From 564a2856960790325f08726147b0eb9dde2bb10d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
Date: Thu, 16 Jan 2020 11:41:47 +0100
Subject: [PATCH 4/4] Revert new options using unsupported OpenSSL features
Reverts 54f327b4dcb37f373bc4146686c7e4edcd9c524d
https://github.com/nodejs/node/commit/54f327b4dcb37f373bc4146686c7e4edcd9c524d
Reverts 6272f82c07e913a76a316a786c9aadbc09f953ff
https://github.com/nodejs/node/commit/6272f82c07e913a76a316a786c9aadbc09f953ff
Signed-off-by: Jan Staněk <jstanek@redhat.com>
---
doc/api/crypto.md | 6 --
doc/api/tls.md | 10 --
lib/_tls_common.js | 13 ---
lib/_tls_wrap.js | 4 -
lib/internal/crypto/cipher.js | 10 +-
src/node_crypto.cc | 123 -------------------------
src/node_crypto.h | 4 -
test/fixtures/rsa-oaep-test-vectors.js | 30 ------
test/parallel/test-crypto-rsa-dsa.js | 65 +++++++++----
test/parallel/test-tls-set-sigalgs.js | 74 ---------------
10 files changed, 48 insertions(+), 291 deletions(-)
delete mode 100644 test/fixtures/rsa-oaep-test-vectors.js
delete mode 100644 test/parallel/test-tls-set-sigalgs.js
diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index cf651fb..e72006a 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -2383,9 +2383,6 @@ An array of supported digest functions can be retrieved using
<!-- YAML
added: v0.11.14
changes:
- - version: v12.11.0
- pr-url: https://github.com/nodejs/node/pull/29489
- description: The `oaepLabel` option was added.
- version: v12.9.0
pr-url: https://github.com/nodejs/node/pull/28335
description: The `oaepHash` option was added.
@@ -2470,9 +2467,6 @@ be passed instead of a public key.
<!-- YAML
added: v0.11.14
changes:
- - version: v12.11.0
- pr-url: https://github.com/nodejs/node/pull/29489
- description: The `oaepLabel` option was added.
- version: v12.9.0
pr-url: https://github.com/nodejs/node/pull/28335
description: The `oaepHash` option was added.
diff --git a/doc/api/tls.md b/doc/api/tls.md
index 3fd8e8c..09c0fa5 100644
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -1362,10 +1362,6 @@ changes:
pr-url: https://github.com/nodejs/node/pull/28973
description: Added `privateKeyIdentifier` and `privateKeyEngine` options
to get private key from an OpenSSL engine.
- - version: v12.11.0
- pr-url: https://github.com/nodejs/node/pull/29598
- description: Added `sigalgs` option to override supported signature
- algorithms.
- version: v12.0.0
pr-url: https://github.com/nodejs/node/pull/26209
description: TLSv1.3 support added.
@@ -1426,12 +1422,6 @@ changes:
order as their private keys in `key`. If the intermediate certificates are
not provided, the peer will not be able to validate the certificate, and the
handshake will fail.
- * `sigalgs` {string} Colon-separated list of supported signature algorithms.
- The list can contain digest algorithms (`SHA256`, `MD5` etc.), public key
- algorithms (`RSA-PSS`, `ECDSA` etc.), combination of both (e.g
- 'RSA+SHA384') or TLS v1.3 scheme names (e.g. `rsa_pss_pss_sha512`).
- See [OpenSSL man pages](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_sigalgs_list.html)
- for more info.
