Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: fix default MGF1 hash for OpenSSL 3 #40031

Closed
wants to merge 1 commit into from
Closed

crypto: fix default MGF1 hash for OpenSSL 3 #40031

wants to merge 1 commit into from

Conversation

tniessen
Copy link
Member

@tniessen tniessen commented Sep 7, 2021

OpenSSL 3 does not seem to set the MGF1 hash algorithm to the RSA-PSS hash by default. In other words, calling EVP_PKEY_CTX_set_rsa_pss_keygen_md does not seem to update the MGF1 hash algorithm. Calling EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md after EVP_PKEY_CTX_set_rsa_pss_keygen_md seems to fix this difference in behavior between OpenSSL 1.1.1 and OpenSSL 3.

Refs: #39999

@tniessen tniessen added the openssl Issues and PRs related to the OpenSSL dependency. label Sep 7, 2021
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Sep 7, 2021
@tniessen tniessen mentioned this pull request Sep 7, 2021
Closed
@tniessen
Copy link
Member Author

tniessen commented Sep 7, 2021

This unblocks #39999.

@tniessen tniessen added the request-ci Add this label to start a Jenkins CI on a PR. label Sep 7, 2021
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Sep 7, 2021
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/39853/

@panva panva added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. and removed needs-ci PRs that need a full CI run. author ready PRs that have at least one approval, no pending requests for changes, and a CI started. labels Sep 7, 2021
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/39855/

@panva panva added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Sep 7, 2021
panva pushed a commit that referenced this pull request Sep 9, 2021
@tniessen @panva
crypto: fix default MGF1 hash for OpenSSL 3
5fd7a72 
Refs: #39999

PR-URL: #40031
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Filip Skokan <[email protected]>
@panva
Copy link
Member

panva commented Sep 9, 2021

Landed in 5fd7a72

@panva panva closed this Sep 9, 2021
This was referenced Sep 14, 2021
Open
Open
BethGriggs pushed a commit that referenced this pull request Sep 21, 2021
@tniessen @BethGriggs
crypto: fix default MGF1 hash for OpenSSL 3
fc45cbe 
Refs: #39999

PR-URL: #40031
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Filip Skokan <[email protected]>
@BethGriggs BethGriggs mentioned this pull request Sep 21, 2021
Merged
1 task
@tniessen tniessen deleted the crypto-fix-rsa-pss-mgf1-hash-openssl3 branch October 7, 2021 16:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

@panva panva panva approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tniessen @nodejs-github-bot @panva @jasnell