test: fix crypto-dh error message for OpenSSL 3.x #50395
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
nodejs-github-bot
added
needs-ci
richardlau
approved these changes
Oct 26, 2023
github-actions
bot
removed
the
request-ci
This comment was marked as outdated.
This comment was marked as outdated.
|
The https://ci.nodejs.org/job/node-test-commit-linux-containered/nodes=ubuntu1804_sharedlibs_withoutintl_x64/40113/ failure is #49988 (comment) and unrelated to this PR. Once we fix that, requesting a new Jenkins CI run should pick up the change. |
lpinca
approved these changes
Oct 26, 2023
github-actions
bot
removed
the
request-ci
tniessen
added
crypto
richardlau
added
the
author ready
19 tasks
richardlau
added
the
commit-queue
nodejs-github-bot
removed
the
commit-queue
|
Landed in 8eea2d3 |
This was referenced Oct 28, 2023
richardlau
added
lts-watch-v18.x
alexfernandez
pushed a commit
to alexfernandez/node
that referenced
this pull request
Nov 1, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: nodejs#50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
targos
pushed a commit
that referenced
this pull request
Nov 11, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: #50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
UTsweetyfish
added a commit
to UTsweetyfish/nodejs
that referenced
this pull request
Nov 15, 2023
deepin-ci-robot
pushed a commit
to deepin-community/nodejs
that referenced
this pull request
Nov 15, 2023
targos
added
backported-to-v20.x
targos
pushed a commit
that referenced
this pull request
Nov 15, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: #50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
targos
added
backported-to-v18.x
targos
pushed a commit
that referenced
this pull request
Nov 15, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: #50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
sercher
added a commit
to sercher/graaljs
that referenced
this pull request
Apr 25, 2024
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: nodejs/node#50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
sercher
added a commit
to sercher/graaljs
that referenced
this pull request
Apr 25, 2024
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: nodejs/node#50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
richardlau
added a commit
to richardlau/node-1
that referenced
this pull request
Jun 18, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395
nodejs-github-bot
pushed a commit
that referenced
this pull request
Jun 26, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95
pushed a commit
that referenced
this pull request
Jul 12, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95
pushed a commit
that referenced
this pull request
Jul 16, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
marco-ippolito
pushed a commit
that referenced
this pull request
Aug 19, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
marco-ippolito
pushed a commit
that referenced
this pull request
Aug 19, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95
pushed a commit
to aduh95/node
that referenced
this pull request
Sep 24, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395 PR-URL: nodejs#53503 Refs: nodejs#53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95
pushed a commit
to aduh95/node
that referenced
this pull request
Sep 25, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395 PR-URL: nodejs#53503 Refs: nodejs#53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
richardlau
added a commit
to aduh95/node
that referenced
this pull request
Sep 27, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395 PR-URL: nodejs#53503 Refs: nodejs#53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause.
Error message change is test-only and uses the right error message for versions >= 3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.
With these changes to OpenSSL, error message in XX test is now
'Supplied key is too small'instead of'error:02800080:Diffie-Hellman routines::invalid secret'.--
Sample failure: