Export the PSS padding functions.
(system/keymaster is using them now.)
Change-Id: I8fba501005b9318b7d3a76bf1715fb772b23c49d
Reviewed-on: https://boringssl-review.googlesource.com/4092
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/rsa/internal.h b/crypto/rsa/internal.h
index aa3a982..3dd4f04 100644
--- a/crypto/rsa/internal.h
+++ b/crypto/rsa/internal.h
@@ -113,15 +113,6 @@
int RSA_padding_check_none(uint8_t *to, unsigned to_len, const uint8_t *from,
unsigned from_len);
-/* RSA_verify_PKCS1_PSS_mgf1 */
-int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash,
- const EVP_MD *Hash, const EVP_MD *mgf1Hash,
- const uint8_t *EM, int sLen);
-
-int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, uint8_t *EM, const uint8_t *mHash,
- const EVP_MD *Hash, const EVP_MD *mgf1Hash,
- int sLen);
-
/* RSA_private_transform calls either the method-specific |private_transform|
* function (if given) or the generic one. See the comment for
* |private_transform| in |rsa_meth_st|. */
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 18556c2..7bb9fd5 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -285,6 +285,36 @@
* otherwise. */
OPENSSL_EXPORT int RSA_recover_crt_params(RSA *rsa);
+/* RSA_verify_PKCS1_PSS_mgf1 verifies that |EM| is a correct PSS padding of
+ * |mHash|, where |mHash| is a digest produced by |Hash|. |EM| must point to
+ * exactly |RSA_size(rsa)| bytes of data. The |mgf1Hash| argument specifies the
+ * hash function for generating the mask. If NULL, |Hash| is used. The |sLen|
+ * argument specifies the expected salt length in bytes. If |sLen| is -1 then
+ * the salt length is the same as the hash length. If -2, then the salt length
+ * is maximal and is taken from the size of |EM|.
+ *
+ * It returns one on success or zero on error. */
+OPENSSL_EXPORT int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash,
+ const EVP_MD *Hash,
+ const EVP_MD *mgf1Hash,
+ const uint8_t *EM, int sLen);
+
+/* RSA_padding_add_PKCS1_PSS_mgf1 writes a PSS padding of |mHash| to |EM|,
+ * where |mHash| is a digest produced by |Hash|. |RSA_size(rsa)| bytes of
+ * output will be written to |EM|. The |mgf1Hash| argument specifies the hash
+ * function for generating the mask. If NULL, |Hash| is used. The |sLen|
+ * argument specifies the expected salt length in bytes. If |sLen| is -1 then
+ * the salt length is the same as the hash length. If -2, then the salt length
+ * is maximal given the space in |EM|.
+ *
+ * It returns one on success or zero on error. */
+OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, uint8_t *EM,
+ const uint8_t *mHash,
+ const EVP_MD *Hash,
+ const EVP_MD *mgf1Hash,
+ int sLen);
+
+
/* ASN.1 functions. */