Skip to content

Commit

Permalink
test: check against run-time OpenSSL version
Browse files Browse the repository at this point in the history
Update `common.hasOpenSSL3*` to check against the run-time version of
OpenSSL instead of the version of OpenSSL that Node.js was compiled
against.

Add a generalized `common.hasOpenSSL()` so we do not need to keep adding
new checks for each new major/minor of OpenSSL.

PR-URL: nodejs#53456
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
  • Loading branch information
richardlau authored and bmeck committed Jun 22, 2024
1 parent 32df039 commit c7cf4e8
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 12 deletions.
40 changes: 30 additions & 10 deletions test/common/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -57,14 +57,24 @@ const noop = () => {};
const hasCrypto = Boolean(process.versions.openssl) &&
!process.env.NODE_SKIP_CRYPTO;

const hasOpenSSL3 = hasCrypto &&
require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30000000;

const hasOpenSSL31 = hasCrypto &&
require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000;
// Synthesize OPENSSL_VERSION_NUMBER format with the layout 0xMNN00PPSL
const opensslVersionNumber = (major = 0, minor = 0, patch = 0) => {
assert(major >= 0 && major <= 0xf);
assert(minor >= 0 && minor <= 0xff);
assert(patch >= 0 && patch <= 0xff);
return (major << 28) | (minor << 20) | (patch << 4);
};

const hasOpenSSL32 = hasCrypto &&
require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30200000;
let OPENSSL_VERSION_NUMBER;
const hasOpenSSL = (major = 0, minor = 0, patch = 0) => {
if (!hasCrypto) return false;
if (OPENSSL_VERSION_NUMBER === undefined) {
const regexp = /(?<m>\d+)\.(?<n>\d+)\.(?<p>\d+)/;
const { m, n, p } = process.versions.openssl.match(regexp).groups;
OPENSSL_VERSION_NUMBER = opensslVersionNumber(m, n, p);
}
return OPENSSL_VERSION_NUMBER >= opensslVersionNumber(major, minor, patch);
};

const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;

Expand Down Expand Up @@ -977,9 +987,7 @@ const common = {
getTTYfd,
hasIntl,
hasCrypto,
hasOpenSSL3,
hasOpenSSL31,
hasOpenSSL32,
hasOpenSSL,
hasQuic,
hasMultiLocalhost,
invalidArgTypeHelper,
Expand Down Expand Up @@ -1040,6 +1048,18 @@ const common = {
});
},

get hasOpenSSL3() {
return hasOpenSSL(3);
},

get hasOpenSSL31() {
return hasOpenSSL(3, 1);
},

get hasOpenSSL32() {
return hasOpenSSL(3, 2);
},

get inFreeBSDJail() {
if (inFreeBSDJail !== null) return inFreeBSDJail;

Expand Down
4 changes: 2 additions & 2 deletions test/parallel/test-crypto-dh.js
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,8 @@ const crypto = require('crypto');
}

{
const v = crypto.constants.OPENSSL_VERSION_NUMBER;
const hasOpenSSL3WithNewErrorMessage = (v >= 0x300000c0 && v <= 0x30100000) || (v >= 0x30100040 && v <= 0x30200000);
const hasOpenSSL3WithNewErrorMessage = (common.hasOpenSSL(3, 0, 12) && !common.hasOpenSSL(3, 1, 1)) ||
(common.hasOpenSSL(3, 1, 4) && !common.hasOpenSSL(3, 2, 1));
assert.throws(() => {
dh3.computeSecret('');
}, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
Expand Down

0 comments on commit c7cf4e8

Please sign in to comment.