Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: fix default MGF1 hash for OpenSSL 3 #40031

Closed

Conversation

tniessen
Copy link
Member

@tniessen tniessen commented Sep 7, 2021

OpenSSL 3 does not seem to set the MGF1 hash algorithm to the RSA-PSS hash by default. In other words, calling EVP_PKEY_CTX_set_rsa_pss_keygen_md does not seem to update the MGF1 hash algorithm. Calling EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md after EVP_PKEY_CTX_set_rsa_pss_keygen_md seems to fix this difference in behavior between OpenSSL 1.1.1 and OpenSSL 3.

Refs: #39999

@tniessen tniessen added the openssl Issues and PRs related to the OpenSSL dependency. label Sep 7, 2021
@tniessen tniessen requested review from panva and jasnell September 7, 2021 15:22
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Sep 7, 2021
@tniessen
Copy link
Member Author

tniessen commented Sep 7, 2021

This unblocks #39999.

@tniessen tniessen added the request-ci Add this label to start a Jenkins CI on a PR. label Sep 7, 2021
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Sep 7, 2021
@nodejs-github-bot
Copy link
Collaborator

@panva panva added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. and removed needs-ci PRs that need a full CI run. author ready PRs that have at least one approval, no pending requests for changes, and a CI started. labels Sep 7, 2021
@nodejs-github-bot
Copy link
Collaborator

@panva panva added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Sep 7, 2021
panva pushed a commit that referenced this pull request Sep 9, 2021
Refs: #39999

PR-URL: #40031
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Filip Skokan <[email protected]>
@panva
Copy link
Member

panva commented Sep 9, 2021

Landed in 5fd7a72

@panva panva closed this Sep 9, 2021
BethGriggs pushed a commit that referenced this pull request Sep 21, 2021
Refs: #39999

PR-URL: #40031
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Filip Skokan <[email protected]>
@BethGriggs BethGriggs mentioned this pull request Sep 21, 2021
1 task
@tniessen tniessen deleted the crypto-fix-rsa-pss-mgf1-hash-openssl3 branch October 7, 2021 16:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants