Skip to content

Commit

Permalink
crypto: fix RSA-PSS default saltLength
Browse files Browse the repository at this point in the history
PR-URL: #39999
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
  • Loading branch information
tniessen authored and panva committed Sep 9, 2021
1 parent 5fd7a72 commit a42bd7e
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 2 deletions.
9 changes: 7 additions & 2 deletions src/crypto/crypto_rsa.cc
Original file line number Diff line number Diff line change
Expand Up @@ -79,10 +79,15 @@ EVPKeyCtxPointer RsaKeyGenTraits::Setup(RsaKeyPairGenConfig* params) {
return EVPKeyCtxPointer();
}

if (params->params.saltlen >= 0 &&
int saltlen = params->params.saltlen;
if (saltlen < 0 && params->params.md != nullptr) {
saltlen = EVP_MD_size(params->params.md);
}

if (saltlen >= 0 &&
EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(
ctx.get(),
params->params.saltlen) <= 0) {
saltlen) <= 0) {
return EVPKeyCtxPointer();
}
}
Expand Down
37 changes: 37 additions & 0 deletions test/parallel/test-crypto-keygen.js
Original file line number Diff line number Diff line change
Expand Up @@ -391,6 +391,43 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
}));
}

{
// RFC 8017, A.2.3.: "For a given hashAlgorithm, the default value of
// saltLength is the octet length of the hash value."

generateKeyPair('rsa-pss', {
modulusLength: 512,
hashAlgorithm: 'sha512'
}, common.mustSucceed((publicKey, privateKey) => {
const expectedKeyDetails = {
modulusLength: 512,
publicExponent: 65537n,
hashAlgorithm: 'sha512',
mgf1HashAlgorithm: 'sha512',
saltLength: 64
};
assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails);
assert.deepStrictEqual(privateKey.asymmetricKeyDetails, expectedKeyDetails);
}));

// It is still possible to explicitly set saltLength to 0.
generateKeyPair('rsa-pss', {
modulusLength: 512,
hashAlgorithm: 'sha512',
saltLength: 0
}, common.mustSucceed((publicKey, privateKey) => {
const expectedKeyDetails = {
modulusLength: 512,
publicExponent: 65537n,
hashAlgorithm: 'sha512',
mgf1HashAlgorithm: 'sha512',
saltLength: 0
};
assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails);
assert.deepStrictEqual(privateKey.asymmetricKeyDetails, expectedKeyDetails);
}));
}

{
const privateKeyEncoding = {
type: 'pkcs8',
Expand Down

0 comments on commit a42bd7e

Please sign in to comment.