fixup! crypto: add signDigest/verifyDigest and Ed25519ctx support

Author: panva

test/parallel/test-crypto-eddsa-variants.js

@@ -206,7 +206,7 @@ function createKeyPair(algorithm, secretKeyHex, publicKeyHex) {
 
 for (const v of vectors) {
   if (v.algorithm.startsWith('Ed448') && process.features.openssl_is_boringssl) continue;
-  if (v.algorithm.endsWith('ctx') || v.algorithm.endsWith('ph')) {
+  if (v.algorithm.endsWith('ctx') || v.algorithm.endsWith('ph') || v.context) {
     if (!hasOpenSSL(3, 2)) continue;
   }
   const { privateKey, publicKey } = createKeyPair(v.algorithm, v.secretKey, v.publicKey);

test/parallel/test-crypto-sign-verify-digest.js

@@ -645,3 +645,93 @@ if (hasOpenSSL(3, 2)) {
     }, { code: 'ERR_OSSL_INVALID_DIGEST_LENGTH' });
   }
 }
+
+// --- Error: wrong digest length for RSA/ECDSA ---
+// OpenSSL rejects wrong-length digests when signing. When verifying,
+// it returns false (signature mismatch) rather than throwing.
+{
+  const rsaDigestLengthError = hasOpenSSL(3, 0) ?
+    'ERR_OSSL_INVALID_DIGEST_LENGTH' :
+    'ERR_OSSL_RSA_INVALID_DIGEST_LENGTH';
+
+  // RSA PKCS#1 v1.5
+  {
+    const privKey = fixtures.readKey('rsa_private_2048.pem', 'ascii');
+    const pubKey = fixtures.readKey('rsa_public_2048.pem', 'ascii');
+    const correctDigest = crypto.createHash('sha256').update(data).digest();
+    const goodSig = crypto.signDigest('sha256', correctDigest, privKey);
+
+    // Too short
+    assert.throws(() => {
+      crypto.signDigest('sha256', Buffer.alloc(16), privKey);
+    }, { code: rsaDigestLengthError });
+
+    // Too long
+    assert.throws(() => {
+      crypto.signDigest('sha256', Buffer.alloc(64), privKey);
+    }, { code: rsaDigestLengthError });
+
+    // Verify with wrong-length digest returns false
+    assert.strictEqual(
+      crypto.verifyDigest('sha256', Buffer.alloc(16), pubKey, goodSig), false);
+  }
+
+  // RSA-PSS
+  {
+    const privKey = fixtures.readKey('rsa_private_2048.pem', 'ascii');
+    const pubKey = fixtures.readKey('rsa_public_2048.pem', 'ascii');
+    const correctDigest = crypto.createHash('sha256').update(data).digest();
+    const goodSig = crypto.signDigest('sha256', correctDigest, {
+      key: privKey,
+      padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
+      saltLength: 32,
+    });
+
+    assert.throws(() => {
+      crypto.signDigest('sha256', Buffer.alloc(16), {
+        key: privKey,
+        padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
+        saltLength: 32,
+      });
+    }, { code: rsaDigestLengthError });
+
+    assert.strictEqual(
+      crypto.verifyDigest('sha256', Buffer.alloc(16), {
+        key: pubKey,
+        padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
+        saltLength: 32,
+      }, goodSig), false);
+  }
+
+  // ECDSA — OpenSSL 3.x rejects wrong-length digests; 1.1.x accepts them.
+  {
+    const privKey = fixtures.readKey('ec_p256_private.pem', 'ascii');
+    const pubKey = fixtures.readKey('ec_p256_public.pem', 'ascii');
+    const correctDigest = crypto.createHash('sha256').update(data).digest();
+    const goodSig = crypto.signDigest('sha256', correctDigest, privKey);
+
+    if (hasOpenSSL(3, 0)) {
+      const ecdsaDigestLengthError = hasOpenSSL(3, 2) ?
+        'ERR_OSSL_EVP_PROVIDER_SIGNATURE_FAILURE' :
+        'ERR_CRYPTO_OPERATION_FAILED';
+
+      // Too short
+      assert.throws(() => {
+        crypto.signDigest('sha256', Buffer.alloc(16), privKey);
+      }, { code: ecdsaDigestLengthError });
+
+      // Too long
+      assert.throws(() => {
+        crypto.signDigest('sha256', Buffer.alloc(64), privKey);
+      }, { code: ecdsaDigestLengthError });
+    } else {
+      // OpenSSL 1.1.x signs any length digest for ECDSA without error
+      assert.ok(crypto.signDigest('sha256', Buffer.alloc(16), privKey));
+      assert.ok(crypto.signDigest('sha256', Buffer.alloc(64), privKey));
+    }
+
+    // Verify with wrong-length digest returns false on all versions
+    assert.strictEqual(
+      crypto.verifyDigest('sha256', Buffer.alloc(16), pubKey, goodSig), false);
+  }
+}