}{
		{PSSSaltLengthAuto, PSSSaltLengthAuto, true},
		{PSSSaltLengthEqualsHash, PSSSaltLengthAuto, true},
		{PSSSaltLengthEqualsHash, PSSSaltLengthEqualsHash, true},
		{PSSSaltLengthEqualsHash, 8, false},
		{PSSSaltLengthAuto, PSSSaltLengthEqualsHash, false},
		{8, 8, true},
		{PSSSaltLengthAuto, 42, true},
		{PSSSaltLengthAuto, 20, false},
		{PSSSaltLengthAuto, -2, false},
	}

		copy(emNew[k-emLen:], em)
		em = emNew
	}

	return decrypt(priv, em, withCheck)
}

const (
	// PSSSaltLengthAuto causes the salt in a PSS signature to be as large
	// as possible when signing, and to be auto-detected when verifying.
	PSSSaltLengthAuto = 0
	// PSSSaltLengthEqualsHash causes the salt length to equal the length
	// of the hash used in the signature.
	PSSSaltLengthEqualsHash = -1
)

			t.Errorf("VerifyPKCS1v15 success for tampered message")
		}
		hash[1] ^= 0x80
	}

	opts := &PSSOptions{SaltLength: PSSSaltLengthAuto}
	sig, err = SignPSS(rand.Reader, priv, crypto.SHA256, hash[:], opts)
	if err == ErrMessageTooLong {
		t.Log("key too small for SignPSS with PSSSaltLengthAuto")
	} else if err != nil {
		t.Errorf("SignPSS: %v", err)
	}
	if err == nil {

		{"PKCS1v15DecryptOptions", Type, 5},
		{"PKCS1v15DecryptOptions.SessionKeyLen", Field, 5},
		{"PSSOptions", Type, 2},
		{"PSSOptions.Hash", Field, 4},
		{"PSSOptions.SaltLength", Field, 2},
		{"PSSSaltLengthAuto", Const, 2},
		{"PSSSaltLengthEqualsHash", Const, 2},
		{"PrecomputedValues", Type, 0},
		{"PrecomputedValues.CRTValues", Field, 0},
		{"PrecomputedValues.Dp", Field, 0},
		{"PrecomputedValues.Dq", Field, 0},

pkg crypto/cipher, type AEAD interface, Seal([]uint8, []uint8, []uint8, []uint8) []uint8
pkg crypto/md5, func Sum([]uint8) [16]uint8
pkg crypto/rsa, const PSSSaltLengthAuto = 0
pkg crypto/rsa, const PSSSaltLengthAuto ideal-int
pkg crypto/rsa, const PSSSaltLengthEqualsHash = -1
pkg crypto/rsa, const PSSSaltLengthEqualsHash ideal-int