rsa: add support of padding pss

We add the support of the padding pss for rsa signature. This new padding is often recommended instead of pkcs-1.5. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
author: Philippe Reynes <philippe.reynes@softathome.com> 2018-11-14 13:51:01 +0100
committer: Tom Rini <trini@konsulko.com> 2018-12-03 10:44:10 -0500
commit: 061daa0b61f0fbeb214c566f3adb23da05545320 (patch)
tree: f16e131f6e8fd1a724fd70d6669c9011f28c23eb /lib/rsa/rsa-sign.c
parent: 20031567e12bb312bff95b70767f6275e20f0346 (diff)
download: u-boot-061daa0b61f0fbeb214c566f3adb23da05545320.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 6aa0e2ab5d..fb5e07b56d 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -438,6 +438,16 @@ static int rsa_sign_with_key(RSA *rsa, struct padding_algo *padding_algo,
 		goto err_sign;
 	}
 
+#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+	if (padding_algo && !strcmp(padding_algo->name, "pss")) {
+		if (EVP_PKEY_CTX_set_rsa_padding(ckey,
+						 RSA_PKCS1_PSS_PADDING) <= 0) {
+			ret = rsa_err("Signer padding setup failed");
+			goto err_sign;
+		}
+	}
+#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
+
 	for (i = 0; i < region_count; i++) {
 		if (!EVP_DigestSignUpdate(context, region[i].data,
 					  region[i].size)) {
author	Philippe Reynes <philippe.reynes@softathome.com>	2018-11-14 13:51:01 +0100
committer	Tom Rini <trini@konsulko.com>	2018-12-03 10:44:10 -0500
commit	061daa0b61f0fbeb214c566f3adb23da05545320 (patch)
tree	f16e131f6e8fd1a724fd70d6669c9011f28c23eb /lib/rsa/rsa-sign.c
parent	20031567e12bb312bff95b70767f6275e20f0346 (diff)
download	u-boot-061daa0b61f0fbeb214c566f3adb23da05545320.tar.gz