* `ciphers` {string} Cipher suite specification, replacing the default. For
more information, see [modifying the default cipher suite][]. Permitted
ciphers can be obtained via [`tls.getCiphers()`][]. Cipher names must be
diff --git a/lib/_tls_common.js b/lib/_tls_common.js
index 17c3e3a..f31b1eb 100644
--- a/lib/_tls_common.js
+++ b/lib/_tls_common.js
@@ -152,19 +152,6 @@ exports.createSecureContext = function createSecureContext(options) {
}
}
- const sigalgs = options.sigalgs;
- if (sigalgs !== undefined) {
- if (typeof sigalgs !== 'string') {
- throw new ERR_INVALID_ARG_TYPE('options.sigalgs', 'string', sigalgs);
- }
-
- if (sigalgs === '') {
- throw new ERR_INVALID_OPT_VALUE('sigalgs', sigalgs);
- }
-
- c.context.setSigalgs(sigalgs);
- }
-
const { privateKeyIdentifier, privateKeyEngine } = options;
if (privateKeyIdentifier !== undefined) {
if (privateKeyEngine === undefined) {
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 778afa7..f9dcaa1 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -861,7 +861,6 @@ function makeSocketMethodProxy(name) {
[
'getCipher',
- 'getSharedSigalgs',
'getEphemeralKeyInfo',
'getFinished',
'getPeerFinished',
@@ -1117,8 +1116,6 @@ Server.prototype.setSecureContext = function(options) {
else
this.crl = undefined;
- this.sigalgs = options.sigalgs;
-
if (options.ciphers)
this.ciphers = options.ciphers;
else
@@ -1160,7 +1157,6 @@ Server.prototype.setSecureContext = function(options) {
clientCertEngine: this.clientCertEngine,
ca: this.ca,
ciphers: this.ciphers,
- sigalgs: this.sigalgs,
ecdhCurve: this.ecdhCurve,
dhparam: this.dhparam,
minVersion: this.minVersion,
diff --git a/lib/internal/crypto/cipher.js b/lib/internal/crypto/cipher.js
index 1d6f32b..73fab0f 100644
--- a/lib/internal/crypto/cipher.js
+++ b/lib/internal/crypto/cipher.js
@@ -50,16 +50,10 @@ function rsaFunctionFor(method, defaultPadding, keyType) {
preparePrivateKey(options) :
preparePublicOrPrivateKey(options);
const padding = options.padding || defaultPadding;
- const { oaepHash, oaepLabel } = options;
+ const { oaepHash } = options;
if (oaepHash !== undefined && typeof oaepHash !== 'string')
throw new ERR_INVALID_ARG_TYPE('options.oaepHash', 'string', oaepHash);
- if (oaepLabel !== undefined && !isArrayBufferView(oaepLabel)) {
- throw new ERR_INVALID_ARG_TYPE('options.oaepLabel',
- ['Buffer', 'TypedArray', 'DataView'],
- oaepLabel);
- }
- return method(data, format, type, passphrase, buffer, padding, oaepHash,
- oaepLabel);
+ return method(data, format, type, passphrase, buffer, padding, oaepHash);
};
}
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 7bafe1e..17a69b8 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -737,7 +737,6 @@ void SecureContext::Initialize(Environment* env, Local<Object> target) {
env->SetProtoMethod(t, "addRootCerts", AddRootCerts);
env->SetProtoMethod(t, "setCipherSuites", SetCipherSuites);
env->SetProtoMethod(t, "setCiphers", SetCiphers);
- env->SetProtoMethod(t, "setSigalgs", SetSigalgs);
env->SetProtoMethod(t, "setECDHCurve", SetECDHCurve);
env->SetProtoMethod(t, "setDHParam", SetDHParam);
env->SetProtoMethod(t, "setMaxProto", SetMaxProto);
@@ -1021,24 +1020,6 @@ void SecureContext::SetKey(const FunctionCallbackInfo<Value>& args) {
}
}
-void SecureContext::SetSigalgs(const FunctionCallbackInfo<Value>& args) {
- SecureContext* sc;
- ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
- Environment* env = sc->env();
- ClearErrorOnReturn clear_error_on_return;
-
- CHECK_EQ(args.Length(), 1);
- CHECK(args[0]->IsString());
-
- const node::Utf8Value sigalgs(env->isolate(), args[0]);
-
- int rv = SSL_CTX_set1_sigalgs_list(sc->ctx_.get(), *sigalgs);
-
- if (rv == 0) {
- return ThrowCryptoError(env, ERR_get_error());
- }
-}
-
#ifndef OPENSSL_NO_ENGINE
// Helpers for the smart pointer.
void ENGINE_free_fn(ENGINE* engine) { ENGINE_free(engine); }
@@ -2080,7 +2061,6 @@ void SSLWrap<Base>::AddMethods(Environment* env, Local<FunctionTemplate> t) {
env->SetProtoMethodNoSideEffect(t, "isSessionReused", IsSessionReused);
env->SetProtoMethodNoSideEffect(t, "verifyError", VerifyError);
env->SetProtoMethodNoSideEffect(t, "getCipher", GetCipher);
- env->SetProtoMethodNoSideEffect(t, "getSharedSigalgs", GetSharedSigalgs);
env->SetProtoMethod(t, "endParser", EndParser);
env->SetProtoMethod(t, "certCbDone", CertCbDone);
env->SetProtoMethod(t, "renegotiate", Renegotiate);
@@ -3038,88 +3018,6 @@ void SSLWrap<Base>::GetCipher(const FunctionCallbackInfo<Value>& args) {
}
-template <class Base>
-void SSLWrap<Base>::GetSharedSigalgs(const FunctionCallbackInfo<Value>& args) {
- Base* w;
- ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder());
- Environment* env = w->ssl_env();
- std::vector<Local<Value>> ret_arr;
-
- SSL* ssl = w->ssl_.get();
- int nsig = SSL_get_shared_sigalgs(ssl, 0, nullptr, nullptr, nullptr, nullptr,
- nullptr);
-
- for (int i = 0; i < nsig; i++) {
- int hash_nid;
- int sign_nid;
- std::string sig_with_md;
-
- SSL_get_shared_sigalgs(ssl, i, &sign_nid, &hash_nid, nullptr, nullptr,
- nullptr);
-
- switch (sign_nid) {
- case EVP_PKEY_RSA:
- sig_with_md = "RSA+";
- break;
-
- case EVP_PKEY_RSA_PSS:
- sig_with_md = "RSA-PSS+";
- break;
-
- case EVP_PKEY_DSA:
- sig_with_md = "DSA+";
- break;
-
- case EVP_PKEY_EC:
- sig_with_md = "ECDSA+";
- break;
-
- case NID_ED25519:
- sig_with_md = "Ed25519+";
- break;
-
- case NID_ED448:
- sig_with_md = "Ed448+";
- break;
-#ifndef OPENSSL_NO_GOST
- case NID_id_GostR3410_2001:
- sig_with_md = "gost2001+";
- break;
-
- case NID_id_GostR3410_2012_256:
- sig_with_md = "gost2012_256+";
- break;
-
- case NID_id_GostR3410_2012_512:
- sig_with_md = "gost2012_512+";
- break;
-#endif // !OPENSSL_NO_GOST
- default:
- const char* sn = OBJ_nid2sn(sign_nid);
-
- if (sn != nullptr) {
- sig_with_md = std::string(sn) + "+";
- } else {
- sig_with_md = "UNDEF+";
- }
- break;
- }
-
- const char* sn_hash = OBJ_nid2sn(hash_nid);
- if (sn_hash != nullptr) {
- sig_with_md += std::string(sn_hash);
- } else {
- sig_with_md += "UNDEF";
- }
-
- ret_arr.push_back(OneByteString(env->isolate(), sig_with_md.c_str()));
- }
-
- args.GetReturnValue().Set(
- Array::New(env->isolate(), ret_arr.data(), ret_arr.size()));
-}
-
-
template <class Base>
void SSLWrap<Base>::GetProtocol(const FunctionCallbackInfo<Value>& args) {
Base* w;
@@ -5720,8 +5618,6 @@ bool PublicKeyCipher::Cipher(Environment* env,
const ManagedEVPPKey& pkey,
int padding,
const EVP_MD* digest,
- const void* oaep_label,
- size_t oaep_label_len,
const unsigned char* data,
int len,
AllocatedBuffer* out) {
@@ -5738,17 +5634,6 @@ bool PublicKeyCipher::Cipher(Environment* env,
return false;
}
- if (oaep_label_len != 0) {
- // OpenSSL takes ownership of the label, so we need to create a copy.
