Add maskHash to RSA_PSS_PARAMS for compat This CL adds a maskHash member to the rsa_pss_params_st struct for increased compatibility with OpenSSL: https://source.chromium.org/chromium/chromium/src/+/main:third_party/perl/c/include/openssl/rsa.h;l=282-289 Node.js recently began to make use of this member in https://github.com/nodejs/node/pull/39851 and without this member Electron sees compilation errors. Change-Id: Ibd18a31605b0a715edb279a3bca4b4f05e679767 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49365 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/rsa/rsa.c b/crypto/fipsmodule/rsa/rsa.c index fd84cba..8f58a10 100644 --- a/crypto/fipsmodule/rsa/rsa.c +++ b/crypto/fipsmodule/rsa/rsa.c
@@ -206,6 +206,12 @@ } } +const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *rsa) { + // We do not support the id-RSASSA-PSS key encoding. If we add support later, + // the |maskHash| field should be filled in for OpenSSL compatibility. + return NULL; +} + void RSA_get0_crt_params(const RSA *rsa, const BIGNUM **out_dmp1, const BIGNUM **out_dmq1, const BIGNUM **out_iqmp) { if (out_dmp1 != NULL) {
diff --git a/crypto/x509/rsa_pss.c b/crypto/x509/rsa_pss.c index 1520c08..21a6bea 100644 --- a/crypto/x509/rsa_pss.c +++ b/crypto/x509/rsa_pss.c
@@ -67,12 +67,21 @@ #include "internal.h" -ASN1_SEQUENCE(RSA_PSS_PARAMS) = { +static int rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { + if (operation == ASN1_OP_FREE_PRE) { + RSA_PSS_PARAMS *pss = (RSA_PSS_PARAMS *)*pval; + X509_ALGOR_free(pss->maskHash); + } + return 1; +} + +ASN1_SEQUENCE_cb(RSA_PSS_PARAMS, rsa_pss_cb) = { ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0), ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1), ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2), ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3), -} ASN1_SEQUENCE_END(RSA_PSS_PARAMS) +} ASN1_SEQUENCE_END_cb(RSA_PSS_PARAMS, RSA_PSS_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
diff --git a/include/openssl/base.h b/include/openssl/base.h index 223c0c5..8be10d1 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h
@@ -422,6 +422,7 @@ typedef struct rand_meth_st RAND_METHOD; typedef struct rc4_key_st RC4_KEY; typedef struct rsa_meth_st RSA_METHOD; +typedef struct rsa_pss_params_st RSA_PSS_PARAMS; typedef struct rsa_st RSA; typedef struct sha256_state_st SHA256_CTX; typedef struct sha512_state_st SHA512_CTX;
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 27bc7bf..95a478a 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h
@@ -684,6 +684,11 @@ // on success or zero otherwise. OPENSSL_EXPORT int RSA_print(BIO *bio, const RSA *rsa, int indent); +// RSA_get0_pss_params returns NULL. In OpenSSL, this function retries RSA-PSS +// parameters associated with |RSA| objects, but BoringSSL does not support +// the id-RSASSA-PSS key encoding. +OPENSSL_EXPORT const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *rsa); + struct rsa_meth_st { struct openssl_method_common_st common;
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index f4444c9..30ad4d2 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h
@@ -1887,12 +1887,16 @@ OPENSSL_EXPORT int X509_TRUST_get_trust(const X509_TRUST *xp); -typedef struct rsa_pss_params_st { +struct rsa_pss_params_st { X509_ALGOR *hashAlgorithm; X509_ALGOR *maskGenAlgorithm; ASN1_INTEGER *saltLength; ASN1_INTEGER *trailerField; -} RSA_PSS_PARAMS; + // OpenSSL caches the MGF hash on |RSA_PSS_PARAMS| in some cases. None of the + // cases apply to BoringSSL, so this is always NULL, but Node expects the + // field to be present. + X509_ALGOR *maskHash; +} /* RSA_PSS_PARAMS */; DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)