Use non-deprecated PSS functions.
Also, fix a size warning with BoringSSL. BoringSSL has |RSA_size| return
a size_t, so it's easier to cast that to unsigned to work with both.
Change-Id: I9cfd75dfffb4d017eca2e05f0b302c45010222f3
diff --git a/rsa_operation.cpp b/rsa_operation.cpp
index 56189e0..fda2e8b 100644
--- a/rsa_operation.cpp
+++ b/rsa_operation.cpp
@@ -351,7 +351,7 @@
case KM_PAD_RSA_PSS:
// OpenSSL doesn't verify that the key is large enough for the digest size. This can cause
// a segfault in some cases, and in others can result in a unsafely-small salt.
- if (RSA_size(rsa_key_) < MIN_PSS_SALT_LEN + (int)digest_size)
+ if ((unsigned) RSA_size(rsa_key_) < MIN_PSS_SALT_LEN + digest_size)
return KM_ERROR_INCOMPATIBLE_DIGEST;
if ((error = PssPadDigest(&padded_digest)) != KM_ERROR_OK)
@@ -367,8 +367,9 @@
if (!padded_digest->get())
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
- if (!RSA_padding_add_PKCS1_PSS(rsa_key_, padded_digest->get(), digest_buf_, digest_algorithm_,
- -2 /* Indicates maximum salt length */)) {
+ if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa_key_, padded_digest->get(), digest_buf_,
+ digest_algorithm_, NULL,
+ -2 /* Indicates maximum salt length */)) {
LOG_E("%s", "Failed to apply PSS padding");
return KM_ERROR_UNKNOWN_ERROR;
}
@@ -439,8 +440,8 @@
return KM_ERROR_VERIFICATION_FAILED;
if (padding_ == KM_PAD_RSA_PSS &&
- RSA_verify_PKCS1_PSS(rsa_key_, to_match, digest_algorithm_, decrypted_data.get(),
- -2 /* salt length recovered from signature */))
+ RSA_verify_PKCS1_PSS_mgf1(rsa_key_, to_match, digest_algorithm_, NULL, decrypted_data.get(),
+ -2 /* salt length recovered from signature */))
return KM_ERROR_OK;
else if (padding_ != KM_PAD_RSA_PSS && memcmp_s(decrypted_data.get(), to_match, len) == 0)
return KM_ERROR_OK;