From 3d664e7b2636bea36c3fb6a9284c34b6bd143c50 Mon Sep 17 00:00:00 2001
From: larabr <7375870+larabr@users.noreply.github.com>
Date: Mon, 19 Feb 2024 12:26:47 +0100
Subject: [PATCH] Use JS fallback code for RSA decryption on Node if PKCS#1 is
 not supported

Necessary as Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption.
---
 src/crypto/public_key/rsa.js | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/crypto/public_key/rsa.js b/src/crypto/public_key/rsa.js
index bdbf36c3..2343eb3e 100644
--- a/src/crypto/public_key/rsa.js
+++ b/src/crypto/public_key/rsa.js
@@ -140,8 +140,15 @@ export async function encrypt(data, n, e) {
  * @async
  */
 export async function decrypt(data, n, e, d, p, q, u, randomPayload) {
-  if (util.getNodeCrypto()) {
-    return nodeDecrypt(data, n, e, d, p, q, u, randomPayload);
+  // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption,
+  // and we want to avoid checking the error type to decide if the random payload
+  // should indeed be returned.
+  if (util.getNodeCrypto() && !randomPayload) {
+    try {
+      return await nodeDecrypt(data, n, e, d, p, q, u);
+    } catch (err) {
+      util.printDebugError(err);
+    }
   }
   return bnDecrypt(data, n, e, d, p, q, u, randomPayload);
 }
@@ -443,7 +450,7 @@ async function bnEncrypt(data, n, e) {
   return data.modExp(e, n).toUint8Array('be', n.byteLength());
 }
 
-async function nodeDecrypt(data, n, e, d, p, q, u, randomPayload) {
+async function nodeDecrypt(data, n, e, d, p, q, u) {
   const { default: BN } = await import('bn.js');
 
   const pBNum = new BN(p);
@@ -477,9 +484,6 @@ async function nodeDecrypt(data, n, e, d, p, q, u, randomPayload) {
   try {
     return new Uint8Array(nodeCrypto.privateDecrypt(key, data));
   } catch (err) {
-    if (randomPayload) {
-      return randomPayload;
-    }
     throw new Error('Decryption error');
   }
 }