// Code generated by cmd/cgo; DO NOT EDIT.

//line /builddir/build/BUILD/go-go-1.11.6-5-openssl-fips/src/crypto/internal/boring/rsa.go:1:1
// Copyright 2017 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// +build linux
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan

package boring

// #include "goboringcrypto.h"
import _ "unsafe"
import (
	"crypto"
	"errors"
	"hash"
	"math/big"
	"runtime"
	"strconv"
	"unsafe"
)

func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv *big.Int, err error) {
	bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv *big.Int, err error) {
		return nil, nil, nil, nil, nil, nil, nil, nil, e
	}

	key := (_Cfunc__goboringcrypto_RSA_new)()
	if key == nil {
		return bad(fail("RSA_new"))
	}
	defer func(_cgo0 *_Ctype_struct_rsa_st) {;	_cgoCheckPointer(_cgo0);	(_Cfunc__goboringcrypto_RSA_free)(_cgo0);}(key)

	if func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 _Ctype_int, _cgo2 *_Ctype_struct_bn_gencb_st) _Ctype_int {;	_cgoCheckPointer(_cgo0);	return (_Cfunc__goboringcrypto_RSA_generate_key_fips)(_cgo0, _cgo1, _cgo2);}(key, _Ctype_int(bits), nil) == 0 {
		return bad(fail("RSA_generate_key_fips"))
	}

	var n, e, d, p, q, dp, dq, qinv *_Ctype_struct_bignum_st
	func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 **_Ctype_struct_bignum_st, _cgo2 **_Ctype_struct_bignum_st, _cgo3 **_Ctype_struct_bignum_st) {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1, true);	_cgoCheckPointer(_cgo2, true);	_cgoCheckPointer(_cgo3, true);	(_Cfunc__goboringcrypto_RSA_get0_key)(_cgo0, _cgo1, _cgo2, _cgo3);}(key, &n, &e, &d)
	func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 **_Ctype_struct_bignum_st, _cgo2 **_Ctype_struct_bignum_st) {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1, true);	_cgoCheckPointer(_cgo2, true);	(_Cfunc__goboringcrypto_RSA_get0_factors)(_cgo0, _cgo1, _cgo2);}(key, &p, &q)
	func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 **_Ctype_struct_bignum_st, _cgo2 **_Ctype_struct_bignum_st, _cgo3 **_Ctype_struct_bignum_st) {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1, true);	_cgoCheckPointer(_cgo2, true);	_cgoCheckPointer(_cgo3, true);	(_Cfunc__goboringcrypto_RSA_get0_crt_params)(_cgo0, _cgo1, _cgo2, _cgo3);}(key, &dp, &dq, &qinv)
	return bnToBig(n), bnToBig(e), bnToBig(d), bnToBig(p), bnToBig(q), bnToBig(dp), bnToBig(dq), bnToBig(qinv), nil
}

type PublicKeyRSA struct {
	key *_Ctype_struct_rsa_st
}

func NewPublicKeyRSA(N, E *big.Int) (*PublicKeyRSA, error) {
	key := (_Cfunc__goboringcrypto_RSA_new)()
	if key == nil {
		return nil, fail("RSA_new")
	}
	var n, e *_Ctype_struct_bignum_st
	func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 **_Ctype_struct_bignum_st, _cgo2 **_Ctype_struct_bignum_st, _cgo3 **_Ctype_struct_bignum_st) {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1, true);	_cgoCheckPointer(_cgo2, true);	(_Cfunc__goboringcrypto_RSA_get0_key)(_cgo0, _cgo1, _cgo2, _cgo3);}(key, &n, &e, nil)
	if !bigToBn(&n, N) ||
		!bigToBn(&e, E) {
		return nil, fail("BN_bin2bn")
	}
	func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 *_Ctype_struct_bignum_st, _cgo2 *_Ctype_struct_bignum_st, _cgo3 *_Ctype_struct_bignum_st) _Ctype_int {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1);	_cgoCheckPointer(_cgo2);	return (_Cfunc__goboringcrypto_RSA_set0_key)(_cgo0, _cgo1, _cgo2, _cgo3);}(key, n, e, nil)
	k := &PublicKeyRSA{key: key}
	// Note: Because of the finalizer, any time k.key is passed to cgo,
	// that call must be followed by a call to runtime.KeepAlive(k),
	// to make sure k is not collected (and finalized) before the cgo
	// call returns.
	runtime.SetFinalizer(k, (*PublicKeyRSA).finalize)
	return k, nil
}

