From 9b351b074936dfa476e98eb013f7b887ee6eaed1 Mon Sep 17 00:00:00 2001
From: Richard Lau <rlau@redhat.com>
Date: Sun, 3 Nov 2024 01:01:48 +0000
Subject: [PATCH] crypto: fix `RSA_PKCS1_PADDING` error message
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The ability to revert the fix for CVE-2023-46809 was only added to
Node.js 18.x, 20.x and 21.x as, per policy, security reverts are only
added to the existing supported release lines at the time of the fix.

The error message thrown when `RSA_PKCS1_PADDING` is used on `main`
and subsequent major versions (i.e. Node.js 22 and 23) when OpenSSL
does not support implicit rejections should not have suggested that
it is possible to revert the fix.

PR-URL: https://github.com/nodejs/node/pull/55629
Fixes: https://github.com/nodejs/node/issues/55628
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
---
 src/crypto/crypto_cipher.cc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc
index 92ebee231f0983..51e311be705393 100644
--- a/src/crypto/crypto_cipher.cc
+++ b/src/crypto/crypto_cipher.cc
@@ -1092,8 +1092,7 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) {
     if (rsa_pkcs1_implicit_rejection <= 0) {
       return THROW_ERR_INVALID_ARG_VALUE(
           env,
-          "RSA_PKCS1_PADDING is no longer supported for private decryption,"
-          " this can be reverted with --security-revert=CVE-2024-PEND");
+          "RSA_PKCS1_PADDING is no longer supported for private decryption");
     }
   }