electron/patches/node/fix_crypto_tests_to_run_with_bssl.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Rose <[email protected]>
Date: Tue, 9 Feb 2021 12:34:46 -0800
Subject: fix crypto tests to run with bssl

This fixes some crypto tests so that they pass when compiled with
BoringSSL.

This should be upstreamed in some form, though it may need to be tweaked
before it's acceptable to upstream, as this patch comments out a couple
of tests that upstream probably cares about.

diff --git a/test/common/index.js b/test/common/index.js
index d1eaf6e69f603b0a7037e44be6ef185283972090..e3f26d32dbad2e4ccb47dea028dbf1a855525cfb 100644
--- a/test/common/index.js
+++ b/test/common/index.js
@@ -65,6 +65,8 @@ const opensslVersionNumber = (major = 0, minor = 0, patch = 0) => {
   return (major << 28) | (minor << 20) | (patch << 4);
 };
 
+const openSSLIsBoringSSL = process.versions.openssl === '0.0.0';
+
 let OPENSSL_VERSION_NUMBER;
 const hasOpenSSL = (major = 0, minor = 0, patch = 0) => {
   if (!hasCrypto) return false;
@@ -1008,6 +1010,7 @@ const common = {
   mustNotMutateObjectDeep,
   mustSucceed,
   nodeProcessAborted,
+  openSSLIsBoringSSL,
   PIPE,
   parseTestFlags,
   platformTimeout,
diff --git a/test/parallel/test-buffer-tostring-range.js b/test/parallel/test-buffer-tostring-range.js
index d033cd204b3200cdd736b581abe027d6e46e4ff3..73fec107a36c3db4af6f492137d0ca174f2d0547 100644
--- a/test/parallel/test-buffer-tostring-range.js
+++ b/test/parallel/test-buffer-tostring-range.js
@@ -102,7 +102,8 @@ assert.throws(() => {
 // Must not throw when start and end are within kMaxLength
 // Cannot test on 32bit machine as we are testing the case
 // when start and end are above the threshold
-common.skipIf32Bits();
+if (!common.openSSLIsBoringSSL) {
 const threshold = 0xFFFFFFFF;
 const largeBuffer = Buffer.alloc(threshold + 20);
 largeBuffer.toString('utf8', threshold, threshold + 20);
+}
diff --git a/test/parallel/test-crypto-async-sign-verify.js b/test/parallel/test-crypto-async-sign-verify.js
index 4e3c32fdcd23fbe3e74bd5e624b739d224689f33..29149838ca76986928c7649a5f60a0f5e22a0705 100644
--- a/test/parallel/test-crypto-async-sign-verify.js
+++ b/test/parallel/test-crypto-async-sign-verify.js
@@ -88,6 +88,7 @@ test('rsa_public.pem', 'rsa_private.pem', 'sha256', false,
 // ED25519
 test('ed25519_public.pem', 'ed25519_private.pem', undefined, true);
 // ED448
+if (!common.openSSLIsBoringSSL) {
 test('ed448_public.pem', 'ed448_private.pem', undefined, true);
 
 // ECDSA w/ der signature encoding
@@ -109,6 +110,7 @@ test('dsa_public.pem', 'dsa_private.pem', 'sha256',
 // DSA w/ ieee-p1363 signature encoding
 test('dsa_public.pem', 'dsa_private.pem', 'sha256', false,
      { dsaEncoding: 'ieee-p1363' });
+}
 
 // Test Parallel Execution w/ KeyObject is threadsafe in openssl3
 {
diff --git a/test/parallel/test-crypto-certificate.js b/test/parallel/test-crypto-certificate.js
index 4a5f1f149fe6c739f7f1d2ee17df6e61a942d621..b3287f428ce6b3fde11d449c601a57ff5e3843f9 100644
--- a/test/parallel/test-crypto-certificate.js
+++ b/test/parallel/test-crypto-certificate.js
@@ -40,8 +40,10 @@ function copyArrayBuffer(buf) {
 }
 
 function checkMethods(certificate) {
-
+  /* spkacValid has a md5 based signature which is not allowed in boringssl
+  https://boringssl.googlesource.com/boringssl/+/33d7e32ce40c04e8f1b99c05964956fda187819f
   assert.strictEqual(certificate.verifySpkac(spkacValid), true);
+  */
   assert.strictEqual(certificate.verifySpkac(spkacFail), false);
 
   assert.strictEqual(
@@ -56,10 +58,12 @@ function checkMethods(certificate) {
   );
   assert.strictEqual(certificate.exportChallenge(spkacFail), '');
 
