|
13eaef |
- for (const algo of ['sha1', 'sha256']) {
|
|
|
13eaef |
- assert.throws(() => {
|
|
|
13eaef |
- createSign(algo).sign(key);
|
|
|
13eaef |
- }, /digest not allowed/);
|
|
|
13eaef |
- }
|
|
|
13eaef |
-
|
|
|
13eaef |
- // sha512 should produce a valid signature.
|
|
|
13eaef |
- const signature = createSign('sha512')
|
|
|
13eaef |
- .update('foo')
|
|
|
13eaef |
- .sign(key);
|
|
|
13eaef |
-
|
|
|
13eaef |
- for (const pkey of [key, publicKey, publicPem]) {
|
|
|
13eaef |
- const okay = createVerify('sha512')
|
|
|
13eaef |
- .update('foo')
|
|
|
13eaef |
- .verify(pkey, signature);
|
|
|
13eaef |
-
|
|
|
13eaef |
- assert.ok(okay);
|
|
|
13eaef |
- }
|
|
|
13eaef |
- }
|
|
|
13eaef |
- }
|
|
|
13eaef |
-}
|
|
|
13eaef |
-
|
|
|
13eaef |
{
|
|
|
13eaef |
// Exporting an encrypted private key requires a cipher
|
|
|
13eaef |
const privateKey = createPrivateKey(privatePem);
|
|
|
13eaef |
diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js
|
|
|
13eaef |
index 8c3432e06c..07815e11e5 100644
|
|
|
13eaef |
--- a/test/parallel/test-crypto-keygen.js
|
|
|
13eaef |
+++ b/test/parallel/test-crypto-keygen.js
|
|
|
13eaef |
@@ -265,43 +265,6 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
|
|
|
13eaef |
}));
|
|
|
13eaef |
}
|
|
|
13eaef |
|
|
|
13eaef |
-{
|
|
|
13eaef |
- // Test RSA-PSS.
|
|
|
13eaef |
- generateKeyPair('rsa-pss', {
|
|
|
13eaef |
- modulusLength: 512,
|
|
|
13eaef |
- saltLength: 16,
|
|
|
13eaef |
- hash: 'sha256',
|
|
|
13eaef |
- mgf1Hash: 'sha256'
|
|
|
13eaef |
- }, common.mustCall((err, publicKey, privateKey) => {
|
|
|
13eaef |
- assert.ifError(err);
|
|
|
13eaef |
-
|
|
|
13eaef |
- assert.strictEqual(publicKey.type, 'public');
|
|
|
13eaef |
- assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
|
|
|
13eaef |
-
|
|
|
13eaef |
- assert.strictEqual(privateKey.type, 'private');
|
|
|
13eaef |
- assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
|
|
|
13eaef |
-
|
|
|
13eaef |
- // Unlike RSA, RSA-PSS does not allow encryption.
|
|
|
13eaef |
- assert.throws(() => {
|
|
|
13eaef |
- testEncryptDecrypt(publicKey, privateKey);
|
|
|
13eaef |
- }, /operation not supported for this keytype/);
|
|
|
13eaef |
-
|
|
|
13eaef |
- // RSA-PSS also does not permit signing with PKCS1 padding.
|
|
|
13eaef |
- assert.throws(() => {
|
|
|
13eaef |
- testSignVerify({
|
|
|
13eaef |
- key: publicKey,
|
|
|
13eaef |
- padding: constants.RSA_PKCS1_PADDING
|
|
|
13eaef |
- }, {
|
|
|
13eaef |
- key: privateKey,
|
|
|
13eaef |
- padding: constants.RSA_PKCS1_PADDING
|
|
|
13eaef |
- });
|
|
|
13eaef |
- }, /illegal or unsupported padding mode/);
|
|
|
13eaef |
-
|
|
|
13eaef |
- // The padding should correctly default to RSA_PKCS1_PSS_PADDING now.
|
|
|
13eaef |
- testSignVerify(publicKey, privateKey);
|
|
|
13eaef |
- }));
|
|
|
13eaef |
-}
|
|
|
13eaef |
-
|
|
|
13eaef |
{
|
|
|
13eaef |
const privateKeyEncoding = {
|
|
|
13eaef |
type: 'pkcs8',
|
|
|
13eaef |
@@ -964,23 +927,6 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
|
|
|
13eaef |
}));
|
|
|
13eaef |
}
|
|
|
13eaef |
|
|
|
13eaef |
-// Test EdDSA key generation.