- void* label = OPENSSL_memdup(oaep_label, oaep_label_len);
- CHECK_NOT_NULL(label);
- if (0 >= EVP_PKEY_CTX_set0_rsa_oaep_label(ctx.get(), label,
- oaep_label_len)) {
- OPENSSL_free(label);
- return false;
- }
- }
-
size_t out_len = 0;
if (EVP_PKEY_cipher(ctx.get(), nullptr, &out_len, data, len) <= 0)
return false;
@@ -5794,12 +5679,6 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
return THROW_ERR_OSSL_EVP_INVALID_DIGEST(env);
}
- ArrayBufferViewContents<unsigned char> oaep_label;
- if (!args[offset + 3]->IsUndefined()) {
- CHECK(args[offset + 3]->IsArrayBufferView());
- oaep_label.Read(args[offset + 3].As<ArrayBufferView>());
- }
-
AllocatedBuffer out;
ClearErrorOnReturn clear_error_on_return;
@@ -5809,8 +5688,6 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
pkey,
padding,
digest,
- oaep_label.data(),
- oaep_label.length(),
buf.data(),
buf.length(),
&out);
diff --git a/src/node_crypto.h b/src/node_crypto.h
index 9de1616..b225cba 100644
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -164,7 +164,6 @@ class SecureContext : public BaseObject {
static void AddRootCerts(const v8::FunctionCallbackInfo<v8::Value>& args);
static void SetCipherSuites(const v8::FunctionCallbackInfo<v8::Value>& args);
static void SetCiphers(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void SetSigalgs(const v8::FunctionCallbackInfo<v8::Value>& args);
static void SetECDHCurve(const v8::FunctionCallbackInfo<v8::Value>& args);
static void SetDHParam(const v8::FunctionCallbackInfo<v8::Value>& args);
static void SetOptions(const v8::FunctionCallbackInfo<v8::Value>& args);
@@ -297,7 +296,6 @@ class SSLWrap {
static void IsSessionReused(const v8::FunctionCallbackInfo<v8::Value>& args);
static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args);
static void GetCipher(const v8::FunctionCallbackInfo<v8::Value>& args);
- static void GetSharedSigalgs(const v8::FunctionCallbackInfo<v8::Value>& args);
static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args);
static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args);
static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
@@ -762,8 +760,6 @@ class PublicKeyCipher {
const ManagedEVPPKey& pkey,
int padding,
const EVP_MD* digest,
- const void* oaep_label,
- size_t oaep_label_size,
const unsigned char* data,
int len,
AllocatedBuffer* out);
diff --git a/test/fixtures/rsa-oaep-test-vectors.js b/test/fixtures/rsa-oaep-test-vectors.js
deleted file mode 100644
index 47e681f..0000000
--- a/test/fixtures/rsa-oaep-test-vectors.js
+++ /dev/null
@@ -1,30 +0,0 @@
-{
- "comment": "RSA-OAEP test vectors for test-crypto-rsa-dsa.js",
- "decryptionTests": [
- {
- "ct": "16ece59cf985a8cf1a3434e4b9707c922c20638fdf9abf7e5dc7943f4136899348c54116d15b2c17563b9c7143f9d5b85b45615ad0598ea6d21c900f3957b65400612306a9bebae441f005646f7a7c97129a103ab54e777168ef966514adb17786b968ea0ff430a524904c4a11c683764b7c8dbb60df0952768381cdba4d665e5006034393a10d56d33e75b2714db824a18da46441ef7f94a34a7058c0bbad0394083a038558bcc6dd370f8e518e1bd8d73b296fc51d77da44799e4ee774926ded7910e8768f92db76f63107338d33354b735d3ad094240dbd7ffdfda27ef0255306dcf4a6462849492abd1a97fdd37743ff87c4d2ec89866c5cdbb696bd2b30"
- },
- {
- "ct": "16ece59cf985a8cf1a3434e4b9707c922c20638fdf9abf7e5dc7943f4136899348c54116d15b2c17563b9c7143f9d5b85b45615ad0598ea6d21c900f3957b65400612306a9bebae441f005646f7a7c97129a103ab54e777168ef966514adb17786b968ea0ff430a524904c4a11c683764b7c8dbb60df0952768381cdba4d665e5006034393a10d56d33e75b2714db824a18da46441ef7f94a34a7058c0bbad0394083a038558bcc6dd370f8e518e1bd8d73b296fc51d77da44799e4ee774926ded7910e8768f92db76f63107338d33354b735d3ad094240dbd7ffdfda27ef0255306dcf4a6462849492abd1a97fdd37743ff87c4d2ec89866c5cdbb696bd2b30",
- "oaepHash": "sha1"
- },
- {
- "ct": "16ccf09afe5eb0130182b9fc1ca4af61a38e772047cac42146bfa0fa5879aa9639203e4d01442d212ff95bddfbe4661222215a2e91908c37ab926edea7cfc53f83357bc27f86af0f5f2818ae141f4e9e934d4e66189aff30f062c9c3f6eb9bc495a59082cb978f99b56ce5fa530a8469e46129258e5c42897cb194b6805e936e5cbbeaa535bad6b1d3cdfc92119b7dd325a2e6d2979e316bdacc9f80e29c7bbdf6846d738e380deadcb48df8c1e8aabf7a9dd2f8c71d6681dbec7dcadc01887c51288674268796bc77fdf8f1c94c9ca50b1cc7cddbaf4e56cb151d23e2c699d2844c0104ee2e7e9dcdb907cfab43339120a40c59ca54f32b8d21b48a29656c77",
- "oaepHash": "sha256"
- },
- {
- "ct": "831b72e8dd91841729ecbddf2647d6f19dc0094734f8803d8c651b5655a12ae6156b74d9b594bcc0eacd002728380b94f46e8657f130f354e03b6e7815ee257eda78dba296d67d24410c31c48e5875cc79e4bde594b412be5f357f57a7ac1f1d18b718e408df162d1795508e6a0616192b647ad942ea068a44fb2b323d35a3a61b926feb105d6c0b2a8fc8050222d1cf4a9e44da1f95bbc677fd643749c6c89ac551d072f04cd9320c97a8d94755c8a804954c082bed7fa59199a00aca154c14a7b584b63c538daf9b9c7c90abfca19387d2131f9d9b9ecfc8672249c33144d1be3bfc41558a13f994663661a3af24fd0a97619d508db36f5fc131af86fc68cf",
- "oaepHash": "sha512"
- },
- {
- "ct": "04a25a3dbe0a44b10b7dde19632ce0963e7a7e9876905cd4a4f68ba8e0bda593a738847235df4494f9c28927b165511d22006ef6fae0eb7fe01883e4ae495643328d21e13dad65e71e45f885c7e1e2fe77c39fa84b8bbd2d7d3ed72fea2bf3c87a5c864bdc41b45caa3d668ca3f35297f43dc97950fa959ee88031c8385da7628d03923dfd26a7e0568c95a2f38ec5760335b00fa30935abdd9ab5b3581fc319ff787c59930319707caa24fe9e5d0ce6c48eff4ee6e124fd6c595353acc29a194863dbf7b74d08edf7129ca52eb5f4ccf3888311e97602fcd37b476c41749b260efad4e0760064082f7c9ea0f8704134936b2e38fd0f82886486b5f7e5fb9696",
- "oaepHash": "sha384",
- "oaepLabel": "01020304"
- },
- {
- "ct": "678f9ff724e0f48b48e6ff3cbdac5eb995d263da1c23f948d8d09411131f69f40da07f0c650e1aedc82fbaf0972a5d3b3e8f1f82cc4fa1780abfebb4e06b6827a52bf768b12388817c1e3ee1324342e05135733a4056a6cc02f5211172c338eb96e5e33c1d6f53560e3f3aab2419c13a600c4e67648088ffe8aac2cea8bce78e2ab899741cf7c9a9d5246cde6ce97aae0157f42db68eea380dec6dcd842c1e6900ae21d5275c4bf21810b5e1b0e1bc0441cbce34e00a31b9e857f6f2c791257d45997c278ea928f42e8cb6476f633f5de102fa0c4af964a9c4f4336869509e933ebc0aa94ad16b0b1db2aaa924f409a5f9f29dfbd88849c5eaa4818e1c3e335e",
- "oaepHash": "sha1",
- "oaepLabel": "00112233445566778899"
- }
- ]
-}
diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
index 30ef7ec..c773aae 100644
--- a/test/parallel/test-crypto-rsa-dsa.js
+++ b/test/parallel/test-crypto-rsa-dsa.js
@@ -202,21 +202,59 @@ common.expectsError(() => {
// The following RSA-OAEP test cases were created using the WebCrypto API to
// ensure compatibility when using non-SHA1 hash functions.
{
- const { decryptionTests } =
- JSON.parse(fixtures.readSync('rsa-oaep-test-vectors.js', 'utf8'));
-
- for (const { ct, oaepHash, oaepLabel } of decryptionTests) {
+ function testDecrypt(oaepHash, ciphertext) {
const decrypted = crypto.privateDecrypt({
key: rsaPkcs8KeyPem,
- oaepHash,
- oaepLabel: oaepLabel ? Buffer.from(oaepLabel, 'hex') : undefined
- }, Buffer.from(ct, 'hex'));
+ oaepHash
+ }, Buffer.from(ciphertext, 'hex'));
assert.strictEqual(decrypted.toString('utf8'), 'Hello Node.js');
}
+
+ testDecrypt(undefined, '16ece59cf985a8cf1a3434e4b9707c922c20638fdf9abf7e5dc' +
+ '7943f4136899348c54116d15b2c17563b9c7143f9d5b85b4561' +
+ '5ad0598ea6d21c900f3957b65400612306a9bebae441f005646' +
+ 'f7a7c97129a103ab54e777168ef966514adb17786b968ea0ff4' +
+ '30a524904c4a11c683764b7c8dbb60df0952768381cdba4d665' +
+ 'e5006034393a10d56d33e75b2714db824a18da46441ef7f94a3' +
+ '4a7058c0bbad0394083a038558bcc6dd370f8e518e1bd8d73b2' +
+ '96fc51d77da44799e4ee774926ded7910e8768f92db76f63107' +
+ '338d33354b735d3ad094240dbd7ffdfda27ef0255306dcf4a64' +
+ '62849492abd1a97fdd37743ff87c4d2ec89866c5cdbb696bd2b' +
+ '30');
+ testDecrypt('sha1', '16ece59cf985a8cf1a3434e4b9707c922c20638fdf9abf7e5dc794' +
+ '3f4136899348c54116d15b2c17563b9c7143f9d5b85b45615ad059' +
+ '8ea6d21c900f3957b65400612306a9bebae441f005646f7a7c9712' +
+ '9a103ab54e777168ef966514adb17786b968ea0ff430a524904c4a' +
+ '11c683764b7c8dbb60df0952768381cdba4d665e5006034393a10d' +
+ '56d33e75b2714db824a18da46441ef7f94a34a7058c0bbad039408' +
+ '3a038558bcc6dd370f8e518e1bd8d73b296fc51d77da44799e4ee7' +
+ '74926ded7910e8768f92db76f63107338d33354b735d3ad094240d' +
+ 'bd7ffdfda27ef0255306dcf4a6462849492abd1a97fdd37743ff87' +
+ 'c4d2ec89866c5cdbb696bd2b30');
+ testDecrypt('sha256', '16ccf09afe5eb0130182b9fc1ca4af61a38e772047cac42146bf' +
+ 'a0fa5879aa9639203e4d01442d212ff95bddfbe4661222215a2e' +
+ '91908c37ab926edea7cfc53f83357bc27f86af0f5f2818ae141f' +
+ '4e9e934d4e66189aff30f062c9c3f6eb9bc495a59082cb978f99' +
+ 'b56ce5fa530a8469e46129258e5c42897cb194b6805e936e5cbb' +
+ 'eaa535bad6b1d3cdfc92119b7dd325a2e6d2979e316bdacc9f80' +
+ 'e29c7bbdf6846d738e380deadcb48df8c1e8aabf7a9dd2f8c71d' +
+ '6681dbec7dcadc01887c51288674268796bc77fdf8f1c94c9ca5' +
+ '0b1cc7cddbaf4e56cb151d23e2c699d2844c0104ee2e7e9dcdb9' +
+ '07cfab43339120a40c59ca54f32b8d21b48a29656c77');
+ testDecrypt('sha512', '831b72e8dd91841729ecbddf2647d6f19dc0094734f8803d8c65' +
+ '1b5655a12ae6156b74d9b594bcc0eacd002728380b94f46e8657' +
+ 'f130f354e03b6e7815ee257eda78dba296d67d24410c31c48e58' +
+ '75cc79e4bde594b412be5f357f57a7ac1f1d18b718e408df162d' +
+ '1795508e6a0616192b647ad942ea068a44fb2b323d35a3a61b92' +
+ '6feb105d6c0b2a8fc8050222d1cf4a9e44da1f95bbc677fd6437' +
+ '49c6c89ac551d072f04cd9320c97a8d94755c8a804954c082bed' +
+ '7fa59199a00aca154c14a7b584b63c538daf9b9c7c90abfca193' +
+ '87d2131f9d9b9ecfc8672249c33144d1be3bfc41558a13f99466' +
+ '3661a3af24fd0a97619d508db36f5fc131af86fc68cf');
}
-// Test invalid oaepHash and oaepLabel options.