func (k *PublicKeyRSA) finalize() {
	func(_cgo0 *_Ctype_struct_rsa_st) {;	_cgoCheckPointer(_cgo0);	(_Cfunc__goboringcrypto_RSA_free)(_cgo0);}(k.key)
}

type PrivateKeyRSA struct {
	key *_Ctype_struct_rsa_st
}

func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv *big.Int) (*PrivateKeyRSA, error) {
	key := (_Cfunc__goboringcrypto_RSA_new)()
	if key == nil {
		return nil, fail("RSA_new")
	}
	var n, e, d, p, q, dp, dq, qinv *_Ctype_struct_bignum_st
	func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 **_Ctype_struct_bignum_st, _cgo2 **_Ctype_struct_bignum_st, _cgo3 **_Ctype_struct_bignum_st) {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1, true);	_cgoCheckPointer(_cgo2, true);	_cgoCheckPointer(_cgo3, true);	(_Cfunc__goboringcrypto_RSA_get0_key)(_cgo0, _cgo1, _cgo2, _cgo3);}(key, &n, &e, &d)
	func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 **_Ctype_struct_bignum_st, _cgo2 **_Ctype_struct_bignum_st) {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1, true);	_cgoCheckPointer(_cgo2, true);	(_Cfunc__goboringcrypto_RSA_get0_factors)(_cgo0, _cgo1, _cgo2);}(key, &p, &q)
	func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 **_Ctype_struct_bignum_st, _cgo2 **_Ctype_struct_bignum_st, _cgo3 **_Ctype_struct_bignum_st) {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1, true);	_cgoCheckPointer(_cgo2, true);	_cgoCheckPointer(_cgo3, true);	(_Cfunc__goboringcrypto_RSA_get0_crt_params)(_cgo0, _cgo1, _cgo2, _cgo3);}(key, &dp, &dq, &qinv)
	if !bigToBn(&n, N) ||
		!bigToBn(&e, E) ||
		!bigToBn(&d, D) ||
		!bigToBn(&p, P) ||
		!bigToBn(&q, Q) ||
		!bigToBn(&dp, Dp) ||
		!bigToBn(&dq, Dq) ||
		!bigToBn(&qinv, Qinv) {
		return nil, fail("BN_bin2bn")
	}
	func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 *_Ctype_struct_bignum_st, _cgo2 *_Ctype_struct_bignum_st, _cgo3 *_Ctype_struct_bignum_st) _Ctype_int {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1);	_cgoCheckPointer(_cgo2);	_cgoCheckPointer(_cgo3);	return (_Cfunc__goboringcrypto_RSA_set0_key)(_cgo0, _cgo1, _cgo2, _cgo3);}(key, n, e, d)
	func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 *_Ctype_struct_bignum_st, _cgo2 *_Ctype_struct_bignum_st) _Ctype_int {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1);	_cgoCheckPointer(_cgo2);	return (_Cfunc__goboringcrypto_RSA_set0_factors)(_cgo0, _cgo1, _cgo2);}(key, p, q)
	func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 *_Ctype_struct_bignum_st, _cgo2 *_Ctype_struct_bignum_st, _cgo3 *_Ctype_struct_bignum_st) _Ctype_int {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1);	_cgoCheckPointer(_cgo2);	_cgoCheckPointer(_cgo3);	return (_Cfunc__goboringcrypto_RSA_set0_crt_params)(_cgo0, _cgo1, _cgo2, _cgo3);}(key, dp, dq, qinv)
	k := &PrivateKeyRSA{key: key}
	// Note: Because of the finalizer, any time k.key is passed to cgo,
	// that call must be followed by a call to runtime.KeepAlive(k),
	// to make sure k is not collected (and finalized) before the cgo
	// call returns.
	runtime.SetFinalizer(k, (*PrivateKeyRSA).finalize)
	return k, nil
}

func (k *PrivateKeyRSA) finalize() {
	func(_cgo0 *_Ctype_struct_rsa_st) {;	_cgoCheckPointer(_cgo0);	(_Cfunc__goboringcrypto_RSA_free)(_cgo0);}(k.key)
}

func setupRSA(key *_Ctype_struct_rsa_st,
	padding _Ctype_int, h hash.Hash, label []byte, saltLen int, ch crypto.Hash,
	init func(*_Ctype_struct_evp_pkey_ctx_st) _Ctype_int) (pkey *_Ctype_struct_evp_pkey_st, ctx *_Ctype_struct_evp_pkey_ctx_st, err error) {
	defer func() {
		if err != nil {
			if pkey != nil {
				func(_cgo0 *_Ctype_struct_evp_pkey_st) {;	_cgoCheckPointer(_cgo0);	(_Cfunc__goboringcrypto_EVP_PKEY_free)(_cgo0);}(pkey)
				pkey = nil
			}
			if ctx != nil {
				func(_cgo0 *_Ctype_struct_evp_pkey_ctx_st) {;	_cgoCheckPointer(_cgo0);	(_Cfunc__goboringcrypto_EVP_PKEY_CTX_free)(_cgo0);}(ctx)
				ctx = nil
			}
		}
	}()

	pkey = (_Cfunc__goboringcrypto_EVP_PKEY_new)()
	if pkey == nil {
		return nil, nil, fail("EVP_PKEY_new")
	}
	if func(_cgo0 *_Ctype_struct_evp_pkey_st, _cgo1 *_Ctype_struct_rsa_st) _Ctype_int {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1);	return (_Cfunc__goboringcrypto_EVP_PKEY_set1_RSA)(_cgo0, _cgo1);}(pkey, key) == 0 {
		return nil, nil, fail("EVP_PKEY_set1_RSA")
	}
	ctx = func(_cgo0 *_Ctype_struct_evp_pkey_st, _cgo1 *_Ctype_struct_engine_st) *_Ctype_struct_evp_pkey_ctx_st {;	_cgoCheckPointer(_cgo0);	return (_Cfunc__goboringcrypto_EVP_PKEY_CTX_new)(_cgo0, _cgo1);}(pkey, nil)
	if ctx == nil {
		return nil, nil, fail("EVP_PKEY_CTX_new")
	}
	if init(ctx) == 0 {
		return nil, nil, fail("EVP_PKEY_operation_init")
	}
	if func(_cgo0 *_Ctype_struct_evp_pkey_ctx_st, _cgo1 _Ctype_int) _Ctype_int {;	_cgoCheckPointer(_cgo0);	return (_Cfunc__goboringcrypto_EVP_PKEY_CTX_set_rsa_padding)(_cgo0, _cgo1);}(ctx, padding) == 0 {
		return nil, nil, fail("EVP_PKEY_CTX_set_rsa_padding")
	}
	if padding == (_Ciconst_GO_RSA_PKCS1_OAEP_PADDING) {
		md := hashToMD(h)
		if md == nil {
			return nil, nil, errors.New("crypto/rsa: unsupported hash function")
		}
		if func(_cgo0 *_Ctype_struct_evp_pkey_ctx_st, _cgo1 *_Ctype_struct_env_md_st) _Ctype_int {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1);	return (_Cfunc__goboringcrypto_EVP_PKEY_CTX_set_rsa_oaep_md)(_cgo0, _cgo1);}(ctx, md) == 0 {
			return nil, nil, fail("EVP_PKEY_set_rsa_oaep_md")
		}
		// ctx takes ownership of label, so malloc a copy for BoringCrypto to free.
		clabel := (*_Ctype_uint8_t)((_Cfunc__CMalloc)(_Ctype_size_t(len(label))))
		if clabel == nil {
			return nil, nil, fail("malloc")
		}
		copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label)
		if func(_cgo0 *_Ctype_struct_evp_pkey_ctx_st, _cgo1 *_Ctype_uint8_t, _cgo2 _Ctype_size_t) _Ctype_int {;	_cgoCheckPointer(_cgo0);	return (_Cfunc__goboringcrypto_EVP_PKEY_CTX_set0_rsa_oaep_label)(_cgo0, _cgo1, _cgo2);}(ctx, clabel, _Ctype_size_t(len(label))) == 0 {
			return nil, nil, fail("EVP_PKEY_CTX_set0_rsa_oaep_label")
		}
	}
	if padding == (_Ciconst_GO_RSA_PKCS1_PSS_PADDING) {
		if saltLen != 0 {
			if func(_cgo0 *_Ctype_struct_evp_pkey_ctx_st, _cgo1 _Ctype_int) _Ctype_int {;	_cgoCheckPointer(_cgo0);	return (_Cfunc__goboringcrypto_EVP_PKEY_CTX_set_rsa_pss_saltlen)(_cgo0, _cgo1);}(ctx, _Ctype_int(saltLen)) == 0 {
				return nil, nil, fail("EVP_PKEY_set_rsa_pss_saltlen")
			}
		}
		md := cryptoHashToMD(ch)
		if md == nil {
			return nil, nil, errors.New("crypto/rsa: unsupported hash function")
		}
		if func(_cgo0 *_Ctype_struct_evp_pkey_ctx_st, _cgo1 *_Ctype_struct_env_md_st) _Ctype_int {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo1);	return (_Cfunc__goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md)(_cgo0, _cgo1);}(ctx, md) == 0 {
			return nil, nil, fail("EVP_PKEY_set_rsa_mgf1_md")
		}
	}

