RSA provider use example

Fri Sep 24 14:02:28 UTC 2021

On 24/09/2021 14:49, Antonio Santagiuliana wrote:
> Hello , thank you all for the replies. Very useful.
> I have seen in Openssl/crypto/RSA/rsa_local.h the definition of rsa_st 
> has a pointer to RSA_METHOD and I can't see this filled in in any of the 
> examples' set up or initializations, where is it filled in for the 
> default provider , for the RSA algorithm?
> I can see the methods pointers are used later down in the call chain 
> from RSA_private_decrypt() in 
> providers/implementation/asymciphers/rsa_enc but I can't find where 
> these methods' pointers are set and I would like to understand how I 
> could pass a different method pointer in the parameters for a different 
> mod_exp operation , for example, or how I could set it on a completely 
> new RSA implementation mimicking the one in the default provider but 
> with different methods where I need them changed, minimizing the 
> differences with the default provider's RSA.

The default RSA_METHOD structure to use can be set via 
RSA_set_default_method():

https://www.openssl.org/docs/man3.0/man3/RSA_set_default_method.html

You can construct such an RSA_METHOD using the functions described here:

https://www.openssl.org/docs/man3.0/man3/RSA_meth_new.html

However all of the above is considered deprecated and legacy and may be 
removed from a future version of OpenSSL.

Instead you are supposed to implement such things in a new provider. For 
example see:

https://www.openssl.org/docs/man3.0/man7/provider-base.html
https://www.openssl.org/docs/man3.0/man7/provider.html
https://www.openssl.org/docs/man3.0/man7/provider-signature.html
https://www.openssl.org/docs/man3.0/man7/provider-keymgmt.html

Matt

> Thank you
> 
> 
> On Fri, 24 Sep 2021, 12:22 Matt Caswell, <matt at openssl.org 
> <mailto:matt at openssl.org>> wrote:
> 
> 
> 
>     On 24/09/2021 12:17, Dr Paul Dale wrote:
>      > What about: apps/rsa.c, apps/rsautl.c and apps/genrsa.c
>      > 3.0 doesn't use the RSA structure in the non-deprecated public API.
>      >
>      > You probably want the EVP_PKEY_fromdata call.
> 
>     An example of building an RSA key from its constituent parts is
>     available on the EVP_PKEY_fromdata() man page:
> 
>     https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html
>     <https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html>
> 
>     Matt
> 
> 
>      >
>      >
>      > Pauli
>      >
>      >
>      > On 24/9/21 8:55 pm, Antonio Santagiuliana wrote:
>      >> Hello
>      >> Is there any app or command in the current Openssl master
>     repository
>      >> that initialises and uses the new RSA provider?
>      >> I would like to see how the RSA* context parameter is filled in and
>      >> used, but I can't find an example using the RSA provider.
>      >>
>      >>
>      >> Thank you
>      >>
>      >
> 