From 0911e88056618766093a086fe643949eab430fa5 Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Thu, 4 Apr 2019 15:07:51 -0700 Subject: [PATCH] crypto: fix rsa key gen with non-default exponent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit EVP_PKEY_CTX_set_rsa_keygen_pubexp() accepts ownership of the exponent on success, so do not free it. Fixes: https://github.com/nodejs/node/issues/27087 PR-URL: https://github.com/nodejs/node/pull/27092 Reviewed-By: Ben Noordhuis Reviewed-By: Anna Henningsen Reviewed-By: Tobias Nießen Reviewed-By: James M Snell --- src/node_crypto.cc | 2 ++ test/parallel/test-crypto-keygen.js | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index a4cad865c76eb5..c62106381023f6 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -6084,8 +6084,10 @@ class RSAKeyPairGenerationConfig : public KeyPairGenerationConfig { BignumPointer bn(BN_new()); CHECK_NOT_NULL(bn.get()); CHECK(BN_set_word(bn.get(), exponent_)); + // EVP_CTX acceps ownership of bn on success. if (EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx.get(), bn.get()) <= 0) return false; + bn.release(); } return true; diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js index d327c7a078f298..07a0a18c301196 100644 --- a/test/parallel/test-crypto-keygen.js +++ b/test/parallel/test-crypto-keygen.js @@ -87,7 +87,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher); // To make the test faster, we will only test sync key generation once and // with a relatively small key. const ret = generateKeyPairSync('rsa', { - publicExponent: 0x10001, + publicExponent: 3, modulusLength: 512, publicKeyEncoding: { type: 'pkcs1', @@ -160,7 +160,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher); // Now do the same with an encrypted private key. generateKeyPair('rsa', { - publicExponent: 0x10001, + publicExponent: 0x1001, modulusLength: 512, publicKeyEncoding, privateKeyEncoding: {