Skip to content

Commit 66c5069

Browse files
codebytereclaude
codebytere
and
claude
committed
fix(patch): adapt new crypto tests for BoringSSL
Guard aes-128-ccm test in test-crypto-authenticated.js behind cipher availability check. Skip Ed448/X448/DSA tests in test-crypto-key-objects-raw.js. Skip AES-KW tests in test-webcrypto-promise-prototype-pollution.mjs. Ref: nodejs/node#62240 Ref: nodejs/node#62455 Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
1 parent 144c4f1 commit 66c5069

1 file changed

Lines changed: 82 additions & 2 deletions

File tree

patches/node/fix_crypto_tests_to_run_with_bssl.patch

Lines changed: 82 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ index 9876c4bb6ecd2e5b8879f153811cd0a0a22997aa..2c4bf03452eb10fec52c38a361b6aad9
4242
// Test Parallel Execution w/ KeyObject is threadsafe in openssl3
4343
{
4444
diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
45-
index 9778ea548e81d719f1ca01f9e6fb8cfb821d4103..dafd24abfa01c1a727cb631676b4df2cdde74292 100644
45+
index 9778ea548e81d719f1ca01f9e6fb8cfb821d4103..d6178dba6faa94778203d615b0638bd5afb4f9da 100644
4646
--- a/test/parallel/test-crypto-authenticated.js
4747
+++ b/test/parallel/test-crypto-authenticated.js
4848
@@ -627,21 +627,25 @@ for (const test of TEST_CASES) {
@@ -130,7 +130,7 @@ index 9778ea548e81d719f1ca01f9e6fb8cfb821d4103..dafd24abfa01c1a727cb631676b4df2c
130130
const rfcTestCases = TEST_CASES.filter(({ algo, tampered }) => {
131131
return algo === 'chacha20-poly1305' && tampered === false;
132132
});
133-
@@ -771,6 +781,8 @@ for (const test of TEST_CASES) {
133+
@@ -771,10 +781,12 @@ for (const test of TEST_CASES) {
134134
assert.throws(() => {
135135
decipher.final();
136136
}, /Unsupported state or unable to authenticate data/);
@@ -139,6 +139,11 @@ index 9778ea548e81d719f1ca01f9e6fb8cfb821d4103..dafd24abfa01c1a727cb631676b4df2c
139139
}
140140

141141
// Refs: https://github.com/nodejs/node/issues/62342
142+
-{
143+
+if (ciphers.includes('aes-128-ccm')) {
144+
const key = crypto.randomBytes(16);
145+
const nonce = crypto.randomBytes(13);
146+
142147
diff --git a/test/parallel/test-crypto-cipheriv-decipheriv.js b/test/parallel/test-crypto-cipheriv-decipheriv.js
143148
index 6742722f9e90914b4dc8c079426d10040d476f72..8801ddfe7023fd0f7d5657b86a9164d75765322e 100644
144149
--- a/test/parallel/test-crypto-cipheriv-decipheriv.js
@@ -300,6 +305,49 @@ index d22281abbd5c3cab3aaa3ac494301fa6b4a8a968..5f0c6a4aed2e868a1a1049212edf2187
300305

