return NULL;
if (saltlen == -1) {
saltlen = EVP_MD_size(sigmd);
- } else if (saltlen == -2) {
+ } else if (saltlen == -2 || saltlen == -3) {
saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
if ((EVP_PKEY_bits(pk) & 0x7) == 1)
saltlen--;
+ if (saltlen < 0)
+ return NULL;
}
return rsa_pss_params_create(sigmd, mgf1md, saltlen);