diff options
| author | David Benjamin <davidben@google.com> | 2017-09-09 18:41:56 -0400 |
|---|---|---|
| committer | Ruben Bridgewater <ruben@bridgewater.de> | 2017-09-11 00:18:02 -0300 |
| commit | 6ebdb69472beaabe4d3aac7f66e1f83b196278af (patch) | |
| tree | b1704c5fc47200c27b322e5ab9d34a557b94aee9 /test/parallel/test-crypto-binary-default.js | |
| parent | fc1fa4e2c49aa060b97b139ff02b5be8037dba94 (diff) | |
| download | android-node-v8-6ebdb69472beaabe4d3aac7f66e1f83b196278af.tar.gz android-node-v8-6ebdb69472beaabe4d3aac7f66e1f83b196278af.tar.bz2 android-node-v8-6ebdb69472beaabe4d3aac7f66e1f83b196278af.zip | |
crypto: fix Node_SignFinal
PR #11705 switched Node away from using using OpenSSL's legacy EVP_Sign*
and EVP_Verify* APIs. Instead, it computes a hash normally via
EVP_Digest* and then uses EVP_PKEY_sign and EVP_PKEY_verify to verify
the hash directly. This change corrects two problems:
1. The documentation still recommends the signature algorithm EVP_MD
names of OpenSSL's legacy APIs. OpenSSL has since moved away from
thosee, which is why ECDSA was strangely inconsistent. (This is why
"ecdsa-with-SHA256" was missing.)
2. Node_SignFinal copied some code from EVP_SignFinal's internals. This
is problematic for OpenSSL 1.1.0 and is missing a critical check
that prevents pkey->pkey.ptr from being cast to the wrong type.
To resolve this, remove the non-EVP_PKEY_sign codepath. This codepath is
no longer necessary. PR #11705's verify half was already assuming all
EVP_PKEYs supported EVP_PKEY_sign and EVP_PKEY_verify. Also, in the
documentation, point users towards using hash function names which are
more consisent. This avoids an ECDSA special-case and some strangeness
around RSA-PSS ("RSA-SHA256" is the OpenSSL name of the
sha256WithRSAEncryption OID which is not used for RSA-PSS).
PR-URL: https://github.com/nodejs/node/pull/15024
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Diffstat (limited to 'test/parallel/test-crypto-binary-default.js')
| -rw-r--r-- | test/parallel/test-crypto-binary-default.js | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/test/parallel/test-crypto-binary-default.js b/test/parallel/test-crypto-binary-default.js index d089a01ecf..0350015dc6 100644 --- a/test/parallel/test-crypto-binary-default.js +++ b/test/parallel/test-crypto-binary-default.js @@ -424,28 +424,28 @@ assert.throws(function() { }, /^Error: Digest method not supported$/); // Test signing and verifying -const s1 = crypto.createSign('RSA-SHA1') +const s1 = crypto.createSign('SHA1') .update('Test123') .sign(keyPem, 'base64'); -const s1Verified = crypto.createVerify('RSA-SHA1') +const s1Verified = crypto.createVerify('SHA1') .update('Test') .update('123') .verify(certPem, s1, 'base64'); assert.strictEqual(s1Verified, true, 'sign and verify (base 64)'); -const s2 = crypto.createSign('RSA-SHA256') +const s2 = crypto.createSign('SHA256') .update('Test123') .sign(keyPem); // binary -const s2Verified = crypto.createVerify('RSA-SHA256') +const s2Verified = crypto.createVerify('SHA256') .update('Test') .update('123') .verify(certPem, s2); // binary assert.strictEqual(s2Verified, true, 'sign and verify (binary)'); -const s3 = crypto.createSign('RSA-SHA1') +const s3 = crypto.createSign('SHA1') .update('Test123') .sign(keyPem, 'buffer'); -const s3Verified = crypto.createVerify('RSA-SHA1') +const s3Verified = crypto.createVerify('SHA1') .update('Test') .update('123') .verify(certPem, s3); @@ -610,8 +610,8 @@ const d = crypto.createDiffieHellman(p, 'hex'); assert.strictEqual(d.verifyError, DH_NOT_SUITABLE_GENERATOR); // Test RSA key signing/verification -const rsaSign = crypto.createSign('RSA-SHA1'); -const rsaVerify = crypto.createVerify('RSA-SHA1'); +const rsaSign = crypto.createSign('SHA1'); +const rsaVerify = crypto.createVerify('SHA1'); assert.ok(rsaSign instanceof crypto.Sign); assert.ok(rsaVerify instanceof crypto.Verify); @@ -646,13 +646,13 @@ assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true); '8195e0268da7eda23d9825ac43c724e86ceeee0d0d4465678652ccaf6501' + '0ddfb299bedeb1ad'; - const sign = crypto.createSign('RSA-SHA256'); + const sign = crypto.createSign('SHA256'); sign.update(input); const output = sign.sign(privateKey, 'hex'); assert.strictEqual(output, signature); - const verify = crypto.createVerify('RSA-SHA256'); + const verify = crypto.createVerify('SHA256'); verify.update(input); assert.strictEqual(verify.verify(publicKey, signature, 'hex'), true); @@ -670,11 +670,11 @@ assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true); // DSA signatures vary across runs so there is no static string to verify // against - const sign = crypto.createSign('DSS1'); + const sign = crypto.createSign('SHA1'); sign.update(input); const signature = sign.sign(privateKey, 'hex'); - const verify = crypto.createVerify('DSS1'); + const verify = crypto.createVerify('SHA1'); verify.update(input); assert.strictEqual(verify.verify(publicKey, signature, 'hex'), true); |