From 0e710aada401b1cf89b284d8469d112ddf277fe0 Mon Sep 17 00:00:00 2001
From: Tobias Nießen <tniessen@tnie.de>
Date: Mon, 6 Mar 2017 00:41:26 +0100
Subject: crypto: add sign/verify support for RSASSA-PSS

Adds support for the PSS padding scheme. Until now, the sign/verify
functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it
impossible to change the padding scheme. Fixed by first computing the
message digest and then signing/verifying with a custom EVP_PKEY_CTX,
allowing us to specify options such as the padding scheme and the PSS
salt length.

Fixes: https://github.com/nodejs/node/issues/1127
PR-URL: https://github.com/nodejs/node/pull/11705
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
---
 src/node_crypto.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/node_crypto.h')

diff --git a/src/node_crypto.h b/src/node_crypto.h
index 63e6ab684f..ffb8444ce6 100644
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -592,7 +592,9 @@ class Sign : public SignBase {
                   int key_pem_len,
                   const char* passphrase,
                   unsigned char** sig,
-                  unsigned int *sig_len);
+                  unsigned int *sig_len,
+                  int padding,
+                  int saltlen);
 
  protected:
   static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
@@ -615,6 +617,8 @@ class Verify : public SignBase {
                     int key_pem_len,
                     const char* sig,
                     int siglen,
+                    int padding,
+                    int saltlen,
                     bool* verify_result);
 
  protected:
-- 
cgit v1.2.3