nodejs · AmitPrajapati-1 · Mar 20, 2025 · Mar 20, 2025 · Mar 20, 2025 · Mar 21, 2025
diff --git a/package-lock.json b/package-lock.json
diff --git a/src/crypto/crypto_rsa.cc b/src/crypto/crypto_rsa.cc
@@ -187,12 +187,13 @@ using Cipher_t = DataPointer(const EVPKeyPointer& key,
                              const ncrypto::Rsa::CipherParams& params,
                              const ncrypto::Buffer<const void> in);
 
+template <Cipher_t cipher>
 template <Cipher_t cipher>
 WebCryptoCipherStatus RSA_Cipher(Environment* env,
-                                 const KeyObjectData& key_data,
-                                 const RSACipherConfig& params,
-                                 const ByteSource& in,
-                                 ByteSource* out) {
+                               const KeyObjectData& key_data,
+                               const RSACipherConfig& params,
+                               const ByteSource& in,
+                               ByteSource* out) {
   CHECK_NE(key_data.GetKeyType(), kKeyTypeSecret);
   Mutex::ScopedLock lock(key_data.mutex());
   const auto& m_pkey = key_data.GetAsymmetricKey();
@@ -206,10 +207,32 @@ WebCryptoCipherStatus RSA_Cipher(Environment* env,
   if (!data) return WebCryptoCipherStatus::FAILED;
   DCHECK(!data.isSecure());
 
+  // Check if we're in a decryption operation and the key is private
+  // (which would indicate we're decrypting)
+  if (key_data.GetKeyType() == kKeyTypePrivate) {
+    bool is_effectively_empty = true;
+    const unsigned char* data_ptr = static_cast<const unsigned char*>(data.data());
+    size_t data_size = data.size();
+
+    // Check if all bytes are zero
+    for (size_t i = 0; i < data_size; i++) {
+      if (data_ptr[i] != 0) {
+        is_effectively_empty = false;
+        break;
+      }
+    }
+
+    // If we have an effectively empty result, return a truly empty buffer
+    if (is_effectively_empty && data_size > 0) {
+      *out = ByteSource::Allocated(0);
+      return WebCryptoCipherStatus::OK;
+    }
+  }
+
+  // Normal case - data contains actual content
   *out = ByteSource::Allocated(data.release());
   return WebCryptoCipherStatus::OK;
 }
-}  // namespace
 
 Maybe<void> RSAKeyExportTraits::AdditionalConfig(
     const FunctionCallbackInfo<Value>& args,

diff --git a/test/parallel/package-lock.json b/test/parallel/package-lock.json
diff --git a/test/parallel/test-crypto-private-decrypt.js b/test/parallel/test-crypto-private-decrypt.js
@@ -0,0 +1,26 @@
+// file: test-crypto-private-decrypt.js
+const crypto = require('crypto');
+
+const keys = crypto.generateKeyPairSync(
+    'rsa',
+    {
+        modulusLength: 2048,
+        publicKeyEncoding: { type: 'spki', format: 'pem' },
+        privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+    }
+);
+
+const empty = '';
+
+const ciphertext = crypto.publicEncrypt({
+    oaepHash:'sha1',
+    padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
+    key: keys.publicKey,
+}, Buffer.from(empty)).toString('base64');
+
+const plaintext = crypto.privateDecrypt({
+    oaepHash: 'sha1',
+    padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
+    key: keys.privateKey
+}, Buffer.from(ciphertext, 'base64')).toString('utf8');
+console.assert(empty === plaintext, 'rsa-oaep `encrypt` empty string is success, but `decrypt` got unexpected string.');