Skip to content

Commit

Permalink
Allow also Raw PSS mechanisms in the default set
Browse files Browse the repository at this point in the history
When an application pre-hashes the content to be signed it can use the
raw CKM_RSA_PKCS_PSS mechanism to apply a signature. This may be done
with simple hardware tokens that do not support digest operations on
board and need to rely on the software to deal with that part.
We should not preclude such use for key we generate.

Signed-off-by: Simo Sorce <[email protected]>
  • Loading branch information
simo5 committed May 29, 2024
1 parent 97d5cca commit f265b96
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/keymgmt.c
Original file line number Diff line number Diff line change
Expand Up @@ -1022,7 +1022,7 @@ static CK_RV set_default_rsapss_mechanisms(struct key_generator *ctx)
CKM_SHA256_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS_PSS,
CKM_SHA512_RSA_PKCS_PSS, CKM_SHA3_224_RSA_PKCS_PSS,
CKM_SHA3_256_RSA_PKCS_PSS, CKM_SHA3_384_RSA_PKCS_PSS,
CKM_SHA3_512_RSA_PKCS_PSS
CKM_SHA3_512_RSA_PKCS_PSS, CKM_RSA_PKCS_PSS
};

ctx->data.rsa.allowed_types = OPENSSL_malloc(sizeof(rsapss_mechs));
Expand Down

0 comments on commit f265b96

Please sign in to comment.