Open
Description
Describe the feature
The OpenSSL (mostly in the context of TLS 1.3) supports special RSA keys, that are designated only to the PSS operation. These could be distinguished on the PKCS#11 level as RSA keys with ALLOWED_MECHANISMS set to only RSA-PSS mechanisms or by having associated certificate with RSA-PSS usage (will have to go back to figure out the right name).
Expected behavior
Reading the PKCS#11 objects should try to derive the RSA/RSA-PSS and return different OpenSSL key types based on the allowed mechanisms (if supported by the token) or associated certificate.
Additional context
We already have a way to set the ALLOWED_MECHANISMS when we generate key, but it still results in generic RSA key instead of the RSA-PSS one.