[Acc] [PATCH 12/16] uadk_provider: adapt rsa key management with pss padding mode

10 Feb 2026

From: lizhi <lizhi206@huawei.com>

Add support for RSA key management with pss padding mode.

Test with:
openssl3 genpkey  -provider uadk_provider -algorithm RSA-PSS

Signed-off-by: lizhi <lizhi206@huawei.com>
---
 src/uadk_prov.h           |  2 +
 src/uadk_prov_init.c      |  8 +++-
 src/uadk_prov_rsa_kmgmt.c | 81 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 90 insertions(+), 1 deletion(-)

diff --git a/src/uadk_prov.h b/src/uadk_prov.h
index 60031cb..f162854 100644
--- a/src/uadk_prov.h
+++ b/src/uadk_prov.h
@@ -190,6 +190,7 @@ extern const OSSL_DISPATCH uadk_des_ede3_ecb_functions[FUNC_MAX_NUM];
 
 extern const OSSL_DISPATCH uadk_rsa_signature_functions[FUNC_MAX_NUM];
 extern const OSSL_DISPATCH uadk_rsa_keymgmt_functions[FUNC_MAX_NUM];
+extern const OSSL_DISPATCH uadk_rsapss_keymgmt_functions[FUNC_MAX_NUM];
 extern const OSSL_DISPATCH uadk_rsa_asym_cipher_functions[FUNC_MAX_NUM];
 
 extern const OSSL_DISPATCH uadk_dh_keymgmt_functions[FUNC_MAX_NUM];
@@ -229,6 +230,7 @@ void set_default_ecdh_keyexch(void);
 void set_default_ecx_keymgmt(void);
 void set_default_ecx_keyexch(void);
 void set_default_rsa_keymgmt(void);
+void set_default_rsapss_keymgmt(void);
 void set_default_rsa_signature(void);
 void set_default_rsa_asym_cipher(void);
 void set_default_sm2_asym_cipher(void);
diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
index 03a3485..b5d94e0 100644
--- a/src/uadk_prov_init.c
+++ b/src/uadk_prov_init.c
@@ -288,6 +288,8 @@ static const OSSL_ALGORITHM uadk_prov_signature_v3[] = {
 static const OSSL_ALGORITHM uadk_prov_keymgmt_v2[] = {
 	{ "RSA", UADK_DEFAULT_PROPERTIES,
 	  uadk_rsa_keymgmt_functions, "uadk RSA Keymgmt implementation." },
+	{ "RSA-PSS", UADK_DEFAULT_PROPERTIES,
+	  uadk_rsapss_keymgmt_functions, "uadk RSA-PSS Keymgmt implementation." },
 	{ "DH", UADK_DEFAULT_PROPERTIES, uadk_dh_keymgmt_functions },
 	{ NULL, NULL, NULL, NULL }
 };
@@ -295,7 +297,10 @@ static const OSSL_ALGORITHM uadk_prov_keymgmt_v2[] = {
 static const OSSL_ALGORITHM uadk_prov_keymgmt_v3[] = {
 	{ "RSA", UADK_DEFAULT_PROPERTIES,
 	  uadk_rsa_keymgmt_functions, "uadk RSA Keymgmt implementation." },
-	{ "DH", UADK_DEFAULT_PROPERTIES, uadk_dh_keymgmt_functions },
+	{ "RSA-PSS", UADK_DEFAULT_PROPERTIES,
+	  uadk_rsapss_keymgmt_functions, "uadk RSA-PSS Keymgmt implementation." },
+	{ "DH", UADK_DEFAULT_PROPERTIES,
+	  uadk_dh_keymgmt_functions, "uadk dh Keymgmt implementation." },
 	{ "SM2", UADK_DEFAULT_PROPERTIES,
 	  uadk_sm2_keymgmt_functions, "uadk SM2 Keymgmt implementation." },
 	{ "EC", UADK_DEFAULT_PROPERTIES,
@@ -674,6 +679,7 @@ static void uadk_set_default_alg(void)
 	set_default_ecx_keymgmt();
 	set_default_ecx_keyexch();
 	set_default_rsa_keymgmt();
+	set_default_rsapss_keymgmt();
 	set_default_rsa_asym_cipher();
 	set_default_rsa_signature();
 	set_default_sm2_asym_cipher();
diff --git a/src/uadk_prov_rsa_kmgmt.c b/src/uadk_prov_rsa_kmgmt.c
index a3cf065..1286ae5 100644
--- a/src/uadk_prov_rsa_kmgmt.c
+++ b/src/uadk_prov_rsa_kmgmt.c
@@ -75,12 +75,18 @@ struct rsa_gen_ctx {
 };
 
