From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 23 Aug 2023 07:20:52 +0000 (+0200)
Subject: ctrl_params_translate: Allow RSA controls also for RSA-PSS
X-Git-Tag: openssl-3.1.3~49
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cb462f926094b98b33b9dd28bcaa75ca134d7d77;p=thirdparty%2Fopenssl.git

ctrl_params_translate: Allow RSA controls also for RSA-PSS

Controls 'rsa_keygen_pubexp' and 'rsa_keygen_primes' should also be allowed
for RSA-PSS keys.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)

(cherry picked from commit e2c2cca4b2fd1ad946d93507e9ca4f9ea910a114)
---

diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index c3e3874c6b4..f46fba31754 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -2271,10 +2271,10 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
     { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
       EVP_PKEY_CTRL_RSA_KEYGEN_BITS, "rsa_keygen_bits", NULL,
       OSSL_PKEY_PARAM_RSA_BITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
-    { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
+    { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
       EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, "rsa_keygen_pubexp", NULL,
       OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
-    { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
+    { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
       EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL,
       OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
 
diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t
index e5dbab1d88d..cea1c605d1e 100644
--- a/test/recipes/15-test_rsapss.t
+++ b/test/recipes/15-test_rsapss.t
@@ -114,6 +114,8 @@ ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
    my $rsapss = "rsapss.key";
    ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS',
                '-pkeyopt', 'rsa_keygen_bits:1024',
+               '-pkeyopt', 'rsa_keygen_pubexp:65537',
+               '-pkeyopt', 'rsa_keygen_primes:2',
                '--out', $rsapss])));
    ok(run(app(['openssl', 'rsa', '-check',
                '-in', $rsapss])));