|
|
|
13eaef |
-{
|
|
|
13eaef |
- if (!/^1\.1\.0/.test(process.versions.openssl)) {
|
|
|
13eaef |
- ['ed25519', 'ed448', 'x25519', 'x448'].forEach((keyType) => {
|
|
|
13eaef |
- generateKeyPair(keyType, common.mustCall((err, publicKey, privateKey) => {
|
|
|
13eaef |
- assert.ifError(err);
|
|
|
13eaef |
-
|
|
|
13eaef |
- assert.strictEqual(publicKey.type, 'public');
|
|
|
13eaef |
- assert.strictEqual(publicKey.asymmetricKeyType, keyType);
|
|
|
13eaef |
-
|
|
|
13eaef |
- assert.strictEqual(privateKey.type, 'private');
|
|
|
13eaef |
- assert.strictEqual(privateKey.asymmetricKeyType, keyType);
|
|
|
13eaef |
- }));
|
|
|
13eaef |
- });
|
|
|
13eaef |
- }
|
|
|
13eaef |
-}
|
|
|
13eaef |
-
|
|
|
13eaef |
// Test invalid key encoding types.
|
|
|
13eaef |
{
|
|
|
13eaef |
// Invalid public key type.
|
|
|
13eaef |
diff --git a/test/parallel/test-crypto-pbkdf2.js b/test/parallel/test-crypto-pbkdf2.js
|
|
|
13eaef |
index 1d4e6f6617..64e8e8dbde 100644
|
|
|
13eaef |
--- a/test/parallel/test-crypto-pbkdf2.js
|
|
|
13eaef |
+++ b/test/parallel/test-crypto-pbkdf2.js
|
|
|
13eaef |
@@ -221,21 +221,3 @@ crypto.pbkdf2Sync(new Float32Array(10), 'salt', 8, 8, 'sha256');
|
|
|
13eaef |
crypto.pbkdf2Sync('pass', new Float32Array(10), 8, 8, 'sha256');
|
|
|
13eaef |
crypto.pbkdf2Sync(new Float64Array(10), 'salt', 8, 8, 'sha256');
|
|
|
13eaef |
crypto.pbkdf2Sync('pass', new Float64Array(10), 8, 8, 'sha256');
|
|
|
13eaef |
-
|
|
|
13eaef |
-assert.throws(
|
|
|
13eaef |
- () => crypto.pbkdf2('pass', 'salt', 8, 8, 'md55', common.mustNotCall()),
|
|
|
13eaef |
- {
|
|
|
13eaef |
- code: 'ERR_CRYPTO_INVALID_DIGEST',
|
|
|
13eaef |
- name: 'TypeError',
|
|
|
13eaef |
- message: 'Invalid digest: md55'
|
|
|
13eaef |
- }
|
|
|
13eaef |
-);
|
|
|
13eaef |
-
|
|
|
13eaef |
-assert.throws(
|
|
|
13eaef |
- () => crypto.pbkdf2Sync('pass', 'salt', 8, 8, 'md55'),
|
|
|
13eaef |
- {
|
|
|
13eaef |
- code: 'ERR_CRYPTO_INVALID_DIGEST',
|
|
|
13eaef |
- name: 'TypeError',
|
|
|
13eaef |
- message: 'Invalid digest: md55'
|
|
|
13eaef |
- }
|
|
|
13eaef |
-);
|
|
|
13eaef |
diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
|
|
|
13eaef |
index 66c7ac7d80..2a48025455 100644
|
|
|
13eaef |
--- a/test/parallel/test-crypto-sign-verify.js
|
|
|
13eaef |
+++ b/test/parallel/test-crypto-sign-verify.js
|
|
|
13eaef |
@@ -418,14 +418,6 @@ common.expectsError(
|
|
|
13eaef |
}
|
|
|
13eaef |
|
|
|
13eaef |
[
|
|
|
13eaef |
- { private: fixtures.readKey('ed25519_private.pem', 'ascii'),
|
|
|
13eaef |
- public: fixtures.readKey('ed25519_public.pem', 'ascii'),
|
|
|
13eaef |
- algo: null,
|
|
|
13eaef |
- sigLen: 64 },
|
|
|
13eaef |
- { private: fixtures.readKey('ed448_private.pem', 'ascii'),
|
|
|
13eaef |
- public: fixtures.readKey('ed448_public.pem', 'ascii'),
|
|
|
13eaef |
- algo: null,
|
|
|
13eaef |
- sigLen: 114 },
|
|
|
13eaef |
{ private: fixtures.readKey('rsa_private_2048.pem', 'ascii'),
|
|
|
13eaef |
public: fixtures.readKey('rsa_public_2048.pem', 'ascii'),
|
|
|
13eaef |
algo: 'sha1',
|
|
|
13eaef |
diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js
|
|
|
13eaef |
index 9337621d37..ac1fcce397 100644
|
|
|
13eaef |
--- a/test/parallel/test-crypto.js
|
|
|
13eaef |
+++ b/test/parallel/test-crypto.js
|
|
|
13eaef |
@@ -129,7 +129,7 @@ validateList(cryptoCiphers);
|
|
|
13eaef |
// Assume that we have at least AES256-SHA.
