Skip to content

crypto: fix default MGF1 hash for OpenSSL 3#40031

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tniessen wants to merge 1 commit into from
Closed

crypto: fix default MGF1 hash for OpenSSL 3 #40031

tniessen wants to merge 1 commit into from

Conversation

@tniessen
Copy link
Member

@tniessentniessen commented Sep 7, 2021

OpenSSL 3 does not seem to set the MGF1 hash algorithm to the RSA-PSS hash by default. In other words, calling EVP_PKEY_CTX_set_rsa_pss_keygen_md does not seem to update the MGF1 hash algorithm. Calling EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md after EVP_PKEY_CTX_set_rsa_pss_keygen_md seems to fix this difference in behavior between OpenSSL 1.1.1 and OpenSSL 3.

Refs: #39999

@tniessentniessen added the openssl Issues and PRs related to the OpenSSL dependency. label Sep 7, 2021
@nodejs-github-botnodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Sep 7, 2021
@tniessentniessen mentioned this pull request Sep 7, 2021
Closed
@tniessen
Copy link
MemberAuthor

tniessen commented Sep 7, 2021

This unblocks #39999.

@tniessentniessen added the request-ci Add this label to start a Jenkins CI on a PR. label Sep 7, 2021
@github-actionsgithub-actionsbot removed the request-ci Add this label to start a Jenkins CI on a PR. label Sep 7, 2021
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Sep 7, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/39853/

@panvapanva added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. and removed needs-ci PRs that need a full CI run. author ready PRs that have at least one approval, no pending requests for changes, and a CI started. labels Sep 7, 2021
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Sep 7, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/39855/

@panvapanva added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Sep 7, 2021
panva pushed a commit that referenced this pull request Sep 9, 2021
@tniessen@panva
crypto: fix default MGF1 hash for OpenSSL 3
5fd7a72
Refs: #39999 PR-URL: #40031 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Filip Skokan <[email protected]>
@panva
Copy link
Member

panva commented Sep 9, 2021

Landed in 5fd7a72

@panvapanva closed this Sep 9, 2021
This was referenced Sep 14, 2021
Open
Open
BethGriggs pushed a commit that referenced this pull request Sep 21, 2021
@tniessen@BethGriggs
crypto: fix default MGF1 hash for OpenSSL 3
fc45cbe
Refs: #39999 PR-URL: #40031 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Filip Skokan <[email protected]>
@BethGriggsBethGriggs mentioned this pull request Sep 21, 2021
Merged
1 task
@tniessentniessen deleted the crypto-fix-rsa-pss-mgf1-hash-openssl3 branch October 7, 2021 16:42
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@panvapanvapanva approved these changes

@jasnelljasnelljasnell approved these changes

Assignees

No one assigned

Labels

author readyPRs that have at least one approval, no pending requests for changes, and a CI started.c++Issues and PRs that require attention from people who are familiar with C++.cryptoIssues and PRs related to the crypto subsystem.opensslIssues and PRs related to the OpenSSL dependency.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tniessen@nodejs-github-bot@panva@jasnell