Add |RSA_[padding_add|verify]_PKCS1_PSS to decrepit. These functions are just like the _mgf1 versions but omit one of the parameters. It's easier to add them than to patch the callers in some cases. Change-Id: Idee5b81374bf15f2ea89b7e0c06400c2badbb275 Reviewed-on: https://boringssl-review.googlesource.com/7362 Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/decrepit/rsa/rsa_decrepit.c b/decrepit/rsa/rsa_decrepit.c index c238f46..a88bc4b 100644 --- a/decrepit/rsa/rsa_decrepit.c +++ b/decrepit/rsa/rsa_decrepit.c
@@ -84,3 +84,13 @@ RSA_free(rsa); return NULL; } + +int RSA_padding_add_PKCS1_PSS(RSA *rsa, uint8_t *EM, const uint8_t *mHash, + const EVP_MD *Hash, int sLen) { + return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen); +} + +int RSA_verify_PKCS1_PSS(RSA *rsa, const uint8_t *mHash, const EVP_MD *Hash, + const uint8_t *EM, int sLen) { + return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen); +}
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index c41523c..3798f48 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h
@@ -466,6 +466,18 @@ * not, or a negative value on error. */ OPENSSL_EXPORT int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp); +/* RSA_padding_add_PKCS1_PSS acts like |RSA_padding_add_PKCS1_PSS_mgf1| but the + * |mgf1Hash| parameter of the latter is implicitly set to |Hash|. */ +OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS(RSA *rsa, uint8_t *EM, + const uint8_t *mHash, + const EVP_MD *Hash, int sLen); + +/* RSA_verify_PKCS1_PSS acts like |RSA_verify_PKCS1_PSS_mgf1| but the + * |mgf1Hash| parameter of the latter is implicitly set to |Hash|. */ +OPENSSL_EXPORT int RSA_verify_PKCS1_PSS(RSA *rsa, const uint8_t *mHash, + const EVP_MD *Hash, const uint8_t *EM, + int sLen); + struct rsa_meth_st { struct openssl_method_common_st common;