From: Jérémy Lal <kapouer@melix.org>
Date: Mon, 3 Jun 2024 11:36:41 +0000 (+0200)
Subject: trivial tests fixes for OpenSSL32 compatibility
X-Git-Tag: archive/raspbian/20.14.0+dfsg-1+rpi1^2~26
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=24cd63f5565276d827167ccacc982b582bffe664;p=nodejs.git

trivial tests fixes for OpenSSL32 compatibility

Forwarded: https://github.com/nodejs/node/issues/51152
Last-Update: 2024-04-11


Gbp-Pq: Topic build
Gbp-Pq: Name openssl_32.patch
---

diff --git a/test/common/index.js b/test/common/index.js
index c108ecf25..7edea69b8 100644
--- a/test/common/index.js
+++ b/test/common/index.js
@@ -62,6 +62,9 @@ const hasOpenSSL3 = hasCrypto &&
 const hasOpenSSL31 = hasCrypto &&
     require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000;
 
+const hasOpenSSL32 = hasCrypto &&
+    require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30200000;
+
 const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;
 
 function parseTestFlags(filename = process.argv[1]) {
@@ -952,6 +955,7 @@ const common = {
   hasCrypto,
   hasOpenSSL3,
   hasOpenSSL31,
+  hasOpenSSL32,
   hasQuic,
   hasMultiLocalhost,
   invalidArgTypeHelper,
diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
index ecda34598..6f92c0568 100644
--- a/test/parallel/test-crypto-rsa-dsa.js
+++ b/test/parallel/test-crypto-rsa-dsa.js
@@ -222,7 +222,7 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) {
   }, bufferToEncrypt);
 
 
-  if (padding === constants.RSA_PKCS1_PADDING) {
+  if (padding === constants.RSA_PKCS1_PADDING && !common.hasOpenSSL32) {
     // TODO(richardlau): see if it's possible to determine implicit rejection
     // support when dynamically linked against OpenSSL.
     if (!process.config.variables.node_shared_openssl) {
diff --git a/test/parallel/test-tls-alert-handling.js b/test/parallel/test-tls-alert-handling.js
index bd86149bc..89b38c8df 100644
--- a/test/parallel/test-tls-alert-handling.js
+++ b/test/parallel/test-tls-alert-handling.js
@@ -31,10 +31,10 @@ const max_iter = 20;
 let iter = 0;
 
 const errorHandler = common.mustCall((err) => {
-  assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER');
+  assert.strictEqual(err.code, common.hasOpenSSL32 ? 'ERR_SSL_PACKET_LENGTH_TOO_LONG' : 'ERR_SSL_WRONG_VERSION_NUMBER');
   assert.strictEqual(err.library, 'SSL routines');
   if (!common.hasOpenSSL3) assert.strictEqual(err.function, 'ssl3_get_record');
-  assert.strictEqual(err.reason, 'wrong version number');
+  assert.strictEqual(err.reason, common.hasOpenSSL32 ? 'packet length too long' : 'wrong version number');
   errorReceived = true;
   if (canCloseServer())
     server.close();
@@ -87,10 +87,10 @@ function sendBADTLSRecord() {
     });
   }));
   client.on('error', common.mustCall((err) => {
-    assert.strictEqual(err.code, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION');
+    assert.strictEqual(err.code, common.hasOpenSSL32 ? 'ERR_SSL_TLSV1_ALERT_RECORD_OVERFLOW' : 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION');
     assert.strictEqual(err.library, 'SSL routines');
     if (!common.hasOpenSSL3)
       assert.strictEqual(err.function, 'ssl3_read_bytes');
-    assert.strictEqual(err.reason, 'tlsv1 alert protocol version');
+    assert.strictEqual(err.reason, common.hasOpenSSL32 ? 'tlsv1 alert record overflow' : 'tlsv1 alert protocol version');
   }));
 }
diff --git a/test/parallel/test-tls-client-auth.js b/test/parallel/test-tls-client-auth.js
index 04756924e..0a2d36d65 100644
--- a/test/parallel/test-tls-client-auth.js
+++ b/test/parallel/test-tls-client-auth.js
@@ -80,7 +80,7 @@ connect({
   assert.strictEqual(pair.server.err.code,
                      'ERR_SSL_PEER_DID_NOT_RETURN_A_CERTIFICATE');
   assert.strictEqual(pair.client.err.code,
-                     'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
+                     common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
   return cleanup();
 });
 
