Google Git
Sign in
boringssl / boringssl / 20b64fd19da2306f535207e2d7d92608c4540487^! / .
commit20b64fd19da2306f535207e2d7d92608c4540487[log] [tgz]
authorAdam Langley <agl@google.com>Fri Mar 20 16:39:54 2015 -0700
committerAdam Langley <agl@google.com>Tue Mar 31 22:26:57 2015 +0000
tree6448ad80e7537fa880886b598fe33ddfe6f5867b
parent32ab7b0e74ca8974ee255b75ed9ed71c43700d3c [diff]
Export the PSS padding functions.

(system/keymaster is using them now.)

Change-Id: I8fba501005b9318b7d3a76bf1715fb772b23c49d
Reviewed-on: https://boringssl-review.googlesource.com/4092
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/rsa/internal.h b/crypto/rsa/internal.h
index aa3a982..3dd4f04 100644
--- a/crypto/rsa/internal.h
+++ b/crypto/rsa/internal.h

@@ -113,15 +113,6 @@
 int RSA_padding_check_none(uint8_t *to, unsigned to_len, const uint8_t *from,
                            unsigned from_len);
 
-/* RSA_verify_PKCS1_PSS_mgf1 */
-int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash,
-                              const EVP_MD *Hash, const EVP_MD *mgf1Hash,
-                              const uint8_t *EM, int sLen);
-
-int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, uint8_t *EM, const uint8_t *mHash,
-                                   const EVP_MD *Hash, const EVP_MD *mgf1Hash,
-                                   int sLen);
-
 /* RSA_private_transform calls either the method-specific |private_transform|
  * function (if given) or the generic one. See the comment for
  * |private_transform| in |rsa_meth_st|. */

diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 18556c2..7bb9fd5 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h

@@ -285,6 +285,36 @@
  * otherwise. */
 OPENSSL_EXPORT int RSA_recover_crt_params(RSA *rsa);
 
+/* RSA_verify_PKCS1_PSS_mgf1 verifies that |EM| is a correct PSS padding of
+ * |mHash|, where |mHash| is a digest produced by |Hash|. |EM| must point to
+ * exactly |RSA_size(rsa)| bytes of data. The |mgf1Hash| argument specifies the
+ * hash function for generating the mask. If NULL, |Hash| is used. The |sLen|
+ * argument specifies the expected salt length in bytes. If |sLen| is -1 then
+ * the salt length is the same as the hash length. If -2, then the salt length
+ * is maximal and is taken from the size of |EM|.
+ *
+ * It returns one on success or zero on error. */
+OPENSSL_EXPORT int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash,
+                                             const EVP_MD *Hash,
+                                             const EVP_MD *mgf1Hash,
+                                             const uint8_t *EM, int sLen);
+
+/* RSA_padding_add_PKCS1_PSS_mgf1 writes a PSS padding of |mHash| to |EM|,
+ * where |mHash| is a digest produced by |Hash|. |RSA_size(rsa)| bytes of
+ * output will be written to |EM|. The |mgf1Hash| argument specifies the hash
+ * function for generating the mask. If NULL, |Hash| is used. The |sLen|
+ * argument specifies the expected salt length in bytes. If |sLen| is -1 then
+ * the salt length is the same as the hash length. If -2, then the salt length
+ * is maximal given the space in |EM|.
+ *
+ * It returns one on success or zero on error. */
+OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, uint8_t *EM,
+                                                  const uint8_t *mHash,
+                                                  const EVP_MD *Hash,
+                                                  const EVP_MD *mgf1Hash,
+                                                  int sLen);
+
+
 
 /* ASN.1 functions. */