ctrl_params_translate: Allow RSA controls also for RSA-PSS

Controls 'rsa_keygen_pubexp' and 'rsa_keygen_primes' should also be allowed for RSA-PSS keys. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #21818) (cherry picked from commit e2c2cca)
openssl · Aug 24, 2023 · 53dca2f · 53dca2f
1 parent 8e122f4
commit 53dca2f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
@@ -2271,10 +2271,10 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
     { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
       EVP_PKEY_CTRL_RSA_KEYGEN_BITS, "rsa_keygen_bits", NULL,
       OSSL_PKEY_PARAM_RSA_BITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
-    { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
+    { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
       EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, "rsa_keygen_pubexp", NULL,
       OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
-    { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
+    { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
       EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL,
       OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
 

diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t
@@ -79,6 +79,8 @@ ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
    my $rsapss = "rsapss.key";
    ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS',
                '-pkeyopt', 'rsa_keygen_bits:1024',
+               '-pkeyopt', 'rsa_keygen_pubexp:65537',
+               '-pkeyopt', 'rsa_keygen_primes:2',
                '--out', $rsapss])));
    ok(run(app(['openssl', 'rsa', '-check',
                '-in', $rsapss])));