diff --git a/patches/boringssl/.patches b/patches/boringssl/.patches index a812a6b79a6dc..f9faf6f4bfbe1 100644 --- a/patches/boringssl/.patches +++ b/patches/boringssl/.patches @@ -2,3 +2,4 @@ expose_ripemd160.patch expose_aes-cfb.patch expose_des-ede3.patch fix_sync_evp_get_cipherbynid_and_evp_get_cipherbyname.patch +add_maskhash_to_rsa_pss_params_st_for_compat.patch diff --git a/patches/boringssl/add_maskhash_to_rsa_pss_params_st_for_compat.patch b/patches/boringssl/add_maskhash_to_rsa_pss_params_st_for_compat.patch new file mode 100644 index 0000000000000..8300d0de6766a --- /dev/null +++ b/patches/boringssl/add_maskhash_to_rsa_pss_params_st_for_compat.patch @@ -0,0 +1,26 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Shelley Vohr +Date: Wed, 8 Sep 2021 10:59:51 +0200 +Subject: Add maskHash to rsa_pss_params_st for compat + +This CL adds a maskHash member to the rsa_pss_params_st struct for +increased compatibility with OpenSSL. + +Node.js recently began to make use of this member in +https://github.com/nodejs/node/pull/39851 +and without this member Electron sees compilation errors. + +Upstreamed at https://boringssl-review.googlesource.com/c/boringssl/+/49365 + +diff --git a/include/openssl/x509.h b/include/openssl/x509.h +index fa333ca057dd8e90a3e38c51db6269815de7b85f..0f4a6d79514739fb4c719f9e5b41db364e775417 100644 +--- a/include/openssl/x509.h ++++ b/include/openssl/x509.h +@@ -1949,6 +1949,7 @@ typedef struct rsa_pss_params_st { + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; ++ X509_ALGOR *maskHash; + } RSA_PSS_PARAMS; + + DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) diff --git a/patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch b/patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch index 79d8ed99ba6ba..ea15836a37bbf 100644 --- a/patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch +++ b/patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch @@ -221,6 +221,35 @@ index 7cb4513f9ad0eaadd055b169520ae1e5073b7e2d..50a6663966cdb147a702df21240fa449 if (!params->prime) { THROW_ERR_CRYPTO_OPERATION_FAILED(env, "could not generate prime"); return Nothing(); +diff --git a/src/crypto/crypto_rsa.cc b/src/crypto/crypto_rsa.cc +index 1bbf9a1753e4e2d82c55c4187489c22867d1d9bb..585af1674e129dc4d1c918d29fe9915bac8b4163 100644 +--- a/src/crypto/crypto_rsa.cc ++++ b/src/crypto/crypto_rsa.cc +@@ -566,7 +566,7 @@ Maybe GetRsaKeyDetail( + // In that case, RSA_get0_pss_params does not return nullptr but all fields + // of the returned RSA_PSS_PARAMS will be set to nullptr. + +- const RSA_PSS_PARAMS* params = RSA_get0_pss_params(rsa); ++ const RSA_PSS_PARAMS* params = nullptr; // RSA_get0_pss_params(rsa); + if (params != nullptr) { + int hash_nid = NID_sha1; + int mgf_nid = NID_mgf1; +@@ -607,10 +607,11 @@ Maybe GetRsaKeyDetail( + } + + if (params->saltLength != nullptr) { +- if (ASN1_INTEGER_get_int64(&salt_length, params->saltLength) != 1) { +- ThrowCryptoError(env, ERR_get_error(), "ASN1_INTEGER_get_in64 error"); +- return Nothing(); +- } ++ // TODO(codebytere): Upstream a shim to BoringSSL? ++ // if (ASN1_INTEGER_get_int64(&salt_length, params->saltLength) != 1) { ++ // ThrowCryptoError(env, ERR_get_error(), "ASN1_INTEGER_get_in64 error"); ++ // return Nothing(); ++ // } + } + + if (target diff --git a/src/crypto/crypto_sig.cc b/src/crypto/crypto_sig.cc index 7846df17ffbe8b5ea3a685c46f73b5d28ad64b1f..2bf12b8b4a7e16adf9c1f58d72ae4f59a0b2b2a4 100644 --- a/src/crypto/crypto_sig.cc