Use JS fallback code for RSA message decryption in Node if PKCS#1 is …

…not supported (#1728)

Necessary as Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption.

src/crypto/public_key/rsa.js

@@ -140,8 +140,15 @@ export async function encrypt(data, n, e) {
  * @async
  */
 export async function decrypt(data, n, e, d, p, q, u, randomPayload) {
-  if (util.getNodeCrypto()) {
-    return nodeDecrypt(data, n, e, d, p, q, u, randomPayload);
+  // Node v18.19.1, 20.11.1 and 21.6.2 have disabled support for PKCS#1 decryption,
+  // and we want to avoid checking the error type to decide if the random payload
+  // should indeed be returned.
+  if (util.getNodeCrypto() && !randomPayload) {
+    try {
+      return await nodeDecrypt(data, n, e, d, p, q, u);
+    } catch (err) {
+      util.printDebugError(err);
+    }
   }
   return bnDecrypt(data, n, e, d, p, q, u, randomPayload);
 }
@@ -443,7 +450,7 @@ async function bnEncrypt(data, n, e) {
   return data.modExp(e, n).toUint8Array('be', n.byteLength());
 }
 
-async function nodeDecrypt(data, n, e, d, p, q, u, randomPayload) {
+async function nodeDecrypt(data, n, e, d, p, q, u) {
   const { default: BN } = await import('bn.js');
 
   const pBNum = new BN(p);
@@ -477,9 +484,6 @@ async function nodeDecrypt(data, n, e, d, p, q, u, randomPayload) {
   try {
     return new Uint8Array(nodeCrypto.privateDecrypt(key, data));
   } catch (err) {
-    if (randomPayload) {
-      return randomPayload;
-    }
     throw new Error('Decryption error');
   }
 }

test/general/signature.js

@@ -1188,7 +1188,7 @@ Fk7EflUZzngwY4lBzYAfnNBjEjc30xD/ddo+rwE=
       ],
       config
     });
-    expect(openpgp.decrypt({
+    await expect(openpgp.decrypt({
       message: await openpgp.readMessage({ armoredMessage: message_with_notation }),
       decryptionKeys: privKey,
       verificationKeys: privKey,