test: fix test-tls-client-mindhsize for OpenSSL32

Refs: #53382 - OpenSSL32 has a minimum dh key size by 2048 by default. - Create larter 3072 dh key needed for testing and adjust tests to use it for builds with OpenSSL32 Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #54739 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
nodejs · Sep 13, 2024 · c968d65 · c968d65
1 parent b998bb0
commit c968d65
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 9 deletions.
diff --git a/test/fixtures/keys/Makefile b/test/fixtures/keys/Makefile
@@ -24,6 +24,7 @@ all: \
  dh512.pem \
  dh1024.pem \
  dh2048.pem \
+ dh3072.pem \
  dherror.pem \
  dh_private.pem \
  dh_public.pem \
@@ -596,6 +597,9 @@ dh1024.pem:
 dh2048.pem:
  openssl dhparam -out dh2048.pem 2048
 
+dh3072.pem:
+ openssl dhparam -out dh3072.pem 3072
+
 dherror.pem: dh1024.pem
  sed 's/^[^-].*/AAAAAAAAAA/g' dh1024.pem > dherror.pem
 

diff --git a/test/fixtures/keys/dh3072.pem b/test/fixtures/keys/dh3072.pem
@@ -0,0 +1,11 @@
+-----BEGIN DH PARAMETERS-----
+MIIBiAKCAYEAmV6aZ8ADnmRQoF9aGlV1AmajCkoc2eEltua1KpGFrxM0cr99gcS9
+/zxTDo8ixwPoHBOOBD+9MN6KbSJ+61xvu9yQ2qt8HfNcUI7QZxdVQ4ZHCQM3Jw8h
+BPHFgjpx8w/pteZ3+L42felUxbd8/qfDv+gKsfuxrm6Ht7zzKLfbX9oNdJwpxX7N
+yGP3nNadYDM/ZmvmEY8xh2dwLHSMaAP1gxuWiitdYXX60Yg6EFgIotznqbdW075D
+KccGTTseFx9gNbxYkW33qX/p5IAf3wRFmptiRWCol88NHTDqtQRs0nhVQ1R28tiL
+rQhSJLHLSa4esF+whfC64oXECr2AtarcKWG+LX1dEWI4SXqurnBPiBoyqfVWHS4b
+PVgR90LlBJoXqblhsVrd+CkJI7ULDJmSA/cpgCqXH6vSvhb40yr5rpU4vZz+zhHY
+CTXVpH95JD35PiZOfQYhfDA4LGvfICPLIH7E8YL5v2F6Xxsf8trI5KiAs1S3TN8b
+lsLV6og5VoPXAgEC
+-----END DH PARAMETERS-----
diff --git a/test/parallel/test-tls-client-mindhsize.js b/test/parallel/test-tls-client-mindhsize.js
@@ -35,11 +35,12 @@ function test(size, err, next) {
  });
 
  server.listen(0, function() {
- // Client set minimum DH parameter size to 2048 bits so that
- // it fails when it make a connection to the tls server where
- // dhparams is 1024 bits
+ // Client set minimum DH parameter size to 2048 or 3072 bits
+ // so that it fails when it makes a connection to the tls
+ // server where is too small
+ const minDHSize = common.hasOpenSSL(3, 2) ? 3072 : 2048;
  const client = tls.connect({
- minDHSize: 2048,
+ minDHSize: minDHSize,
  port: this.address().port,
  rejectUnauthorized: false,
  maxVersion: 'TLSv1.2',
@@ -60,16 +61,27 @@ function test(size, err, next) {
 // A client connection fails with an error when a client has an
 // 2048 bits minDHSize option and a server has 1024 bits dhparam
 function testDHE1024() {
- test(1024, true, testDHE2048);
+ test(1024, true, testDHE2048(false, null));
+}
+
+// Test a client connection when a client has an
+// 2048 bits minDHSize option
+function testDHE2048(expect_to_fail, next) {
+ test(2048, expect_to_fail, next);
 }
 
 // A client connection successes when a client has an
-// 2048 bits minDHSize option and a server has 2048 bits dhparam
-function testDHE2048() {
- test(2048, false, null);
+// 3072 bits minDHSize option and a server has 3072 bits dhparam
+function testDHE3072() {
+ test(3072, false, null);
 }
 
-testDHE1024();
+if (common.hasOpenSSL(3, 2)) {
+ // Minimum size for OpenSSL 3.2 is 2048 by default
+ testDHE2048(true, testDHE3072);
+} else {
+ testDHE1024();
+}
 
 assert.throws(() => test(512, true, common.mustNotCall()),
  /DH parameter is less than 1024 bits/);