in src/vtok_p11/src/crypto/mod.rs [400:434]
fn config_evp_pkey_ctx(pctx: *mut ffi::EVP_PKEY_CTX, mech: &Mechanism) -> Result<()> {
let padding = match mech {
Mechanism::Digest(_) => return Err(Error::BadMech),
Mechanism::RsaX509 => ffi::RSA_NO_PADDING,
Mechanism::RsaPkcs(_) => ffi::RSA_PKCS1_PADDING,
Mechanism::RsaPkcsPss(_, _) => ffi::RSA_PKCS1_PSS_PADDING,
Mechanism::Ecdsa(_) => return Ok(()),
};
let rc = unsafe { ffi::EVP_PKEY_CTX_set_rsa_padding(pctx, padding) };
if rc != 1 {
return Err(Error::PkeyCtxCtl);
}
if let Mechanism::RsaPkcsPss(_, Some(params)) = mech {
let evp_md_hash = mech_type_to_evp_md(params.hashAlg)?;
let rc = unsafe { ffi::EVP_PKEY_CTX_set_signature_md(pctx, evp_md_hash) };
if rc != 1 {
return Err(Error::PkeyCtxCtl);
}
let evp_md = mgf_to_evp_md(params.mgf)?;
let rc = unsafe { ffi::EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, evp_md) };
if rc != 1 {
return Err(Error::PkeyCtxCtl);
}
let rc = unsafe {
ffi::EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, params.sLen as std::os::raw::c_int)
};
if rc != 1 {
return Err(Error::PkeyCtxCtl);
}
}
Ok(())
}