Skip to content

Commit

Permalink
test: fix test when compiled without engine support
Browse files Browse the repository at this point in the history
Update the `addons/openssl-test-engine` test to pass when OpenSSL
has been compiled without support for custom engines. OpenSSL 3
deprecated support for engines, with the recommendation to move
to the provider model.

PR-URL: #53232
Refs: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-ENGINES.md
Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
richardlau authored and targos committed Jun 3, 2024
1 parent cebbd83 commit 0e85a84
Showing 1 changed file with 35 additions and 26 deletions.
61 changes: 35 additions & 26 deletions test/addons/openssl-test-engine/test.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,50 +11,59 @@ const crypto = require('crypto');
const fs = require('fs');
const path = require('path');

// Engine support in OpenSSL is checked later on.
let hasEngineSupport = true;

assert.throws(() => crypto.setEngine(true), /ERR_INVALID_ARG_TYPE/);
assert.throws(() => crypto.setEngine(true), /ERR_INVALID_ARG_TYPE|ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED/);
assert.throws(() => crypto.setEngine('/path/to/engine', 'notANumber'),
/ERR_INVALID_ARG_TYPE/);

{
const invalidEngineName = 'xxx';
assert.throws(() => crypto.setEngine(invalidEngineName),
/ERR_CRYPTO_ENGINE_UNKNOWN/);
/ERR_CRYPTO_ENGINE_UNKNOWN|ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED/);
assert.throws(() => crypto.setEngine(invalidEngineName,
crypto.constants.ENGINE_METHOD_RSA),
/ERR_CRYPTO_ENGINE_UNKNOWN/);
/ERR_CRYPTO_ENGINE_UNKNOWN|ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED/);
}

crypto.setEngine('dynamic');
crypto.setEngine('dynamic');
try {
crypto.setEngine('dynamic');
crypto.setEngine('dynamic');

crypto.setEngine('dynamic', crypto.constants.ENGINE_METHOD_RSA);
crypto.setEngine('dynamic', crypto.constants.ENGINE_METHOD_RSA);
crypto.setEngine('dynamic', crypto.constants.ENGINE_METHOD_RSA);
crypto.setEngine('dynamic', crypto.constants.ENGINE_METHOD_RSA);
} catch (err) {
assert.strictEqual(err.code, 'ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED');
hasEngineSupport = false;
}

const engine = path.join(__dirname,
`/build/${common.buildType}/testsetengine.engine`);
if (hasEngineSupport) {
const engine = path.join(__dirname,
`/build/${common.buildType}/testsetengine.engine`);

if (!fs.existsSync(engine))
common.skip('no engine');
if (!fs.existsSync(engine))
common.skip('no engine');

{
const engineId = path.parse(engine).name;
const execDir = path.parse(engine).dir;
{
const engineId = path.parse(engine).name;
const execDir = path.parse(engine).dir;

crypto.setEngine(engine);
// OpenSSL 3.0.1 and 1.1.1m now throw errors if an engine is loaded again
// with a duplicate absolute path.
// TODO(richardlau): figure out why this fails on macOS but not Linux.
// crypto.setEngine(engine);
crypto.setEngine(engine);
// OpenSSL 3.0.1 and 1.1.1m now throw errors if an engine is loaded again
// with a duplicate absolute path.
// TODO(richardlau): figure out why this fails on macOS but not Linux.
// crypto.setEngine(engine);

// crypto.setEngine(engine, crypto.constants.ENGINE_METHOD_RSA);
// crypto.setEngine(engine, crypto.constants.ENGINE_METHOD_RSA);
// crypto.setEngine(engine, crypto.constants.ENGINE_METHOD_RSA);
// crypto.setEngine(engine, crypto.constants.ENGINE_METHOD_RSA);

process.env.OPENSSL_ENGINES = execDir;
process.env.OPENSSL_ENGINES = execDir;

crypto.setEngine(engineId);
crypto.setEngine(engineId);
crypto.setEngine(engineId);
crypto.setEngine(engineId);

crypto.setEngine(engineId, crypto.constants.ENGINE_METHOD_RSA);
crypto.setEngine(engineId, crypto.constants.ENGINE_METHOD_RSA);
crypto.setEngine(engineId, crypto.constants.ENGINE_METHOD_RSA);
crypto.setEngine(engineId, crypto.constants.ENGINE_METHOD_RSA);
}
}

0 comments on commit 0e85a84

Please sign in to comment.