From a670c0c8b93fcbed3d36b1b9697576efc57b651f Mon Sep 17 00:00:00 2001 From: Darshan Sen Date: Sun, 13 Mar 2022 12:08:45 +0530 Subject: [PATCH] test,crypto: add and update empty passphrase regression tests Refs: https://github.com/nodejs/node/issues/41428 Signed-off-by: Darshan Sen --- test/parallel/test-crypto-keygen.js | 87 +++++++++++++++++----------- test/parallel/test-tls-passphrase.js | 2 +- 2 files changed, 55 insertions(+), 34 deletions(-) diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js index e930db92158005..b499087d86568a 100644 --- a/test/parallel/test-crypto-keygen.js +++ b/test/parallel/test-crypto-keygen.js @@ -1543,44 +1543,65 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher); } } -if (!common.hasOpenSSL3) { - // Passing an empty passphrase string should not cause OpenSSL's default - // passphrase prompt in the terminal. - // See https://github.com/nodejs/node/issues/35898. - - for (const type of ['pkcs1', 'pkcs8']) { - generateKeyPair('rsa', { - modulusLength: 1024, - privateKeyEncoding: { - type, - format: 'pem', - cipher: 'aes-256-cbc', - passphrase: '' - } - }, common.mustSucceed((publicKey, privateKey) => { - assert.strictEqual(publicKey.type, 'public'); +// Passing an empty passphrase string should not cause OpenSSL's default +// passphrase prompt in the terminal. +// See https://github.com/nodejs/node/issues/35898. - for (const passphrase of ['', Buffer.alloc(0)]) { - const privateKeyObject = createPrivateKey({ - passphrase, - key: privateKey - }); - assert.strictEqual(privateKeyObject.asymmetricKeyType, 'rsa'); - } +for (const type of ['pkcs1', 'pkcs8']) { + generateKeyPair('rsa', { + modulusLength: 1024, + privateKeyEncoding: { + type, + format: 'pem', + cipher: 'aes-256-cbc', + passphrase: '' + } + }, common.mustSucceed((publicKey, privateKey) => { + assert.strictEqual(publicKey.type, 'public'); - // Encrypting with an empty passphrase is not the same as not encrypting - // the key, and not specifying a passphrase should fail when decoding it. - assert.throws(() => { - return testSignVerify(publicKey, privateKey); - }, { - name: 'TypeError', - code: 'ERR_MISSING_PASSPHRASE', - message: 'Passphrase required for encrypted key' + for (const passphrase of ['', Buffer.alloc(0)]) { + const privateKeyObject = createPrivateKey({ + passphrase, + key: privateKey }); - })); - } + assert.strictEqual(privateKeyObject.asymmetricKeyType, 'rsa'); + } + + // Encrypting with an empty passphrase is not the same as not encrypting + // the key, and not specifying a passphrase should fail when decoding it. + assert.throws(() => { + return testSignVerify(publicKey, privateKey); + }, common.hasOpenSSL3 ? { + name: 'Error', + code: 'ERR_OSSL_CRYPTO_INTERRUPTED_OR_CANCELLED', + message: 'error:07880109:common libcrypto routines::interrupted or cancelled' + } : { + name: 'TypeError', + code: 'ERR_MISSING_PASSPHRASE', + message: 'Passphrase required for encrypted key' + }); + })); } +// Passing an empty passphrase string should not throw ERR_OSSL_CRYPTO_MALLOC_FAILURE even on OpenSSL 3. +// Regression test for https://github.com/nodejs/node/issues/41428. +generateKeyPair('rsa', { + modulusLength: 4096, + publicKeyEncoding: { + type: 'spki', + format: 'pem' + }, + privateKeyEncoding: { + type: 'pkcs8', + format: 'pem', + cipher: 'aes-256-cbc', + passphrase: '' + } +}, common.mustSucceed((publicKey, privateKey) => { + assert.strictEqual(typeof publicKey, 'string'); + assert.strictEqual(typeof privateKey, 'string'); +})); + { // Proprietary Web Cryptography API ECDH/ECDSA namedCurve parameters // should not be recognized in this API. diff --git a/test/parallel/test-tls-passphrase.js b/test/parallel/test-tls-passphrase.js index ce77dd18a6e620..d2c344b19a8448 100644 --- a/test/parallel/test-tls-passphrase.js +++ b/test/parallel/test-tls-passphrase.js @@ -224,7 +224,7 @@ server.listen(0, common.mustCall(function() { })).unref(); const errMessagePassword = common.hasOpenSSL3 ? - /Error: error:1400006B:UI routines::processing error/ : /bad decrypt/; + /Error: error:1C800064:Provider routines::bad decrypt/ : /bad decrypt/; // Missing passphrase assert.throws(function() {