From: Jérémy Lal <kapouer@melix.org>
Date: Thu, 29 Aug 2024 08:25:23 +0000 (+0200)
Subject: trivial tests fixes for OpenSSL32 compatibility
X-Git-Tag: archive/raspbian/20.17.0+dfsg-2+rpi1^2~1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=abfe1f99225bbc877b18940c98f081e578aa30d4;p=nodejs.git

trivial tests fixes for OpenSSL32 compatibility

Forwarded: https://github.com/nodejs/node/issues/51152
Last-Update: 2024-04-11


Gbp-Pq: Topic build
Gbp-Pq: Name openssl_32.patch
---

diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
index 8ae0a002f..21c540636 100644
--- a/test/parallel/test-crypto-dh.js
+++ b/test/parallel/test-crypto-dh.js
@@ -88,7 +88,7 @@ const crypto = require('crypto');
   {
     // Error message was changed in OpenSSL 3.0.x from 3.0.12, and 3.1.x from 3.1.4.
     const hasOpenSSL3WithNewErrorMessage = (common.hasOpenSSL(3, 0, 12) && !common.hasOpenSSL(3, 1, 0)) ||
-                                           (common.hasOpenSSL(3, 1, 4));
+                                           (common.hasOpenSSL(3, 1, 4)) || (common.hasOpenSSL32);
     assert.throws(() => {
       dh3.computeSecret('');
     }, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
index 5f4fafdff..b07e02601 100644
--- a/test/parallel/test-crypto-rsa-dsa.js
+++ b/test/parallel/test-crypto-rsa-dsa.js
@@ -222,7 +222,7 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) {
   }, bufferToEncrypt);
 
 
-  if (padding === constants.RSA_PKCS1_PADDING) {
+  if (padding === constants.RSA_PKCS1_PADDING && !common.hasOpenSSL32) {
     if (!process.config.variables.node_shared_openssl) {
       assert.throws(() => {
         crypto.privateDecrypt({
diff --git a/test/parallel/test-tls-alert-handling.js b/test/parallel/test-tls-alert-handling.js
index bd86149bc..89b38c8df 100644
--- a/test/parallel/test-tls-alert-handling.js
+++ b/test/parallel/test-tls-alert-handling.js
@@ -31,10 +31,10 @@ const max_iter = 20;
 let iter = 0;
 
 const errorHandler = common.mustCall((err) => {
-  assert.strictEqual(err.code, 'ERR_SSL_WRONG_VERSION_NUMBER');
+  assert.strictEqual(err.code, common.hasOpenSSL32 ? 'ERR_SSL_PACKET_LENGTH_TOO_LONG' : 'ERR_SSL_WRONG_VERSION_NUMBER');
   assert.strictEqual(err.library, 'SSL routines');
   if (!common.hasOpenSSL3) assert.strictEqual(err.function, 'ssl3_get_record');
-  assert.strictEqual(err.reason, 'wrong version number');
+  assert.strictEqual(err.reason, common.hasOpenSSL32 ? 'packet length too long' : 'wrong version number');
   errorReceived = true;
   if (canCloseServer())
     server.close();
@@ -87,10 +87,10 @@ function sendBADTLSRecord() {
     });
   }));
   client.on('error', common.mustCall((err) => {
-    assert.strictEqual(err.code, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION');
+    assert.strictEqual(err.code, common.hasOpenSSL32 ? 'ERR_SSL_TLSV1_ALERT_RECORD_OVERFLOW' : 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION');
     assert.strictEqual(err.library, 'SSL routines');
     if (!common.hasOpenSSL3)
       assert.strictEqual(err.function, 'ssl3_read_bytes');
-    assert.strictEqual(err.reason, 'tlsv1 alert protocol version');
+    assert.strictEqual(err.reason, common.hasOpenSSL32 ? 'tlsv1 alert record overflow' : 'tlsv1 alert protocol version');
   }));
 }
diff --git a/test/parallel/test-tls-client-auth.js b/test/parallel/test-tls-client-auth.js
index 04756924e..0a2d36d65 100644
--- a/test/parallel/test-tls-client-auth.js
+++ b/test/parallel/test-tls-client-auth.js
@@ -80,7 +80,7 @@ connect({
   assert.strictEqual(pair.server.err.code,
                      'ERR_SSL_PEER_DID_NOT_RETURN_A_CERTIFICATE');
   assert.strictEqual(pair.client.err.code,
-                     'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
+                     common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE');
   return cleanup();
 });
 
