From 73d5f8a843c89707313eb2cf2b99af59096b738a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Sun, 29 Aug 2021 21:26:01 +0000 Subject: [PATCH] crypto: fix regression in RSA-PSS keygen Fixes: https://github.com/nodejs/node/issues/39936 Refs: https://github.com/nodejs/node/pull/35093 PR-URL: https://github.com/nodejs/node/pull/39937 Reviewed-By: Colin Ihrig Reviewed-By: Filip Skokan Reviewed-By: James M Snell --- src/crypto/crypto_rsa.h | 5 +++-- test/parallel/test-crypto-keygen.js | 23 +++++++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/src/crypto/crypto_rsa.h b/src/crypto/crypto_rsa.h index eea53815f04e22..978f2f3455d2d4 100644 --- a/src/crypto/crypto_rsa.h +++ b/src/crypto/crypto_rsa.h @@ -25,10 +25,11 @@ struct RsaKeyPairParams final : public MemoryRetainer { unsigned int modulus_bits; unsigned int exponent; - // The following used for RSA-PSS + // The following options are used for RSA-PSS. If any of them are set, a + // RSASSA-PSS-params sequence will be added to the key. const EVP_MD* md = nullptr; const EVP_MD* mgf1_md = nullptr; - int saltlen = 0; + int saltlen = -1; SET_NO_MEMORY_INFO() SET_MEMORY_INFO_NAME(RsaKeyPairParams) diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js index fc778614cc68ed..09d43317426e71 100644 --- a/test/parallel/test-crypto-keygen.js +++ b/test/parallel/test-crypto-keygen.js @@ -346,6 +346,29 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher); })); } +{ + // 'rsa-pss' should not add a RSASSA-PSS-params sequence by default. + // Regression test for: https://github.com/nodejs/node/issues/39936 + + generateKeyPair('rsa-pss', { + modulusLength: 512 + }, common.mustSucceed((publicKey, privateKey) => { + const expectedKeyDetails = { + modulusLength: 512, + publicExponent: 65537n + }; + assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails); + assert.deepStrictEqual(privateKey.asymmetricKeyDetails, expectedKeyDetails); + + // To allow backporting the fix to versions that do not support + // asymmetricKeyDetails for RSA-PSS params, also verify that the exported + // AlgorithmIdentifier member of the SubjectPublicKeyInfo has the expected + // length of 11 bytes (as opposed to > 11 bytes if node added params). + const spki = publicKey.export({ format: 'der', type: 'spki' }); + assert.strictEqual(spki[3], 11, spki.toString('hex')); + })); +} + { const privateKeyEncoding = { type: 'pkcs8',