From 3a5e2575e95f696c4a486b7b4d42f045bd94ebbb Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 29 May 2024 12:04:39 -0400 Subject: [PATCH] Allow also Raw PSS mechanisms in the default set When an application pre-hashes the content to be signed it can use the raw CKM_RSA_PKCS_PSS mechanism to apply a signature. This may be done with simple hardware tokens that do not support digest operations on board and need to rely on the software to deal with that part. We should not preclude such use for key we generate. Signed-off-by: Simo Sorce --- src/keymgmt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/keymgmt.c b/src/keymgmt.c index 299f79cc..9e426750 100644 --- a/src/keymgmt.c +++ b/src/keymgmt.c @@ -1022,7 +1022,7 @@ static CK_RV set_default_rsapss_mechanisms(struct key_generator *ctx) CKM_SHA256_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS_PSS, CKM_SHA512_RSA_PKCS_PSS, CKM_SHA3_224_RSA_PKCS_PSS, CKM_SHA3_256_RSA_PKCS_PSS, CKM_SHA3_384_RSA_PKCS_PSS, - CKM_SHA3_512_RSA_PKCS_PSS + CKM_SHA3_512_RSA_PKCS_PSS, CKM_RSA_PKCS_PSS }; ctx->data.rsa.allowed_types = OPENSSL_malloc(sizeof(rsapss_mechs));