|
|
|
13eaef |
const tlsCiphers = tls.getCiphers();
|
|
|
13eaef |
assert(tls.getCiphers().includes('aes256-sha'));
|
|
|
13eaef |
-assert(tls.getCiphers().includes('tls_aes_128_ccm_8_sha256'));
|
|
|
13eaef |
+//assert(tls.getCiphers().includes('tls_aes_128_ccm_8_sha256')); // TLSv1.3
|
|
|
13eaef |
// There should be no capital letters in any element.
|
|
|
13eaef |
const noCapitals = /^[^A-Z]+$/;
|
|
|
13eaef |
assert(tlsCiphers.every((value) => noCapitals.test(value)));
|
|
|
13eaef |
@@ -235,9 +235,9 @@ assert.throws(function() {
|
|
|
13eaef |
}, (err) => {
|
|
|
13eaef |
// Do the standard checks, but then do some custom checks afterwards.
|
|
|
13eaef |
assert.throws(() => { throw err; }, {
|
|
|
13eaef |
- message: 'error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag',
|
|
|
13eaef |
+ message: 'error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag',
|
|
|
13eaef |
library: 'asn1 encoding routines',
|
|
|
13eaef |
- function: 'asn1_check_tlen',
|
|
|
13eaef |
+ function: 'ASN1_CHECK_TLEN',
|
|
|
13eaef |
reason: 'wrong tag',
|
|
|
13eaef |
code: 'ERR_OSSL_ASN1_WRONG_TAG',
|
|
|
13eaef |
});
|
|
|
13eaef |
diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js
|
|
|
13eaef |
index 3f5cd36e8b..8e13b150bb 100644
|
|
|
13eaef |
--- a/test/parallel/test-https-agent-session-eviction.js
|
|
|
13eaef |
+++ b/test/parallel/test-https-agent-session-eviction.js
|
|
|
13eaef |
@@ -7,8 +7,10 @@ const { readKey } = require('../common/fixtures');
|
|
|
13eaef |
if (!common.hasCrypto)
|
|
|
13eaef |
common.skip('missing crypto');
|
|
|
13eaef |
|
|
|
13eaef |
+const assert = require('assert');
|
|
|
13eaef |
const https = require('https');
|
|
|
13eaef |
-const { SSL_OP_NO_TICKET } = require('crypto').constants;
|
|
|
13eaef |
+const { OPENSSL_VERSION_NUMBER, SSL_OP_NO_TICKET } =
|
|
|
13eaef |
+ require('crypto').constants;
|
|
|
13eaef |
|
|
|
13eaef |
const options = {
|
|
|
13eaef |
key: readKey('agent1-key.pem'),
|
|
|
13eaef |
@@ -58,12 +60,38 @@ function second(server, session) {
|
|
|
13eaef |
res.resume();
|
|
|
13eaef |
});
|
|
|
13eaef |
|
|
|
13eaef |
- // Although we have a TLS 1.2 session to offer to the TLS 1.0 server,
|
|
|
13eaef |
- // connection to the TLS 1.0 server should work.
|
|
|
13eaef |
- req.on('response', common.mustCall(function(res) {
|
|
|
13eaef |
- // The test is now complete for OpenSSL 1.1.0.
|
|
|
13eaef |
- server.close();
|
|
|
13eaef |
- }));
|
|
|
13eaef |
+ if (OPENSSL_VERSION_NUMBER >= 0x10100000) {
|
|
|
13eaef |
+ // Although we have a TLS 1.2 session to offer to the TLS 1.0 server,
|
|
|
13eaef |
+ // connection to the TLS 1.0 server should work.
|
|
|
13eaef |
+ req.on('response', common.mustCall(function(res) {
|
|
|
13eaef |
+ // The test is now complete for OpenSSL 1.1.0.
|
|
|
13eaef |
+ server.close();
|
|
|
13eaef |
+ }));
|
|
|
13eaef |
+ } else {
|
|
|
13eaef |
+ // OpenSSL 1.0.x mistakenly locked versions based on the session it was
|
|
|
13eaef |
+ // offering. This causes this sequent request to fail. Let it fail, but
|
|
|
13eaef |
+ // test that this is mitigated on the next try by invalidating the session.
|
|
|
13eaef |
+ req.on('error', common.mustCall(function(err) {
|
|
|
13eaef |
+ assert(/wrong version number/.test(err.message));
|
|
|
13eaef |
+
|
|
|
13eaef |
+ req.on('close', function() {
|
|
|
13eaef |
+ third(server);
|
|
|
13eaef |
+ });
|
|
|
13eaef |
+ }));
|
|
|
13eaef |
+ }
|
|
|
13eaef |
+ req.end();
|
|
|
13eaef |
+}
|
|
|
13eaef |
|
|
|
13eaef |
+// Try one more time - session should be evicted!