+// Test invalid oaepHash options.
for (const fn of [crypto.publicEncrypt, crypto.privateDecrypt]) {
assert.throws(() => {
fn({
@@ -237,17 +275,6 @@ for (const fn of [crypto.publicEncrypt, crypto.privateDecrypt]) {
code: 'ERR_INVALID_ARG_TYPE'
});
}
-
- for (const oaepLabel of [0, false, null, Symbol(), () => {}, {}, 'foo']) {
- common.expectsError(() => {
- fn({
- key: rsaPubPem,
- oaepLabel
- }, Buffer.alloc(10));
- }, {
- code: 'ERR_INVALID_ARG_TYPE'
- });
- }
}
// Test RSA key signing/verification
diff --git a/test/parallel/test-tls-set-sigalgs.js b/test/parallel/test-tls-set-sigalgs.js
deleted file mode 100644
index 59dc2ca..0000000
--- a/test/parallel/test-tls-set-sigalgs.js
+++ /dev/null
@@ -1,74 +0,0 @@
-'use strict';
-const common = require('../common');
-if (!common.hasCrypto) common.skip('missing crypto');
-const fixtures = require('../common/fixtures');
-
-// Test sigalgs: option for TLS.
-
-const {
- assert, connect, keys
-} = require(fixtures.path('tls-connect'));
-
-function assert_arrays_equal(left, right) {
- assert.strictEqual(left.length, right.length);
- for (let i = 0; i < left.length; i++) {
- assert.strictEqual(left[i], right[i]);
- }
-}
-
-function test(csigalgs, ssigalgs, shared_sigalgs, cerr, serr) {
- assert(shared_sigalgs || serr || cerr, 'test missing any expectations');
- connect({
- client: {
- checkServerIdentity: (servername, cert) => { },
- ca: `${keys.agent1.cert}\n${keys.agent6.ca}`,
- cert: keys.agent2.cert,
- key: keys.agent2.key,
- sigalgs: csigalgs
- },
- server: {
- cert: keys.agent6.cert,
- key: keys.agent6.key,
- ca: keys.agent2.ca,
- context: {
- requestCert: true,
- rejectUnauthorized: true
- },
- sigalgs: ssigalgs
- },
- }, common.mustCall((err, pair, cleanup) => {
- if (shared_sigalgs) {
- assert.ifError(err);
- assert.ifError(pair.server.err);
- assert.ifError(pair.client.err);
- assert(pair.server.conn);
- assert(pair.client.conn);
- assert_arrays_equal(pair.server.conn.getSharedSigalgs(), shared_sigalgs);
- } else {
- if (serr) {
- assert(pair.server.err);
- assert(pair.server.err.code, serr);
- }
-
- if (cerr) {
- assert(pair.client.err);
- assert(pair.client.err.code, cerr);
- }
- }
-
- return cleanup();
- }));
-}
-
-// Have shared sigalgs
-test('RSA-PSS+SHA384', 'RSA-PSS+SHA384', ['RSA-PSS+SHA384']);
-test('RSA-PSS+SHA256:RSA-PSS+SHA512:ECDSA+SHA256',
- 'RSA-PSS+SHA256:ECDSA+SHA256',
- ['RSA-PSS+SHA256', 'ECDSA+SHA256']);
-
-// Do not have shared sigalgs.
-test('RSA-PSS+SHA384', 'ECDSA+SHA256',
- undefined, 'ECONNRESET', 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITMS');
-
-test('RSA-PSS+SHA384:ECDSA+SHA256', 'ECDSA+SHA384:RSA-PSS+SHA256',
- undefined, 'ECONNRESET', 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITMS');
--
2.24.1