From 8bfb8f5b2f7c85012ffb6b4d1e1e2150f09b1116 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Sun, 18 Feb 2024 16:18:02 +0100
Subject: [PATCH] doc,crypto: further clarify RSA_PKCS1_PADDING support

PR-URL: https://github.com/nodejs/node/pull/51799
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
---
 doc/api/crypto.md | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/doc/api/crypto.md b/doc/api/crypto.md
index cb093f8cc7ee97..c22b6c3bedc429 100644
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@@ -4514,8 +4514,9 @@ changes:
       - v21.6.2
       - v20.11.1
       - v18.19.1
-    pr-url: https://github.com/nodejs-private/node-private/pull/525
-    description: The `RSA_PKCS1_PADDING` padding was disabled.
+    pr-url: https://github.com/nodejs-private/node-private/pull/515
+    description: The `RSA_PKCS1_PADDING` padding was disabled unless the
+                 OpenSSL build supports implicit rejection.
   - version: v15.0.0
     pr-url: https://github.com/nodejs/node/pull/35093
     description: Added string, ArrayBuffer, and CryptoKey as allowable key
@@ -4557,8 +4558,10 @@ If `privateKey` is not a [`KeyObject`][], this function behaves as if
 object, the `padding` property can be passed. Otherwise, this function uses
 `RSA_PKCS1_OAEP_PADDING`.
 
-The `crypto.constants.RSA_PKCS1_PADDING` padding is disabled in
-[`crypto.privateDecrypt()`][] since the February 2024 security releases. <span class="deprecated-inline"></span>
+Using `crypto.constants.RSA_PKCS1_PADDING` in [`crypto.privateDecrypt()`][]
+requires OpenSSL to support implicit rejection (`rsa_pkcs1_implicit_rejection`).
+If the version of OpenSSL used by Node.js does not support this feature,
+attempting to use `RSA_PKCS1_PADDING` will fail.
 
 ### `crypto.privateEncrypt(privateKey, buffer)`