Hi Selva, On Fri, Jul 2, 2021 at 10:49 AM Selva Nair <selva.n...@gmail.com> wrote:
> Hi, > > On Thu, Jul 1, 2021 at 1:49 PM Reinier Torenbeek < > reinier.torenb...@gmail.com> wrote: > >> Hi, >> >> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you >> may want to check out this new OpenSSL CNG Engine project on GitHub: >> https://github.com/rticommunity/openssl-cng-engine . The associated >> User's Manual is on ReadTheDocs: >> https://openssl-cng-engine.readthedocs.io/en/latest/index.html . >> >> The project implements the majority of the EVP interface, to leverage the >> BCrypt crypto implementations, as well as a subset of the STORE interface, >> for integration with the Windows Certificate and Keystore(s), via the >> NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 10, with >> Visual Studio 2017 and 2019. It is released under the Apache-2.0 license. >> >> Any feedback is welcome, please send it to me or open an issue on GitHub. >> > > This is great, but limiting RSA signature to RSA-PKCS#1 v 1.5 is a major > limitation. It doesn't have to be that way as the OpenSSL engine interface > does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc. > Yes I agree the lack of support for RSA-PSS is significant. There is a discussion (which includes you, I see ) around the root cause of that here: https://github.com/openssl/openssl/issues/7341 , among other places. It is not clear to me what you mean with "the OpenSSL engine interface does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.". Can you elaborate (here or on the GitHub issue)? Thanks, Reinier > Selva > >>