+  /* spkacValid has a md5 based signature which is not allowed in boringssl
   const ab = copyArrayBuffer(spkacValid);
   assert.strictEqual(certificate.verifySpkac(ab), true);
   assert.strictEqual(certificate.verifySpkac(new Uint8Array(ab)), true);
   assert.strictEqual(certificate.verifySpkac(new DataView(ab)), true);
+  */
 }
 
 {
diff --git a/test/parallel/test-crypto-cipheriv-decipheriv.js b/test/parallel/test-crypto-cipheriv-decipheriv.js
index 3e3632203af72c54f2795d8de0cf345862a043bb..a066bbb803d41d9d1f26a02e41115b71233988d6 100644
--- a/test/parallel/test-crypto-cipheriv-decipheriv.js
+++ b/test/parallel/test-crypto-cipheriv-decipheriv.js
@@ -60,6 +60,10 @@ function testCipher2(key, iv) {
 
 
 function testCipher3(key, iv) {
+  if (!crypto.getCiphers().includes('id-aes128-wrap')) {
+    common.printSkipMessage(`unsupported id-aes128-wrap test`);
+    return;
+  }
   // Test encryption and decryption with explicit key and iv.
   // AES Key Wrap test vector comes from RFC3394
   const plaintext = Buffer.from('00112233445566778899AABBCCDDEEFF', 'hex');
diff --git a/test/parallel/test-crypto-dh-curves.js b/test/parallel/test-crypto-dh-curves.js
index 81a469c226c261564dee1e0b06b6571b18a41f1f..58b66045dba4201b7ebedd78b129420ffc316051 100644
--- a/test/parallel/test-crypto-dh-curves.js
+++ b/test/parallel/test-crypto-dh-curves.js
@@ -16,7 +16,7 @@ const p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' +
 crypto.createDiffieHellman(p, 'hex');
 
 // Confirm DH_check() results are exposed for optional examination.
-const bad_dh = crypto.createDiffieHellman('02', 'hex');
+const bad_dh = crypto.createDiffieHellman('abcd', 'hex', 0);
 assert.notStrictEqual(bad_dh.verifyError, 0);
 
 const availableCurves = new Set(crypto.getCurves());
diff --git a/test/parallel/test-crypto-dh-errors.js b/test/parallel/test-crypto-dh-errors.js
index 476ca64b4425b5b8b0fa2dc8352ee6f03d563813..2250a8f24a875d6af198426891870b450078ee5f 100644
--- a/test/parallel/test-crypto-dh-errors.js
+++ b/test/parallel/test-crypto-dh-errors.js
@@ -32,9 +32,9 @@ for (const bits of [-1, 0, 1]) {
     });
   } else {
     assert.throws(() => crypto.createDiffieHellman(bits), {
-      code: 'ERR_OSSL_BN_BITS_TOO_SMALL',
+      code: /ERR_OSSL_BN_BITS_TOO_SMALL|ERR_OSSL_DH_MODULUS_TOO_LARGE/,
       name: 'Error',
-      message: /bits too small/,
+      message: /bits too small|BITS_TOO_SMALL|MODULUS_TOO_LARGE/,
     });
   }
 }
diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
index 9ebe14011eed223994e0901bc22dcc582b4b0739..e78f90eb76380916ce7098fb517c83a954edb053 100644
--- a/test/parallel/test-crypto-dh.js
+++ b/test/parallel/test-crypto-dh.js
@@ -55,18 +55,17 @@ const crypto = require('crypto');
   let wrongBlockLength;
   if (common.hasOpenSSL3) {
     wrongBlockLength = {
-      message: 'error:1C80006B:Provider routines::wrong final block length',
-      code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
-      library: 'Provider routines',
-      reason: 'wrong final block length'
+      message: /error:1C80006B:Provider routines::wrong final block length|error:1e00007b:Cipher functions:OPENSSL_internal:WRONG_FINAL_BLOCK_LENGTH/,
+      code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
+      library: /digital envelope routines|Cipher functions/,
+      reason: /wrong final block length|WRONG_FINAL_BLOCK_LENGTH/
     };
   } else {
     wrongBlockLength = {
-      message: 'error:0606506D:digital envelope' +
-        ' routines:EVP_DecryptFinal_ex:wrong final block length',
-      code: 'ERR_OSSL_EVP_WRONG_FINAL_BLOCK_LENGTH',
-      library: 'digital envelope routines',
-      reason: 'wrong final block length'
+      message: /error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length|error:1e00007b:Cipher functions:OPENSSL_internal:WRONG_FINAL_BLOCK_LENGTH/,
+      code: /ERR_OSSL_(EVP_)?WRONG_FINAL_BLOCK_LENGTH/,
+      library: /digital envelope routines|Cipher functions/,
+      reason: /wrong final block length|WRONG_FINAL_BLOCK_LENGTH/
     };
   }
 