|
|
|
13eaef |
+function third(server) {
|
|
|
13eaef |
+ const req = https.request({
|
|
|
13eaef |
+ port: server.address().port,
|
|
|
13eaef |
+ rejectUnauthorized: false
|
|
|
13eaef |
+ }, function(res) {
|
|
|
13eaef |
+ res.resume();
|
|
|
13eaef |
+ assert(!req.socket.isSessionReused());
|
|
|
13eaef |
+ server.close();
|
|
|
13eaef |
+ });
|
|
|
13eaef |
+ req.on('error', common.mustNotCall());
|
|
|
13eaef |
req.end();
|
|
|
13eaef |
}
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-alert-handling.js b/test/parallel/test-tls-alert-handling.js
|
|
|
13eaef |
index f9f42e2d51..9dc4637ff0 100644
|
|
|
13eaef |
--- a/test/parallel/test-tls-alert-handling.js
|
|
|
13eaef |
+++ b/test/parallel/test-tls-alert-handling.js
|
|
|
13eaef |
@@ -33,7 +33,7 @@ let iter = 0;
|
|
|
13eaef |
const errorHandler = common.mustCall((err) => {
|
|
|
13eaef |
assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER');
|
|
|
13eaef |
assert.strictEqual(err.library, 'SSL routines');
|
|
|
13eaef |
- assert.strictEqual(err.function, 'ssl3_get_record');
|
|
|
13eaef |
+ assert.strictEqual(err.function, 'SSL3_GET_RECORD');
|
|
|
13eaef |
assert.strictEqual(err.reason, 'wrong version number');
|
|
|
13eaef |
errorReceived = true;
|
|
|
13eaef |
if (canCloseServer())
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-cli-min-version-1.0.js b/test/parallel/test-tls-cli-min-version-1.0.js
|
|
|
13eaef |
index 577562782e..0a227c0b94 100644
|
|
|
13eaef |
--- a/test/parallel/test-tls-cli-min-version-1.0.js
|
|
|
13eaef |
+++ b/test/parallel/test-tls-cli-min-version-1.0.js
|
|
|
13eaef |
@@ -8,7 +8,7 @@ if (!common.hasCrypto) common.skip('missing crypto');
|
|
|
13eaef |
const assert = require('assert');
|
|
|
13eaef |
const tls = require('tls');
|
|
|
13eaef |
|
|
|
13eaef |
-assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
|
|
|
13eaef |
+assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.2');
|
|
|
13eaef |
assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1');
|
|
|
13eaef |
|
|
|
13eaef |
// Check the min-max version protocol versions against these CLI settings.
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-cli-min-version-1.1.js b/test/parallel/test-tls-cli-min-version-1.1.js
|
|
|
13eaef |
index 3af2b39546..1219c82030 100644
|
|
|
13eaef |
--- a/test/parallel/test-tls-cli-min-version-1.1.js
|
|
|
13eaef |
+++ b/test/parallel/test-tls-cli-min-version-1.1.js
|
|
|
13eaef |
@@ -8,7 +8,7 @@ if (!common.hasCrypto) common.skip('missing crypto');
|
|
|
13eaef |
const assert = require('assert');
|
|
|
13eaef |
const tls = require('tls');
|
|
|
13eaef |
|
|
|
13eaef |
-assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
|
|
|
13eaef |
+assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.2');
|
|
|
13eaef |
assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1.1');
|
|
|
13eaef |
|
|
|
13eaef |
// Check the min-max version protocol versions against these CLI settings.
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-cli-min-version-1.2.js b/test/parallel/test-tls-cli-min-version-1.2.js
|
|
|
13eaef |
index 8385eabd0b..058dc180f6 100644
|
|
|
13eaef |
--- a/test/parallel/test-tls-cli-min-version-1.2.js
|
|
|
13eaef |
+++ b/test/parallel/test-tls-cli-min-version-1.2.js
|
|
|
13eaef |
@@ -8,7 +8,7 @@ if (!common.hasCrypto) common.skip('missing crypto');
|
|
|
13eaef |
const assert = require('assert');
|
|
|
13eaef |
const tls = require('tls');
|
|
|
13eaef |
|
|
|
13eaef |
-assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.3');
|
|
|
13eaef |
+assert.strictEqual(tls.DEFAULT_MAX_VERSION, 'TLSv1.2');
|
|
|
13eaef |
assert.strictEqual(tls.DEFAULT_MIN_VERSION, 'TLSv1.2');
|
|
|
13eaef |
|
|
|
13eaef |
// Check the min-max version protocol versions against these CLI settings.
