Skip to content
Permalink
Browse files

openssl: support RSA_NO_PADDING padding

When PSS padding is in use, OpenSSL pre-pads the data and
requests signature with padding=RSA_NO_PADDING. Handle this
using CKM_RSA_X_509 as the mechanism.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
  • Loading branch information
selvanair authored and alonbl committed Apr 17, 2019
1 parent 168f855 commit c192bb48e9170d636e305d03a87c82580101a1a9
Showing with 16 additions and 4 deletions.
  1. +1 −0 ChangeLog
  2. +15 −4 lib/pkcs11h-openssl.c
@@ -4,6 +4,7 @@ Copyright (c) 2005-2018 Alon Bar-Lev <alon.barlev@gmail.com>
????-???-?? - Version 1.26

* openssl: build with openssl ec disabled
* openssl: support RSA_NO_PADDING padding, thanks to Selva Nair

2018-08-16 - Version 1.25.1

@@ -478,6 +478,9 @@ __pkcs11h_openssl_rsa_dec (
rv = CKR_MECHANISM_INVALID;
break;
case RSA_NO_PADDING:
mech = CKM_RSA_X_509;
break;
default:
rv = CKR_MECHANISM_INVALID;
break;
}
@@ -552,6 +555,7 @@ __pkcs11h_openssl_rsa_enc (
PKCS11H_BOOL session_locked = FALSE;
CK_RV rv = CKR_FUNCTION_FAILED;
size_t tlen;
CK_MECHANISM_TYPE mech = CKM_RSA_PKCS;

_PKCS11H_ASSERT (from!=NULL);
_PKCS11H_ASSERT (to!=NULL);
@@ -567,9 +571,16 @@ __pkcs11h_openssl_rsa_enc (
padding
);

if (padding != RSA_PKCS1_PADDING) {
rv = CKR_MECHANISM_INVALID;
goto cleanup;
switch (padding) {
case RSA_PKCS1_PADDING:
mech = CKM_RSA_PKCS;
break;
case RSA_NO_PADDING:
mech = CKM_RSA_X_509;
break;
default:
rv = CKR_MECHANISM_INVALID;
goto cleanup;
}

tlen = (size_t)RSA_size(rsa);
@@ -587,7 +598,7 @@ __pkcs11h_openssl_rsa_enc (
if (
(rv = pkcs11h_certificate_signAny (
certificate,
CKM_RSA_PKCS,
mech,
from,
flen,
to,

0 comments on commit c192bb4

Please sign in to comment.
You can’t perform that action at this time.