On 12/04/2021 18:06, Blumenthal, Uri - 0553 - MITLL wrote:
Is there an analog of the "dummy async engine" for the OpenSSL-3.0 Provider?
There isn't a simple analog for RSA specifically.
There's the test "tls-provider" which implements a toy KEX and KEM
algorithm:
https://github.com/openssl/openssl/blob/master/test/tls-provider.c
For a bare bones skeleton do-nothing provider you can look at the null
provider:
https://github.com/openssl/openssl/blob/master/providers/nullprov.c
You can also have a look at the legacy provider for a (relatively)
simple example of how to do ciphers and digests:
https://github.com/openssl/openssl/blob/master/providers/legacyprov.c
Of course you should also look at the documentation:
https://www.openssl.org/docs/manmaster/man7/provider.html
If the interest is RSA specifically you may want to look at the provider
asymmetric cipher documentation:
https://www.openssl.org/docs/manmaster/man7/provider-asym_cipher.html
as well as the provider signatures documentation:
https://www.openssl.org/docs/manmaster/man7/provider-signature.html
and the provider key management documentation:
https://www.openssl.org/docs/manmaster/man7/provider-keymgmt.html
Matt
TNX
--
Regards,
Uri
There are two ways to design a system. One is to make is so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
- C. A. R. Hoare
On 4/12/21, 12:43, "openssl-users on behalf of Matt Caswell" <openssl-users-bounces@xxxxxxxxxxx on behalf of matt@xxxxxxxxxxx> wrote:
You can look at the dummy async engine which wraps the standard RSA
functions inside an engine (as well as various other crypto primitives).
You can see it here:
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/engines/e_dasync.c
Matt
On 12/04/2021 17:32, Shariful Alam wrote:
> Dr. Pauli,
> Goodmorning. Thank you for replying. I found the documentation a bit
> difficult for me to understand. I was wondering if you can direct me to
> a sample skeleton code for creating a custom RSA engine.
>
> Regards,
> Shariful Alam
>
> On Sun, Apr 11, 2021 at 6:00 PM Dr Paul Dale <pauli@xxxxxxxxxxx
> <mailto:pauli@xxxxxxxxxxx>> wrote:
>
> You shouldn't be accessing the internal of a private structure. That
> structure was made private for a reason and duplicating it in your
> engine will break when we change the structure's contents.
>
> Your engine should be using the EVP_PKEY_meth_set_* function to do
> what you want (for 1.1.1). For 3.0, you should be writing a
> provider instead.
>
>
> Pauli
>
> On 12/4/21 5:04 am, Shariful Alam wrote:
>> Hello,
>> Hope you guys are doing well. I'm trying to develop an RSA engine.
>> My engine was somewhat working until I try to integrate my engine
>> with an apache httpd server. After installing the httpd from the
>> source code, it turns out that, I can't compile my engine anymore.
>> I get the following error while I try to compile (it was compiling
>> before and I did not make any changes to my engine code).
>>
>> ==============================
>>
>> *$gcc -fPIC -c r_engine.c*
>> *r_engine.c:29:8: error: redefinition of ‘struct rsa_meth_st’
>> struct rsa_meth_st {
>> ^
>> In file included from /usr/include/openssl/crypto.h:131:0,
>> from r_engine.c:7:
>> /usr/include/openssl/ossl_typ.h:147:16: note: originally defined here
>> typedef struct rsa_meth_st RSA_METHOD;*
>>
>> =============================
>>
>> and my *struct rsa_meth_st *looks like the following,
>>
>> ================================================================================
>>
>> *struct rsa_meth_st {
>>
>> const char *name;
>> int (*rsa_pub_enc) (int flen, const unsigned char *from,
>> unsigned char *to, RSA *rsa, int padding);
>> int (*rsa_pub_dec) (int flen, const unsigned char *from,
>> unsigned char *to, RSA *rsa, int padding);
>> int (*rsa_priv_enc) (int flen, const unsigned char *from,
>> unsigned char *to, RSA *rsa, int padding);
>> int (*rsa_priv_dec) (int flen, const unsigned char *from,
>> unsigned char *to, RSA *rsa, int padding);
>>
>> int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
>> BN_CTX *ctx);
>>
>> int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM
>> *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
>>
>> int (*init) (RSA *rsa);
>>
>> int (*finish) (RSA *rsa);
>>
>> int flags;
>>
>> char *app_data;
>>
>> int (*rsa_sign) (int type, const unsigned char *m, unsigned
>> int m_length, unsigned char *sigret, unsigned int *siglen, const
>> RSA *rsa);
>>
>> int (*rsa_verify) (int dtype, const unsigned char *m, unsigned
>> int m_length, const unsigned char *sigbuf, unsigned int siglen,
>> const RSA *rsa);
>>
>> int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
>>
>> };
>> *
>>
>> =================================================================================
>>
>> My sample skeleton code is here https://pastebin.com/uNXYknEA
>> <https://pastebin.com/uNXYknEA>
>>
>> Can anyone please tell me what I'm I doing wrong?
>>
>> Regards,
>> Shariful Alam
>