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-client-getephemeralkeyinfo.js b/test/parallel/test-tls-client-getephemeralkeyinfo.js
|
|
|
13eaef |
index 599306993e..cdfe5de87e 100644
|
|
|
13eaef |
--- a/test/parallel/test-tls-client-getephemeralkeyinfo.js
|
|
|
13eaef |
+++ b/test/parallel/test-tls-client-getephemeralkeyinfo.js
|
|
|
13eaef |
@@ -59,5 +59,3 @@ test(1024, 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256');
|
|
|
13eaef |
test(2048, 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256');
|
|
|
13eaef |
test(256, 'ECDH', 'prime256v1', 'ECDHE-RSA-AES128-GCM-SHA256');
|
|
|
13eaef |
test(521, 'ECDH', 'secp521r1', 'ECDHE-RSA-AES128-GCM-SHA256');
|
|
|
13eaef |
-test(253, 'ECDH', 'X25519', 'ECDHE-RSA-AES128-GCM-SHA256');
|
|
|
13eaef |
-test(448, 'ECDH', 'X448', 'ECDHE-RSA-AES128-GCM-SHA256');
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-destroy-stream.js b/test/parallel/test-tls-destroy-stream.js
|
|
|
13eaef |
index a49e985a7e..1964f676c2 100644
|
|
|
13eaef |
--- a/test/parallel/test-tls-destroy-stream.js
|
|
|
13eaef |
+++ b/test/parallel/test-tls-destroy-stream.js
|
|
|
13eaef |
@@ -9,7 +9,7 @@ const net = require('net');
|
|
|
13eaef |
const assert = require('assert');
|
|
|
13eaef |
const tls = require('tls');
|
|
|
13eaef |
|
|
|
13eaef |
-tls.DEFAULT_MAX_VERSION = 'TLSv1.3';
|
|
|
13eaef |
+tls.DEFAULT_MAX_VERSION = 'TLSv1.2';
|
|
|
13eaef |
|
|
|
13eaef |
// This test ensures that an instance of StreamWrap should emit "end" and
|
|
|
13eaef |
// "close" when the socket on the other side call `destroy()` instead of
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-getcipher.js b/test/parallel/test-tls-getcipher.js
|
|
|
13eaef |
index 624f8efd24..93ad1f678a 100644
|
|
|
13eaef |
--- a/test/parallel/test-tls-getcipher.js
|
|
|
13eaef |
+++ b/test/parallel/test-tls-getcipher.js
|
|
|
13eaef |
@@ -52,7 +52,7 @@ server.listen(0, '127.0.0.1', common.mustCall(function() {
|
|
|
13eaef |
}, common.mustCall(function() {
|
|
|
13eaef |
const cipher = this.getCipher();
|
|
|
13eaef |
assert.strictEqual(cipher.name, 'AES128-SHA256');
|
|
|
13eaef |
- assert.strictEqual(cipher.version, 'TLSv1.2');
|
|
|
13eaef |
+ assert.strictEqual(cipher.version, 'TLSv1/SSLv3');
|
|
|
13eaef |
this.end();
|
|
|
13eaef |
}));
|
|
|
13eaef |
|
|
|
13eaef |
@@ -65,28 +65,7 @@ server.listen(0, '127.0.0.1', common.mustCall(function() {
|
|
|
13eaef |
}, common.mustCall(function() {
|
|
|
13eaef |
const cipher = this.getCipher();
|
|
|
13eaef |
assert.strictEqual(cipher.name, 'ECDHE-RSA-AES128-GCM-SHA256');
|
|
|
13eaef |
- assert.strictEqual(cipher.version, 'TLSv1.2');
|
|
|
13eaef |
+ assert.strictEqual(cipher.version, 'TLSv1/SSLv3');
|
|
|
13eaef |
this.end();
|
|
|
13eaef |
}));
|
|
|
13eaef |
}));
|
|
|
13eaef |
-
|
|
|
13eaef |
-tls.createServer({
|
|
|
13eaef |
- key: fixtures.readKey('agent2-key.pem'),
|
|
|
13eaef |
- cert: fixtures.readKey('agent2-cert.pem'),
|
|
|
13eaef |
- ciphers: 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_8_SHA256',
|
|
|
13eaef |
- maxVersion: 'TLSv1.3',
|
|
|
13eaef |
-}, common.mustCall(function() {
|
|
|
13eaef |
- this.close();
|
|
|
13eaef |
-})).listen(0, common.mustCall(function() {
|
|
|
13eaef |
- const client = tls.connect({
|
|
|
13eaef |
- port: this.address().port,
|
|
|
13eaef |
- ciphers: 'TLS_AES_128_CCM_8_SHA256',
|
|
|
13eaef |
- maxVersion: 'TLSv1.3',
|
|
|
13eaef |
- rejectUnauthorized: false
|
|
|
13eaef |
- }, common.mustCall(() => {
|
|
|
13eaef |
- const cipher = client.getCipher();
|
|
|
13eaef |
- assert.strictEqual(cipher.name, 'TLS_AES_128_CCM_8_SHA256');
|
|
|
13eaef |
- assert.strictEqual(cipher.version, 'TLSv1.3');
|
|
|
13eaef |
- client.end();
|
|
|
13eaef |
- }));
|
|
|
13eaef |
-}));
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-min-max-version.js b/test/parallel/test-tls-min-max-version.js
|
|
|
13eaef |
index 179ae1fa63..8b5435baf5 100644
|
|
|
13eaef |
--- a/test/parallel/test-tls-min-max-version.js
|
|
|
13eaef |
+++ b/test/parallel/test-tls-min-max-version.js
|
|
|
13eaef |
