Skip to main content
GoodFirstPicks
DashboardIssuesReposLeaderboard

GoodFirstPicks by Leaveitblank © 2026

CreatorRequest a RepoPrivacy PolicyTerms of Service
Crypto cant sign/verify prehashed inputs | GoodFirstPicks

Crypto cant sign/verify prehashed inputs

nodejs/node 8 comments 11d ago
View on GitHub
mediumopenScope: somewhat clearSkill match: maybeTest focusedNode.jsJavaScript

Why this is a good first issue

The issue involves unclear expectations around prehashed inputs in crypto.sign/verify.

AI Summary

The issue revolves around the expectation that passing null as the algorithm parameter in crypto.sign/verify should treat the input as prehashed (raw). This behavior is not documented, making it a feature request rather than a bug. The implementation may require changes to OpenSSL primitives and careful consideration of behavioral expectations.

Issue Description

Version

Node.js v22.20.0 - Node.js v24.10.0

Platform

all

Subsystem

crypto

What steps will reproduce the bug?

const crypto = require('crypto');

const message		 	= Buffer.from('LmM8PqCO1QIpTse0s+MQEJ7YXOSZuqyjPCJ4tIZ+OrU=', 'base64'),
			prehash 	 	= crypto.createHash('sha256').update(message).digest();

const namedCurve 	= 'secp256k1',
			keyPair 	 	= crypto.generateKeyPairSync('ec', { namedCurve }),
			signature		= crypto.sign(null, prehash, {
											key					: keyPair.privateKey,
											dsaEncoding	: 'ieee-p1363'
										});

console.log(crypto.verify(null, message, {
	key					: keyPair.publicKey,
	dsaEncoding	: 'ieee-p1363'
}, signature), ' message internal-internal (must be false)');

console.log(crypto.verify(null, prehash, {
	key					: keyPair.publicKey,
	dsaEncoding	: 'ieee-p1363'
}, signature), ' prehash internal-internal (must be true)');

// Simple unitary test:
const PUBLIC_KEY_PEM = '-----BEGIN PUBLIC KEY-----\n' +
										 	'MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE6Yvel06IICYJZ/XsuPEFTpDt0aU8dwLK\n' +
										 	'jvgxyYTeZ/vlS49/PDRIr5JDz+QNWFB9ZM9tf4i9SdT0LVtlgRj3dQ==\n' +
										 	'-----END PUBLIC KEY-----',
			publicKey 		 = crypto.createPublicKey(PUBLIC_KEY_PEM),
			signOfPreHash  = Buffer.from('Djv4wD3eWu8lHI3DrN2Dypdrirj+J1rfJD5O1B/Tw8sYy38jms77neECQ0S9LHpnWun+Jb9iOZNbYjH+CoVUnA==', 'base64');

console.log('== BUG HERE ==');

console.log(crypto.verify(null, message, {
	key					: publicKey,
	dsaEncoding	: 'ieee-p1363'
}, signOfPreHash), ' message external-internal (must be false)');

console.log(crypto.verify(null, prehash, {
	key					: publicKey,
	dsaEncoding	: 'ieee-p1363'
}, signOfPreHash), ' prehash external-internal (must be true)');

How often does it reproduce? Is there a required condition?

No precondition required.

What is the expected behavior? Why is that the expected behavior?

When send null to algorithm param i expect that message payload be raw, prehashed, dont want an addit

GitHub Labels

cryptofeature request

Want to work on this?

Claim this issue to let others know you're working on it. You'll earn 20 points when you complete it!

Risk Flags

  • potential OpenSSL changes
  • behavioral expectations
Loading labels...

Details

Points20 pts
Difficultymedium
Scopesomewhat clear
Skill Matchmaybe
Test Focusedyes