add MGF1 digest ctrl

crypto/rsa/rsa_pmeth.c

@@ -79,6 +79,8 @@ typedef struct
 	int pad_mode;
 	/* message digest */
 	const EVP_MD *md;
+	/* message digest for MGF1 */
+	const EVP_MD *mgf1md;
 	/* PSS/OAEP salt length */
 	int saltlen;
 	/* Temp buffer */
@@ -95,6 +97,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
 	rctx->pub_exp = NULL;
 	rctx->pad_mode = RSA_PKCS1_PADDING;
 	rctx->md = NULL;
+	rctx->mgf1md = NULL;
 	rctx->tbuf = NULL;
 
 	rctx->saltlen = -2;
@@ -184,10 +187,14 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
 			}
 		else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
 			{
+			const EVP_MD *pssmd;
+			pssmd = rctx->mgf1md;
+			if (pssmd == NULL)
+				pssmd = rctx->md;
 			if (!setup_tbuf(rctx, ctx))
 				return -1;
 			if (!RSA_padding_add_PKCS1_PSS(rsa, rctx->tbuf, tbs,
-						rctx->md, rctx->saltlen))
+						pssmd, rctx->saltlen))
 				return -1;
 			ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
 						sig, rsa, RSA_NO_PADDING);
@@ -281,13 +288,17 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
 		else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
 			{
 			int ret;
+			const EVP_MD *pssmd;
+			pssmd = rctx->mgf1md;
+			if (pssmd == NULL)
+				pssmd = rctx->md;
 			if (!setup_tbuf(rctx, ctx))
 				return -1;
 			ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
 							rsa, RSA_NO_PADDING);
 			if (ret <= 0)
 				return 0;
-			ret = RSA_verify_PKCS1_PSS(rsa, tbs, rctx->md,
+			ret = RSA_verify_PKCS1_PSS(rsa, tbs, pssmd,
 						rctx->tbuf, rctx->saltlen);
 			if (ret <= 0)
 				return 0;
@@ -433,6 +444,10 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 		rctx->md = p2;
 		return 1;
 
+		case EVP_PKEY_CTRL_MGF1_MD:
+		rctx->mgf1md = p2;
+		return 1;
+
 		case EVP_PKEY_CTRL_DIGESTINIT:
 		case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
 		case EVP_PKEY_CTRL_PKCS7_DECRYPT: