Allow also Raw PSS mechanisms in the default set

When an application pre-hashes the content to be signed it can use the raw CKM_RSA_PKCS_PSS mechanism to apply a signature. This may be done with simple hardware tokens that do not support digest operations on board and need to rely on the software to deal with that part. We should not preclude such use for key we generate. Signed-off-by: Simo Sorce <[email protected]>
latchset · May 29, 2024 · 06db9f0 · 06db9f0
1 parent 4116318
commit 06db9f0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/keymgmt.c b/src/keymgmt.c
@@ -1022,7 +1022,7 @@ static CK_RV set_default_rsapss_mechanisms(struct key_generator *ctx)
         CKM_SHA256_RSA_PKCS_PSS,   CKM_SHA384_RSA_PKCS_PSS,
         CKM_SHA512_RSA_PKCS_PSS,   CKM_SHA3_224_RSA_PKCS_PSS,
         CKM_SHA3_256_RSA_PKCS_PSS, CKM_SHA3_384_RSA_PKCS_PSS,
-        CKM_SHA3_512_RSA_PKCS_PSS
+        CKM_SHA3_512_RSA_PKCS_PSS, CKM_RSA_PKCS_PSS
     };
 
     ctx->data.rsa.allowed_types = OPENSSL_malloc(sizeof(rsapss_mechs));