Enable Encoders/Decoders for RSA-PSS too

Seem like we forgot to explicitly enable them in the past. OpenSSL considers RSA-PSS a separate key type and requires explicit encoders, will not fallback to RSA encoders/decoders from a provider and instead will try to export private keys to the default provider to use the base encoders/decoders. Signed-off-by: Simo Sorce <[email protected]>
simo5 · May 28, 2024 · 3a91fb8 · 3a91fb8
1 parent 695dc83
commit 3a91fb8
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/src/provider.c b/src/provider.c
@@ -1074,6 +1074,18 @@ static CK_RV operations_init(P11PROV_CTX *ctx)
     ADD_ALGO_EXT(RSA, encoder,
                  "provider=pkcs11,output=pem,structure=SubjectPublicKeyInfo",
                  p11prov_rsa_encoder_spki_pem_functions);
+    ADD_ALGO_EXT(RSAPSS, encoder, "provider=pkcs11,output=text",
+                 p11prov_rsa_encoder_text_functions);
+    ADD_ALGO_EXT(RSAPSS, encoder, "provider=pkcs11,output=der,structure=pkcs1",
+                 p11prov_rsa_encoder_pkcs1_der_functions);
+    ADD_ALGO_EXT(RSAPSS, encoder, "provider=pkcs11,output=pem,structure=pkcs1",
+                 p11prov_rsa_encoder_pkcs1_pem_functions);
+    ADD_ALGO_EXT(RSAPSS, encoder,
+                 "provider=pkcs11,output=der,structure=SubjectPublicKeyInfo",
+                 p11prov_rsa_encoder_spki_der_functions);
+    ADD_ALGO_EXT(RSAPSS, encoder,
+                 "provider=pkcs11,output=pem,structure=SubjectPublicKeyInfo",
+                 p11prov_rsa_encoder_spki_pem_functions);
     ADD_ALGO_EXT(EC, encoder, "provider=pkcs11,output=text",
                  p11prov_ec_encoder_text_functions);
     ADD_ALGO_EXT(EC, encoder, "provider=pkcs11,output=der,structure=pkcs1",
@@ -1091,6 +1103,9 @@ static CK_RV operations_init(P11PROV_CTX *ctx)
         ADD_ALGO_EXT(RSA, encoder,
                      "provider=pkcs11,output=pem,structure=PrivateKeyInfo",
                      p11prov_rsa_encoder_priv_key_info_pem_functions);
+        ADD_ALGO_EXT(RSAPSS, encoder,
+                     "provider=pkcs11,output=pem,structure=PrivateKeyInfo",
+                     p11prov_rsa_encoder_priv_key_info_pem_functions);
         ADD_ALGO_EXT(EC, encoder,
                      "provider=pkcs11,output=pem,structure=PrivateKeyInfo",
                      p11prov_ec_encoder_priv_key_info_pem_functions);
@@ -1146,6 +1161,9 @@ static const OSSL_ALGORITHM p11prov_decoders[] = {
     { P11PROV_NAMES_RSA,
       "provider=pkcs11,input=der,structure=" P11PROV_DER_STRUCTURE,
       p11prov_der_decoder_p11prov_rsa_functions },
+    { P11PROV_NAMES_RSAPSS,
+      "provider=pkcs11,input=der,structure=" P11PROV_DER_STRUCTURE,
+      p11prov_der_decoder_p11prov_rsa_functions },
     { P11PROV_NAMES_EC,
       "provider=pkcs11,input=der,structure=" P11PROV_DER_STRUCTURE,
       p11prov_der_decoder_p11prov_ec_functions },