Skip to content

crypto: fix default MGF1 hash for OpenSSL 3#40031

Closed
tniessen wants to merge 1 commit intonodejs:masterfrom
tniessen:crypto-fix-rsa-pss-mgf1-hash-openssl3
Closed

crypto: fix default MGF1 hash for OpenSSL 3#40031
tniessen wants to merge 1 commit intonodejs:masterfrom
tniessen:crypto-fix-rsa-pss-mgf1-hash-openssl3

Conversation

@tniessen
Copy link
Member

@tniessen tniessen commented Sep 7, 2021

OpenSSL 3 does not seem to set the MGF1 hash algorithm to the RSA-PSS hash by default. In other words, calling EVP_PKEY_CTX_set_rsa_pss_keygen_md does not seem to update the MGF1 hash algorithm. Calling EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md after EVP_PKEY_CTX_set_rsa_pss_keygen_md seems to fix this difference in behavior between OpenSSL 1.1.1 and OpenSSL 3.

Refs: #39999

@tniessen tniessen added the openssl Issues and PRs related to the OpenSSL dependency. label Sep 7, 2021
@tniessen tniessen requested review from jasnell and panva September 7, 2021 15:22
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Sep 7, 2021
@tniessen tniessen mentioned this pull request Sep 7, 2021
Closed
@tniessen
Copy link
Member Author

tniessen commented Sep 7, 2021

This unblocks #39999.

@tniessen tniessen added the request-ci Add this label to start a Jenkins CI on a PR. label Sep 7, 2021
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Sep 7, 2021
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Sep 7, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/39853/

@panva panva added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. and removed needs-ci PRs that need a full CI run. author ready PRs that have at least one approval, no pending requests for changes, and a CI started. labels Sep 7, 2021
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Sep 7, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/39855/

@panva panva added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Sep 7, 2021
panva pushed a commit that referenced this pull request Sep 9, 2021
@tniessen @panva
crypto: fix default MGF1 hash for OpenSSL 3
5fd7a72 
Refs: #39999

PR-URL: #40031
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
@panva
Copy link
Member

panva commented Sep 9, 2021

Landed in 5fd7a72

@panva panva closed this Sep 9, 2021
This was referenced Sep 14, 2021
Open
Open
BethGriggs pushed a commit that referenced this pull request Sep 21, 2021
@tniessen @BethGriggs
crypto: fix default MGF1 hash for OpenSSL 3
fc45cbe 
Refs: #39999

PR-URL: #40031
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
@BethGriggs BethGriggs mentioned this pull request Sep 21, 2021
Merged
1 task
@tniessen tniessen deleted the crypto-fix-rsa-pss-mgf1-hash-openssl3 branch October 7, 2021 16:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@panva panva panva approved these changes

@jasnell jasnell jasnell approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. openssl Issues and PRs related to the OpenSSL dependency.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tniessen @nodejs-github-bot @panva @jasnell