crypto: fix key object wrapping in sync keygen

PR-URL: #25326
Fixes: #25322
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

Author: tniessen

doc/api/crypto.md

@@ -1951,27 +1951,22 @@ changes:
   - `publicExponent`: {number} Public exponent (RSA). **Default:** `0x10001`.
   - `divisorLength`: {number} Size of `q` in bits (DSA).
   - `namedCurve`: {string} Name of the curve to use (EC).
-  - `publicKeyEncoding`: {Object}
-    - `type`: {string} Must be one of `'pkcs1'` (RSA only) or `'spki'`.
-    - `format`: {string} Must be `'pem'` or `'der'`.
-  - `privateKeyEncoding`: {Object}
-    - `type`: {string} Must be one of `'pkcs1'` (RSA only), `'pkcs8'` or
-      `'sec1'` (EC only).
-    - `format`: {string} Must be `'pem'` or `'der'`.
-    - `cipher`: {string} If specified, the private key will be encrypted with
-      the given `cipher` and `passphrase` using PKCS#5 v2.0 password based
-      encryption.
-    - `passphrase`: {string | Buffer} The passphrase to use for encryption, see
-      `cipher`.
+  - `publicKeyEncoding`: {Object} See [`keyObject.export()`][].
+  - `privateKeyEncoding`: {Object} See [`keyObject.export()`][].
 * Returns: {Object}
   - `publicKey`: {string | Buffer | KeyObject}
   - `privateKey`: {string | Buffer | KeyObject}
 
 Generates a new asymmetric key pair of the given `type`. Only RSA, DSA and EC
 are currently supported.
 
-It is recommended to encode public keys as `'spki'` and private keys as
-`'pkcs8'` with encryption:
+If a `publicKeyEncoding` or `privateKeyEncoding` was specified, this function
+behaves as if [`keyObject.export()`][] had been called on its result. Otherwise,
+the respective part of the key is returned as a [`KeyObject`].
+
+When encoding public keys, it is recommended to use `'spki'`. When encoding
+private keys, it is recommended to use `'pks8'` with a strong passphrase, and to
+keep the passphrase confidential.
 
 ```js
 const { generateKeyPairSync } = require('crypto');

lib/internal/crypto/keygen.js

@@ -74,7 +74,11 @@ function handleError(impl, wrap) {
   if (err !== undefined)
     throw err;
 
-  return { publicKey, privateKey };
+  // If no encoding was chosen, return key objects instead.
+  return {
+    publicKey: wrapKey(publicKey, PublicKeyObject),
+    privateKey: wrapKey(privateKey, PrivateKeyObject)
+  };
 }
 
 function parseKeyEncoding(keyType, options) {

test/parallel/test-crypto-keygen.js

@@ -95,6 +95,21 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
   testSignVerify(publicKey, privateKey);
 }
 
+{
+  // Test sync key generation with key objects.
+  const { publicKey, privateKey } = generateKeyPairSync('rsa', {
+    modulusLength: 512
+  });
+
+  assert.strictEqual(typeof publicKey, 'object');
+  assert.strictEqual(publicKey.type, 'public');
+  assert.strictEqual(publicKey.asymmetricKeyType, 'rsa');
+
+  assert.strictEqual(typeof privateKey, 'object');
+  assert.strictEqual(privateKey.type, 'private');
+  assert.strictEqual(privateKey.asymmetricKeyType, 'rsa');
+}
+
 {
   const publicKeyEncoding = {
     type: 'pkcs1',