Hello Selva and Matt, Thanks for the pointers. Following the suggested approach, I have added (in a branch of a fork) initial support of RSA-PSS for the BCrypt engine and the few first tests look promising. Next, I will do the same thing for NCrypt. After that I will probably add support for OAEP as well.
Best regards, Reinier On Fri, Jul 2, 2021 at 1:35 PM Selva Nair <selva.n...@gmail.com> wrote: > Hi > >> >>> >>> This is great, but limiting RSA signature to RSA-PKCS#1 v 1.5 is a >>> major limitation. It doesn't have to be that way as the OpenSSL engine >>> interface does allow using EVP_PKEY_METHOD callbacks instead of >>> rsa_priv_dec etc. >>> >> >> Yes I agree the lack of support for RSA-PSS is significant. There is a >> discussion (which includes you, I see ) around the root cause of that here: >> https://github.com/openssl/openssl/issues/7341 , among other places. >> > > That discussion is valid only if you insist on using "legacy" rsa_sign or > other rsa_priv_dec which have no mechanism for providing context info like > padding and hash type. > > >> It is not clear to me what you mean with "the OpenSSL engine interface >> does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.". >> Can you elaborate (here or on the GitHub issue)? >> > > To add to what Matt wrote: > > As an example, see my PR for pkcs11-helper: > https://github.com/OpenSC/pkcs11-helper/pull/31 This uses a dummy engine > and passes the singing operation to the pkcs11 device, but the idea is the > same. > > Selva > >>