pub fn pss_sign<H: Hasher>(
sk: &RsaSecretKey,
m_hash: &[u8],
s_len: usize,
rng: &mut dyn FnMut(&mut [u8]),
) -> Option<Vec<u8>>Expand description
RSASSA-PSS sign of a precomputed digest (RFC 8017 §8.1.1).
Draws a fresh s_len-byte random salt from rng and calls
pss_sign_with_salt. Each invocation produces a different
signature even for the same (sk, m_hash).
Recommended salt length: s_len = H::OUTPUT_LEN (the same length
as the hash). Setting s_len = 0 produces a deterministic
signature (“no salt”) – the same (sk, m_hash, H) will always
yield the same bytes; this is allowed by the spec but gives up
the randomized-signature security property.