Google Git
Sign in
boringssl / boringssl.git / 0446b59427f82d0138abe87fee05b10c696ab621^! / . / include / openssl
commit0446b59427f82d0138abe87fee05b10c696ab621[log] [tgz]
authorShelley Vohr <shelley.vohr@gmail.com>Thu Sep 09 11:25:24 2021 +0200
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Sep 10 15:31:35 2021 +0000
treedc42ad3c286a8d1b2b8901d57db312f2c8f8f27f
parented5f4e82e69d7d171a1b46cffcd7f354ca152c51 [diff]
Add maskHash to RSA_PSS_PARAMS for compat

This CL adds a maskHash member to the rsa_pss_params_st struct for
increased compatibility with OpenSSL: https://source.chromium.org/chromium/chromium/src/+/main:third_party/perl/c/include/openssl/rsa.h;l=282-289

Node.js recently began to make use of this member in https://github.com/nodejs/node/pull/39851
and without this member Electron sees compilation errors.

Change-Id: Ibd18a31605b0a715edb279a3bca4b4f05e679767
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49365
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/include/openssl/base.h b/include/openssl/base.h
index 223c0c5..8be10d1 100644
--- a/include/openssl/base.h
+++ b/include/openssl/base.h

@@ -422,6 +422,7 @@
 typedef struct rand_meth_st RAND_METHOD;
 typedef struct rc4_key_st RC4_KEY;
 typedef struct rsa_meth_st RSA_METHOD;
+typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
 typedef struct rsa_st RSA;
 typedef struct sha256_state_st SHA256_CTX;
 typedef struct sha512_state_st SHA512_CTX;

diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 27bc7bf..95a478a 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h

@@ -684,6 +684,11 @@
 // on success or zero otherwise.
 OPENSSL_EXPORT int RSA_print(BIO *bio, const RSA *rsa, int indent);
 
+// RSA_get0_pss_params returns NULL. In OpenSSL, this function retries RSA-PSS
+// parameters associated with |RSA| objects, but BoringSSL does not support
+// the id-RSASSA-PSS key encoding.
+OPENSSL_EXPORT const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *rsa);
+
 
 struct rsa_meth_st {
   struct openssl_method_common_st common;

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index f4444c9..30ad4d2 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h

@@ -1887,12 +1887,16 @@
 OPENSSL_EXPORT int X509_TRUST_get_trust(const X509_TRUST *xp);
 
 
-typedef struct rsa_pss_params_st {
+struct rsa_pss_params_st {
   X509_ALGOR *hashAlgorithm;
   X509_ALGOR *maskGenAlgorithm;
   ASN1_INTEGER *saltLength;
   ASN1_INTEGER *trailerField;
-} RSA_PSS_PARAMS;
+  // OpenSSL caches the MGF hash on |RSA_PSS_PARAMS| in some cases. None of the
+  // cases apply to BoringSSL, so this is always NULL, but Node expects the
+  // field to be present.
+  X509_ALGOR *maskHash;
+} /* RSA_PSS_PARAMS */;
 
 DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)