Skip to content

Commit

Permalink
crypto: fix regression in RSA-PSS keygen
Browse files Browse the repository at this point in the history
Fixes: #39936
Refs: #35093

PR-URL: #39937
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
tniessen authored and targos committed Sep 6, 2021
1 parent fc01dd9 commit 5851994
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 2 deletions.
5 changes: 3 additions & 2 deletions src/crypto/crypto_rsa.h
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,11 @@ struct RsaKeyPairParams final : public MemoryRetainer {
unsigned int modulus_bits;
unsigned int exponent;

// The following used for RSA-PSS
// The following options are used for RSA-PSS. If any of them are set, a
// RSASSA-PSS-params sequence will be added to the key.
const EVP_MD* md = nullptr;
const EVP_MD* mgf1_md = nullptr;
int saltlen = 0;
int saltlen = -1;

SET_NO_MEMORY_INFO()
SET_MEMORY_INFO_NAME(RsaKeyPairParams)
Expand Down
23 changes: 23 additions & 0 deletions test/parallel/test-crypto-keygen.js
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,29 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
}));
}

{
// 'rsa-pss' should not add a RSASSA-PSS-params sequence by default.
// Regression test for: https://github.com/nodejs/node/issues/39936

generateKeyPair('rsa-pss', {
modulusLength: 512
}, common.mustSucceed((publicKey, privateKey) => {
const expectedKeyDetails = {
modulusLength: 512,
publicExponent: 65537n
};
assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails);
assert.deepStrictEqual(privateKey.asymmetricKeyDetails, expectedKeyDetails);

// To allow backporting the fix to versions that do not support
// asymmetricKeyDetails for RSA-PSS params, also verify that the exported
// AlgorithmIdentifier member of the SubjectPublicKeyInfo has the expected
// length of 11 bytes (as opposed to > 11 bytes if node added params).
const spki = publicKey.export({ format: 'der', type: 'spki' });
assert.strictEqual(spki[3], 11, spki.toString('hex'));
}));
}

{
const privateKeyEncoding = {
type: 'pkcs8',
Expand Down

0 comments on commit 5851994

Please sign in to comment.