Skip to content

Commit 126464f

Browse files
committed
crypto: add RSA-PSS params to asymmetricKeyDetails
nodejs/node#39851
1 parent 5086c5b commit 126464f

3 files changed

Lines changed: 56 additions & 0 deletions

File tree

patches/boringssl/.patches

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,4 @@ expose_ripemd160.patch
22
expose_aes-cfb.patch
33
expose_des-ede3.patch
44
fix_sync_evp_get_cipherbynid_and_evp_get_cipherbyname.patch
5+
add_maskhash_to_rsa_pss_params_st_for_compat.patch
Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2+
From: Shelley Vohr <shelley.vohr@gmail.com>
3+
Date: Wed, 8 Sep 2021 10:59:51 +0200
4+
Subject: Add maskHash to rsa_pss_params_st for compat
5+
6+
This CL adds a maskHash member to the rsa_pss_params_st struct for
7+
increased compatibility with OpenSSL.
8+
9+
Node.js recently began to make use of this member in
10+
https://github.com/nodejs/node/pull/39851
11+
and without this member Electron sees compilation errors.
12+
13+
Upstreamed at https://boringssl-review.googlesource.com/c/boringssl/+/49365
14+
15+
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
16+
index fa333ca057dd8e90a3e38c51db6269815de7b85f..0f4a6d79514739fb4c719f9e5b41db364e775417 100644
17+
--- a/include/openssl/x509.h
18+
+++ b/include/openssl/x509.h
19+
@@ -1949,6 +1949,7 @@ typedef struct rsa_pss_params_st {
20+
X509_ALGOR *maskGenAlgorithm;
21+
ASN1_INTEGER *saltLength;
22+
ASN1_INTEGER *trailerField;
23+
+ X509_ALGOR *maskHash;
24+
} RSA_PSS_PARAMS;
25+
26+
DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)

patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -221,6 +221,35 @@ index 7cb4513f9ad0eaadd055b169520ae1e5073b7e2d..50a6663966cdb147a702df21240fa449
221221
if (!params->prime) {
222222
THROW_ERR_CRYPTO_OPERATION_FAILED(env, "could not generate prime");
223223
return Nothing<bool>();
224+
diff --git a/src/crypto/crypto_rsa.cc b/src/crypto/crypto_rsa.cc
225+
index 1bbf9a1753e4e2d82c55c4187489c22867d1d9bb..585af1674e129dc4d1c918d29fe9915bac8b4163 100644
226+
--- a/src/crypto/crypto_rsa.cc
227+
+++ b/src/crypto/crypto_rsa.cc
228+
@@ -566,7 +566,7 @@ Maybe<bool> GetRsaKeyDetail(
229+
// In that case, RSA_get0_pss_params does not return nullptr but all fields
230+
// of the returned RSA_PSS_PARAMS will be set to nullptr.
231+
232+
- const RSA_PSS_PARAMS* params = RSA_get0_pss_params(rsa);
233+
+ const RSA_PSS_PARAMS* params = nullptr; // RSA_get0_pss_params(rsa);
234+
if (params != nullptr) {
235+
int hash_nid = NID_sha1;
236+
int mgf_nid = NID_mgf1;
237+
@@ -607,10 +607,11 @@ Maybe<bool> GetRsaKeyDetail(
238+
}
239+
240+
if (params->saltLength != nullptr) {
241+
- if (ASN1_INTEGER_get_int64(&salt_length, params->saltLength) != 1) {
242+
- ThrowCryptoError(env, ERR_get_error(), "ASN1_INTEGER_get_in64 error");
243+
- return Nothing<bool>();
244+
- }
245+
+ // TODO(codebytere): Upstream a shim to BoringSSL?
246+
+ // if (ASN1_INTEGER_get_int64(&salt_length, params->saltLength) != 1) {
247+
+ // ThrowCryptoError(env, ERR_get_error(), "ASN1_INTEGER_get_in64 error");
248+
+ // return Nothing<bool>();
249+
+ // }
250+
}
251+
252+
if (target
224253
diff --git a/src/crypto/crypto_sig.cc b/src/crypto/crypto_sig.cc
225254
index 7846df17ffbe8b5ea3a685c46f73b5d28ad64b1f..2bf12b8b4a7e16adf9c1f58d72ae4f59a0b2b2a4 100644
226255
--- a/src/crypto/crypto_sig.cc

0 commit comments

Comments
 (0)