@@ -93,17 +92,23 @@ const crypto = require('crypto');
       dh3.computeSecret('');
     }, { message: common.hasOpenSSL3 && !hasOpenSSL3WithNewErrorMessage ?
       'Unspecified validation error' :
-      'Supplied key is too small' });
+      'Supplied key is invalid' });
   }
 }
 
 // Through a fluke of history, g=0 defaults to DH_GENERATOR (2).
 {
   const g = 0;
-  crypto.createDiffieHellman('abcdef', g);
+  assert.throws(() => crypto.createDiffieHellman('abcdef', g), {
+    code: /ERR_CRYPTO_OPERATION_FAILED/,
+    name: 'Error'
+  });
   crypto.createDiffieHellman('abcdef', 'hex', g);
 }
 
 {
-  crypto.createDiffieHellman('abcdef', Buffer.from([2]));  // OK
+  assert.throws(() => crypto.createDiffieHellman('abcdef', Buffer.from([2])), {
+    code: /ERR_CRYPTO_OPERATION_FAILED/,
+    name: 'Error'
+  });
 }
diff --git a/test/parallel/test-crypto-getcipherinfo.js b/test/parallel/test-crypto-getcipherinfo.js
index 64b79fc36ccf4d38f763fcd8c1930473c82cefd7..1c6717ebd46497384b9b13174b65894ca89e7f2d 100644
--- a/test/parallel/test-crypto-getcipherinfo.js
+++ b/test/parallel/test-crypto-getcipherinfo.js
@@ -62,9 +62,13 @@ assert(getCipherInfo('aes-128-cbc', { ivLength: 16 }));
 
 assert(!getCipherInfo('aes-128-ccm', { ivLength: 1 }));
 assert(!getCipherInfo('aes-128-ccm', { ivLength: 14 }));
+if (!common.openSSLIsBoringSSL) {
 for (let n = 7; n <= 13; n++)
   assert(getCipherInfo('aes-128-ccm', { ivLength: n }));
+}
 
 assert(!getCipherInfo('aes-128-ocb', { ivLength: 16 }));
+if (!common.openSSLIsBoringSSL) {
 for (let n = 1; n < 16; n++)
   assert(getCipherInfo('aes-128-ocb', { ivLength: n }));
+}
\ No newline at end of file
diff --git a/test/parallel/test-crypto-hash-stream-pipe.js b/test/parallel/test-crypto-hash-stream-pipe.js
index d22281abbd5c3cab3aaa3ac494301fa6b4a8a968..5f0c6a4aed2e868a1a1049212edf218791cd6868 100644
--- a/test/parallel/test-crypto-hash-stream-pipe.js
+++ b/test/parallel/test-crypto-hash-stream-pipe.js
@@ -30,11 +30,11 @@ const crypto = require('crypto');
 
 const stream = require('stream');
 const s = new stream.PassThrough();
-const h = crypto.createHash('sha3-512');
-const expect = '36a38a2a35e698974d4e5791a3f05b05' +
-               '198235381e864f91a0e8cd6a26b677ec' +
-               'dcde8e2b069bd7355fabd68abd6fc801' +
-               '19659f25e92f8efc961ee3a7c815c758';
+const h = crypto.createHash('sha512');
+const expect = 'fba055c6fd0c5b6645407749ed7a8b41' +
+               'b8f629f2163c3ca3701d864adabda1f8' +
+               '93c37bf82b22fdd151ba8e357f611da4' +
+               '88a74b6a5525dd9b69554c6ce5138ad7';
 
 s.pipe(h).on('data', common.mustCall(function(c) {
   assert.strictEqual(c, expect);
diff --git a/test/parallel/test-crypto-hash.js b/test/parallel/test-crypto-hash.js
index 83218c105a4596e0ae0381136f176bb8d759899e..afb3c8c592d2a8e2a053fd44f455af06c592a85e 100644
--- a/test/parallel/test-crypto-hash.js
+++ b/test/parallel/test-crypto-hash.js
@@ -182,6 +182,7 @@ assert.throws(
 
 // Test XOF hash functions and the outputLength option.
 {
+  /*
   // Default outputLengths.
   assert.strictEqual(crypto.createHash('shake128').digest('hex'),
                      '7f9c2ba4e88f827d616045507605853e');
@@ -236,6 +237,7 @@ assert.throws(
   assert.strictEqual(superLongHash.length, 2 * 1024 * 1024);
   assert.ok(superLongHash.endsWith('193414035ddba77bf7bba97981e656ec'));
   assert.ok(superLongHash.startsWith('a2a28dbc49cfd6e5d6ceea3d03e77748'));
+  */
 
