Use JS fallback code for RSA decryption on Node if PKCS#1 is not supported

Necessary as Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption.
2025-11-24 14:35:51 +00:00 · 2024-02-19 12:26:47 +01:00 · 2024-02-19 12:26:47 +01:00 · 3d664e7b26
commit 3d664e7b26
parent 7003d19c71
1 changed files with 10 additions and 6 deletions
--- a/src/crypto/public_key/rsa.js
+++ b/src/crypto/public_key/rsa.js
@ -140,8 +140,15 @@ export async function encrypt(data, n, e) {
 * @async
 */
 export async function decrypt(data, n, e, d, p, q, u, randomPayload) {
-  if (util.getNodeCrypto()) {
+  // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption,
-    return nodeDecrypt(data, n, e, d, p, q, u, randomPayload);
+  // and we want to avoid checking the error type to decide if the random payload
  // should indeed be returned.
  if (util.getNodeCrypto() && !randomPayload) {
    try {
      return await nodeDecrypt(data, n, e, d, p, q, u);
    } catch (err) {
      util.printDebugError(err);
    }
  }
  return bnDecrypt(data, n, e, d, p, q, u, randomPayload);
 }
@ -443,7 +450,7 @@ async function bnEncrypt(data, n, e) {
  return data.modExp(e, n).toUint8Array('be', n.byteLength());
 }
-async function nodeDecrypt(data, n, e, d, p, q, u, randomPayload) {
+async function nodeDecrypt(data, n, e, d, p, q, u) {
  const { default: BN } = await import('bn.js');
  const pBNum = new BN(p);
@ -477,9 +484,6 @@ async function nodeDecrypt(data, n, e, d, p, q, u, randomPayload) {
  try {
    return new Uint8Array(nodeCrypto.privateDecrypt(key, data));
  } catch (err) {
    if (randomPayload) {
      return randomPayload;
    }
    throw new Error('Decryption error');
  }
 }