-
Notifications
You must be signed in to change notification settings - Fork 30.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix various crypto Diffie-Hellmann issues in pummel tests #28390
Conversation
Some parts of pummel/test-crypto-dh.js will be just fine in parallel/test-crypto-dh.js. Move them there.
Split test-crypto-dh into two tests so that it does not time out in CI. With a recent OpenSSL upgrade, getDiffieHellman() is much slower than before.
test-dh-regr is timing out in CI because crypto.createDiffieHellman() is considerably slower after an OpenSSL upgrade. This PR modifies the change from 11ad744 which made the test FIPS-compatible. When not in FIPS mode, the test will use a shorter key which will enable it to run much faster.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Since this fixes tests that are timing out in node-daily-master, I'd like to fast-track this. Please 👍 here to fast-track if you are a Collaborator and agree that this should be fast-tracked. @nodejs/testing @nodejs/crypto |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM (also to fast-track) but I have a question. When you say "crypto.createDiffieHellman() is considerably slower after an OpenSSL upgrade" do you mean the openssl 1.1.1c upgrade?
That openssl release changed the default DH key size from 1024 to 2048 bits but that shouldn't affect our tests as one always passes an explicit key size to crypto.createDiffieHellman()
.
(For reference, it's commit openssl/openssl@408cb4c.)
@bnoordhuis Yes, it was the update to 1.1.1c. |
@bnoordhuis I'm easily able to reproduce the difference. I've opened #28404. |
Some parts of pummel/test-crypto-dh.js will be just fine in parallel/test-crypto-dh.js. Move them there. PR-URL: nodejs#28390 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Split test-crypto-dh into two tests so that it does not time out in CI. With a recent OpenSSL upgrade, getDiffieHellman() is much slower than before. PR-URL: nodejs#28390 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
test-dh-regr is timing out in CI because crypto.createDiffieHellman() is considerably slower after an OpenSSL upgrade. This PR modifies the change from 11ad744 which made the test FIPS-compatible. When not in FIPS mode, the test will use a shorter key which will enable it to run much faster. PR-URL: nodejs#28390 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Some parts of pummel/test-crypto-dh.js will be just fine in parallel/test-crypto-dh.js. Move them there. PR-URL: #28390 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Split test-crypto-dh into two tests so that it does not time out in CI. With a recent OpenSSL upgrade, getDiffieHellman() is much slower than before. PR-URL: #28390 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
test-dh-regr is timing out in CI because crypto.createDiffieHellman() is considerably slower after an OpenSSL upgrade. This PR modifies the change from 11ad744 which made the test FIPS-compatible. When not in FIPS mode, the test will use a shorter key which will enable it to run much faster. PR-URL: #28390 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes