crypto: fix WebCrypto import of RSA-PSS keys

tniessen · ruyadorno · commit 0398167b35d6 · 2021-01-21T17:48:02.000-05:00
This patch changes GetRsaKeyDetail to work in older supported versions of OpenSSL. Refs: openssl/openssl#10217 PR-URL: #36877 Refs: #36188 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
diff --git a/src/crypto/crypto_rsa.cc b/src/crypto/crypto_rsa.cc
@@ -367,7 +367,14 @@ Maybe<bool> ExportJWKRsaKey(
   int type = EVP_PKEY_id(pkey.get());
   CHECK(type == EVP_PKEY_RSA || type == EVP_PKEY_RSA_PSS);
 
-  RSA* rsa = EVP_PKEY_get0_RSA(pkey.get());
+  // TODO(tniessen): Remove the "else" branch once we drop support for OpenSSL
+  // versions older than 1.1.1e via FIPS / dynamic linking.
+  RSA* rsa;
+  if (OpenSSL_version_num() >= 0x1010105fL) {
+    rsa = EVP_PKEY_get0_RSA(pkey.get());
+  } else {
+    rsa = static_cast<RSA*>(EVP_PKEY_get0(pkey.get()));
+  }
   CHECK_NOT_NULL(rsa);
 
   const BIGNUM* n;
@@ -508,7 +515,14 @@ Maybe<bool> GetRsaKeyDetail(
   int type = EVP_PKEY_id(pkey.get());
   CHECK(type == EVP_PKEY_RSA || type == EVP_PKEY_RSA_PSS);
 
-  RSA* rsa = EVP_PKEY_get0_RSA(pkey.get());
+  // TODO(tniessen): Remove the "else" branch once we drop support for OpenSSL
+  // versions older than 1.1.1e via FIPS / dynamic linking.
+  RSA* rsa;
+  if (OpenSSL_version_num() >= 0x1010105fL) {
+    rsa = EVP_PKEY_get0_RSA(pkey.get());
+  } else {
+    rsa = static_cast<RSA*>(EVP_PKEY_get0(pkey.get()));
+  }
   CHECK_NOT_NULL(rsa);
 
   RSA_get0_key(rsa, &n, &e, nullptr);
diff --git a/test/parallel/test-webcrypto-rsa-pss-params.js b/test/parallel/test-webcrypto-rsa-pss-params.js
@@ -0,0 +1,40 @@
+'use strict';
+
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const {
+  createPrivateKey,
+  createPublicKey,
+  webcrypto: {
+    subtle
+  }
+} = require('crypto');
+
+const fixtures = require('../common/fixtures');
+
+{
+  const rsaPssKeyWithoutParams = fixtures.readKey('rsa_pss_private_2048.pem');
+
+  const pkcs8 = createPrivateKey(rsaPssKeyWithoutParams).export({
+    type: 'pkcs8',
+    format: 'der'
+  });
+  const spki = createPublicKey(rsaPssKeyWithoutParams).export({
+    type: 'spki',
+    format: 'der'
+  });
+
+  const hashes = ['SHA-1', 'SHA-256', 'SHA-384', 'SHA-512'];
+
+  const tasks = [];
+  for (const hash of hashes) {
+    const algorithm = { name: 'RSA-PSS', hash };
+    tasks.push(subtle.importKey('pkcs8', pkcs8, algorithm, true, ['sign']));
+    tasks.push(subtle.importKey('spki', spki, algorithm, true, ['verify']));
+  }
+
+  Promise.all(tasks).then(common.mustCall());
+}