@@ -126,9 +126,9 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.3') {
|
|
|
13eaef |
|
|
|
13eaef |
if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
|
|
|
13eaef |
test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method',
|
|
|
13eaef |
- U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
|
|
|
13eaef |
+ U, 'ECONNRESET', 'ERR_SSL_UNKNOWN_PROTOCOL');
|
|
|
13eaef |
test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
|
|
|
13eaef |
- U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
|
|
|
13eaef |
+ U, 'ECONNRESET', 'ERR_SSL_UNKNOWN_PROTOCOL');
|
|
|
13eaef |
test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',
|
|
|
13eaef |
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
|
|
|
13eaef |
test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
|
|
|
13eaef |
@@ -138,7 +138,7 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
|
|
|
13eaef |
if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
|
|
|
13eaef |
test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method', 'TLSv1.1');
|
|
|
13eaef |
test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
|
|
|
13eaef |
- U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
|
|
|
13eaef |
+ U, 'ECONNRESET', 'ERR_SSL_UNKNOWN_PROTOCOL');
|
|
|
13eaef |
test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method', 'TLSv1.1');
|
|
|
13eaef |
test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
|
|
|
13eaef |
U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
|
|
|
13eaef |
@@ -160,9 +160,9 @@ test(U, U, 'TLSv1_method', U, U, 'TLSv1_method', 'TLSv1');
|
|
|
13eaef |
// The default default.
|
|
|
13eaef |
if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
|
|
|
13eaef |
test(U, U, 'TLSv1_1_method', U, U, U,
|
|
|
13eaef |
- U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
|
|
|
13eaef |
+ U, 'ECONNRESET', 'ERR_SSL_UNKNOWN_PROTOCOL');
|
|
|
13eaef |
test(U, U, 'TLSv1_method', U, U, U,
|
|
|
13eaef |
- U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
|
|
|
13eaef |
+ U, 'ECONNRESET', 'ERR_SSL_UNKNOWN_PROTOCOL');
|
|
|
13eaef |
|
|
|
13eaef |
if (DEFAULT_MAX_VERSION === 'TLSv1.2') {
|
|
|
13eaef |
test(U, U, U, U, U, 'TLSv1_1_method',
|
|
|
13eaef |
@@ -182,7 +182,7 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
|
|
|
13eaef |
if (DEFAULT_MIN_VERSION === 'TLSv1.1') {
|
|
|
13eaef |
test(U, U, 'TLSv1_1_method', U, U, U, 'TLSv1.1');
|
|
|
13eaef |
test(U, U, 'TLSv1_method', U, U, U,
|
|
|
13eaef |
- U, 'ECONNRESET', 'ERR_SSL_UNSUPPORTED_PROTOCOL');
|
|
|
13eaef |
+ U, 'ECONNRESET', 'ERR_SSL_UNKNOWN_PROTOCOL');
|
|
|
13eaef |
test(U, U, U, U, U, 'TLSv1_1_method', 'TLSv1.1');
|
|
|
13eaef |
|
|
|
13eaef |
if (DEFAULT_MAX_VERSION === 'TLSv1.2') {
|
|
|
13eaef |
@@ -213,26 +213,9 @@ test(U, U, 'TLSv1_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1');
|
|
|
13eaef |
test(U, U, 'TLSv1_1_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
|
|
|
13eaef |
test(U, U, 'TLSv1_2_method', 'TLSv1', 'TLSv1.2', U, 'TLSv1.2');
|
|
|
13eaef |
|
|
|
13eaef |
-test('TLSv1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.1');
|
|
|
13eaef |
test('TLSv1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
|
|
|
13eaef |
test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1.1');
|
|
|
13eaef |
-test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1.1');
|
|
|
13eaef |
test('TLSv1', 'TLSv1', U, 'TLSv1', 'TLSv1.1', U, 'TLSv1');
|
|
|
13eaef |
test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
|
|
|
13eaef |
-test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
|
|
|
13eaef |
test('TLSv1.1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.2', U, 'TLSv1.1');
|
|
|
13eaef |
test('TLSv1', 'TLSv1.2', U, 'TLSv1.1', 'TLSv1.1', U, 'TLSv1.1');
|
|
|
13eaef |
-test('TLSv1', 'TLSv1.2', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.2');
|
|
|
13eaef |
-
|
|
|
13eaef |
-// v-any client can connect to v-specific server
|
|
|
13eaef |
-test('TLSv1', 'TLSv1.3', U, 'TLSv1.3', 'TLSv1.3', U, 'TLSv1.3');
|
|
|
13eaef |
-test('TLSv1', 'TLSv1.3', U, 'TLSv1.2', 'TLSv1.3', U, 'TLSv1.3');
|
|
|
13eaef |
-test('TLSv1', 'TLSv1.3', U, 'TLSv1.2', 'TLSv1.2', U, 'TLSv1.2');
|
|
|
13eaef |
-test('TLSv1', 'TLSv1.3', U, 'TLSv1.1', 'TLSv1.1', U, 'TLSv1.1');
|
|
|
13eaef |
-test('TLSv1', 'TLSv1.3', U, 'TLSv1', 'TLSv1', U, 'TLSv1');
|
|
|
13eaef |
-
|
|
|
13eaef |
-// v-specific client can connect to v-any server
|
|
|
13eaef |
-test('TLSv1.3', 'TLSv1.3', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.3');
|
|
|
13eaef |
-test('TLSv1.2', 'TLSv1.2', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.2');
|
|
|
13eaef |
-test('TLSv1.1', 'TLSv1.1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1.1');
|
|
|
13eaef |
-test('TLSv1', 'TLSv1', U, 'TLSv1', 'TLSv1.3', U, 'TLSv1');
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-multi-key.js b/test/parallel/test-tls-multi-key.js
|
|
|
13eaef |
index c5e66f3980..de213f57e2 100644
|
|
|
13eaef |
--- a/test/parallel/test-tls-multi-key.js
|
|
|
13eaef |
+++ b/test/parallel/test-tls-multi-key.js
|
|
|
13eaef |
@@ -157,7 +157,7 @@ function test(options) {
|
|
|
13eaef |
}, common.mustCall(function() {
|
|
|
13eaef |
assert.deepStrictEqual(ecdsa.getCipher(), {
|
|
|
13eaef |
name: 'ECDHE-ECDSA-AES256-GCM-SHA384',
|
|
|
13eaef |
- version: 'TLSv1.2'
|
|
|
13eaef |
+ version: 'TLSv1/SSLv3'
|
|
|
13eaef |
});
|
|
|
13eaef |
assert.strictEqual(ecdsa.getPeerCertificate().subject.CN, eccCN);
|
|
|
13eaef |
assert.strictEqual(ecdsa.getPeerCertificate().asn1Curve, 'prime256v1');
|
|
|
13eaef |
@@ -175,7 +175,7 @@ function test(options) {
|
|
|
13eaef |
}, common.mustCall(function() {
|
|
|
13eaef |
assert.deepStrictEqual(rsa.getCipher(), {
|
|
|
13eaef |
name: 'ECDHE-RSA-AES256-GCM-SHA384',
|
|
|
13eaef |
- version: 'TLSv1.2'
|
|
|
13eaef |
+ version: 'TLSv1/SSLv3'
|
|
|
13eaef |
});
|
|
|
13eaef |
assert.strictEqual(rsa.getPeerCertificate().subject.CN, rsaCN);
|
|
|
13eaef |
assert(rsa.getPeerCertificate().exponent, 'cert for an RSA key');
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-multi-pfx.js b/test/parallel/test-tls-multi-pfx.js
|
|
|
13eaef |
index 3b0c059182..28cd945e3c 100644
|
|
|
13eaef |
--- a/test/parallel/test-tls-multi-pfx.js
|
|
|
13eaef |
+++ b/test/parallel/test-tls-multi-pfx.js
|
|
|
13eaef |
@@ -42,9 +42,9 @@ const server = tls.createServer(options, function(conn) {
|
|
|
13eaef |
process.on('exit', function() {
|
|
|
13eaef |
assert.deepStrictEqual(ciphers, [{
|
|
|
13eaef |
name: 'ECDHE-ECDSA-AES256-GCM-SHA384',
|
|
|
13eaef |
- version: 'TLSv1.2'
|
|
|
13eaef |
+ version: 'TLSv1/SSLv3'
|
|
|
13eaef |
}, {
|
|
|
13eaef |
name: 'ECDHE-RSA-AES256-GCM-SHA384',
|
|
|
13eaef |
- version: 'TLSv1.2'
|
|
|
13eaef |
+ version: 'TLSv1/SSLv3'
|
|
|
13eaef |
}]);
|
|
|
13eaef |
});
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-passphrase.js b/test/parallel/test-tls-passphrase.js
|
|
|
13eaef |
index c3a99c3eb3..4bbabb4c9e 100644
|
|
|
13eaef |
--- a/test/parallel/test-tls-passphrase.js
|
|
|
13eaef |
+++ b/test/parallel/test-tls-passphrase.js
|
|
|
13eaef |
@@ -223,7 +223,7 @@ server.listen(0, common.mustCall(function() {
|
|
|
13eaef |
}, onSecureConnect());
|
|
|
13eaef |
})).unref();
|
|
|
13eaef |
|
|
|
13eaef |
-const errMessagePassword = /bad decrypt/;
|
|
|
13eaef |
+const errMessagePassword = /bad decrypt|bad password read/;
|
|
|
13eaef |
|
|
|
13eaef |
// Missing passphrase
|
|
|
13eaef |
assert.throws(function() {
|
|
|
13eaef |
diff --git a/test/parallel/test-tls-set-ciphers.js b/test/parallel/test-tls-set-ciphers.js
|
|
|
13eaef |
index fbca83b3d5..79fb178303 100644
|
|
|
13eaef |
--- a/test/parallel/test-tls-set-ciphers.js
|
|
|
13eaef |
+++ b/test/parallel/test-tls-set-ciphers.js
|
|
|
13eaef |
@@ -68,36 +68,11 @@ const U = undefined;
|
|
|
13eaef |
test(U, 'AES256-SHA', 'AES256-SHA');
|
|
|
13eaef |
test('AES256-SHA', U, 'AES256-SHA');
|
|
|
13eaef |
|
|
|
13eaef |
-test(U, 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384');
|
|
|
13eaef |
-test('TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384');
|
|
|
13eaef |
-
|
|
|
13eaef |
// Do not have shared ciphers.
