Package: nodejs Version: 20.18.1+dfsg-1 Severity: important Tags: sid patch control: affects -1 src:openssl User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-3.4
The packages FTBFS against OpenSSL 3.4. One test fails due to a change in the error code, two fail because the hash shake128 and shake256 have no longer a default hash length. I made something for the error change and disable the shake* tests, there is an upstream (node) bug open regarding this. I am attaching two patches, their description has a bit more information. Sebastian
>From 2cbcd876e05864d6c81227cc22171e6f6b97a1d2 Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Date: Tue, 31 Dec 2024 16:44:17 +0100 Subject: [PATCH 1/2] test: update error code in tls-psk-circuit for for OpenSSL 3.4 Update parallel/test-tls-psk-circuit.js to account for error code changes in OpenSSL 3.4 and probably later. https://github.com/nodejs/node/pull/56420 Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> --- test/common/index.js | 4 ++++ test/parallel/test-tls-psk-circuit.js | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/test/common/index.js b/test/common/index.js index dd8e3cedb9aec..7c062109af6eb 100644 --- a/test/common/index.js +++ b/test/common/index.js @@ -1021,6 +1021,10 @@ const common = { return hasOpenSSL(3, 2); }, + get hasOpenSSL34() { + return hasOpenSSL(3, 4); + }, + get inFreeBSDJail() { if (inFreeBSDJail !== null) return inFreeBSDJail; diff --git a/test/parallel/test-tls-psk-circuit.js b/test/parallel/test-tls-psk-circuit.js index 2b49161df8326..491eaecd4b4ed 100644 --- a/test/parallel/test-tls-psk-circuit.js +++ b/test/parallel/test-tls-psk-circuit.js @@ -66,7 +66,8 @@ const expectedHandshakeErr = common.hasOpenSSL32 ? 'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE'; test({ psk: USERS.UserB, identity: 'UserC' }, {}, expectedHandshakeErr); // Recognized user but incorrect secret should fail handshake -const expectedIllegalParameterErr = common.hasOpenSSL32 ? - 'ERR_SSL_SSL/TLS_ALERT_ILLEGAL_PARAMETER' : 'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER'; +const expectedIllegalParameterErr = common.hasOpenSSL34 ? 'ERR_SSL_TLSV1_ALERT_DECRYPT_ERROR' : + common.hasOpenSSL32 ? + 'ERR_SSL_SSL/TLS_ALERT_ILLEGAL_PARAMETER' : 'ERR_SSL_SSLV3_ALERT_ILLEGAL_PARAMETER'; test({ psk: USERS.UserA, identity: 'UserB' }, {}, expectedIllegalParameterErr); test({ psk: USERS.UserB, identity: 'UserB' }); -- 2.45.2
>From d598fa8b3129870d323fbaa889ab389d28526a1b Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Date: Tue, 31 Dec 2024 17:23:35 +0100 Subject: [PATCH 2/2] test: Skip shake* tests on OpenSSL 3.4 shake* requires a length to be set. Skip the tests for now. => https://github.com/nodejs/node/issues/56159 => https://github.com/openssl/openssl/commit/b911fef216d1386210ec24e201d54d709528abb4 Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> --- test/parallel/test-crypto-hash.js | 3 +++ test/parallel/test-crypto-oneshot-hash.js | 3 +++ 2 files changed, 6 insertions(+) diff --git a/test/parallel/test-crypto-hash.js b/test/parallel/test-crypto-hash.js index af2146982c7a3..aa29d8df20c50 100644 --- a/test/parallel/test-crypto-hash.js +++ b/test/parallel/test-crypto-hash.js @@ -182,6 +182,8 @@ assert.throws( // Test XOF hash functions and the outputLength option. { + // Skip shake XOF due to length requirement. + if (!common.hasOpenSSL34) { // Default outputLengths. assert.strictEqual(crypto.createHash('shake128').digest('hex'), '7f9c2ba4e88f827d616045507605853e'); @@ -195,6 +197,7 @@ assert.throws( .digest('hex'), '46b9dd2b0ba88d13233b3feb743eeb24' + '3fcd52ea62b81b82b50c27646ed5762f'); + } // Short outputLengths. assert.strictEqual(crypto.createHash('shake128', { outputLength: 0 }) diff --git a/test/parallel/test-crypto-oneshot-hash.js b/test/parallel/test-crypto-oneshot-hash.js index 56b4c04a65a1c..80cbe7e589b22 100644 --- a/test/parallel/test-crypto-oneshot-hash.js +++ b/test/parallel/test-crypto-oneshot-hash.js @@ -31,6 +31,9 @@ const methods = crypto.getHashes(); const input = fs.readFileSync(fixtures.path('utf8_test_text.txt')); for (const method of methods) { + // Skip shake XOF due to length requirement. + if (common.hasOpenSSL34 && (method === 'shake128') || (method === 'shake256')) + continue; for (const outputEncoding of ['buffer', 'hex', 'base64', undefined]) { const oldDigest = crypto.createHash(method).update(input).digest(outputEncoding || 'hex'); const digestFromBuffer = crypto.hash(method, input, outputEncoding); -- 2.45.2
