So I went back to this and I think the problem is we are forced to
create a RSA_private_encrypt function even if all we want to do is sign.
https://github.com/openssl/openssl/blob/master/crypto/rsa/rsa_pmeth.c#L184
That branch gets hit on doing a TLS connection but not on creating a
certificate. Ideally, shouldn't RSA_PKCS1_PSS_PADDING (and the other
padding mode) also be handled by the RSA_sign of the engine
implementation? I mean it is inside a function called pkey_rsa_sign.
Though the RSA_sign function signature doesn't seem to allow specifying
the padding.
