nodejs
diff --git a/Collapse file
‎src/crypto/crypto_sig.cc‎
Copy file name to clipboardExpand all lines: src/crypto/crypto_sig.cc
+14-5Lines changed: 14 additions & 5 deletions b/Collapse file
‎src/crypto/crypto_sig.cc‎
Copy file name to clipboardExpand all lines: src/crypto/crypto_sig.cc
+14-5Lines changed: 14 additions & 5 deletions
diff --git a/Collapse file
‎test/parallel/test-crypto-sign-verify.js‎
Copy file name to clipboardExpand all lines: test/parallel/test-crypto-sign-verify.js
+14Lines changed: 14 additions & 0 deletions b/Collapse file
‎test/parallel/test-crypto-sign-verify.js‎
Copy file name to clipboardExpand all lines: test/parallel/test-crypto-sign-verify.js
+14Lines changed: 14 additions & 0 deletions
@@ -738,19 +738,25 @@ bool SignTraits::DeriveBits(
       size_t len;
       unsigned char* data = nullptr;
       if (IsOneShot(params.key)) {
-        EVP_DigestSign(
+        if (!EVP_DigestSign(
             context.get(),
             nullptr,
             &len,
             params.data.data<unsigned char>(),
-            params.data.size());
+            params.data.size())) {
+          crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
+          return false;
+        }
         data = MallocOpenSSL<unsigned char>(len);
-        EVP_DigestSign(
+        if (!EVP_DigestSign(
             context.get(),
             data,
             &len,
             params.data.data<unsigned char>(),
-            params.data.size());
+            params.data.size())) {
+              crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
+              return false;
+            }
         ByteSource buf =
             ByteSource::Allocated(reinterpret_cast<char*>(data), len);
         *out = std::move(buf);
@@ -760,13 +766,16 @@ bool SignTraits::DeriveBits(
                 params.data.data<unsigned char>(),
                 params.data.size()) ||
             !EVP_DigestSignFinal(context.get(), nullptr, &len)) {
+          crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
           return false;
         }
         data = MallocOpenSSL<unsigned char>(len);
         ByteSource buf =
             ByteSource::Allocated(reinterpret_cast<char*>(data), len);
-        if (!EVP_DigestSignFinal(context.get(), data, &len))
+        if (!EVP_DigestSignFinal(context.get(), data, &len)) {
+          crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
           return false;
+        }
 
         if (UseP1363Encoding(params.key, params.dsa_encoding)) {
           *out = ConvertSignatureToP1363(env, params.key, buf);
 
@@ -742,3 +742,17 @@ assert.throws(
     }
   }
 }
+
+// The sign function should not swallow OpenSSL errors.
+// Regression test for https://github.com/nodejs/node/issues/40794.
+{
+  assert.throws(() => {
+    const { privateKey } = crypto.generateKeyPairSync('rsa', {
+      modulusLength: 512
+    });
+    crypto.sign('sha512', 'message', privateKey);
+  }, {
+    code: 'ERR_OSSL_RSA_DIGEST_TOO_BIG_FOR_RSA_KEY',
+    message: /digest too big for rsa key/
+  });
+}
Original file line number	Diff line number	Diff line change
`@@ -742,3 +742,17 @@ assert.throws(`
`742`	`742`	`}`
`743`	`743`	`}`
`744`	`744`	`}`
	`745`	`+`
	`746`	`+// The sign function should not swallow OpenSSL errors.`
	`747`	`+// Regression test for https://github.com/nodejs/node/issues/40794.`
	`748`	`+{`
	`749`	`+ assert.throws(() => {`
	`750`	`+ const { privateKey } = crypto.generateKeyPairSync('rsa', {`
	`751`	`+ modulusLength: 512`
	`752`	`+ });`
	`753`	`+ crypto.sign('sha512', 'message', privateKey);`
	`754`	`+ }, {`
	`755`	`+ code: 'ERR_OSSL_RSA_DIGEST_TOO_BIG_FOR_RSA_KEY',`
	`756`	`+ message: /digest too big for rsa key/`
	`757`	`+ });`
	`758`	`+}`