Closed tolginator closed 1 year ago
Thanks for pointing this out! I'm trying to see if this applies to upstream (Go boringcrypto), and if this string actually shows up when go-crypto-openssl is used as a backend for Go standard library crypto, or only when it's used directly as a module dependency.
I briefly tried it and found that the Go standard library crypto using the openssl module returns a friendlier error than direct go-crypto-openssl usage--but my attempt might have simply been incorrect.
How much have you dug into this? Are you seeing this error from usage, and what kind of use?
I see that Go boringcrypto uses the same error message at https://github.com/golang/go/blob/f771edd7f92a47c276d65fbd9619e16a786c6746/src/crypto/internal/boring/rsa.go#L198:
func cryptRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
//...
var outLen C.size_t
if crypt(ctx, nil, &outLen, base(in), C.size_t(len(in))) == 0 {
return nil, fail("EVP_PKEY_decrypt/encrypt")
}
out := make([]byte, outLen)
if crypt(ctx, base(out), &outLen, base(in), C.size_t(len(in))) == 0 {
return nil, fail("EVP_PKEY_decrypt/encrypt")
}
return out[:outLen], nil
}
This might not actually be a similar func--I'd need to refamiliarize myself with the context.
The "EVP_PKEY_decrypt/encrypt failed" error is returned on error in cryptEVP and verifyEVP functions. The operation is not encrypt/decrypt, but signature verification.
Similarly, the cryptEVP function returns the same error when called by the evpSign function and fails. The failure is in signature generation, not in encrypt/decrypt.
File: openssl/evpkey.go