Hello Selva and Matt,
Thanks for the pointers. Following the suggested approach, I have added (in a branch of a fork) initial support of RSA-PSS for the BCrypt engine and the few first tests look promising. Next, I will do the same thing for NCrypt. After that I will probably add support for OAEP as well.
Best regards,
Reinier
On Fri, Jul 2, 2021 at 1:35 PM Selva Nair <selva.nair@xxxxxxxxx> wrote:
HiThis is great, but limiting RSA signature to RSA-PKCS#1 v 1.5 is a major limitation. It doesn't have to be that way as the OpenSSL engine interface does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.Yes I agree the lack of support for RSA-PSS is significant. There is a discussion (which includes you, I see ) around the root cause of that here: https://github.com/openssl/openssl/issues/7341 , among other places.That discussion is valid only if you insist on using "legacy" rsa_sign or other rsa_priv_dec which have no mechanism for providing context info like padding and hash type.It is not clear to me what you mean with "the OpenSSL engine interface does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.". Can you elaborate (here or on the GitHub issue)?To add to what Matt wrote:As an example, see my PR for pkcs11-helper: https://github.com/OpenSC/pkcs11-helper/pull/31 This uses a dummy engine and passes the singing operation to the pkcs11 device, but the idea is the same.Selva
