Skip to content

Commit

Permalink
crypto: fix RSA_PKCS1_PADDING error message
Browse files Browse the repository at this point in the history 
The ability to revert the fix for CVE-2023-46809 was only added to
Node.js 18.x, 20.x and 21.x as, per policy, security reverts are only
added to the existing supported release lines at the time of the fix.

The error message thrown when `RSA_PKCS1_PADDING` is used on `main`
and subsequent major versions (i.e. Node.js 22 and 23) should not
have suggested that it is possible to revert the fix.
  • Loading branch information
@richardlau
richardlau committed Nov 1, 2024
1 parent e2bd64d commit cf29a0c
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions src/crypto/crypto_cipher.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1092,8 +1092,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
if (rsa_pkcs1_implicit_rejection <= 0) {
return THROW_ERR_INVALID_ARG_VALUE(
env,
"RSA_PKCS1_PADDING is no longer supported for private decryption,"
" this can be reverted with --security-revert=CVE-2024-PEND");
"RSA_PKCS1_PADDING is no longer supported for private decryption");
}
}

Expand Down

0 comments on commit cf29a0c

Please sign in to comment.