301306
s.pipe(h).on('data', common.mustCall(function(c) {
302307
assert.strictEqual(c, expect);
308+
diff --git a/test/parallel/test-crypto-key-objects-raw.js b/test/parallel/test-crypto-key-objects-raw.js
309+
index f301cc1942fd9a46ea91e18e580504d09ce53e48..95d4e1fc7671233e017177025813f46bad50f2f0 100644
310+
--- a/test/parallel/test-crypto-key-objects-raw.js
311+
+++ b/test/parallel/test-crypto-key-objects-raw.js
312+
@@ -34,10 +34,13 @@ const { hasOpenSSL } = require('../common/crypto');
313+
314+
// Key types that don't support raw-* formats
315+
{
316+
- for (const [type, pub, priv] of [
317+
+ const unsupportedKeyTypes = [
318+
['rsa', 'rsa_public_2048.pem', 'rsa_private_2048.pem'],
319+
- ['dsa', 'dsa_public.pem', 'dsa_private.pem'],
320+
- ]) {
321+
+ ];
322+
+ if (!process.features.openssl_is_boringssl) {
323+
+ unsupportedKeyTypes.push(['dsa', 'dsa_public.pem', 'dsa_private.pem']);
324+
+ }
325+
+ for (const [type, pub, priv] of unsupportedKeyTypes) {
326+
const pubKeyObj = crypto.createPublicKey(
327+
fixtures.readKey(pub, 'ascii'));
328+
const privKeyObj = crypto.createPrivateKey(
329+
@@ -224,7 +227,9 @@ if (hasOpenSSL(3, 5)) {
330+
assert.throws(() => ecPriv.export({ format: 'raw-seed' }),
331+
{ code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS' });
332+
333+
- for (const type of ['ed25519', 'ed448', 'x25519', 'x448']) {
334+
+ const seedKeyTypes = process.features.openssl_is_boringssl ?
335+
+ ['ed25519', 'x25519'] : ['ed25519', 'ed448', 'x25519', 'x448'];
336+
+ for (const type of seedKeyTypes) {
337+
const priv = crypto.createPrivateKey(
338+
fixtures.readKey(`${type}_private.pem`, 'ascii'));
339+
assert.throws(() => priv.export({ format: 'raw-seed' }),
340+
@@ -392,7 +397,9 @@ if (hasOpenSSL(3, 5)) {
341+
342+
// x25519, ed25519, x448, and ed448 cannot be used as 'ec' namedCurve values
343+
{
344+
- for (const type of ['ed25519', 'x25519', 'ed448', 'x448']) {
345+
+ const curveTypes = process.features.openssl_is_boringssl ?
346+
+ ['ed25519', 'x25519'] : ['ed25519', 'x25519', 'ed448', 'x448'];
347+
+ for (const type of curveTypes) {
348+
const priv = crypto.createPrivateKey(
349+
fixtures.readKey(`${type}_private.pem`, 'ascii'));
350+
const pub = crypto.createPublicKey(
303351
diff --git a/test/parallel/test-crypto-key-objects-to-crypto-key.js b/test/parallel/test-crypto-key-objects-to-crypto-key.js
304352
index 141e51d1ab74a4fc3b176b303807fb1cf2a58ce1..ba4fc881aa72ba7c39e8ae227a08be0ecf501c6f 100644
305353
--- a/test/parallel/test-crypto-key-objects-to-crypto-key.js
@@ -994,6 +1042,38 @@ index ae203e1005de0ab4370bd611f4f2ae64bb7a9a6a..216ce5fd14001183e7deb2abadc93178
9941042
+} else {
9951043
+ common.printSkipMessage('Skipping RSA key import tests');
9961044
}
1045+
diff --git a/test/parallel/test-webcrypto-promise-prototype-pollution.mjs b/test/parallel/test-webcrypto-promise-prototype-pollution.mjs
1046+
index b4fbedba5e32423821879a856cc56716bacb77fe..a927089fbf1f04710b66ecdc0d870c722f501f6a 100644
1047+
--- a/test/parallel/test-webcrypto-promise-prototype-pollution.mjs
1048+
+++ b/test/parallel/test-webcrypto-promise-prototype-pollution.mjs
1049+
@@ -59,17 +59,19 @@ await subtle.deriveKey(
1050+
true,
1051+
['encrypt', 'decrypt']);
1052+
1053+
-const wrappingKey = await subtle.generateKey(
1054+
- { name: 'AES-KW', length: 256 }, true, ['wrapKey', 'unwrapKey']);
1055+
+if (!process.features.openssl_is_boringssl) {
1056+
+ const wrappingKey = await subtle.generateKey(
1057+
+ { name: 'AES-KW', length: 256 }, true, ['wrapKey', 'unwrapKey']);
1058+
1059+
-const keyToWrap = await subtle.generateKey(
1060+
- { name: 'AES-CBC', length: 256 }, true, ['encrypt', 'decrypt']);
1061+
+ const keyToWrap = await subtle.generateKey(
1062+
+ { name: 'AES-CBC', length: 256 }, true, ['encrypt', 'decrypt']);
1063+
1064+
-const wrapped = await subtle.wrapKey('raw', keyToWrap, wrappingKey, 'AES-KW');
1065+
+ const wrapped = await subtle.wrapKey('raw', keyToWrap, wrappingKey, 'AES-KW');
1066+
1067+
-await subtle.unwrapKey(
1068+
- 'raw', wrapped, wrappingKey, 'AES-KW',
1069+
- { name: 'AES-CBC', length: 256 }, true, ['encrypt', 'decrypt']);
1070+
+ await subtle.unwrapKey(
1071+
+ 'raw', wrapped, wrappingKey, 'AES-KW',
1072+
+ { name: 'AES-CBC', length: 256 }, true, ['encrypt', 'decrypt']);
1073+
+}
1074+
1075+
const { privateKey } = await subtle.generateKey(
1076+
{ name: 'ECDSA', namedCurve: 'P-256' }, true, ['sign', 'verify']);
9971077
diff --git a/test/parallel/test-webcrypto-wrap-unwrap.js b/test/parallel/test-webcrypto-wrap-unwrap.js
9981078
index bd788ec4ed88289d35798b8af8c9490a68e081a2..c6a6f33490595faabaefc9b58afdd813f0887258 100644
9991079
--- a/test/parallel/test-webcrypto-wrap-unwrap.js

0 commit comments

Comments
 (0)