RSA provider use example
Matt Caswell
matt at openssl.org
Fri Sep 24 14:02:28 UTC 2021
On 24/09/2021 14:49, Antonio Santagiuliana wrote:
> Hello , thank you all for the replies. Very useful.
> I have seen in Openssl/crypto/RSA/rsa_local.h the definition of rsa_st
> has a pointer to RSA_METHOD and I can't see this filled in in any of the
> examples' set up or initializations, where is it filled in for the
> default provider , for the RSA algorithm?
> I can see the methods pointers are used later down in the call chain
> from RSA_private_decrypt() in
> providers/implementation/asymciphers/rsa_enc but I can't find where
> these methods' pointers are set and I would like to understand how I
> could pass a different method pointer in the parameters for a different
> mod_exp operation , for example, or how I could set it on a completely
> new RSA implementation mimicking the one in the default provider but
> with different methods where I need them changed, minimizing the
> differences with the default provider's RSA.
The default RSA_METHOD structure to use can be set via
RSA_set_default_method():
https://www.openssl.org/docs/man3.0/man3/RSA_set_default_method.html
You can construct such an RSA_METHOD using the functions described here:
https://www.openssl.org/docs/man3.0/man3/RSA_meth_new.html
However all of the above is considered deprecated and legacy and may be
removed from a future version of OpenSSL.
Instead you are supposed to implement such things in a new provider. For
example see:
https://www.openssl.org/docs/man3.0/man7/provider-base.html
https://www.openssl.org/docs/man3.0/man7/provider.html
https://www.openssl.org/docs/man3.0/man7/provider-signature.html
https://www.openssl.org/docs/man3.0/man7/provider-keymgmt.html
Matt
> Thank you
>
>
> On Fri, 24 Sep 2021, 12:22 Matt Caswell, <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
>
>
>
> On 24/09/2021 12:17, Dr Paul Dale wrote:
> > What about: apps/rsa.c, apps/rsautl.c and apps/genrsa.c
> > 3.0 doesn't use the RSA structure in the non-deprecated public API.
> >
> > You probably want the EVP_PKEY_fromdata call.
>
> An example of building an RSA key from its constituent parts is
> available on the EVP_PKEY_fromdata() man page:
>
> https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html
> <https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html>
>
> Matt
>
>
> >
> >
> > Pauli
> >
> >
> > On 24/9/21 8:55 pm, Antonio Santagiuliana wrote:
> >> Hello
> >> Is there any app or command in the current Openssl master
> repository
> >> that initialises and uses the new RSA provider?
> >> I would like to see how the RSA* context parameter is filled in and
> >> used, but I can't find an example using the RSA provider.
> >>
> >>
> >> Thank you
> >>
> >
>
More information about the openssl-users
mailing list