 static UADK_PKEY_KEYMGMT s_keymgmt;
+static UADK_PKEY_KEYMGMT rsapss_keymgmt;
 
 static UADK_PKEY_KEYMGMT get_default_rsa_keymgmt(void)
 {
 	return s_keymgmt;
 }
 
+static UADK_PKEY_KEYMGMT get_default_rsapss_keymgmt(void)
+{
+	return rsapss_keymgmt;
+}
+
 void set_default_rsa_keymgmt(void)
 {
 	UADK_PKEY_KEYMGMT *keymgmt;
@@ -94,6 +100,19 @@ void set_default_rsa_keymgmt(void)
 	}
 }
 
+void set_default_rsapss_keymgmt(void)
+{
+	UADK_PKEY_KEYMGMT *keymgmt;
+
+	keymgmt = (UADK_PKEY_KEYMGMT *)EVP_KEYMGMT_fetch(NULL, "RSA-PSS", "provider=default");
+	if (keymgmt) {
+		rsapss_keymgmt = *keymgmt;
+		EVP_KEYMGMT_free((EVP_KEYMGMT *)keymgmt);
+	} else {
+		UADK_INFO("failed to EVP_KEYMGMT_fetch rsa-pss default provider\n");
+	}
+}
+
 static void uadk_rsa_clear_flags(RSA *r, int flags)
 {
 	r->flags &= ~flags;
@@ -993,3 +1012,65 @@ static void *uadk_keymgmt_rsa_dup(const void *keydata_from, int selection)
 
 	return get_default_rsa_keymgmt().dup(keydata_from, selection);
 }
+
+static void *uadk_keymgmt_rsapss_new(void *provctx)
+{
+	if (!get_default_rsapss_keymgmt().new_fun)
+		return NULL;
+
+	return get_default_rsapss_keymgmt().new_fun(provctx);
+}
+
+static void *uadk_keymgmt_rsapss_gen_init(void *provctx, int selection,
+				       const OSSL_PARAM params[])
+{
+	if (!get_default_rsapss_keymgmt().gen_init)
+		return NULL;
+
+	return get_default_rsapss_keymgmt().gen_init(provctx, selection, params);
+}
+
+static const OSSL_PARAM *uadk_keymgmt_rsapss_gen_settable_params(ossl_unused void *genctx,
+							      ossl_unused void *provctx)
+{
+	if (!get_default_rsapss_keymgmt().gen_settable_params)
+		return NULL;
+
+	return get_default_rsapss_keymgmt().gen_settable_params(genctx, provctx);
+}
+
+static void *uadk_keymgmt_rsapss_load(const void *reference, size_t reference_sz)
+{
+	if (!get_default_rsapss_keymgmt().load)
+		return NULL;
+
+	return get_default_rsapss_keymgmt().load(reference, reference_sz);
+}
+
+const OSSL_DISPATCH uadk_rsapss_keymgmt_functions[] = {
+	{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))uadk_keymgmt_rsapss_new },
+	{ OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))uadk_keymgmt_rsa_free },
+	{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))uadk_keymgmt_rsa_get_params },
+	{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS,
+		(void (*) (void))uadk_keymgmt_rsa_gettable_params },
+	{ OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))uadk_keymgmt_rsapss_gen_init },
+	{ OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS,
+		(void (*)(void))uadk_keymgmt_rsa_gen_set_params },
+	{ OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
+		(void (*)(void))uadk_keymgmt_rsapss_gen_settable_params },
+	{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))uadk_keymgmt_rsa_gen },
+	{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))uadk_keymgmt_rsa_gen_cleanup },
+	{ OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))uadk_keymgmt_rsapss_load },
+	{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))uadk_keymgmt_rsa_has },
+	{ OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))uadk_keymgmt_rsa_validate },
+	{ OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))uadk_keymgmt_rsa_match },
+	{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))uadk_keymgmt_rsa_import },
+	{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES,
+		(void (*)(void))uadk_keymgmt_rsa_import_types },
+	{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))uadk_keymgmt_rsa_export },
+	{ OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))uadk_keymgmt_rsa_export_types },
+	{ OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))uadk_keymgmt_rsa_dup },
+	{ OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME,
+		(void (*)(void))uadk_keymgmt_rsa_query_operation_name },
+	{ 0, NULL }
+};
-- 
2.43.0

    

[Acc] [PATCH 12/16] uadk_provider: adapt rsa key management with pss padding mode

ZongYu Wu