Make `openssl check -rsa ...` to work for both RSA and RSA-PSS.

	Fixes openssl#17167

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17920)

diff --git a/apps/rsa.c b/apps/rsa.c
index 05a091ce4be0f397d265f2f45c870edace997973..97e9504a009ca8bb7f08a955e6d1fc1a46911f17 100644 (file)
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -257,7 +257,7 @@ int rsa_main(int argc, char **argv)
         ERR_print_errors(bio_err);
         goto end;
     }
-    if (!EVP_PKEY_is_a(pkey, "RSA")) {
+    if (!EVP_PKEY_is_a(pkey, "RSA") && !EVP_PKEY_is_a(pkey, "RSA-PSS")) {
         BIO_printf(bio_err, "Not an RSA key\n");
         goto end;
     }

diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t
index 69a5b7b0eb5d1361c0996956e83bfd23a1110bfb..ea87d8420ea26a07b0d093f9540370416bdeed1f 100644 (file)
--- a/test/recipes/15-test_rsapss.t
+++ b/test/recipes/15-test_rsapss.t
@@ -16,7 +16,7 @@ use OpenSSL::Test::Utils;
 
 setup("test_rsapss");
 
-plan tests => 7;
+plan tests => 9;
 
 #using test/testrsa.pem which happens to be a 512 bit RSA
 ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
@@ -64,3 +64,13 @@ ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
             '-signature', 'testrsapss-unrestricted.sig',
             srctop_file('test', 'testrsa.pem')])),
    "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]");
+
+# Test that RSA-PSS keys are supported by genpkey and rsa commands.
+{
+   my $rsapss = "rsapss.key";
+   ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS',
+               '-pkeyopt', 'rsa_keygen_bits:1024',
+               '--out', $rsapss])));
+   ok(run(app(['openssl', 'rsa', '-check',
+               '-in', $rsapss])));
+}