   // Non-XOF hash functions should accept valid outputLength options as well.
   assert.strictEqual(crypto.createHash('sha224', { outputLength: 28 })
diff --git a/test/parallel/test-crypto-hkdf.js b/test/parallel/test-crypto-hkdf.js
index ff3abdf291efcd076b36e755de4147b0aad0b345..d29854cf0c0ce89f84c912def672e7c4e11427a3 100644
--- a/test/parallel/test-crypto-hkdf.js
+++ b/test/parallel/test-crypto-hkdf.js
@@ -124,8 +124,6 @@ const algorithms = [
   ['sha256', '', 'salt', '', 10],
   ['sha512', 'secret', 'salt', '', 15],
 ];
-if (!common.hasOpenSSL3)
-  algorithms.push(['whirlpool', 'secret', '', 'info', 20]);
 
 algorithms.forEach(([ hash, secret, salt, info, length ]) => {
   {
diff --git a/test/parallel/test-crypto-padding.js b/test/parallel/test-crypto-padding.js
index f1f14b472997e76bb4100edb1c6cf4fc24d1074d..5057e3f9bc5bb78aceffa5e79530f8ceed84e6f7 100644
--- a/test/parallel/test-crypto-padding.js
+++ b/test/parallel/test-crypto-padding.js
@@ -87,10 +87,9 @@ assert.throws(function() {
   code: 'ERR_OSSL_WRONG_FINAL_BLOCK_LENGTH',
   reason: 'wrong final block length',
 } : {
-  message: 'error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:' +
-    'data not multiple of block length',
-  code: 'ERR_OSSL_EVP_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH',
-  reason: 'data not multiple of block length',
+  message: /error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:data not multiple of block length|error:1e00006a:Cipher functions:OPENSSL_internal:DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
+  code: /ERR_OSSL(_EVP)?_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
+  reason: /data not multiple of block length|DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH/,
 }
 );
 
@@ -114,10 +113,9 @@ assert.throws(function() {
   reason: 'bad decrypt',
   code: 'ERR_OSSL_BAD_DECRYPT',
 } : {
-  message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
-    'bad decrypt',
-  reason: 'bad decrypt',
-  code: 'ERR_OSSL_EVP_BAD_DECRYPT',
+  message: /error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt|error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT/,
+  reason: /bad decrypt|BAD_DECRYPT/,
+  code: /ERR_OSSL(_EVP)?_BAD_DECRYPT/,
 });
 
 // No-pad encrypted string should return the same:
diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js
index 5f4fafdfffbf726b7cb39c472baa3df25c9794cf..d52376da2cddd90adcdf8a9b7dcd03e348d9f2b4 100644
--- a/test/parallel/test-crypto-rsa-dsa.js
+++ b/test/parallel/test-crypto-rsa-dsa.js
@@ -28,12 +28,11 @@ const dsaPkcs8KeyPem = fixtures.readKey('dsa_private_pkcs8.pem');
 const ec = new TextEncoder();
 
 const openssl1DecryptError = {
-  message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' +
-    'bad decrypt',
-  code: 'ERR_OSSL_EVP_BAD_DECRYPT',
-  reason: 'bad decrypt',
-  function: 'EVP_DecryptFinal_ex',
-  library: 'digital envelope routines',
+  message: /error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt|error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT/,
+  code: /ERR_OSSL(_EVP)?_BAD_DECRYPT/,
+  reason: /bad decrypt|BAD_DECRYPT/,
+  function: /EVP_DecryptFinal_ex|OPENSSL_internal/,
+  library: /digital envelope routines|Cipher functions/,
 };
 
 const decryptError = common.hasOpenSSL3 ?
@@ -222,7 +221,8 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) {
   }, bufferToEncrypt);
 
 
-  if (padding === constants.RSA_PKCS1_PADDING) {
+  // BoringSSL does not support RSA_PKCS1_PADDING.
+  if (false) {
     if (!process.config.variables.node_shared_openssl) {
       assert.throws(() => {
         crypto.privateDecrypt({
@@ -466,10 +466,10 @@ assert.throws(() => {
   assert.strictEqual(verify2.verify(publicKey, signature, 'hex'), true);
 }
 
-
 //
 // Test DSA signing and verification
 //
+if (!common.openSSLIsBoringSSL) {
 {
   const input = 'I AM THE WALRUS';
 