	return pkey, ctx, nil
}

func cryptRSA(gokey interface{}, key *_Ctype_struct_rsa_st,
	padding _Ctype_int, h hash.Hash, label []byte, saltLen int, ch crypto.Hash,
	init func(*_Ctype_struct_evp_pkey_ctx_st) _Ctype_int,
	crypt func(*_Ctype_struct_evp_pkey_ctx_st, *_Ctype_uint8_t, *_Ctype_size_t, *_Ctype_uint8_t, _Ctype_size_t) _Ctype_int,
	in []byte) ([]byte, error) {

	pkey, ctx, err := setupRSA(key, padding, h, label, saltLen, ch, init)
	if err != nil {
		return nil, err
	}
	defer func(_cgo0 *_Ctype_struct_evp_pkey_st) {;	_cgoCheckPointer(_cgo0);	(_Cfunc__goboringcrypto_EVP_PKEY_free)(_cgo0);}(pkey)
	defer func(_cgo0 *_Ctype_struct_evp_pkey_ctx_st) {;	_cgoCheckPointer(_cgo0);	(_Cfunc__goboringcrypto_EVP_PKEY_CTX_free)(_cgo0);}(ctx)

	var outLen _Ctype_size_t
	if crypt(ctx, nil, &outLen, base(in), _Ctype_size_t(len(in))) == 0 {
		return nil, fail("EVP_PKEY_decrypt/encrypt")
	}
	out := make([]byte, outLen)
	if crypt(ctx, base(out), &outLen, base(in), _Ctype_size_t(len(in))) <= 0 {
		return nil, fail("EVP_PKEY_decrypt/encrypt")
	}
	runtime.KeepAlive(gokey) // keep key from being freed before now
	return out[:outLen], nil
}

func DecryptRSAOAEP(h hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) {
	return cryptRSA(priv, priv.key, (_Ciconst_GO_RSA_PKCS1_OAEP_PADDING), h, label, 0, 0, decryptInit, decrypt, ciphertext)
}

func EncryptRSAOAEP(h hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) {
	return cryptRSA(pub, pub.key, (_Ciconst_GO_RSA_PKCS1_OAEP_PADDING), h, label, 0, 0, encryptInit, encrypt, msg)
}

func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) {
	return cryptRSA(priv, priv.key, (_Ciconst_GO_RSA_PKCS1_PADDING), nil, nil, 0, 0, decryptInit, decrypt, ciphertext)
}

func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) {
	return cryptRSA(pub, pub.key, (_Ciconst_GO_RSA_PKCS1_PADDING), nil, nil, 0, 0, encryptInit, encrypt, msg)
}

func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) {
	return cryptRSA(priv, priv.key, (_Ciconst_GO_RSA_NO_PADDING), nil, nil, 0, 0, decryptInit, decrypt, ciphertext)
}

func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) {
	return cryptRSA(pub, pub.key, (_Ciconst_GO_RSA_NO_PADDING), nil, nil, 0, 0, encryptInit, encrypt, msg)
}

// These dumb wrappers work around the fact that cgo functions cannot be used as values directly.

func decryptInit(ctx *_Ctype_struct_evp_pkey_ctx_st) _Ctype_int {
	return func(_cgo0 *_Ctype_struct_evp_pkey_ctx_st) _Ctype_int {;	_cgoCheckPointer(_cgo0);	return (_Cfunc__goboringcrypto_EVP_PKEY_decrypt_init)(_cgo0);}(ctx)
}

func decrypt(ctx *_Ctype_struct_evp_pkey_ctx_st, out *_Ctype_uint8_t, outLen *_Ctype_size_t, in *_Ctype_uint8_t, inLen _Ctype_size_t) _Ctype_int {
	return func(_cgo0 *_Ctype_struct_evp_pkey_ctx_st, _cgo1 *_Ctype_uint8_t, _cgo2 *_Ctype_size_t, _cgo3 *_Ctype_uint8_t, _cgo4 _Ctype_size_t) _Ctype_int {;	_cgoCheckPointer(_cgo0);	return (_Cfunc__goboringcrypto_EVP_PKEY_decrypt)(_cgo0, _cgo1, _cgo2, _cgo3, _cgo4);}(ctx, out, outLen, in, inLen)
}

func encryptInit(ctx *_Ctype_struct_evp_pkey_ctx_st) _Ctype_int {
	return func(_cgo0 *_Ctype_struct_evp_pkey_ctx_st) _Ctype_int {;	_cgoCheckPointer(_cgo0);	return (_Cfunc__goboringcrypto_EVP_PKEY_encrypt_init)(_cgo0);}(ctx)
}

func encrypt(ctx *_Ctype_struct_evp_pkey_ctx_st, out *_Ctype_uint8_t, outLen *_Ctype_size_t, in *_Ctype_uint8_t, inLen _Ctype_size_t) _Ctype_int {
	return func(_cgo0 *_Ctype_struct_evp_pkey_ctx_st, _cgo1 *_Ctype_uint8_t, _cgo2 *_Ctype_size_t, _cgo3 *_Ctype_uint8_t, _cgo4 _Ctype_size_t) _Ctype_int {;	_cgoCheckPointer(_cgo0);	return (_Cfunc__goboringcrypto_EVP_PKEY_encrypt)(_cgo0, _cgo1, _cgo2, _cgo3, _cgo4);}(ctx, out, outLen, in, inLen)
}

func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) {
	md := cryptoHashToMD(h)
	if md == nil {
		return nil, errors.New("crypto/rsa: unsupported hash function")
	}
	if saltLen == 0 {
		saltLen = -1
	}
	out := make([]byte, func(_cgo0 *_Ctype_struct_rsa_st) _Ctype_uint {;	_cgoCheckPointer(_cgo0);	return (_Cfunc__goboringcrypto_RSA_size)(_cgo0);}(priv.key))
	var outLen _Ctype_size_t
	if func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 *_Ctype_size_t, _cgo2 *_Ctype_uint8_t, _cgo3 _Ctype_size_t, _cgo4 *_Ctype_uint8_t, _cgo5 _Ctype_size_t, _cgo6 *_Ctype_struct_env_md_st, _cgo7 *_Ctype_struct_env_md_st, _cgo8 _Ctype_int) _Ctype_int {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo6);	return (_Cfunc__goboringcrypto_RSA_sign_pss_mgf1)(_cgo0, _cgo1, _cgo2, _cgo3, _cgo4, _cgo5, _cgo6, _cgo7, _cgo8);}(
		priv.key,
		&outLen, base(out), _Ctype_size_t(len(out)),
		base(hashed), _Ctype_size_t(len(hashed)),
		md, nil, _Ctype_int(saltLen)) == 0 {
		return nil, fail("RSA_sign_pss_mgf1")
	}
	runtime.KeepAlive(priv)

	return out[:outLen], nil
}

func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error {
	md := cryptoHashToMD(h)
	if md == nil {
		return errors.New("crypto/rsa: unsupported hash function")
	}
	if saltLen == 0 {
		saltLen = -2 // auto-recover
	}
	if func(_cgo0 *_Ctype_struct_rsa_st, _cgo1 *_Ctype_uint8_t, _cgo2 _Ctype_size_t, _cgo3 *_Ctype_struct_env_md_st, _cgo4 *_Ctype_struct_env_md_st, _cgo5 _Ctype_int, _cgo6 *_Ctype_uint8_t, _cgo7 _Ctype_size_t) _Ctype_int {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo3);	return (_Cfunc__goboringcrypto_RSA_verify_pss_mgf1)(_cgo0, _cgo1, _cgo2, _cgo3, _cgo4, _cgo5, _cgo6, _cgo7);}(pub.key,
		base(hashed),
		_Ctype_size_t(len(hashed)),
		md, nil, _Ctype_int(saltLen), base(sig), _Ctype_size_t(len(sig))) == 0 {
		return fail("RSA_verify_pss_mgf1")
	}
	runtime.KeepAlive(pub)
	return nil
}

func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte) ([]byte, error) {
	out := make([]byte, func(_cgo0 *_Ctype_struct_rsa_st) _Ctype_uint {;	_cgoCheckPointer(_cgo0);	return (_Cfunc__goboringcrypto_RSA_size)(_cgo0);}(priv.key))

	md := cryptoHashToMD(h)
	if md == nil {
		return nil, errors.New("crypto/rsa: unsupported hash function: " + strconv.Itoa(int(h)))
	}
	var outLen _Ctype_size_t
	if func(_cgo0 *_Ctype_struct_env_md_st, _cgo1 *_Ctype_uint8_t, _cgo2 _Ctype_size_t, _cgo3 *_Ctype_uint8_t, _cgo4 *_Ctype_size_t, _cgo5 *_Ctype_struct_rsa_st) _Ctype_int {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo5);	return (_Cfunc__goboringcrypto_EVP_RSA_sign)(_cgo0, _cgo1, _cgo2, _cgo3, _cgo4, _cgo5);}(md, base(msg), _Ctype_size_t(len(msg)), base(out), &outLen, priv.key) == 0 {
		return nil, fail("RSA_sign")
	}
	runtime.KeepAlive(priv)
	return out[:outLen], nil
}

func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, msg, sig []byte) error {
	size := int(func(_cgo0 *_Ctype_struct_rsa_st) _Ctype_uint {;	_cgoCheckPointer(_cgo0);	return (_Cfunc__goboringcrypto_RSA_size)(_cgo0);}(pub.key))
	if len(sig) < size {
		// BoringCrypto requires sig to be same size as RSA key, so pad with leading zeros.
		zsig := make([]byte, size)
		copy(zsig[len(zsig)-len(sig):], sig)
		sig = zsig
	}

	md := cryptoHashToMD(h)
	if md == nil {
		return errors.New("crypto/rsa: unsupported hash function")
	}
	if func(_cgo0 *_Ctype_struct_env_md_st, _cgo1 *_Ctype_uint8_t, _cgo2 _Ctype_size_t, _cgo3 *_Ctype_uint8_t, _cgo4 _Ctype_size_t, _cgo5 *_Ctype_struct_rsa_st) _Ctype_int {;	_cgoCheckPointer(_cgo0);	_cgoCheckPointer(_cgo5);	return (_Cfunc__goboringcrypto_EVP_RSA_verify)(_cgo0, _cgo1, _cgo2, _cgo3, _cgo4, _cgo5);}(md, base(msg), _Ctype_size_t(len(msg)), base(sig), _Ctype_size_t(len(sig)), pub.key) == 0 {
		return fail("RSA_verify")
	}
	runtime.KeepAlive(pub)
	return nil
}
