crypto: fix RSA_PKCS1_PADDING error message

richardlau · ruyadorno · commit 20483aab7a71 · 2024-11-27T11:03:29.000-05:00
The ability to revert the fix for CVE-2023-46809 was only added to Node.js 18.x, 20.x and 21.x as, per policy, security reverts are only added to the existing supported release lines at the time of the fix. The error message thrown when `RSA_PKCS1_PADDING` is used on `main` and subsequent major versions (i.e. Node.js 22 and 23) when OpenSSL does not support implicit rejections should not have suggested that it is possible to revert the fix. PR-URL: #55629 Fixes: #55628 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
@@ -1093,8 +1093,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
     if (rsa_pkcs1_implicit_rejection <= 0) {
       return THROW_ERR_INVALID_ARG_VALUE(
           env,
-          "RSA_PKCS1_PADDING is no longer supported for private decryption,"
-          " this can be reverted with --security-revert=CVE-2024-PEND");
+          "RSA_PKCS1_PADDING is no longer supported for private decryption");
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -1093,8 +1093,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {`
`1093`	`1093`	`if (rsa_pkcs1_implicit_rejection <= 0) {`
`1094`	`1094`	`return THROW_ERR_INVALID_ARG_VALUE(`
`1095`	`1095`	`env,`
`1096`		`- "RSA_PKCS1_PADDING is no longer supported for private decryption,"`
`1097`		`- " this can be reverted with --security-revert=CVE-2024-PEND");`
	`1096`	`+ "RSA_PKCS1_PADDING is no longer supported for private decryption");`
`1098`	`1097`	`}`
`1099`	`1098`	`}`
`1100`	`1099`