@@ -541,3 +541,4 @@ const input = 'I AM THE WALRUS';
 
   assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true);
 }
+}
diff --git a/test/parallel/test-crypto-scrypt.js b/test/parallel/test-crypto-scrypt.js
index 338a19b0e88ad6f08d2f6b6a5d38b9980996ce11..a4ee215575d072450ba66c558ddca88bfb23d85f 100644
--- a/test/parallel/test-crypto-scrypt.js
+++ b/test/parallel/test-crypto-scrypt.js
@@ -178,7 +178,7 @@ for (const options of bad) {
 
 for (const options of toobig) {
   const expected = {
-    message: /Invalid scrypt params:.*memory limit exceeded/,
+    message: /Invalid scrypt params/,
     code: 'ERR_CRYPTO_INVALID_SCRYPT_PARAMS',
   };
   assert.throws(() => crypto.scrypt('pass', 'salt', 1, options, () => {}),
diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
index 8a263ec3350f5540591ac02e70fa2f552b9ac477..dcc4c2ec816d28f1b27df1c358cfce66f1a3a03b 100644
--- a/test/parallel/test-crypto-sign-verify.js
+++ b/test/parallel/test-crypto-sign-verify.js
@@ -29,7 +29,7 @@ const keySize = 2048;
 }
 
 // Test handling of exceptional conditions
-{
+if (!common.openSSLIsBoringSSL) {
   const library = {
     configurable: true,
     set() {
@@ -341,15 +341,17 @@ assert.throws(
         padding: crypto.constants.RSA_PKCS1_OAEP_PADDING
       });
   }, common.hasOpenSSL3 ? {
-    code: 'ERR_OSSL_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
-    message: /illegal or unsupported padding mode/,
+    code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
+    message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
   } : {
-    code: 'ERR_OSSL_RSA_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE',
-    message: /illegal or unsupported padding mode/,
+    code: /^ERR_OSSL_(RSA|EVP)_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE$/,
+    message: /illegal or unsupported padding mode|ILLEGAL_OR_UNSUPPORTED_PADDING_MODE/,
+    /*
     opensslErrorStack: [
       'error:06089093:digital envelope routines:EVP_PKEY_CTX_ctrl:' +
       'command not supported',
     ],
+    */
   });
 }
 
@@ -419,10 +421,12 @@ assert.throws(
     public: fixtures.readKey('ed25519_public.pem', 'ascii'),
     algo: null,
     sigLen: 64 },
+  /*
   { private: fixtures.readKey('ed448_private.pem', 'ascii'),
     public: fixtures.readKey('ed448_public.pem', 'ascii'),
     algo: null,
     sigLen: 114 },
+    */
   { private: fixtures.readKey('rsa_private_2048.pem', 'ascii'),
     public: fixtures.readKey('rsa_public_2048.pem', 'ascii'),
     algo: 'sha1',
@@ -493,7 +497,7 @@ assert.throws(
 
 {
   const data = Buffer.from('Hello world');
-  const keys = [['ec-key.pem', 64], ['dsa_private_1025.pem', 40]];
+  const keys = [['ec-key.pem', 64]/*, ['dsa_private_1025.pem', 40]*/];
 
   for (const [file, length] of keys) {
     const privKey = fixtures.readKey(file);
diff --git a/test/parallel/test-crypto-stream.js b/test/parallel/test-crypto-stream.js
index 008ab129f0e019c659eecf5a76b7eb412c947fe3..6688f5d916f50e1e4fcfff1619c8634a3233f820 100644
--- a/test/parallel/test-crypto-stream.js
+++ b/test/parallel/test-crypto-stream.js
@@ -76,10 +76,10 @@ cipher.pipe(decipher)
     library: 'Provider routines',
     reason: 'bad decrypt',
   } : {
-    message: /bad decrypt/,
-    function: 'EVP_DecryptFinal_ex',
-    library: 'digital envelope routines',
-    reason: 'bad decrypt',
+    message: /bad decrypt|BAD_DECRYPT/,
+    function: /EVP_DecryptFinal_ex|OPENSSL_internal/,
+    library: /digital envelope routines|Cipher functions/,
+    reason: /bad decrypt|BAD_DECRYPT/,
   }));
 
 cipher.end('Papaya!');  // Should not cause an unhandled exception.
diff --git a/test/parallel/test-crypto-x509.js b/test/parallel/test-crypto-x509.js
index bd906c25b9ee194ff34fe5fb8ecb68d7a672138c..5b631a32d07bd916ff7cd847e52b26f694bd00c6 100644
--- a/test/parallel/test-crypto-x509.js
+++ b/test/parallel/test-crypto-x509.js
@@ -96,8 +96,10 @@ const der = Buffer.from(
   assert.strictEqual(x509.infoAccess, infoAccessCheck);
   assert.strictEqual(x509.validFrom, 'Sep  3 21:40:37 2022 GMT');
   assert.strictEqual(x509.validTo, 'Jun 17 21:40:37 2296 GMT');
+  if (!common.openSSLIsBoringSSL) {
   assert.deepStrictEqual(x509.validFromDate, new Date('2022-09-03T21:40:37Z'));
   assert.deepStrictEqual(x509.validToDate, new Date('2296-06-17T21:40:37Z'));
+  }
   assert.strictEqual(
     x509.fingerprint,
     '8B:89:16:C4:99:87:D2:13:1A:64:94:36:38:A5:32:01:F0:95:3B:53');
@@ -325,6 +327,7 @@ oans248kpal88CGqsN2so/wZKxVnpiXlPHMdiNL7hRSUqlHkUi07FrP2Htg8kjI=
     legacyObjectCheck.serialNumberPattern);
 }
 