diff --git a/test/parallel/test-tls-getcipher.js b/test/parallel/test-tls-getcipher.js
index 2a234d590..7faccdf24 100644
--- a/test/parallel/test-tls-getcipher.js
+++ b/test/parallel/test-tls-getcipher.js
@@ -78,19 +78,19 @@ server.listen(0, '127.0.0.1', common.mustCall(function() {
 tls.createServer({
   key: fixtures.readKey('agent2-key.pem'),
   cert: fixtures.readKey('agent2-cert.pem'),
-  ciphers: 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_8_SHA256',
+  ciphers: 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384',
   maxVersion: 'TLSv1.3',
 }, common.mustCall(function() {
   this.close();
 })).listen(0, common.mustCall(function() {
   const client = tls.connect({
     port: this.address().port,
-    ciphers: 'TLS_AES_128_CCM_8_SHA256',
+    ciphers: 'TLS_AES_256_GCM_SHA384',
     maxVersion: 'TLSv1.3',
     rejectUnauthorized: false
   }, common.mustCall(() => {
     const cipher = client.getCipher();
-    assert.strictEqual(cipher.name, 'TLS_AES_128_CCM_8_SHA256');
+    assert.strictEqual(cipher.name, 'TLS_AES_256_GCM_SHA384');
     assert.strictEqual(cipher.standardName, cipher.name);
     assert.strictEqual(cipher.version, 'TLSv1.3');
     client.end();
diff --git a/test/parallel/test-tls-junk-closes-server.js b/test/parallel/test-tls-junk-closes-server.js
index 06fa57267..8b5d2b51e 100644
--- a/test/parallel/test-tls-junk-closes-server.js
+++ b/test/parallel/test-tls-junk-closes-server.js
@@ -26,6 +26,9 @@ const fixtures = require('../common/fixtures');
 if (!common.hasCrypto)
   common.skip('missing crypto');
 
+if (common.hasOpenSSL32)
+  common.skip('openssl 3.2 does not throw');
+
 const tls = require('tls');
 const net = require('net');
 
diff --git a/test/parallel/test-tls-junk-server.js b/test/parallel/test-tls-junk-server.js
index 273fe9def..3c9de38e0 100644
--- a/test/parallel/test-tls-junk-server.js
+++ b/test/parallel/test-tls-junk-server.js
@@ -21,7 +21,7 @@ server.listen(0, function() {
   req.end();
 
   req.once('error', common.mustCall(function(err) {
-    assert(/wrong version number/.test(err.message));
+    assert(/packet length too long/.test(err.message));
     server.close();
   }));
 });
diff --git a/test/parallel/test-tls-set-ciphers.js b/test/parallel/test-tls-set-ciphers.js
index 313c5e238..b76e67a8c 100644
--- a/test/parallel/test-tls-set-ciphers.js
+++ b/test/parallel/test-tls-set-ciphers.js
@@ -89,13 +89,13 @@ test('TLS_AES_256_GCM_SHA384:!TLS_CHACHA20_POLY1305_SHA256', U, 'TLS_AES_256_GCM
 
 // Do not have shared ciphers.
 test('TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256',
-     U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
+     U, common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
 
-test('AES128-SHA', 'AES256-SHA', U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE',
+test('AES128-SHA', 'AES256-SHA', U, common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE',
      'ERR_SSL_NO_SHARED_CIPHER');
 test('AES128-SHA:TLS_AES_256_GCM_SHA384',
      'TLS_CHACHA20_POLY1305_SHA256:AES256-SHA',
-     U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
+     U, common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
 
 // Cipher order ignored, TLS1.3 chosen before TLS1.2.
 test('AES256-SHA:TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384');
@@ -110,11 +110,11 @@ test(U, 'AES256-SHA', 'TLS_AES_256_GCM_SHA384', U, U, { maxVersion: 'TLSv1.3' })
 
 // TLS_AES_128_CCM_8_SHA256 & TLS_AES_128_CCM_SHA256 are not enabled by
 // default, but work.
-test('TLS_AES_128_CCM_8_SHA256', U,
-     U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
+// test('TLS_AES_128_CCM_8_SHA256', U,
+//     U, common.hasOpenSSL32 ? 'ERR_SSL_NO_CIPHERS_AVAILABLE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER');
 
-test('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256',
-     'TLS_AES_128_CCM_8_SHA256');
+//test('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256',
+//    'TLS_AES_128_CCM_8_SHA256');
 
 // Invalid cipher values
 test(9, 'AES256-SHA', U, 'ERR_INVALID_ARG_TYPE', U);
diff --git a/test/sequential/sequential.status b/test/sequential/sequential.status
index ca25683f9..96f3d0ab4 100644
--- a/test/sequential/sequential.status
+++ b/test/sequential/sequential.status
@@ -34,6 +34,9 @@ test-watch-mode-inspect: SKIP
 test-tls-psk-client: PASS,FLAKY
 test-tls-securepair-client: PASS,FLAKY
 
+# fails on arm64, armhf, loong64 since openssl32
+test-tls-session-timeout: PASS, FLAKY
+
 [$system==win32]
 # https://github.com/nodejs/node/issues/47116
 test-http-max-sockets: PASS, FLAKY