diff --git a/test/parallel/test-tls-empty-sni-context.js b/test/parallel/test-tls-empty-sni-context.js
index 87219976a..0a0105b65 100644
--- a/test/parallel/test-tls-empty-sni-context.js
+++ b/test/parallel/test-tls-empty-sni-context.js
@@ -26,6 +26,6 @@ const server = tls.createServer(options, (c) => {
   }, common.mustNotCall());
 
   c.on('error', common.mustCall((err) => {
-    assert.strictEqual(err.code, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
+    assert.strictEqual(err.code, common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
   }));
 }));
diff --git a/test/parallel/test-tls-enable-trace-cli.js b/test/parallel/test-tls-enable-trace-cli.js
index 7b6f7e223..414427fd6 100644
--- a/test/parallel/test-tls-enable-trace-cli.js
+++ b/test/parallel/test-tls-enable-trace-cli.js
@@ -36,7 +36,7 @@ child.on('close', common.mustCall((code, signal) => {
   assert.strictEqual(signal, null);
   assert.strictEqual(stdout.trim(), '');
   assert.match(stderr, /Warning: Enabling --trace-tls can expose sensitive/);
-  assert.match(stderr, /Sent Record/);
+  assert.match(stderr, /Sent (TLS )?Record/);
 }));
 
 function test() {
diff --git a/test/parallel/test-tls-enable-trace.js b/test/parallel/test-tls-enable-trace.js
index 9126f58ee..d4f3bcee8 100644
--- a/test/parallel/test-tls-enable-trace.js
+++ b/test/parallel/test-tls-enable-trace.js
@@ -23,7 +23,7 @@ let stderr = '';
 child.stderr.setEncoding('utf8');
 child.stderr.on('data', (data) => stderr += data);
 child.on('close', common.mustCall(() => {
-  assert.match(stderr, /Received Record/);
+  assert.match(stderr, /Received (TLS )?Record/);
   assert.match(stderr, /ClientHello/);
 }));
 
diff --git a/test/parallel/test-tls-getcipher.js b/test/parallel/test-tls-getcipher.js
index 2a234d590..88e44e2ee 100644
--- a/test/parallel/test-tls-getcipher.js
+++ b/test/parallel/test-tls-getcipher.js
@@ -25,6 +25,9 @@ const common = require('../common');
 if (!common.hasCrypto)
   common.skip('missing crypto');
 
+if (common.hasOpenSSL32)
+  common.skip('test not compatible with openssl 3.2')
+
 const assert = require('assert');
 const tls = require('tls');
 // Import fixtures directly from its module
diff --git a/test/parallel/test-tls-junk-closes-server.js b/test/parallel/test-tls-junk-closes-server.js
index 06fa57267..8b5d2b51e 100644
--- a/test/parallel/test-tls-junk-closes-server.js
+++ b/test/parallel/test-tls-junk-closes-server.js
@@ -26,6 +26,9 @@ const fixtures = require('../common/fixtures');
 if (!common.hasCrypto)
   common.skip('missing crypto');
 
