+ }
+
+ /* Maximum for sign, auto for verify */
+ prsactx->saltlen = RSA_PSS_SALTLEN_AUTO;
+ prsactx->min_saltlen = -1;
+
+ switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) {
+ case RSA_FLAG_TYPE_RSA:
+ prsactx->pad_mode = RSA_PKCS1_PADDING;
+ break;
+ case RSA_FLAG_TYPE_RSASSAPSS:
+ prsactx->pad_mode = RSA_PKCS1_PSS_PADDING;
+
+ {
+ const RSA_PSS_PARAMS_30 *pss =
+ ossl_rsa_get0_pss_params_30(prsactx->rsa);
+
+ if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) {
+ int md_nid = ossl_rsa_pss_params_30_hashalg(pss);
+ int mgf1md_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss);
+ int min_saltlen = ossl_rsa_pss_params_30_saltlen(pss);
+ const char *mdname, *mgf1mdname;
+ size_t len;
+
+ mdname = ossl_rsa_oaeppss_nid2name(md_nid);
+ mgf1mdname = ossl_rsa_oaeppss_nid2name(mgf1md_nid);
+
+ if (mdname == NULL) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
+ "PSS restrictions lack hash algorithm");
+ return 0;
+ }
+ if (mgf1mdname == NULL) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
+ "PSS restrictions lack MGF1 hash algorithm");
+ return 0;
+ }
+
+ len = OPENSSL_strlcpy(prsactx->mdname, mdname,
+ sizeof(prsactx->mdname));
+ if (len >= sizeof(prsactx->mdname)) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
+ "hash algorithm name too long");
+ return 0;
+ }
+ len = OPENSSL_strlcpy(prsactx->mgf1_mdname, mgf1mdname,
+ sizeof(prsactx->mgf1_mdname));
+ if (len >= sizeof(prsactx->mgf1_mdname)) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
+ "MGF1 hash algorithm name too long");
+ return 0;
+ }
+ prsactx->saltlen = min_saltlen;
+
+ /* call rsa_setup_mgf1_md before rsa_setup_md to avoid duplication */
+ return rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq)
+ && rsa_setup_md(prsactx, mdname, prsactx->propq)
+ && rsa_check_parameters(prsactx, min_saltlen);
+ }
+ }
+
+ break;
+ default:
+ ERR_raise(ERR_LIB_RSA, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ return 0;
+ }