https://community.nxp.com/t5/Secure-Authentication/SE050-and-Middleware-v4-3-0-Possible-bug-with-Openssl-engine/m-p/1688533#M1306 <P>I'm using the SE050F2 With middleware v4.3.0. I'm using the an openssl engine so external libs like security-xml-c can leverage the RSA keys in the SE050.</P><P>I'm finding a failure in sss/plugin/openssl/engine/src/ax_sssEngine_rsa.c in the function EmbSe_RSA_Priv_Encrypt() where if the RSA padding selected is not set to RSA_NO_PADDING, the call fails. Is this correct or a bug? xml-security-c uses RSA padding&nbsp;<SPAN>RSA_PKCS1_PADDING which complies with the XML security standard.&nbsp;</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TonyMo_0-1689338999815.png" style="width: 400px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/232486i2C6419200FF7A9E0/image-size/medium?v=v2&amp;px=400" role="button" title="TonyMo_0-1689338999815.png" alt="TonyMo_0-1689338999815.png" /></span></P><P>&nbsp;</P><P>Also, in the same function&nbsp;EmbSe_RSA_Priv_Encrypt(), I notice that sss_asymmetric_context_init() uses the kMode_SSS_Decrypt and makes a call to sss_assymmetric_decrypt(). I intuitively would expect that RSA_Priv_Encrypt() is doing "encrypt" operations, not "decrypt" operations. Is this a bug?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TonyMo_1-1689339252997.png" style="width: 400px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/232487i5D24B5C5CFBCD5D2/image-size/medium?v=v2&amp;px=400" role="button" title="TonyMo_1-1689339252997.png" alt="TonyMo_1-1689339252997.png" /></span></P><P>&nbsp;</P><P>Thank you for your help.</P><P>Cheers,</P><P>Tony</P><P>&nbsp;</P> Fri, 14 Jul 2023 12:54:23 GMT TonyMo 2023-07-14T12:54:23Z https://community.nxp.com/t5/Secure-Authentication/SE050-and-Middleware-v4-3-0-Possible-bug-with-Openssl-engine/m-p/1688533#M1306 <P>I'm using the SE050F2 With middleware v4.3.0. I'm using the an openssl engine so external libs like security-xml-c can leverage the RSA keys in the SE050.</P><P>I'm finding a failure in sss/plugin/openssl/engine/src/ax_sssEngine_rsa.c in the function EmbSe_RSA_Priv_Encrypt() where if the RSA padding selected is not set to RSA_NO_PADDING, the call fails. Is this correct or a bug? xml-security-c uses RSA padding&nbsp;<SPAN>RSA_PKCS1_PADDING which complies with the XML security standard.&nbsp;</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TonyMo_0-1689338999815.png" style="width: 400px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/232486i2C6419200FF7A9E0/image-size/medium?v=v2&amp;px=400" role="button" title="TonyMo_0-1689338999815.png" alt="TonyMo_0-1689338999815.png" /></span></P><P>&nbsp;</P><P>Also, in the same function&nbsp;EmbSe_RSA_Priv_Encrypt(), I notice that sss_asymmetric_context_init() uses the kMode_SSS_Decrypt and makes a call to sss_assymmetric_decrypt(). I intuitively would expect that RSA_Priv_Encrypt() is doing "encrypt" operations, not "decrypt" operations. Is this a bug?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TonyMo_1-1689339252997.png" style="width: 400px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/232487i5D24B5C5CFBCD5D2/image-size/medium?v=v2&amp;px=400" role="button" title="TonyMo_1-1689339252997.png" alt="TonyMo_1-1689339252997.png" /></span></P><P>&nbsp;</P><P>Thank you for your help.</P><P>Cheers,</P><P>Tony</P><P>&nbsp;</P> Fri, 14 Jul 2023 12:54:23 GMT https://community.nxp.com/t5/Secure-Authentication/SE050-and-Middleware-v4-3-0-Possible-bug-with-Openssl-engine/m-p/1688533#M1306 TonyMo 2023-07-14T12:54:23Z https://community.nxp.com/t5/Secure-Authentication/SE050-and-Middleware-v4-3-0-Possible-bug-with-Openssl-engine/m-p/1689852#M1307 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/213597">@TonyMo</a>&nbsp;,</P> <P>&nbsp;</P> <P>Indeed the function EmbSE_RSA_Priv_Encrypt is actually the method referenced to “sign” data. With RSA the signature is correctly created with the method “decrypt”. From the openSSL documentation:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Kan_Li_0-1689903033667.png" style="width: 585px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/232821iB5DA340679C4F9D7/image-dimensions/585x563?v=v2" width="585" height="563" role="button" title="Kan_Li_0-1689903033667.png" alt="Kan_Li_0-1689903033667.png" /></span></P> <P>I agree that the engine’s function name is misleading as it actually should be the signing function.</P> <P>&nbsp;</P> <P>For the RSA padding methods support, we are checking with the R&amp;D now, will let you know when I have any more info from there.</P> <P>&nbsp;</P> <P>Thanks for your patience and understanding!</P> <P>&nbsp;</P> <P>Have a great day,<BR />Kan</P> <P><BR />-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!<BR />- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.<BR />-------------------------------------------------------------------------------</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 21 Jul 2023 01:36:36 GMT https://community.nxp.com/t5/Secure-Authentication/SE050-and-Middleware-v4-3-0-Possible-bug-with-Openssl-engine/m-p/1689852#M1307 Kan_Li 2023-07-21T01:36:36Z https://community.nxp.com/t5/Secure-Authentication/SE050-and-Middleware-v4-3-0-Possible-bug-with-Openssl-engine/m-p/1690698#M1308 <P>Thank you Kan. There is no concern with the SE050 not being to support RSA padding. I was able to leverage Openssl's RSA padding commands to achieve what I needed.</P><P>&nbsp;</P> Sat, 22 Jul 2023 08:00:51 GMT https://community.nxp.com/t5/Secure-Authentication/SE050-and-Middleware-v4-3-0-Possible-bug-with-Openssl-engine/m-p/1690698#M1308 TonyMo 2023-07-22T08:00:51Z