On 24/09/2021 16:51, Antonio Santagiuliana wrote:
Thank you for your reply.
I'm still a bit confused though.
In /providers/implementations/asymcipher/rsa_enc.c I find function
rsa_decrypt() that calls RSA_private_decrypt(prsactx->rsa)
I haven't found other implementation of this RSA_private_decrypt() apart
from the one in crypto/RSA/rsa_crypt.c , where the RSA argument passed
is used to call this:
rsa->meth->rsa_priv_dec()
I can't find where this pointer to method was set up. I can't find it in
the init of the default provider's rsa_enc.c and if the app requesting
this default RSA can't use the set_method() because deprecated, how is
this rsa_priv_dec pointer set up?where is the set up of it?
The default method for an RSA object is initialised in RSA_new() here:
https://github.com/openssl/openssl/blob/master/crypto/rsa/rsa_lib.c#L93
The global default RSA method is initialised here:
https://github.com/openssl/openssl/blob/8b6a7da304d4fdd0de38ddd6037d8a02491e3e4e/crypto/rsa/rsa_ossl.c#L52-L62
This includes the default pointer for the rsa_priv_dec() function.
An app *can* request an alternative default through
RSA_set_default_method(). It is deprecated not removed - so it is still
supported. But this is not the way you are supposed to do things any
more. Applications that don't use any deprecated functions will always
end up in the default method if using the default provider. If you want
a different RSA implementation then you should not use the default provider.
Matt
Thank you
On Fri, 24 Sep 2021, 15:02 Matt Caswell, <m...@openssl.org
<mailto:m...@openssl.org>> wrote:
On 24/09/2021 14:49, Antonio Santagiuliana wrote:
> Hello , thank you all for the replies. Very useful.
> I have seen in Openssl/crypto/RSA/rsa_local.h the definition of
rsa_st
> has a pointer to RSA_METHOD and I can't see this filled in in any
of the
> examples' set up or initializations, where is it filled in for the
> default provider , for the RSA algorithm?
> I can see the methods pointers are used later down in the call chain
> from RSA_private_decrypt() in
> providers/implementation/asymciphers/rsa_enc but I can't find where
> these methods' pointers are set and I would like to understand how I
> could pass a different method pointer in the parameters for a
different
> mod_exp operation , for example, or how I could set it on a
completely
> new RSA implementation mimicking the one in the default provider but
> with different methods where I need them changed, minimizing the
> differences with the default provider's RSA.
The default RSA_METHOD structure to use can be set via
RSA_set_default_method():
https://www.openssl.org/docs/man3.0/man3/RSA_set_default_method.html
<https://www.openssl.org/docs/man3.0/man3/RSA_set_default_method.html>
You can construct such an RSA_METHOD using the functions described here:
https://www.openssl.org/docs/man3.0/man3/RSA_meth_new.html
<https://www.openssl.org/docs/man3.0/man3/RSA_meth_new.html>
However all of the above is considered deprecated and legacy and may be
removed from a future version of OpenSSL.
Instead you are supposed to implement such things in a new provider.
For
example see:
https://www.openssl.org/docs/man3.0/man7/provider-base.html
<https://www.openssl.org/docs/man3.0/man7/provider-base.html>
https://www.openssl.org/docs/man3.0/man7/provider.html
<https://www.openssl.org/docs/man3.0/man7/provider.html>
https://www.openssl.org/docs/man3.0/man7/provider-signature.html
<https://www.openssl.org/docs/man3.0/man7/provider-signature.html>
https://www.openssl.org/docs/man3.0/man7/provider-keymgmt.html
<https://www.openssl.org/docs/man3.0/man7/provider-keymgmt.html>
Matt
> Thank you
>
>
> On Fri, 24 Sep 2021, 12:22 Matt Caswell, <m...@openssl.org
<mailto:m...@openssl.org>
> <mailto:m...@openssl.org <mailto:m...@openssl.org>>> wrote:
>
>
>
> On 24/09/2021 12:17, