diff options
Diffstat (limited to 'src/crypto/rsa/pss.go')
-rw-r--r-- | src/crypto/rsa/pss.go | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go index 3ff0c2f4d0..89f850ed0f 100644 --- a/src/crypto/rsa/pss.go +++ b/src/crypto/rsa/pss.go @@ -11,6 +11,7 @@ package rsa import ( "bytes" "crypto" + "crypto/internal/boring" "errors" "hash" "io" @@ -197,6 +198,21 @@ func signPSSWithSalt(rand io.Reader, priv *PrivateKey, hash crypto.Hash, hashed, if err != nil { return } + + if boring.Enabled { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err + } + // Note: BoringCrypto takes care of the "AndCheck" part of "decryptAndCheck". + // (It's not just decrypt.) + s, err := boring.DecryptRSANoPadding(bkey, em) + if err != nil { + return nil, err + } + return s, nil + } + m := new(big.Int).SetBytes(em) c, err := decryptAndCheck(rand, priv, m) if err != nil { @@ -259,6 +275,14 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, hashed []byte, hash = opts.Hash } + if boring.Enabled && rand == boring.RandReader { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err + } + return boring.SignRSAPSS(bkey, hash, hashed, saltLength) + } + salt := make([]byte, saltLength) if _, err := io.ReadFull(rand, salt); err != nil { return nil, err @@ -277,6 +301,16 @@ func VerifyPSS(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte, opts // verifyPSS verifies a PSS signature with the given salt length. func verifyPSS(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte, saltLen int) error { + if boring.Enabled { + bkey, err := boringPublicKey(pub) + if err != nil { + return err + } + if err := boring.VerifyRSAPSS(bkey, hash, hashed, sig, saltLen); err != nil { + return ErrVerification + } + return nil + } nBits := pub.N.BitLen() if len(sig) != (nBits+7)/8 { return ErrVerification |