1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

test: well-defined DH groups now verify clean

Browse Source 
OpenSSL 1.1.1d no longer generates warnings for some DH groups that used
to be considered unsafe. See below for discussion. This is considered a
bug fix.

See:
- https://github.com/openssl/openssl/pull/9363
- https://github.com/openssl/openssl/pull/9363#discussion_r324802618

PR-URL: https://github.com/nodejs/node/pull/29550
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
This commit is contained in:
Sam Roberts 2019-09-13 13:19:06 -07:00
parent 1ca1e0163e
commit 3473e58fee
2 changed files with 8 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
test/parallel/test-crypto-binary-default.js
View File

@ -36,7 +36,6 @@ const crypto = require('crypto');
const fs = require('fs');
const tls = require('tls');
const fixtures = require('../common/fixtures');
const DH_NOT_SUITABLE_GENERATOR = crypto.constants.DH_NOT_SUITABLE_GENERATOR;
require('internal/crypto/util').setDefaultEncoding('latin1');
@ -615,8 +614,7 @@ common.expectsError(
'020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' +
'4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' +
'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF';
const d = crypto.createDiffieHellman(p, 'hex');
assert.strictEqual(d.verifyError, DH_NOT_SUITABLE_GENERATOR);
crypto.createDiffieHellman(p, 'hex');
// Test RSA key signing/verification
const rsaSign = crypto.createSign('SHA1');

19
test/parallel/test-crypto-dh.js
View File

@ -6,8 +6,6 @@ if (!common.hasCrypto)
const assert = require('assert');
const crypto = require('crypto');
const DH_NOT_SUITABLE_GENERATOR = crypto.constants.DH_NOT_SUITABLE_GENERATOR;
// Test Diffie-Hellman with two parties sharing a secret,
// using various encodings as we go along
const dh1 = crypto.createDiffieHellman(common.hasFipsCrypto ? 1024 : 256);
@ -126,8 +124,6 @@ bob.generateKeys();
const aSecret = alice.computeSecret(bob.getPublicKey()).toString('hex');
const bSecret = bob.computeSecret(alice.getPublicKey()).toString('hex');
assert.strictEqual(aSecret, bSecret);
assert.strictEqual(alice.verifyError, DH_NOT_SUITABLE_GENERATOR);
assert.strictEqual(bob.verifyError, DH_NOT_SUITABLE_GENERATOR);
/* Ensure specific generator (buffer) works as expected.
* The values below (modp2/modp2buf) are for a 1024 bits long prime from
@ -158,8 +154,6 @@ const modp2buf = Buffer.from([
const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
.toString('hex');
assert.strictEqual(modp2Secret, exmodp2Secret);
assert.strictEqual(modp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
}
for (const buf of [modp2buf, ...common.getArrayBufferViews(modp2buf)]) {
@ -172,7 +166,6 @@ for (const buf of [modp2buf, ...common.getArrayBufferViews(modp2buf)]) {
const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
.toString('hex');
assert.strictEqual(modp2Secret, exmodp2Secret);
assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
}
{
@ -184,7 +177,6 @@ for (const buf of [modp2buf, ...common.getArrayBufferViews(modp2buf)]) {
const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
.toString('hex');
assert.strictEqual(modp2Secret, exmodp2Secret);
assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
}
{
@ -196,17 +188,20 @@ for (const buf of [modp2buf, ...common.getArrayBufferViews(modp2buf)]) {
const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
.toString('hex');
assert.strictEqual(modp2Secret, exmodp2Secret);
assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
}
// Second OAKLEY group, see
// https://github.com/nodejs/node-v0.x-archive/issues/2338 and
// https://xml2rfc.tools.ietf.org/public/rfc/html/rfc2412.html#anchor49
const p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' +
'020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' +
'4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' +
'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF';
const bad_dh = crypto.createDiffieHellman(p, 'hex');
assert.strictEqual(bad_dh.verifyError, DH_NOT_SUITABLE_GENERATOR);
crypto.createDiffieHellman(p, 'hex');
// Confirm DH_check() results are exposed for optional examination.
const bad_dh = crypto.createDiffieHellman('02', 'hex');
assert.notStrictEqual(bad_dh.verifyError, 0);
const availableCurves = new Set(crypto.getCurves());
const availableHashes = new Set(crypto.getHashes());