ctrl_params_translate: Allow RSA controls also for RSA-PSS

Controls 'rsa_keygen_pubexp' and 'rsa_keygen_primes' should also be allowed
for RSA-PSS keys.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)

2 files changed, 4 insertions, 2 deletions

diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index f5758f4444..ae7468e751 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -2333,10 +2333,10 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
     { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
       EVP_PKEY_CTRL_RSA_KEYGEN_BITS, "rsa_keygen_bits", NULL,
       OSSL_PKEY_PARAM_RSA_BITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
-    { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
+    { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
       EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, "rsa_keygen_pubexp", NULL,
       OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
-    { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
+    { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
       EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL,
       OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
 
diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t
index e5dbab1d88..cea1c605d1 100644
--- a/test/recipes/15-test_rsapss.t
+++ b/test/recipes/15-test_rsapss.t
@@ -114,6 +114,8 @@ ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
    my $rsapss = "rsapss.key";
    ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS',
                '-pkeyopt', 'rsa_keygen_bits:1024',
+               '-pkeyopt', 'rsa_keygen_pubexp:65537',
+               '-pkeyopt', 'rsa_keygen_primes:2',
                '--out', $rsapss])));
    ok(run(app(['openssl', 'rsa', '-check',
                '-in', $rsapss])));