From 2a7047d933c90876b34f3c19eb34cd6d127b6d7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Sun, 18 Feb 2024 16:18:02 +0100 Subject: [PATCH] doc,crypto: further clarify RSA_PKCS1_PADDING support PR-URL: https://github.com/nodejs/node/pull/51799 Reviewed-By: Filip Skokan Reviewed-By: Luigi Pinca Reviewed-By: Michael Dawson --- doc/api/crypto.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index ce0f04f573b9fe..60d659daceebb9 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -4512,8 +4512,9 @@ changes: - v21.6.2 - v20.11.1 - v18.19.1 - pr-url: https://github.com/nodejs-private/node-private/pull/525 - description: The `RSA_PKCS1_PADDING` padding was disabled. + pr-url: https://github.com/nodejs-private/node-private/pull/515 + description: The `RSA_PKCS1_PADDING` padding was disabled unless the + OpenSSL build supports implicit rejection. - version: v15.0.0 pr-url: https://github.com/nodejs/node/pull/35093 description: Added string, ArrayBuffer, and CryptoKey as allowable key @@ -4555,8 +4556,10 @@ If `privateKey` is not a [`KeyObject`][], this function behaves as if object, the `padding` property can be passed. Otherwise, this function uses `RSA_PKCS1_OAEP_PADDING`. -The `crypto.constants.RSA_PKCS1_PADDING` padding is disabled in -[`crypto.privateDecrypt()`][] since the February 2024 security releases. +Using `crypto.constants.RSA_PKCS1_PADDING` in [`crypto.privateDecrypt()`][] +requires OpenSSL to support implicit rejection (`rsa_pkcs1_implicit_rejection`). +If the version of OpenSSL used by Node.js does not support this feature, +attempting to use `RSA_PKCS1_PADDING` will fail. ### `crypto.privateEncrypt(privateKey, buffer)`