From cb531b061679a25d0645d658a746fa655db7296c Mon Sep 17 00:00:00 2001
From: Richard Lau <rlau@redhat.com>
Date: Thu, 1 May 2025 15:50:23 +0000
Subject: [PATCH] test: prepare test-crypto-rsa-dsa for newer OpenSSL
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Update `parallel/test-crypto-rsa-dsa` to prepare for updating
`deps/openssl` to later versions of OpenSSL which support implicit
rejections with `RSA_PKCS1_PADDING`.

PR-URL: https://github.com/nodejs/node/pull/58100
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
---
 test/parallel/test-crypto-rsa-dsa.js | 32 ++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
index dcd5045daa..119bc3c2d2 100644
--- a/test/parallel/test-crypto-rsa-dsa.js
+++ b/test/parallel/test-crypto-rsa-dsa.js
@@ -9,7 +9,7 @@ const crypto = require('crypto');
 const constants = crypto.constants;
 
 const fixtures = require('../common/fixtures');
-const { hasOpenSSL3 } = require('../common/crypto');
+const { hasOpenSSL, hasOpenSSL3 } = require('../common/crypto');
 
 // Test certificates
 const certPem = fixtures.readKey('rsa_cert.crt');
@@ -225,20 +225,38 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) {
 
   if (padding === constants.RSA_PKCS1_PADDING) {
     if (!process.config.variables.node_shared_openssl) {
-      assert.throws(() => {
-        crypto.privateDecrypt({
+      // TODO(richardlau) remove check and else branch after deps/openssl
+      // is upgraded.
+      if (hasOpenSSL(3, 2)) {
+        let decryptedBuffer = crypto.privateDecrypt({
           key: rsaKeyPem,
           padding: padding,
           oaepHash: decryptOaepHash
         }, encryptedBuffer);
-      }, { code: 'ERR_INVALID_ARG_VALUE' });
-      assert.throws(() => {
-        crypto.privateDecrypt({
+        assert.deepStrictEqual(decryptedBuffer, input);
+
+        decryptedBuffer = crypto.privateDecrypt({
           key: rsaPkcs8KeyPem,
           padding: padding,
           oaepHash: decryptOaepHash
         }, encryptedBuffer);
-      }, { code: 'ERR_INVALID_ARG_VALUE' });
+        assert.deepStrictEqual(decryptedBuffer, input);
+      } else {
+        assert.throws(() => {
+          crypto.privateDecrypt({
+            key: rsaKeyPem,
+            padding: padding,
+            oaepHash: decryptOaepHash
+          }, encryptedBuffer);
+        }, { code: 'ERR_INVALID_ARG_VALUE' });
+        assert.throws(() => {
+          crypto.privateDecrypt({
+            key: rsaPkcs8KeyPem,
+            padding: padding,
+            oaepHash: decryptOaepHash
+          }, encryptedBuffer);
+        }, { code: 'ERR_INVALID_ARG_VALUE' });
+      }
     } else {
       // The version of a linked against OpenSSL. May
       // or may not support implicit rejection. Figuring