Skip to content

Commit

Permalink
pkcs11: Do not enable RSA-PSS HASH mechanisms without OpenSSL
Browse files Browse the repository at this point in the history
  • Loading branch information
Jakuje committed Apr 3, 2024
1 parent ede0234 commit b492a4c
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions src/pkcs11/framework-pkcs15.c
Original file line number Diff line number Diff line change
Expand Up @@ -6681,6 +6681,11 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
if (rc != CKR_OK)
return rc;

#ifdef ENABLE_OPENSSL
/* sc_pkcs11_register_sign_and_hash_mechanism expects software hash */
/* All hashes are in OpenSSL
* Either the card set the hashes or we helped it above */

if (rsa_flags & SC_ALGORITHM_RSA_HASH_SHA1) {
rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card,
CKM_SHA1_RSA_PKCS_PSS, CKM_SHA_1, registered_mt);
Expand Down Expand Up @@ -6711,6 +6716,7 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
if (rc != CKR_OK)
return rc;
}
#endif /* ENABLE_OPENSSL */
mech_info.flags = old_flags;
}

Expand Down

0 comments on commit b492a4c

Please sign in to comment.