Add some minor tweaks to the OpenSSL curves fix

pimterry · pimterry · commit 4d2b2960c7c6 · 2023-04-28T17:09:50.000+01:00
diff --git a/src/util/openssl-compat.ts b/src/util/openssl-compat.ts
@@ -1,26 +1,26 @@
-import { major } from 'semver'
+import * as semver from 'semver';
 
 export function areFFDHECurvesSupported(opensslVersion: string | undefined) {
-    // FFDHE curves (ffdhe2048, ffdhe3072) are only avaliable from 
+    // FFDHE curves (ffdhe2048, ffdhe3072) are only avaliable from
     // OpenSSL 3+
-    
+
     // Before 3.0.0, OpenSSL has followed non-semver version
     // format (see https://wiki.openssl.org/index.php/Versioning).
     // For example, there was a version `1.1.1t`. `semver` package, however
-    // can parse such versions with `loose: true` option 
+    // can parse such versions with `loose: true` option
 
     // If not version is available, assume that the curves are not supported
     if (!opensslVersion) {
-        return false
+        return false;
     }
 
     try {
-        const m = major(opensslVersion, true)
-        return m >= 3
+        const m = semver.major(opensslVersion, true);
+        return m >= 3;
     }
     catch {
         // For any weirdly formed version where even the major part cannot be found,
         // we assume that the curves are not supported for safety
-        return false
+        return false;
     }
 }
diff --git a/test/openssl-compat-utils.spec.ts b/test/openssl-compat-utils.spec.ts
diff --git a/test/openssl-compat.spec.ts b/test/openssl-compat.spec.ts
@@ -0,0 +1,24 @@
+import { expect } from 'chai';
+import { areFFDHECurvesSupported } from '../src/util/openssl-compat';
+
+describe('areFFDHECurvesSupported', () => {
+    it('True only for 3+ versions', () => {
+        expect(areFFDHECurvesSupported('1.0.0')).to.be.false;
+        expect(areFFDHECurvesSupported('3.0.0')).to.be.true;
+        expect(areFFDHECurvesSupported('4.2.1')).to.be.true;
+    });
+
+    it('Copes with older OpenSSL versions format', () => {
+        expect(areFFDHECurvesSupported('1.0.1a')).to.be.false;
+        expect(areFFDHECurvesSupported('1.1.1t')).to.be.false;
+    });
+
+    it('Assumes false for weird versions', () => {
+        // Just in case
+        expect(areFFDHECurvesSupported('-1.0.0')).to.be.false;
+    });
+
+    it('Assumes false when version is uknown', () => {
+        expect(areFFDHECurvesSupported(undefined)).to.be.false;
+    });
+});
