-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: fix crypto-dh error message for OpenSSL 3.x #50395
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
nodejs-github-bot
added
needs-ci
PRs that need a full CI run.
test
Issues and PRs related to the tests.
labels
Oct 25, 2023
richardlau
approved these changes
Oct 26, 2023
github-actions
bot
removed
the
request-ci
Add this label to start a Jenkins CI on a PR.
label
Oct 26, 2023
This comment was marked as outdated.
This comment was marked as outdated.
The https://ci.nodejs.org/job/node-test-commit-linux-containered/nodes=ubuntu1804_sharedlibs_withoutintl_x64/40113/ failure is #49988 (comment) and unrelated to this PR. Once we fix that, requesting a new Jenkins CI run should pick up the change. |
lpinca
approved these changes
Oct 26, 2023
github-actions
bot
removed
the
request-ci
Add this label to start a Jenkins CI on a PR.
label
Oct 26, 2023
tniessen
added
crypto
Issues and PRs related to the crypto subsystem.
openssl
Issues and PRs related to the OpenSSL dependency.
labels
Oct 26, 2023
richardlau
added
the
author ready
PRs that have at least one approval, no pending requests for changes, and a CI started.
label
Oct 26, 2023
19 tasks
richardlau
added
the
commit-queue
Add this label to land a pull request using GitHub Actions.
label
Oct 27, 2023
nodejs-github-bot
removed
the
commit-queue
Add this label to land a pull request using GitHub Actions.
label
Oct 27, 2023
Landed in 8eea2d3 |
This was referenced Oct 28, 2023
richardlau
added
lts-watch-v18.x
PRs that may need to be released in v18.x.
lts-watch-v20.x
PRs that may need to be released in v20.x
labels
Nov 1, 2023
alexfernandez
pushed a commit
to alexfernandez/node
that referenced
this pull request
Nov 1, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: nodejs#50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
targos
pushed a commit
that referenced
this pull request
Nov 11, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: #50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
UTsweetyfish
added a commit
to UTsweetyfish/nodejs
that referenced
this pull request
Nov 15, 2023
deepin-ci-robot
pushed a commit
to deepin-community/nodejs
that referenced
this pull request
Nov 15, 2023
targos
added
backported-to-v20.x
PRs backported to the v20.x-staging branch.
and removed
lts-watch-v20.x
PRs that may need to be released in v20.x
labels
Nov 15, 2023
targos
pushed a commit
that referenced
this pull request
Nov 15, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: #50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
targos
added
backported-to-v18.x
PRs backported to the v18.x-staging branch.
and removed
lts-watch-v18.x
PRs that may need to be released in v18.x.
labels
Nov 15, 2023
targos
pushed a commit
that referenced
this pull request
Nov 15, 2023
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: #50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
sercher
added a commit
to sercher/graaljs
that referenced
this pull request
Apr 25, 2024
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: nodejs/node#50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
sercher
added a commit
to sercher/graaljs
that referenced
this pull request
Apr 25, 2024
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause. The error message in test-crypto-dh for the "empty secret" is now 'Supplied key is too small' instead of 'error:02800080:Diffie-Hellman routines::invalid secret'. Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d ref. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee ref. https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 PR-URL: nodejs/node#50395 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
richardlau
added a commit
to richardlau/node-1
that referenced
this pull request
Jun 18, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395
nodejs-github-bot
pushed a commit
that referenced
this pull request
Jun 26, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95
pushed a commit
that referenced
this pull request
Jul 12, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95
pushed a commit
that referenced
this pull request
Jul 16, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
marco-ippolito
pushed a commit
that referenced
this pull request
Aug 19, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
marco-ippolito
pushed a commit
that referenced
this pull request
Aug 19, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: #50395 PR-URL: #53503 Refs: #53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95
pushed a commit
to aduh95/node
that referenced
this pull request
Sep 24, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395 PR-URL: nodejs#53503 Refs: nodejs#53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95
pushed a commit
to aduh95/node
that referenced
this pull request
Sep 25, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395 PR-URL: nodejs#53503 Refs: nodejs#53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
richardlau
added a commit
to aduh95/node
that referenced
this pull request
Sep 27, 2024
As per the original pull request that introduced the OpenSSL version check in `parallel/test-crypto-dh`: ``` Error message change is test-only and uses the right error message for versions >=3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series. ``` Fix the check so that: - The older message is expected for OpenSSL 3.1.0. - The newer message is expected for OpenSSL from 3.1.4 (e.g. 3.2.x). Refs: nodejs#50395 PR-URL: nodejs#53503 Refs: nodejs#53382 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
author ready
PRs that have at least one approval, no pending requests for changes, and a CI started.
backported-to-v18.x
PRs backported to the v18.x-staging branch.
backported-to-v20.x
PRs backported to the v20.x-staging branch.
crypto
Issues and PRs related to the crypto subsystem.
needs-ci
PRs that need a full CI run.
openssl
Issues and PRs related to the OpenSSL dependency.
test
Issues and PRs related to the tests.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
OpenSSL 3.0.12 and 3.1.4 changes the type of error short keys and IVs cause.
Error message change is test-only and uses the right error message for versions >= 3.0.12 in 3.0.x and >= 3.1.4 in 3.1.x series.
With these changes to OpenSSL, error message in XX test is now
'Supplied key is too small'
instead of'error:02800080:Diffie-Hellman routines::invalid secret'
.--
Sample failure: