From 3e7129e5d60d4f017ad06c006dec7f95d986095c Mon Sep 17 00:00:00 2001 From: Richard Lau Date: Fri, 14 Jun 2024 16:54:18 +0000 Subject: [PATCH] test: check against run-time OpenSSL version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update `common.hasOpenSSL3*` to check against the run-time version of OpenSSL instead of the version of OpenSSL that Node.js was compiled against. Add a generalized `common.hasOpenSSL()` so we do not need to keep adding new checks for each new major/minor of OpenSSL. PR-URL: https://github.com/nodejs/node/pull/53456 Reviewed-By: Luigi Pinca Reviewed-By: Tobias Nießen --- test/common/index.js | 40 ++++++++++++++++++++++++--------- test/parallel/test-crypto-dh.js | 4 ++-- 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/test/common/index.js b/test/common/index.js index dc1bc64d28b908..871f8946a8877f 100644 --- a/test/common/index.js +++ b/test/common/index.js @@ -57,14 +57,24 @@ const noop = () => {}; const hasCrypto = Boolean(process.versions.openssl) && !process.env.NODE_SKIP_CRYPTO; -const hasOpenSSL3 = hasCrypto && - require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30000000; - -const hasOpenSSL31 = hasCrypto && - require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000; +// Synthesize OPENSSL_VERSION_NUMBER format with the layout 0xMNN00PPSL +const opensslVersionNumber = (major = 0, minor = 0, patch = 0) => { + assert(major >= 0 && major <= 0xf); + assert(minor >= 0 && minor <= 0xff); + assert(patch >= 0 && patch <= 0xff); + return (major << 28) | (minor << 20) | (patch << 4); +}; -const hasOpenSSL32 = hasCrypto && - require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30200000; +let OPENSSL_VERSION_NUMBER; +const hasOpenSSL = (major = 0, minor = 0, patch = 0) => { + if (!hasCrypto) return false; + if (OPENSSL_VERSION_NUMBER === undefined) { + const regexp = /(?\d+)\.(?\d+)\.(?

\d+)/; + const { m, n, p } = process.versions.openssl.match(regexp).groups; + OPENSSL_VERSION_NUMBER = opensslVersionNumber(m, n, p); + } + return OPENSSL_VERSION_NUMBER >= opensslVersionNumber(major, minor, patch); +}; const hasQuic = hasCrypto && !!process.config.variables.openssl_quic; @@ -977,9 +987,7 @@ const common = { getTTYfd, hasIntl, hasCrypto, - hasOpenSSL3, - hasOpenSSL31, - hasOpenSSL32, + hasOpenSSL, hasQuic, hasMultiLocalhost, invalidArgTypeHelper, @@ -1040,6 +1048,18 @@ const common = { }); }, + get hasOpenSSL3() { + return hasOpenSSL(3); + }, + + get hasOpenSSL31() { + return hasOpenSSL(3, 1); + }, + + get hasOpenSSL32() { + return hasOpenSSL(3, 2); + }, + get inFreeBSDJail() { if (inFreeBSDJail !== null) return inFreeBSDJail; diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js index 3b738b7f47ec59..fb580e1b315445 100644 --- a/test/parallel/test-crypto-dh.js +++ b/test/parallel/test-crypto-dh.js @@ -86,8 +86,8 @@ const crypto = require('crypto'); } { - const v = crypto.constants.OPENSSL_VERSION_NUMBER; - const hasOpenSSL3WithNewErrorMessage = (v >= 0x300000c0 && v <= 0x30100000) || (v >= 0x30100040 && v <= 0x30200000); + const hasOpenSSL3WithNewErrorMessage = (common.hasOpenSSL(3, 0, 12) && !common.hasOpenSSL(3, 1, 1)) || + (common.hasOpenSSL(3, 1, 4) && !common.hasOpenSSL(3, 2, 1)); assert.throws(() => { dh3.computeSecret(''); }, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?