+if (!common.openSSLIsBoringSSL) {
 {
   // This X.509 Certificate can be parsed by OpenSSL because it contains a
   // structurally sound TBSCertificate structure. However, the SPKI field of the
@@ -363,6 +366,7 @@ UcXd/5qu2GhokrKU2cPttU+XAN2Om6a0
 
   assert.strictEqual(cert.checkIssued(cert), false);
 }
+}
 
 {
   // Test date parsing of `validFromDate` and `validToDate` fields, according to RFC 5280.
@@ -400,8 +404,10 @@ UidvpWWipVLZgK+oDks+bKTobcoXGW9oXobiIYqslXPy
 -----END CERTIFICATE-----`.trim();
   const c1 = new X509Certificate(certPemUTCTime);
 
+  if (!common.openSSLIsBoringSSL) {
   assert.deepStrictEqual(c1.validFromDate, new Date('1949-12-25T23:59:58Z'));
   assert.deepStrictEqual(c1.validToDate, new Date('1950-01-01T23:59:58Z'));
+  }
 
   // The GeneralizedTime format is used for dates in 2050 or later.
   const certPemGeneralizedTime = `-----BEGIN CERTIFICATE-----
@@ -435,6 +441,8 @@ CWwQO8JZjJqFtqtuzy2n+gLCvqePgG/gmSqHOPm2ZbLW
 -----END CERTIFICATE-----`.trim();
   const c2 = new X509Certificate(certPemGeneralizedTime);
 
+  if (!common.openSSLIsBoringSSL) {
   assert.deepStrictEqual(c2.validFromDate, new Date('2049-12-26T00:00:01Z'));
   assert.deepStrictEqual(c2.validToDate, new Date('2050-01-02T00:00:01Z'));
+  }
 }
diff --git a/test/parallel/test-crypto.js b/test/parallel/test-crypto.js
index 4271121881379b6c6892e89e520345f77e4181df..7a17285deee18ffbccf1d01d9d1b7b87e561bffa 100644
--- a/test/parallel/test-crypto.js
+++ b/test/parallel/test-crypto.js
@@ -61,7 +61,7 @@ assert.throws(() => {
   // Throws general Error, so there is no opensslErrorStack property.
   return err instanceof Error &&
          err.name === 'Error' &&
-         /^Error: mac verify failure$/.test(err) &&
+         (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
          !('opensslErrorStack' in err);
 });
 
@@ -71,7 +71,7 @@ assert.throws(() => {
   // Throws general Error, so there is no opensslErrorStack property.
   return err instanceof Error &&
          err.name === 'Error' &&
-         /^Error: mac verify failure$/.test(err) &&
+         (/^Error: (mac verify failure|INCORRECT_PASSWORD)$/.test(err)) &&
          !('opensslErrorStack' in err);
 });
 
@@ -81,7 +81,7 @@ assert.throws(() => {
   // Throws general Error, so there is no opensslErrorStack property.
   return err instanceof Error &&
          err.name === 'Error' &&
-         /^Error: not enough data$/.test(err) &&
+         /^Error: (not enough data|BAD_PKCS12_DATA)$/.test(err) &&
          !('opensslErrorStack' in err);
 });
 
@@ -144,8 +144,6 @@ assert(crypto.getHashes().includes('sha1'));
 assert(crypto.getHashes().includes('sha256'));
 assert(!crypto.getHashes().includes('SHA1'));
 assert(!crypto.getHashes().includes('SHA256'));
-assert(crypto.getHashes().includes('RSA-SHA1'));
-assert(!crypto.getHashes().includes('rsa-sha1'));
 validateList(crypto.getHashes());
 // Make sure all of the hashes are supported by OpenSSL
 for (const algo of crypto.getHashes())
@@ -196,6 +194,7 @@ assert.throws(
   }
 );
 
+if (!common.openSSLIsBoringSSL) {
 assert.throws(() => {
   const priv = [
     '-----BEGIN RSA PRIVATE KEY-----',
@@ -216,10 +215,10 @@ assert.throws(() => {
     library: 'rsa routines',
   } : {
     name: 'Error',
-    message: /routines:RSA_sign:digest too big for rsa key$/,
-    library: 'rsa routines',
-    function: 'RSA_sign',
-    reason: 'digest too big for rsa key',
+    message: /routines:RSA_sign:digest too big for rsa key$|routines:OPENSSL_internal:DIGEST_TOO_BIG_FOR_RSA_KEY$/,
+    library: /rsa routines|RSA routines/,
+    function: /RSA_sign|OPENSSL_internal/,
+    reason: /digest too big for rsa key|DIGEST_TOO_BIG_FOR_RSA_KEY/,
     code: 'ERR_OSSL_RSA_DIGEST_TOO_BIG_FOR_RSA_KEY'
   });
   return true;
@@ -252,7 +251,7 @@ if (!common.hasOpenSSL3) {
     return true;
   });
 }
-
+}
 // Make sure memory isn't released before being returned
 console.log(crypto.randomBytes(16));
 
diff --git a/test/parallel/test-https-agent-additional-options.js b/test/parallel/test-https-agent-additional-options.js
index 543ee176fb6af38874fee9f14be76f3fdda11060..fef9f1bc2f9fc6c220cf47847e86e03882b51b1d 100644
--- a/test/parallel/test-https-agent-additional-options.js
+++ b/test/parallel/test-https-agent-additional-options.js
@@ -13,7 +13,7 @@ const options = {
   cert: fixtures.readKey('agent1-cert.pem'),
   ca: fixtures.readKey('ca1-cert.pem'),
   minVersion: 'TLSv1.1',
-  ciphers: 'ALL@SECLEVEL=0'
+  // ciphers: 'ALL@SECLEVEL=0'
 };
 
 const server = https.Server(options, (req, res) => {
@@ -28,7 +28,7 @@ function getBaseOptions(port) {
     ca: options.ca,
     rejectUnauthorized: true,
     servername: 'agent1',
-    ciphers: 'ALL@SECLEVEL=0'
+    // ciphers: 'ALL@SECLEVEL=0'
   };
 }
 
diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js
index e0986e53c1103b63cf15002a7fa4ce8bc4844d90..33c8a2aa72c56dd4a98558aab2102f03fae2b3cf 100644
--- a/test/parallel/test-https-agent-session-eviction.js
+++ b/test/parallel/test-https-agent-session-eviction.js
@@ -14,7 +14,7 @@ const options = {
   key: readKey('agent1-key.pem'),
   cert: readKey('agent1-cert.pem'),
   secureOptions: SSL_OP_NO_TICKET,
-  ciphers: 'RSA@SECLEVEL=0'
+  // ciphers: 'RSA@SECLEVEL=0'
 };
 
 // Create TLS1.2 server
diff --git a/test/parallel/test-tls-getprotocol.js b/test/parallel/test-tls-getprotocol.js
index a9c8775e2f112f2b5e1f4e80f22264f219bf6a9d..4550d28125379e6043962826b8e97b692d63804b 100644
--- a/test/parallel/test-tls-getprotocol.js
+++ b/test/parallel/test-tls-getprotocol.js
@@ -27,7 +27,7 @@ const clientConfigs = [
 
 const serverConfig = {
   secureProtocol: 'TLS_method',
-  ciphers: 'RSA@SECLEVEL=0',
+  // ciphers: 'RSA@SECLEVEL=0',
   key: fixtures.readKey('agent2-key.pem'),
   cert: fixtures.readKey('agent2-cert.pem')
 };
diff --git a/test/parallel/test-tls-write-error.js b/test/parallel/test-tls-write-error.js
index b06f2fa2c53ea72f9a66f0d002dd9281d0259a0f..864fffeebfad75d95416fd47efdea7f222c507a2 100644
--- a/test/parallel/test-tls-write-error.js
+++ b/test/parallel/test-tls-write-error.js
@@ -17,7 +17,7 @@ const server_cert = fixtures.readKey('agent1-cert.pem');
 const opts = {
   key: server_key,
   cert: server_cert,
-  ciphers: 'ALL@SECLEVEL=0'
+  // ciphers: 'ALL@SECLEVEL=0'
 };
 
 const server = https.createServer(opts, (req, res) => {
diff --git a/test/parallel/test-webcrypto-derivebits.js b/test/parallel/test-webcrypto-derivebits.js
index eb09bc24f0cb8244b05987e3a7c1d203360d3a38..8c251ff2371fb59bf679160574e1c5dc1b4b2665 100644
--- a/test/parallel/test-webcrypto-derivebits.js
+++ b/test/parallel/test-webcrypto-derivebits.js
@@ -101,8 +101,9 @@ const { subtle } = globalThis.crypto;
   tests.then(common.mustCall());
 }
 