|
|
|
13eaef |
-test('TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256',
|
|
|
13eaef |
- U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
|
|
|
13eaef |
-
|
|
|
13eaef |
-test('AES128-SHA', 'AES256-SHA', U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
|
|
|
13eaef |
-test('AES128-SHA:TLS_AES_256_GCM_SHA384',
|
|
|
13eaef |
- 'TLS_CHACHA20_POLY1305_SHA256:AES256-SHA',
|
|
|
13eaef |
- U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
|
|
|
13eaef |
-
|
|
|
13eaef |
-// Cipher order ignored, TLS1.3 chosen before TLS1.2.
|
|
|
13eaef |
-test('AES256-SHA:TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384');
|
|
|
13eaef |
-test(U, 'AES256-SHA:TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384');
|
|
|
13eaef |
-
|
|
|
13eaef |
-// TLS_AES_128_CCM_8_SHA256 & TLS_AES_128_CCM_SHA256 are not enabled by
|
|
|
13eaef |
-// default, but work.
|
|
|
13eaef |
-test('TLS_AES_128_CCM_8_SHA256', U,
|
|
|
13eaef |
- U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
|
|
|
13eaef |
-
|
|
|
13eaef |
-test('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256',
|
|
|
13eaef |
- 'TLS_AES_128_CCM_8_SHA256');
|
|
|
13eaef |
+test('AES128-SHA', 'AES256-SHA', U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
|
|
|
13eaef |
|
|
|
13eaef |
// Invalid cipher values
|
|
|
13eaef |
test(9, 'AES256-SHA', U, 'ERR_INVALID_ARG_TYPE', U);
|
|
|
13eaef |
test('AES256-SHA', 9, U, U, 'ERR_INVALID_ARG_TYPE');
|
|
|
13eaef |
test(':', 'AES256-SHA', U, 'ERR_INVALID_OPT_VALUE', U);
|
|
|
13eaef |
test('AES256-SHA', ':', U, U, 'ERR_INVALID_OPT_VALUE');
|
|
|
13eaef |
-
|
|
|
13eaef |
-// Using '' is synonymous for "use default ciphers"
|
|
|
13eaef |
-test('TLS_AES_256_GCM_SHA384', '', 'TLS_AES_256_GCM_SHA384');
|
|
|
13eaef |
-test('', 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384');
|
|
|
13eaef |
diff --git a/test/sequential/test-async-wrap-getasyncid.js b/test/sequential/test-async-wrap-getasyncid.js
|
|
|
13eaef |
index 13aee51175..e9a3b1893d 100644
|
|
|
13eaef |
--- a/test/sequential/test-async-wrap-getasyncid.js
|
|
|
13eaef |
+++ b/test/sequential/test-async-wrap-getasyncid.js
|
|
|
13eaef |
@@ -50,6 +50,8 @@ const { getSystemErrorName } = require('util');
|
|
|
13eaef |
delete providers.KEYPAIRGENREQUEST;
|
|
|
13eaef |
delete providers.HTTPCLIENTREQUEST;
|
|
|
13eaef |
delete providers.HTTPINCOMINGMESSAGE;
|
|
|
13eaef |
+ // SCRYPTREQUEST may not be available (OPENSSL_NO_SCRYPT)
|
|
|
13eaef |
+ delete providers.SCRYPTREQUEST;
|
|
|
13eaef |
|
|
|
13eaef |
const objKeys = Object.keys(providers);
|
|
|
13eaef |
if (objKeys.length > 0)
|