Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit fa88cc0

Browse filesBrowse files
panvamarco-ippolito
panva
authored and
marco-ippolito
committed
crypto: ensure documented RSA-PSS saltLength default is used
PR-URL: #60662 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
1 parent 5014f22 commit fa88cc0
Copy full SHA for fa88cc0

2 files changed

+44-1Lines changed: 44 additions & 1 deletion

File tree

Expand file treeCollapse file tree
Open diff view settings
Filter options
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎lib/internal/crypto/sig.js‎

Copy file name to clipboardExpand all lines: lib/internal/crypto/sig.js
+7-1Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,8 @@ const {
5050
isArrayBufferView,
5151
} = require('internal/util/types');
5252

53+
const constants = internalBinding('constants').crypto;
54+
5355
function Sign(algorithm, options) {
5456
if (!(this instanceof Sign))
5557
return new Sign(algorithm, options);
@@ -85,7 +87,11 @@ function getPadding(options) {
8587
}
8688

8789
function getSaltLength(options) {
88-
return getIntOption('saltLength', options);
90+
let saltLength = getIntOption('saltLength', options);
91+
if (options.padding === constants.RSA_PKCS1_PSS_PADDING && saltLength === undefined) {
92+
saltLength = constants.RSA_PSS_SALTLEN_MAX_SIGN;
93+
}
94+
return saltLength;
8995
}
9096

9197
function getDSASignatureEncoding(options) {
Collapse file

‎test/parallel/test-crypto-rsa-pss-default-salt-length.js‎

Copy file name to clipboard
+37Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
'use strict';
2+
const common = require('../common');
3+
if (!common.hasCrypto)
4+
common.skip('missing crypto');
5+
6+
const assert = require('assert');
7+
const crypto = require('crypto');
8+
9+
const fixtures = require('../common/fixtures');
10+
11+
const privateKey = crypto.createPrivateKey(fixtures.readKey('rsa_private.pem', 'ascii'));
12+
const publicKey = crypto.createPublicKey(fixtures.readKey('rsa_public.pem', 'ascii'));
13+
14+
const data = crypto.randomBytes(32);
15+
16+
for (const digest of ['sha256', 'sha384', 'sha512']) {
17+
const hLen = crypto.hash(digest, data, 'buffer').byteLength;
18+
const maxSaltLength =
19+
privateKey.asymmetricKeyDetails.modulusLength / 8 - hLen - 2;
20+
21+
const sig = crypto.sign(digest, data, {
22+
key: privateKey,
23+
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
24+
// No "saltLength" provided, documented default RSA_PSS_SALTLEN_MAX_SIGN expected
25+
});
26+
27+
assert.strictEqual(crypto.verify(
28+
digest,
29+
data,
30+
{
31+
key: publicKey,
32+
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
33+
saltLength: maxSaltLength,
34+
},
35+
sig
36+
), true);
37+
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.