+
 // Test X25519 and X448 bit derivation
-{
+if (!common.openSSLIsBoringSSL) {
   async function test(name) {
     const [alice, bob] = await Promise.all([
       subtle.generateKey({ name }, true, ['deriveBits']),
diff --git a/test/parallel/test-webcrypto-derivekey.js b/test/parallel/test-webcrypto-derivekey.js
index 558d37d90d5796b30101d1b512c9df3e7661d0db..f42bf8f4be0b439dd7e7c8d0f6f8a41e01588870 100644
--- a/test/parallel/test-webcrypto-derivekey.js
+++ b/test/parallel/test-webcrypto-derivekey.js
@@ -176,7 +176,7 @@ const { KeyObject } = require('crypto');
 }
 
 // Test X25519 and X448 key derivation
-{
+if (!common.openSSLIsBoringSSL) {
   async function test(name) {
     const [alice, bob] = await Promise.all([
       subtle.generateKey({ name }, true, ['deriveKey']),
diff --git a/test/parallel/test-webcrypto-sign-verify.js b/test/parallel/test-webcrypto-sign-verify.js
index de736102bdcb71a5560c95f7041537f25026aed4..12d7fa39446c196bdf1479dbe74c9ee8ab02f949 100644
--- a/test/parallel/test-webcrypto-sign-verify.js
+++ b/test/parallel/test-webcrypto-sign-verify.js
@@ -105,8 +105,9 @@ const { subtle } = globalThis.crypto;
   test('hello world').then(common.mustCall());
 }
 
+
 // Test Sign/Verify Ed25519
-{
+if (!common.openSSLIsBoringSSL) {
   async function test(data) {
     const ec = new TextEncoder();
     const { publicKey, privateKey } = await subtle.generateKey({
@@ -126,7 +127,7 @@ const { subtle } = globalThis.crypto;
 }
 
 // Test Sign/Verify Ed448
-{
+if (!common.openSSLIsBoringSSL) {
   async function test(data) {
     const ec = new TextEncoder();
     const { publicKey, privateKey } = await subtle.generateKey({
diff --git a/test/parallel/test-webcrypto-wrap-unwrap.js b/test/parallel/test-webcrypto-wrap-unwrap.js
index d1ca571af4be713082d32093bfb8a65f2aef9800..57b8df2ce18df58ff54b2d828af67e3c2e082fe0 100644
--- a/test/parallel/test-webcrypto-wrap-unwrap.js
+++ b/test/parallel/test-webcrypto-wrap-unwrap.js
@@ -18,14 +18,15 @@ const kWrappingData = {
     wrap: { label: new Uint8Array(8) },
     pair: true
   },
-  'AES-CTR': {
+  'AES-CBC': {
     generate: { length: 128 },
-    wrap: { counter: new Uint8Array(16), length: 64 },
+    wrap: { iv: new Uint8Array(16) },
     pair: false
   },
-  'AES-CBC': {
+  /*
+  'AES-CTR': {
     generate: { length: 128 },
-    wrap: { iv: new Uint8Array(16) },
+    wrap: { counter: new Uint8Array(16), length: 64 },
     pair: false
   },
   'AES-GCM': {
@@ -42,6 +43,7 @@ const kWrappingData = {
     wrap: { },
     pair: false
   }
+  */
 };
 
 function generateWrappingKeys() {
diff --git a/test/parallel/test-x509-escaping.js b/test/parallel/test-x509-escaping.js
index e6ae4d886908cbc0e56787009db855dad8b12ba7..a17147daa0576ec49e560c05448f1ed0ae8d5640 100644
--- a/test/parallel/test-x509-escaping.js
+++ b/test/parallel/test-x509-escaping.js
@@ -447,7 +447,7 @@ const { hasOpenSSL3 } = common;
   assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
                      undefined);
   assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
-                     servername);
+                     undefined);
   assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
                      undefined);
 
@@ -482,11 +482,11 @@ const { hasOpenSSL3 } = common;
   assert.strictEqual(certX509.subjectAltName, 'IP Address:1.2.3.4');
 
   // The newer X509Certificate API allows customizing this behavior:
-  assert.strictEqual(certX509.checkHost(servername), servername);
+  assert.strictEqual(certX509.checkHost(servername), undefined);
   assert.strictEqual(certX509.checkHost(servername, { subject: 'default' }),
-                     servername);
+                     undefined);
   assert.strictEqual(certX509.checkHost(servername, { subject: 'always' }),
-                     servername);
+                     undefined);
   assert.strictEqual(certX509.checkHost(servername, { subject: 'never' }),
                      undefined);