1e1051a39Sopenharmony_ci/* 2e1051a39Sopenharmony_ci * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci * 4e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci */ 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ci/* 11e1051a39Sopenharmony_ci * RSA low level APIs are deprecated for public use, but still ok for 12e1051a39Sopenharmony_ci * internal use. 13e1051a39Sopenharmony_ci */ 14e1051a39Sopenharmony_ci#include "internal/deprecated.h" 15e1051a39Sopenharmony_ci 16e1051a39Sopenharmony_ci#include <stdio.h> 17e1051a39Sopenharmony_ci#include "internal/cryptlib.h" 18e1051a39Sopenharmony_ci#include <openssl/bn.h> 19e1051a39Sopenharmony_ci#include <openssl/rsa.h> 20e1051a39Sopenharmony_ci#include <openssl/evp.h> 21e1051a39Sopenharmony_ci#include <openssl/rand.h> 22e1051a39Sopenharmony_ci#include <openssl/sha.h> 23e1051a39Sopenharmony_ci#include "rsa_local.h" 24e1051a39Sopenharmony_ci 25e1051a39Sopenharmony_cistatic const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 26e1051a39Sopenharmony_ci 27e1051a39Sopenharmony_ci#if defined(_MSC_VER) && defined(_ARM_) 28e1051a39Sopenharmony_ci# pragma optimize("g", off) 29e1051a39Sopenharmony_ci#endif 30e1051a39Sopenharmony_ci 31e1051a39Sopenharmony_ciint RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, 32e1051a39Sopenharmony_ci const EVP_MD *Hash, const unsigned char *EM, 33e1051a39Sopenharmony_ci int sLen) 34e1051a39Sopenharmony_ci{ 35e1051a39Sopenharmony_ci return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen); 36e1051a39Sopenharmony_ci} 37e1051a39Sopenharmony_ci 38e1051a39Sopenharmony_ciint RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, 39e1051a39Sopenharmony_ci const EVP_MD *Hash, const EVP_MD *mgf1Hash, 40e1051a39Sopenharmony_ci const unsigned char *EM, int sLen) 41e1051a39Sopenharmony_ci{ 42e1051a39Sopenharmony_ci int i; 43e1051a39Sopenharmony_ci int ret = 0; 44e1051a39Sopenharmony_ci int hLen, maskedDBLen, MSBits, emLen; 45e1051a39Sopenharmony_ci const unsigned char *H; 46e1051a39Sopenharmony_ci unsigned char *DB = NULL; 47e1051a39Sopenharmony_ci EVP_MD_CTX *ctx = EVP_MD_CTX_new(); 48e1051a39Sopenharmony_ci unsigned char H_[EVP_MAX_MD_SIZE]; 49e1051a39Sopenharmony_ci 50e1051a39Sopenharmony_ci if (ctx == NULL) 51e1051a39Sopenharmony_ci goto err; 52e1051a39Sopenharmony_ci 53e1051a39Sopenharmony_ci if (mgf1Hash == NULL) 54e1051a39Sopenharmony_ci mgf1Hash = Hash; 55e1051a39Sopenharmony_ci 56e1051a39Sopenharmony_ci hLen = EVP_MD_get_size(Hash); 57e1051a39Sopenharmony_ci if (hLen < 0) 58e1051a39Sopenharmony_ci goto err; 59e1051a39Sopenharmony_ci /*- 60e1051a39Sopenharmony_ci * Negative sLen has special meanings: 61e1051a39Sopenharmony_ci * -1 sLen == hLen 62e1051a39Sopenharmony_ci * -2 salt length is autorecovered from signature 63e1051a39Sopenharmony_ci * -3 salt length is maximized 64e1051a39Sopenharmony_ci * -N reserved 65e1051a39Sopenharmony_ci */ 66e1051a39Sopenharmony_ci if (sLen == RSA_PSS_SALTLEN_DIGEST) { 67e1051a39Sopenharmony_ci sLen = hLen; 68e1051a39Sopenharmony_ci } else if (sLen < RSA_PSS_SALTLEN_MAX) { 69e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED); 70e1051a39Sopenharmony_ci goto err; 71e1051a39Sopenharmony_ci } 72e1051a39Sopenharmony_ci 73e1051a39Sopenharmony_ci MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; 74e1051a39Sopenharmony_ci emLen = RSA_size(rsa); 75e1051a39Sopenharmony_ci if (EM[0] & (0xFF << MSBits)) { 76e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_RSA, RSA_R_FIRST_OCTET_INVALID); 77e1051a39Sopenharmony_ci goto err; 78e1051a39Sopenharmony_ci } 79e1051a39Sopenharmony_ci if (MSBits == 0) { 80e1051a39Sopenharmony_ci EM++; 81e1051a39Sopenharmony_ci emLen--; 82e1051a39Sopenharmony_ci } 83e1051a39Sopenharmony_ci if (emLen < hLen + 2) { 84e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE); 85e1051a39Sopenharmony_ci goto err; 86e1051a39Sopenharmony_ci } 87e1051a39Sopenharmony_ci if (sLen == RSA_PSS_SALTLEN_MAX) { 88e1051a39Sopenharmony_ci sLen = emLen - hLen - 2; 89e1051a39Sopenharmony_ci } else if (sLen > emLen - hLen - 2) { /* sLen can be small negative */ 90e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE); 91e1051a39Sopenharmony_ci goto err; 92e1051a39Sopenharmony_ci } 93e1051a39Sopenharmony_ci if (EM[emLen - 1] != 0xbc) { 94e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_RSA, RSA_R_LAST_OCTET_INVALID); 95e1051a39Sopenharmony_ci goto err; 96e1051a39Sopenharmony_ci } 97e1051a39Sopenharmony_ci maskedDBLen = emLen - hLen - 1; 98e1051a39Sopenharmony_ci H = EM + maskedDBLen; 99e1051a39Sopenharmony_ci DB = OPENSSL_malloc(maskedDBLen); 100e1051a39Sopenharmony_ci if (DB == NULL) { 101e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); 102e1051a39Sopenharmony_ci goto err; 103e1051a39Sopenharmony_ci } 104e1051a39Sopenharmony_ci if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0) 105e1051a39Sopenharmony_ci goto err; 106e1051a39Sopenharmony_ci for (i = 0; i < maskedDBLen; i++) 107e1051a39Sopenharmony_ci DB[i] ^= EM[i]; 108e1051a39Sopenharmony_ci if (MSBits) 109e1051a39Sopenharmony_ci DB[0] &= 0xFF >> (8 - MSBits); 110e1051a39Sopenharmony_ci for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) ; 111e1051a39Sopenharmony_ci if (DB[i++] != 0x1) { 112e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_RECOVERY_FAILED); 113e1051a39Sopenharmony_ci goto err; 114e1051a39Sopenharmony_ci } 115e1051a39Sopenharmony_ci if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) { 116e1051a39Sopenharmony_ci ERR_raise_data(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED, 117e1051a39Sopenharmony_ci "expected: %d retrieved: %d", sLen, 118e1051a39Sopenharmony_ci maskedDBLen - i); 119e1051a39Sopenharmony_ci goto err; 120e1051a39Sopenharmony_ci } 121e1051a39Sopenharmony_ci if (!EVP_DigestInit_ex(ctx, Hash, NULL) 122e1051a39Sopenharmony_ci || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes)) 123e1051a39Sopenharmony_ci || !EVP_DigestUpdate(ctx, mHash, hLen)) 124e1051a39Sopenharmony_ci goto err; 125e1051a39Sopenharmony_ci if (maskedDBLen - i) { 126e1051a39Sopenharmony_ci if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i)) 127e1051a39Sopenharmony_ci goto err; 128e1051a39Sopenharmony_ci } 129e1051a39Sopenharmony_ci if (!EVP_DigestFinal_ex(ctx, H_, NULL)) 130e1051a39Sopenharmony_ci goto err; 131e1051a39Sopenharmony_ci if (memcmp(H_, H, hLen)) { 132e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); 133e1051a39Sopenharmony_ci ret = 0; 134e1051a39Sopenharmony_ci } else { 135e1051a39Sopenharmony_ci ret = 1; 136e1051a39Sopenharmony_ci } 137e1051a39Sopenharmony_ci 138e1051a39Sopenharmony_ci err: 139e1051a39Sopenharmony_ci OPENSSL_free(DB); 140e1051a39Sopenharmony_ci EVP_MD_CTX_free(ctx); 141e1051a39Sopenharmony_ci 142e1051a39Sopenharmony_ci return ret; 143e1051a39Sopenharmony_ci 144e1051a39Sopenharmony_ci} 145e1051a39Sopenharmony_ci 146e1051a39Sopenharmony_ciint RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, 147e1051a39Sopenharmony_ci const unsigned char *mHash, 148e1051a39Sopenharmony_ci const EVP_MD *Hash, int sLen) 149e1051a39Sopenharmony_ci{ 150e1051a39Sopenharmony_ci return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen); 151e1051a39Sopenharmony_ci} 152e1051a39Sopenharmony_ci 153e1051a39Sopenharmony_ciint RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, 154e1051a39Sopenharmony_ci const unsigned char *mHash, 155e1051a39Sopenharmony_ci const EVP_MD *Hash, const EVP_MD *mgf1Hash, 156e1051a39Sopenharmony_ci int sLen) 157e1051a39Sopenharmony_ci{ 158e1051a39Sopenharmony_ci int i; 159e1051a39Sopenharmony_ci int ret = 0; 160e1051a39Sopenharmony_ci int hLen, maskedDBLen, MSBits, emLen; 161e1051a39Sopenharmony_ci unsigned char *H, *salt = NULL, *p; 162e1051a39Sopenharmony_ci EVP_MD_CTX *ctx = NULL; 163e1051a39Sopenharmony_ci 164e1051a39Sopenharmony_ci if (mgf1Hash == NULL) 165e1051a39Sopenharmony_ci mgf1Hash = Hash; 166e1051a39Sopenharmony_ci 167e1051a39Sopenharmony_ci hLen = EVP_MD_get_size(Hash); 168e1051a39Sopenharmony_ci if (hLen < 0) 169e1051a39Sopenharmony_ci goto err; 170e1051a39Sopenharmony_ci /*- 171e1051a39Sopenharmony_ci * Negative sLen has special meanings: 172e1051a39Sopenharmony_ci * -1 sLen == hLen 173e1051a39Sopenharmony_ci * -2 salt length is maximized 174e1051a39Sopenharmony_ci * -3 same as above (on signing) 175e1051a39Sopenharmony_ci * -N reserved 176e1051a39Sopenharmony_ci */ 177e1051a39Sopenharmony_ci if (sLen == RSA_PSS_SALTLEN_DIGEST) { 178e1051a39Sopenharmony_ci sLen = hLen; 179e1051a39Sopenharmony_ci } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) { 180e1051a39Sopenharmony_ci sLen = RSA_PSS_SALTLEN_MAX; 181e1051a39Sopenharmony_ci } else if (sLen < RSA_PSS_SALTLEN_MAX) { 182e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED); 183e1051a39Sopenharmony_ci goto err; 184e1051a39Sopenharmony_ci } 185e1051a39Sopenharmony_ci 186e1051a39Sopenharmony_ci MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; 187e1051a39Sopenharmony_ci emLen = RSA_size(rsa); 188e1051a39Sopenharmony_ci if (MSBits == 0) { 189e1051a39Sopenharmony_ci *EM++ = 0; 190e1051a39Sopenharmony_ci emLen--; 191e1051a39Sopenharmony_ci } 192e1051a39Sopenharmony_ci if (emLen < hLen + 2) { 193e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); 194e1051a39Sopenharmony_ci goto err; 195e1051a39Sopenharmony_ci } 196e1051a39Sopenharmony_ci if (sLen == RSA_PSS_SALTLEN_MAX) { 197e1051a39Sopenharmony_ci sLen = emLen - hLen - 2; 198e1051a39Sopenharmony_ci } else if (sLen > emLen - hLen - 2) { 199e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); 200e1051a39Sopenharmony_ci goto err; 201e1051a39Sopenharmony_ci } 202e1051a39Sopenharmony_ci if (sLen > 0) { 203e1051a39Sopenharmony_ci salt = OPENSSL_malloc(sLen); 204e1051a39Sopenharmony_ci if (salt == NULL) { 205e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); 206e1051a39Sopenharmony_ci goto err; 207e1051a39Sopenharmony_ci } 208e1051a39Sopenharmony_ci if (RAND_bytes_ex(rsa->libctx, salt, sLen, 0) <= 0) 209e1051a39Sopenharmony_ci goto err; 210e1051a39Sopenharmony_ci } 211e1051a39Sopenharmony_ci maskedDBLen = emLen - hLen - 1; 212e1051a39Sopenharmony_ci H = EM + maskedDBLen; 213e1051a39Sopenharmony_ci ctx = EVP_MD_CTX_new(); 214e1051a39Sopenharmony_ci if (ctx == NULL) 215e1051a39Sopenharmony_ci goto err; 216e1051a39Sopenharmony_ci if (!EVP_DigestInit_ex(ctx, Hash, NULL) 217e1051a39Sopenharmony_ci || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes)) 218e1051a39Sopenharmony_ci || !EVP_DigestUpdate(ctx, mHash, hLen)) 219e1051a39Sopenharmony_ci goto err; 220e1051a39Sopenharmony_ci if (sLen && !EVP_DigestUpdate(ctx, salt, sLen)) 221e1051a39Sopenharmony_ci goto err; 222e1051a39Sopenharmony_ci if (!EVP_DigestFinal_ex(ctx, H, NULL)) 223e1051a39Sopenharmony_ci goto err; 224e1051a39Sopenharmony_ci 225e1051a39Sopenharmony_ci /* Generate dbMask in place then perform XOR on it */ 226e1051a39Sopenharmony_ci if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash)) 227e1051a39Sopenharmony_ci goto err; 228e1051a39Sopenharmony_ci 229e1051a39Sopenharmony_ci p = EM; 230e1051a39Sopenharmony_ci 231e1051a39Sopenharmony_ci /* 232e1051a39Sopenharmony_ci * Initial PS XORs with all zeroes which is a NOP so just update pointer. 233e1051a39Sopenharmony_ci * Note from a test above this value is guaranteed to be non-negative. 234e1051a39Sopenharmony_ci */ 235e1051a39Sopenharmony_ci p += emLen - sLen - hLen - 2; 236e1051a39Sopenharmony_ci *p++ ^= 0x1; 237e1051a39Sopenharmony_ci if (sLen > 0) { 238e1051a39Sopenharmony_ci for (i = 0; i < sLen; i++) 239e1051a39Sopenharmony_ci *p++ ^= salt[i]; 240e1051a39Sopenharmony_ci } 241e1051a39Sopenharmony_ci if (MSBits) 242e1051a39Sopenharmony_ci EM[0] &= 0xFF >> (8 - MSBits); 243e1051a39Sopenharmony_ci 244e1051a39Sopenharmony_ci /* H is already in place so just set final 0xbc */ 245e1051a39Sopenharmony_ci 246e1051a39Sopenharmony_ci EM[emLen - 1] = 0xbc; 247e1051a39Sopenharmony_ci 248e1051a39Sopenharmony_ci ret = 1; 249e1051a39Sopenharmony_ci 250e1051a39Sopenharmony_ci err: 251e1051a39Sopenharmony_ci EVP_MD_CTX_free(ctx); 252e1051a39Sopenharmony_ci OPENSSL_clear_free(salt, (size_t)sLen); /* salt != NULL implies sLen > 0 */ 253e1051a39Sopenharmony_ci 254e1051a39Sopenharmony_ci return ret; 255e1051a39Sopenharmony_ci 256e1051a39Sopenharmony_ci} 257e1051a39Sopenharmony_ci 258e1051a39Sopenharmony_ci/* 259e1051a39Sopenharmony_ci * The defaults for PSS restrictions are defined in RFC 8017, A.2.3 RSASSA-PSS 260e1051a39Sopenharmony_ci * (https://tools.ietf.org/html/rfc8017#appendix-A.2.3): 261e1051a39Sopenharmony_ci * 262e1051a39Sopenharmony_ci * If the default values of the hashAlgorithm, maskGenAlgorithm, and 263e1051a39Sopenharmony_ci * trailerField fields of RSASSA-PSS-params are used, then the algorithm 264e1051a39Sopenharmony_ci * identifier will have the following value: 265e1051a39Sopenharmony_ci * 266e1051a39Sopenharmony_ci * rSASSA-PSS-Default-Identifier RSASSA-AlgorithmIdentifier ::= { 267e1051a39Sopenharmony_ci * algorithm id-RSASSA-PSS, 268e1051a39Sopenharmony_ci * parameters RSASSA-PSS-params : { 269e1051a39Sopenharmony_ci * hashAlgorithm sha1, 270e1051a39Sopenharmony_ci * maskGenAlgorithm mgf1SHA1, 271e1051a39Sopenharmony_ci * saltLength 20, 272e1051a39Sopenharmony_ci * trailerField trailerFieldBC 273e1051a39Sopenharmony_ci * } 274e1051a39Sopenharmony_ci * } 275e1051a39Sopenharmony_ci * 276e1051a39Sopenharmony_ci * RSASSA-AlgorithmIdentifier ::= AlgorithmIdentifier { 277e1051a39Sopenharmony_ci * {PKCS1Algorithms} 278e1051a39Sopenharmony_ci * } 279e1051a39Sopenharmony_ci */ 280e1051a39Sopenharmony_cistatic const RSA_PSS_PARAMS_30 default_RSASSA_PSS_params = { 281e1051a39Sopenharmony_ci NID_sha1, /* default hashAlgorithm */ 282e1051a39Sopenharmony_ci { 283e1051a39Sopenharmony_ci NID_mgf1, /* default maskGenAlgorithm */ 284e1051a39Sopenharmony_ci NID_sha1 /* default MGF1 hash */ 285e1051a39Sopenharmony_ci }, 286e1051a39Sopenharmony_ci 20, /* default saltLength */ 287e1051a39Sopenharmony_ci 1 /* default trailerField (0xBC) */ 288e1051a39Sopenharmony_ci}; 289e1051a39Sopenharmony_ci 290e1051a39Sopenharmony_ciint ossl_rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params) 291e1051a39Sopenharmony_ci{ 292e1051a39Sopenharmony_ci if (rsa_pss_params == NULL) 293e1051a39Sopenharmony_ci return 0; 294e1051a39Sopenharmony_ci *rsa_pss_params = default_RSASSA_PSS_params; 295e1051a39Sopenharmony_ci return 1; 296e1051a39Sopenharmony_ci} 297e1051a39Sopenharmony_ci 298e1051a39Sopenharmony_ciint ossl_rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params) 299e1051a39Sopenharmony_ci{ 300e1051a39Sopenharmony_ci static RSA_PSS_PARAMS_30 pss_params_cmp = { 0, }; 301e1051a39Sopenharmony_ci 302e1051a39Sopenharmony_ci return rsa_pss_params == NULL 303e1051a39Sopenharmony_ci || memcmp(rsa_pss_params, &pss_params_cmp, 304e1051a39Sopenharmony_ci sizeof(*rsa_pss_params)) == 0; 305e1051a39Sopenharmony_ci} 306e1051a39Sopenharmony_ci 307e1051a39Sopenharmony_ciint ossl_rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to, 308e1051a39Sopenharmony_ci const RSA_PSS_PARAMS_30 *from) 309e1051a39Sopenharmony_ci{ 310e1051a39Sopenharmony_ci memcpy(to, from, sizeof(*to)); 311e1051a39Sopenharmony_ci return 1; 312e1051a39Sopenharmony_ci} 313e1051a39Sopenharmony_ci 314e1051a39Sopenharmony_ciint ossl_rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, 315e1051a39Sopenharmony_ci int hashalg_nid) 316e1051a39Sopenharmony_ci{ 317e1051a39Sopenharmony_ci if (rsa_pss_params == NULL) 318e1051a39Sopenharmony_ci return 0; 319e1051a39Sopenharmony_ci rsa_pss_params->hash_algorithm_nid = hashalg_nid; 320e1051a39Sopenharmony_ci return 1; 321e1051a39Sopenharmony_ci} 322e1051a39Sopenharmony_ci 323e1051a39Sopenharmony_ciint ossl_rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params, 324e1051a39Sopenharmony_ci int maskgenalg_nid) 325e1051a39Sopenharmony_ci{ 326e1051a39Sopenharmony_ci if (rsa_pss_params == NULL) 327e1051a39Sopenharmony_ci return 0; 328e1051a39Sopenharmony_ci rsa_pss_params->mask_gen.algorithm_nid = maskgenalg_nid; 329e1051a39Sopenharmony_ci return 1; 330e1051a39Sopenharmony_ci} 331e1051a39Sopenharmony_ci 332e1051a39Sopenharmony_ciint ossl_rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, 333e1051a39Sopenharmony_ci int maskgenhashalg_nid) 334e1051a39Sopenharmony_ci{ 335e1051a39Sopenharmony_ci if (rsa_pss_params == NULL) 336e1051a39Sopenharmony_ci return 0; 337e1051a39Sopenharmony_ci rsa_pss_params->mask_gen.hash_algorithm_nid = maskgenhashalg_nid; 338e1051a39Sopenharmony_ci return 1; 339e1051a39Sopenharmony_ci} 340e1051a39Sopenharmony_ci 341e1051a39Sopenharmony_ciint ossl_rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params, 342e1051a39Sopenharmony_ci int saltlen) 343e1051a39Sopenharmony_ci{ 344e1051a39Sopenharmony_ci if (rsa_pss_params == NULL) 345e1051a39Sopenharmony_ci return 0; 346e1051a39Sopenharmony_ci rsa_pss_params->salt_len = saltlen; 347e1051a39Sopenharmony_ci return 1; 348e1051a39Sopenharmony_ci} 349e1051a39Sopenharmony_ci 350e1051a39Sopenharmony_ciint ossl_rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params, 351e1051a39Sopenharmony_ci int trailerfield) 352e1051a39Sopenharmony_ci{ 353e1051a39Sopenharmony_ci if (rsa_pss_params == NULL) 354e1051a39Sopenharmony_ci return 0; 355e1051a39Sopenharmony_ci rsa_pss_params->trailer_field = trailerfield; 356e1051a39Sopenharmony_ci return 1; 357e1051a39Sopenharmony_ci} 358e1051a39Sopenharmony_ci 359e1051a39Sopenharmony_ciint ossl_rsa_pss_params_30_hashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params) 360e1051a39Sopenharmony_ci{ 361e1051a39Sopenharmony_ci if (rsa_pss_params == NULL) 362e1051a39Sopenharmony_ci return default_RSASSA_PSS_params.hash_algorithm_nid; 363e1051a39Sopenharmony_ci return rsa_pss_params->hash_algorithm_nid; 364e1051a39Sopenharmony_ci} 365e1051a39Sopenharmony_ci 366e1051a39Sopenharmony_ciint ossl_rsa_pss_params_30_maskgenalg(const RSA_PSS_PARAMS_30 *rsa_pss_params) 367e1051a39Sopenharmony_ci{ 368e1051a39Sopenharmony_ci if (rsa_pss_params == NULL) 369e1051a39Sopenharmony_ci return default_RSASSA_PSS_params.mask_gen.algorithm_nid; 370e1051a39Sopenharmony_ci return rsa_pss_params->mask_gen.algorithm_nid; 371e1051a39Sopenharmony_ci} 372e1051a39Sopenharmony_ci 373e1051a39Sopenharmony_ciint ossl_rsa_pss_params_30_maskgenhashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params) 374e1051a39Sopenharmony_ci{ 375e1051a39Sopenharmony_ci if (rsa_pss_params == NULL) 376e1051a39Sopenharmony_ci return default_RSASSA_PSS_params.hash_algorithm_nid; 377e1051a39Sopenharmony_ci return rsa_pss_params->mask_gen.hash_algorithm_nid; 378e1051a39Sopenharmony_ci} 379e1051a39Sopenharmony_ci 380e1051a39Sopenharmony_ciint ossl_rsa_pss_params_30_saltlen(const RSA_PSS_PARAMS_30 *rsa_pss_params) 381e1051a39Sopenharmony_ci{ 382e1051a39Sopenharmony_ci if (rsa_pss_params == NULL) 383e1051a39Sopenharmony_ci return default_RSASSA_PSS_params.salt_len; 384e1051a39Sopenharmony_ci return rsa_pss_params->salt_len; 385e1051a39Sopenharmony_ci} 386e1051a39Sopenharmony_ci 387e1051a39Sopenharmony_ciint ossl_rsa_pss_params_30_trailerfield(const RSA_PSS_PARAMS_30 *rsa_pss_params) 388e1051a39Sopenharmony_ci{ 389e1051a39Sopenharmony_ci if (rsa_pss_params == NULL) 390e1051a39Sopenharmony_ci return default_RSASSA_PSS_params.trailer_field; 391e1051a39Sopenharmony_ci return rsa_pss_params->trailer_field; 392e1051a39Sopenharmony_ci} 393e1051a39Sopenharmony_ci 394e1051a39Sopenharmony_ci#if defined(_MSC_VER) 395e1051a39Sopenharmony_ci# pragma optimize("",on) 396e1051a39Sopenharmony_ci#endif 397