Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit fc45cbe

Browse filesBrowse files
tniessenBethGriggs
tniessen
authored and
BethGriggs
committed
crypto: fix default MGF1 hash for OpenSSL 3
Refs: #39999 PR-URL: #40031 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com>
1 parent a71579b commit fc45cbe
Copy full SHA for fc45cbe

File tree

Expand file treeCollapse file tree

2 files changed

+33
-2
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

2 files changed

+33
-2
lines changed
Open diff view settings
Collapse file

‎src/crypto/crypto_rsa.cc‎

Copy file name to clipboardExpand all lines: src/crypto/crypto_rsa.cc
+11-2Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -63,10 +63,19 @@ EVPKeyCtxPointer RsaKeyGenTraits::Setup(RsaKeyPairGenConfig* params) {
6363
return EVPKeyCtxPointer();
6464
}
6565

66-
if (params->params.mgf1_md != nullptr &&
66+
// TODO(tniessen): This appears to only be necessary in OpenSSL 3, while
67+
// OpenSSL 1.1.1 behaves as recommended by RFC 8017 and defaults the MGF1
68+
// hash algorithm to the RSA-PSS hashAlgorithm. Remove this code if the
69+
// behavior of OpenSSL 3 changes.
70+
const EVP_MD* mgf1_md = params->params.mgf1_md;
71+
if (mgf1_md == nullptr && params->params.md != nullptr) {
72+
mgf1_md = params->params.md;
73+
}
74+
75+
if (mgf1_md != nullptr &&
6776
EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(
6877
ctx.get(),
69-
params->params.mgf1_md) <= 0) {
78+
mgf1_md) <= 0) {
7079
return EVPKeyCtxPointer();
7180
}
7281

Collapse file

‎test/parallel/test-crypto-keygen.js‎

Copy file name to clipboardExpand all lines: test/parallel/test-crypto-keygen.js
+22Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -369,6 +369,28 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
369369
}));
370370
}
371371

372+
{
373+
// RFC 8017, 9.1.: "Assuming that the mask generation function is based on a
374+
// hash function, it is RECOMMENDED that the hash function be the same as the
375+
// one that is applied to the message."
376+
377+
generateKeyPair('rsa-pss', {
378+
modulusLength: 512,
379+
hashAlgorithm: 'sha256',
380+
saltLength: 16
381+
}, common.mustSucceed((publicKey, privateKey) => {
382+
const expectedKeyDetails = {
383+
modulusLength: 512,
384+
publicExponent: 65537n,
385+
hashAlgorithm: 'sha256',
386+
mgf1HashAlgorithm: 'sha256',
387+
saltLength: 16
388+
};
389+
assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails);
390+
assert.deepStrictEqual(privateKey.asymmetricKeyDetails, expectedKeyDetails);
391+
}));
392+
}
393+
372394
{
373395
const privateKeyEncoding = {
374396
type: 'pkcs8',

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.