+if (common.hasOpenSSL32)
+  common.skip('openssl 3.2 does not throw');
+
 const tls = require('tls');
 const net = require('net');
 
diff --git a/test/parallel/test-tls-junk-server.js b/test/parallel/test-tls-junk-server.js
index 273fe9def..3c9de38e0 100644
--- a/test/parallel/test-tls-junk-server.js
+++ b/test/parallel/test-tls-junk-server.js
@@ -21,7 +21,7 @@ server.listen(0, function() {
   req.end();
 
   req.once('error', common.mustCall(function(err) {
-    assert(/wrong version number/.test(err.message));
+    assert(/packet length too long/.test(err.message));
     server.close();
   }));
 });
diff --git a/test/parallel/test-tls-psk-circuit.js b/test/parallel/test-tls-psk-circuit.js
index cef673503..6f23acd55 100644
--- a/test/parallel/test-tls-psk-circuit.js
+++ b/test/parallel/test-tls-psk-circuit.js
@@ -63,8 +63,8 @@ test({ psk: USERS.UserB, identity: 'UserB' });
 test({ psk: USERS.UserB, identity: 'UserB' }, { minVersion: 'TLSv1.3' });
 // Unrecognized user should fail handshake
 test({ psk: USERS.UserB, identity: 'UserC' }, {},
-     'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
+     common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
 // Recognized user but incorrect secret should fail handshake
 test({ psk: USERS.UserA, identity: 'UserB' }, {},
-     'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER');
+     common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_ILLEGAL_PARAMETER' : 'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER');
 test({ psk: USERS.UserB, identity: 'UserB' });
diff --git a/test/parallel/test-tls-set-ciphers.js b/test/parallel/test-tls-set-ciphers.js
index 313c5e238..92dcff766 100644
--- a/test/parallel/test-tls-set-ciphers.js
+++ b/test/parallel/test-tls-set-ciphers.js
@@ -3,6 +3,9 @@ const common = require('../common');
 if (!common.hasOpenSSL3)
   common.skip('missing crypto, or OpenSSL version lower than 3');
 
+if (common.hasOpenSSL32)
+  common.skip('openssl 3.2 does not support those ciphers - FIXME');
+
 const fixtures = require('../common/fixtures');
 const { inspect } = require('util');
 
@@ -89,13 +92,13 @@ test('TLS_AES_256_GCM_SHA384:!TLS_CHACHA20_POLY1305_SHA256', U, 'TLS_AES_256_GCM
 
 // Do not have shared ciphers.
 test('TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256',
-     U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
+     U, common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
 
-test('AES128-SHA', 'AES256-SHA', U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE',
+test('AES128-SHA', 'AES256-SHA', U, common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE',
      'ERR_SSL_NO_SHARED_CIPHER');
 test('AES128-SHA:TLS_AES_256_GCM_SHA384',
      'TLS_CHACHA20_POLY1305_SHA256:AES256-SHA',
-     U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
+     U, common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
 
 // Cipher order ignored, TLS1.3 chosen before TLS1.2.
 test('AES256-SHA:TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384');
@@ -111,7 +114,7 @@ test(U, 'AES256-SHA', 'TLS_AES_256_GCM_SHA384', U, U, { maxVersion: 'TLSv1.3' })
 // TLS_AES_128_CCM_8_SHA256 & TLS_AES_128_CCM_SHA256 are not enabled by
 // default, but work.
 test('TLS_AES_128_CCM_8_SHA256', U,
-     U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
+     U, common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
 
 test('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256',
      'TLS_AES_128_CCM_8_SHA256');
diff --git a/test/sequential/sequential.status b/test/sequential/sequential.status
index ccab879b6..746962f9b 100644
--- a/test/sequential/sequential.status
+++ b/test/sequential/sequential.status
@@ -13,6 +13,9 @@ test-watch-mode-inspect: PASS, FLAKY
 # https://github.com/nodejs/node/issues/47409
 test-http2-large-file: PASS, FLAKY
 
+# fails on arm64, armhf, loong64 since openssl32
+test-tls-session-timeout: PASS, FLAKY
+
 [$system==win32]
 # https://github.com/nodejs/node/issues/47116
 test-http-max-sockets: PASS, FLAKY