diff options
author | Greg Alexander <gregory.l.alexander@gmail.com> | 2017-08-09 22:26:03 -0500 |
---|---|---|
committer | Ruben Bridgewater <ruben@bridgewater.de> | 2017-09-28 02:22:29 -0300 |
commit | ccfcd8873cf4966380322f89e34ce47441868c9d (patch) | |
tree | 74f0c3d8fbcf97847275e4c45173480bdc0268ae /test/parallel/test-crypto.js | |
parent | 64e97b2c26f2ccd13bcb420b36f1285d4720845e (diff) | |
download | android-node-v8-ccfcd8873cf4966380322f89e34ce47441868c9d.tar.gz android-node-v8-ccfcd8873cf4966380322f89e34ce47441868c9d.tar.bz2 android-node-v8-ccfcd8873cf4966380322f89e34ce47441868c9d.zip |
crypto: better crypto error messages
Add openSSL error stack to the exception object thrown from crypto.
The new exception property is only added to the object if the error
stack has not cleared out prior to calling ThrowCryptoError.
PR-URL: https://github.com/nodejs/node/pull/15518
Refs: https://github.com/nodejs/node/issues/5444
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Diffstat (limited to 'test/parallel/test-crypto.js')
-rw-r--r-- | test/parallel/test-crypto.js | 114 |
1 files changed, 102 insertions, 12 deletions
diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js index 2a704ff07c..d501991dd2 100644 --- a/test/parallel/test-crypto.js +++ b/test/parallel/test-crypto.js @@ -46,7 +46,14 @@ assert.throws(function() { const context = credentials.context; const notcontext = { setOptions: context.setOptions, setKey: context.setKey }; tls.createSecureContext({ secureOptions: 1 }, notcontext); -}, /^TypeError: Illegal invocation$/); +}, (err) => { + // Throws TypeError, so there is no opensslErrorStack property. + if ((err instanceof Error) && + /^TypeError: Illegal invocation$/.test(err) && + err.opensslErrorStack === undefined) { + return true; + } +}); // PFX tests assert.doesNotThrow(function() { @@ -55,15 +62,36 @@ assert.doesNotThrow(function() { assert.throws(function() { tls.createSecureContext({ pfx: certPfx }); -}, /^Error: mac verify failure$/); +}, (err) => { + // Throws general Error, so there is no opensslErrorStack property. + if ((err instanceof Error) && + /^Error: mac verify failure$/.test(err) && + err.opensslErrorStack === undefined) { + return true; + } +}); assert.throws(function() { tls.createSecureContext({ pfx: certPfx, passphrase: 'test' }); -}, /^Error: mac verify failure$/); +}, (err) => { + // Throws general Error, so there is no opensslErrorStack property. + if ((err instanceof Error) && + /^Error: mac verify failure$/.test(err) && + err.opensslErrorStack === undefined) { + return true; + } +}); assert.throws(function() { tls.createSecureContext({ pfx: 'sample', passphrase: 'test' }); -}, /^Error: not enough data$/); +}, (err) => { + // Throws general Error, so there is no opensslErrorStack property. + if ((err instanceof Error) && + /^Error: not enough data$/.test(err) && + err.opensslErrorStack === undefined) { + return true; + } +}); // update() should only take buffers / strings @@ -138,23 +166,62 @@ testImmutability(crypto.getCurves); // throw, not assert in C++ land. assert.throws(function() { crypto.createCipher('aes192', 'test').update('0', 'hex'); -}, common.hasFipsCrypto ? /not supported in FIPS mode/ : /Bad input string/); +}, (err) => { + const errorMessage = + common.hasFipsCrypto ? /not supported in FIPS mode/ : /Bad input string/; + // Throws general Error, so there is no opensslErrorStack property. + if ((err instanceof Error) && + errorMessage.test(err) && + err.opensslErrorStack === undefined) { + return true; + } +}); assert.throws(function() { crypto.createDecipher('aes192', 'test').update('0', 'hex'); -}, common.hasFipsCrypto ? /not supported in FIPS mode/ : /Bad input string/); +}, (err) => { + const errorMessage = + common.hasFipsCrypto ? /not supported in FIPS mode/ : /Bad input string/; + // Throws general Error, so there is no opensslErrorStack property. + if ((err instanceof Error) && + errorMessage.test(err) && + err.opensslErrorStack === undefined) { + return true; + } +}); assert.throws(function() { crypto.createHash('sha1').update('0', 'hex'); -}, /^TypeError: Bad input string$/); +}, (err) => { + // Throws TypeError, so there is no opensslErrorStack property. + if ((err instanceof Error) && + /^TypeError: Bad input string$/.test(err) && + err.opensslErrorStack === undefined) { + return true; + } +}); assert.throws(function() { crypto.createSign('SHA1').update('0', 'hex'); -}, /^TypeError: Bad input string$/); +}, (err) => { + // Throws TypeError, so there is no opensslErrorStack property. + if ((err instanceof Error) && + /^TypeError: Bad input string$/.test(err) && + err.opensslErrorStack === undefined) { + return true; + } +}); assert.throws(function() { crypto.createVerify('SHA1').update('0', 'hex'); -}, /^TypeError: Bad input string$/); +}, (err) => { + // Throws TypeError, so there is no opensslErrorStack property. + if ((err instanceof Error) && + /^TypeError: Bad input string$/.test(err) && + err.opensslErrorStack === undefined) { + return true; + } +}); assert.throws(function() { const priv = [ @@ -167,7 +234,13 @@ assert.throws(function() { '' ].join('\n'); crypto.createSign('SHA256').update('test').sign(priv); -}, /digest too big for rsa key$/); +}, (err) => { + if ((err instanceof Error) && + /digest too big for rsa key$/.test(err) && + err.opensslErrorStack === undefined) { + return true; + } +}); assert.throws(function() { // The correct header inside `test_bad_rsa_privkey.pem` should have been @@ -183,14 +256,31 @@ assert.throws(function() { 'ascii'); // this would inject errors onto OpenSSL's error stack crypto.createSign('sha1').sign(sha1_privateKey); -}, /asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag/); +}, (err) => { + // Throws crypto error, so there is an opensslErrorStack property. + // The openSSL stack should have content. + if ((err instanceof Error) && + /asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag/.test(err) && + err.opensslErrorStack !== undefined && + Array.isArray(err.opensslErrorStack) && + err.opensslErrorStack.length > 0) { + return true; + } +}); // Make sure memory isn't released before being returned console.log(crypto.randomBytes(16)); assert.throws(function() { tls.createSecureContext({ crl: 'not a CRL' }); -}, /^Error: Failed to parse CRL$/); +}, (err) => { + // Throws general error, so there is no opensslErrorStack property. + if ((err instanceof Error) && + /^Error: Failed to parse CRL$/.test(err) && + err.opensslErrorStack === undefined) { + return true; + } +}); /** * Check if the stream function uses utf8 as a default encoding. |