Skip to content

Commit

Permalink
crypto: fix default MGF1 hash for OpenSSL 3
Browse files Browse the repository at this point in the history
Refs: #39999

PR-URL: #40031
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Filip Skokan <[email protected]>
  • Loading branch information
tniessen authored and BethGriggs committed Sep 21, 2021
1 parent a71579b commit fc45cbe
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 2 deletions.
13 changes: 11 additions & 2 deletions src/crypto/crypto_rsa.cc
Original file line number Diff line number Diff line change
Expand Up @@ -63,10 +63,19 @@ EVPKeyCtxPointer RsaKeyGenTraits::Setup(RsaKeyPairGenConfig* params) {
return EVPKeyCtxPointer();
}

if (params->params.mgf1_md != nullptr &&
// TODO(tniessen): This appears to only be necessary in OpenSSL 3, while
// OpenSSL 1.1.1 behaves as recommended by RFC 8017 and defaults the MGF1
// hash algorithm to the RSA-PSS hashAlgorithm. Remove this code if the
// behavior of OpenSSL 3 changes.
const EVP_MD* mgf1_md = params->params.mgf1_md;
if (mgf1_md == nullptr && params->params.md != nullptr) {
mgf1_md = params->params.md;
}

if (mgf1_md != nullptr &&
EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(
ctx.get(),
params->params.mgf1_md) <= 0) {
mgf1_md) <= 0) {
return EVPKeyCtxPointer();
}

Expand Down
22 changes: 22 additions & 0 deletions test/parallel/test-crypto-keygen.js
Original file line number Diff line number Diff line change
Expand Up @@ -369,6 +369,28 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
}));
}

{
// RFC 8017, 9.1.: "Assuming that the mask generation function is based on a
// hash function, it is RECOMMENDED that the hash function be the same as the
// one that is applied to the message."

generateKeyPair('rsa-pss', {
modulusLength: 512,
hashAlgorithm: 'sha256',
saltLength: 16
}, common.mustSucceed((publicKey, privateKey) => {
const expectedKeyDetails = {
modulusLength: 512,
publicExponent: 65537n,
hashAlgorithm: 'sha256',
mgf1HashAlgorithm: 'sha256',
saltLength: 16
};
assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails);
assert.deepStrictEqual(privateKey.asymmetricKeyDetails, expectedKeyDetails);
}));
}

{
const privateKeyEncoding = {
type: 'pkcs8',
Expand Down

0 comments on commit fc45cbe

Please sign in to comment.