Re: RSA provider use example

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 24/09/2021 14:49, Antonio Santagiuliana wrote:

Hello , thank you all for the replies. Very useful.
I have seen in Openssl/crypto/RSA/rsa_local.h the definition of rsa_st has a pointer to RSA_METHOD and I can't see this filled in in any of the examples' set up or initializations, where is it filled in for the default provider , for the RSA algorithm? I can see the methods pointers are used later down in the call chain from RSA_private_decrypt() in providers/implementation/asymciphers/rsa_enc but I can't find where these methods' pointers are set and I would like to understand how I could pass a different method pointer in the parameters for a different mod_exp operation , for example, or how I could set it on a completely new RSA implementation mimicking the one in the default provider but with different methods where I need them changed, minimizing the differences with the default provider's RSA.
The default RSA_METHOD structure to use can be set via RSA_set_default_method(): 

https://www.openssl.org/docs/man3.0/man3/RSA_set_default_method.html

You can construct such an RSA_METHOD using the functions described here:

https://www.openssl.org/docs/man3.0/man3/RSA_meth_new.html
However all of the above is considered deprecated and legacy and may be removed from a future version of OpenSSL.
Instead you are supposed to implement such things in a new provider. For example see: 

https://www.openssl.org/docs/man3.0/man7/provider-base.html
https://www.openssl.org/docs/man3.0/man7/provider.html
https://www.openssl.org/docs/man3.0/man7/provider-signature.html
https://www.openssl.org/docs/man3.0/man7/provider-keymgmt.html


Matt



Thank you
On Fri, 24 Sep 2021, 12:22 Matt Caswell, <matt@xxxxxxxxxxx <mailto:matt@xxxxxxxxxxx>> wrote: 



    On 24/09/2021 12:17, Dr Paul Dale wrote:
     > What about: apps/rsa.c, apps/rsautl.c and apps/genrsa.c
     > 3.0 doesn't use the RSA structure in the non-deprecated public API.
     >
     > You probably want the EVP_PKEY_fromdata call.

    An example of building an RSA key from its constituent parts is
    available on the EVP_PKEY_fromdata() man page:

    https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html
    <https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html>

    Matt


     >
     >
     > Pauli
     >
     >
     > On 24/9/21 8:55 pm, Antonio Santagiuliana wrote:
     >> Hello
     >> Is there any app or command in the current Openssl master
    repository
     >> that initialises and uses the new RSA provider?
     >> I would like to see how the RSA* context parameter is filled in and
     >> used, but I can't find an example using the RSA provider.
     >>
     >>
     >> Thank you
     >>
     >
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux