From f265b965449f64b73c4b6a20d0243775e5f6c665 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 29 May 2024 12:04:39 -0400 Subject: [PATCH] Allow also Raw PSS mechanisms in the default set When an application pre-hashes the content to be signed it can use the raw CKM_RSA_PKCS_PSS mechanism to apply a signature. This may be done with simple hardware tokens that do not support digest operations on board and need to rely on the software to deal with that part. We should not preclude such use for key we generate. Signed-off-by: Simo Sorce --- src/keymgmt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/keymgmt.c b/src/keymgmt.c index bde51591..d083fc33 100644 --- a/src/keymgmt.c +++ b/src/keymgmt.c @@ -1022,7 +1022,7 @@ static CK_RV set_default_rsapss_mechanisms(struct key_generator *ctx) CKM_SHA256_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS_PSS, CKM_SHA512_RSA_PKCS_PSS, CKM_SHA3_224_RSA_PKCS_PSS, CKM_SHA3_256_RSA_PKCS_PSS, CKM_SHA3_384_RSA_PKCS_PSS, - CKM_SHA3_512_RSA_PKCS_PSS + CKM_SHA3_512_RSA_PKCS_PSS, CKM_RSA_PKCS_PSS }; ctx->data.rsa.allowed_types = OPENSSL_malloc(sizeof(rsapss_mechs));