Skip to content

Commit

Permalink
crypto: fix WebCrypto import of RSA-PSS keys
Browse files Browse the repository at this point in the history
This patch changes GetRsaKeyDetail to work in older supported versions
of OpenSSL.

Refs: openssl/openssl#10217

PR-URL: #36877
Refs: #36188
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
  • Loading branch information
tniessen authored and ruyadorno committed Jan 21, 2021
1 parent c4cdf1d commit 0398167
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 2 deletions.
18 changes: 16 additions & 2 deletions src/crypto/crypto_rsa.cc
Original file line number Diff line number Diff line change
Expand Up @@ -367,7 +367,14 @@ Maybe<bool> ExportJWKRsaKey(
int type = EVP_PKEY_id(pkey.get());
CHECK(type == EVP_PKEY_RSA || type == EVP_PKEY_RSA_PSS);

RSA* rsa = EVP_PKEY_get0_RSA(pkey.get());
// TODO(tniessen): Remove the "else" branch once we drop support for OpenSSL
// versions older than 1.1.1e via FIPS / dynamic linking.
RSA* rsa;
if (OpenSSL_version_num() >= 0x1010105fL) {
rsa = EVP_PKEY_get0_RSA(pkey.get());
} else {
rsa = static_cast<RSA*>(EVP_PKEY_get0(pkey.get()));
}
CHECK_NOT_NULL(rsa);

const BIGNUM* n;
Expand Down Expand Up @@ -508,7 +515,14 @@ Maybe<bool> GetRsaKeyDetail(
int type = EVP_PKEY_id(pkey.get());
CHECK(type == EVP_PKEY_RSA || type == EVP_PKEY_RSA_PSS);

RSA* rsa = EVP_PKEY_get0_RSA(pkey.get());
// TODO(tniessen): Remove the "else" branch once we drop support for OpenSSL
// versions older than 1.1.1e via FIPS / dynamic linking.
RSA* rsa;
if (OpenSSL_version_num() >= 0x1010105fL) {
rsa = EVP_PKEY_get0_RSA(pkey.get());
} else {
rsa = static_cast<RSA*>(EVP_PKEY_get0(pkey.get()));
}
CHECK_NOT_NULL(rsa);

RSA_get0_key(rsa, &n, &e, nullptr);
Expand Down
40 changes: 40 additions & 0 deletions test/parallel/test-webcrypto-rsa-pss-params.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
'use strict';

const common = require('../common');

if (!common.hasCrypto)
common.skip('missing crypto');

const {
createPrivateKey,
createPublicKey,
webcrypto: {
subtle
}
} = require('crypto');

const fixtures = require('../common/fixtures');

{
const rsaPssKeyWithoutParams = fixtures.readKey('rsa_pss_private_2048.pem');

const pkcs8 = createPrivateKey(rsaPssKeyWithoutParams).export({
type: 'pkcs8',
format: 'der'
});
const spki = createPublicKey(rsaPssKeyWithoutParams).export({
type: 'spki',
format: 'der'
});

const hashes = ['SHA-1', 'SHA-256', 'SHA-384', 'SHA-512'];

const tasks = [];
for (const hash of hashes) {
const algorithm = { name: 'RSA-PSS', hash };
tasks.push(subtle.importKey('pkcs8', pkcs8, algorithm, true, ['sign']));
tasks.push(subtle.importKey('spki', spki, algorithm, true, ['verify']));
}

Promise.all(tasks).then(common.mustCall());
}

0 comments on commit 0398167

Please sign in to comment.