RSA provider use example
Antonio Santagiuliana
santantonioswap at gmail.com
Fri Sep 24 15:51:46 UTC 2021
Thank you for your reply.
I'm still a bit confused though.
In /providers/implementations/asymcipher/rsa_enc.c I find function
rsa_decrypt() that calls RSA_private_decrypt(prsactx->rsa)
I haven't found other implementation of this RSA_private_decrypt() apart
from the one in crypto/RSA/rsa_crypt.c , where the RSA argument passed is
used to call this:
rsa->meth->rsa_priv_dec()
I can't find where this pointer to method was set up. I can't find it in
the init of the default provider's rsa_enc.c and if the app requesting this
default RSA can't use the set_method() because deprecated, how is this
rsa_priv_dec pointer set up?where is the set up of it?
Thank you
On Fri, 24 Sep 2021, 15:02 Matt Caswell, <matt at openssl.org> wrote:
>
>
> On 24/09/2021 14:49, Antonio Santagiuliana wrote:
> > Hello , thank you all for the replies. Very useful.
> > I have seen in Openssl/crypto/RSA/rsa_local.h the definition of rsa_st
> > has a pointer to RSA_METHOD and I can't see this filled in in any of the
> > examples' set up or initializations, where is it filled in for the
> > default provider , for the RSA algorithm?
> > I can see the methods pointers are used later down in the call chain
> > from RSA_private_decrypt() in
> > providers/implementation/asymciphers/rsa_enc but I can't find where
> > these methods' pointers are set and I would like to understand how I
> > could pass a different method pointer in the parameters for a different
> > mod_exp operation , for example, or how I could set it on a completely
> > new RSA implementation mimicking the one in the default provider but
> > with different methods where I need them changed, minimizing the
> > differences with the default provider's RSA.
>
> The default RSA_METHOD structure to use can be set via
> RSA_set_default_method():
>
> https://www.openssl.org/docs/man3.0/man3/RSA_set_default_method.html
>
> You can construct such an RSA_METHOD using the functions described here:
>
> https://www.openssl.org/docs/man3.0/man3/RSA_meth_new.html
>
> However all of the above is considered deprecated and legacy and may be
> removed from a future version of OpenSSL.
>
> Instead you are supposed to implement such things in a new provider. For
> example see:
>
> https://www.openssl.org/docs/man3.0/man7/provider-base.html
> https://www.openssl.org/docs/man3.0/man7/provider.html
> https://www.openssl.org/docs/man3.0/man7/provider-signature.html
> https://www.openssl.org/docs/man3.0/man7/provider-keymgmt.html
>
>
> Matt
>
>
> > Thank you
> >
> >
> > On Fri, 24 Sep 2021, 12:22 Matt Caswell, <matt at openssl.org
> > <mailto:matt at openssl.org>> wrote:
> >
> >
> >
> > On 24/09/2021 12:17, Dr Paul Dale wrote:
> > > What about: apps/rsa.c, apps/rsautl.c and apps/genrsa.c
> > > 3.0 doesn't use the RSA structure in the non-deprecated public
> API.
> > >
> > > You probably want the EVP_PKEY_fromdata call.
> >
> > An example of building an RSA key from its constituent parts is
> > available on the EVP_PKEY_fromdata() man page:
> >
> > https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html
> > <https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html>
> >
> > Matt
> >
> >
> > >
> > >
> > > Pauli
> > >
> > >
> > > On 24/9/21 8:55 pm, Antonio Santagiuliana wrote:
> > >> Hello
> > >> Is there any app or command in the current Openssl master
> > repository
> > >> that initialises and uses the new RSA provider?
> > >> I would like to see how the RSA* context parameter is filled in
> and
> > >> used, but I can't find an example using the RSA provider.
> > >>
> > >>
> > >> Thank you
> > >>
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210924/d2fe1ceb/attachment.html>
More information about the openssl-users
mailing list