test: fix crypto-dh error message for OpenSSL 3.x#50395
Merged
nodejs-github-bot merged 1 commit intonodejs:mainfrom Oct 27, 2023
Merged
test: fix crypto-dh error message for OpenSSL 3.x#50395nodejs-github-bot merged 1 commit intonodejs:mainfrom
nodejs-github-bot merged 1 commit intonodejs:mainfrom
Conversation
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
richardlau
approved these changes
Oct 26, 2023
This comment was marked as outdated.
This comment was marked as outdated.
Member
|
The https://ci.nodejs.org/job/node-test-commit-linux-containered/nodes=ubuntu1804_sharedlibs_withoutintl_x64/40113/ failure is #49988 (comment) and unrelated to this PR. Once we fix that, requesting a new Jenkins CI run should pick up the change. |
lpinca
approved these changes
Oct 26, 2023
Collaborator
Collaborator
19 tasks
Collaborator
|
Landed in 8eea2d3 |
This was referenced Oct 28, 2023
alexfernandez
pushed a commit
to alexfernandez/node
that referenced
this pull request
Nov 1, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: nodejs#50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
targos
pushed a commit
that referenced
this pull request
Nov 11, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: #50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
UTsweetyfish
added a commit
to UTsweetyfish/nodejs
that referenced
this pull request
Nov 15, 2023
deepin-ci-robot
pushed a commit
to deepin-community/nodejs
that referenced
this pull request
Nov 15, 2023
targos
pushed a commit
that referenced
this pull request
Nov 15, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: #50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
targos
pushed a commit
that referenced
this pull request
Nov 15, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: #50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
sercher
added a commit
to sercher/graaljs
that referenced
this pull request
Apr 25, 2024
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: nodejs/node#50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
sercher
added a commit
to sercher/graaljs
that referenced
this pull request
Apr 25, 2024
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: nodejs/node#50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
richardlau
added a commit
to richardlau/node-1
that referenced
this pull request
Jun 18, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395
nodejs-github-bot
pushed a commit
that referenced
this pull request
Jun 26, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95
pushed a commit
that referenced
this pull request
Jul 12, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95
pushed a commit
that referenced
this pull request
Jul 16, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
marco-ippolito
pushed a commit
that referenced
this pull request
Aug 19, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
marco-ippolito
pushed a commit
that referenced
this pull request
Aug 19, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95
pushed a commit
to aduh95/node
that referenced
this pull request
Sep 24, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395 PR-URL: nodejs#53503 Refs: nodejs#53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95
pushed a commit
to aduh95/node
that referenced
this pull request
Sep 25, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395 PR-URL: nodejs#53503 Refs: nodejs#53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
richardlau
added a commit
to aduh95/node
that referenced
this pull request
Sep 27, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395 PR-URL: nodejs#53503 Refs: nodejs#53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause.
Error message change is test-only and uses the right error message for versions >= 3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.
With these changes to OpenSSL, error message in XX test is now
'Supplied key is too small'instead of'error:02800080:Diffie-Hellman routines::invalid secret'.--
Sample failure: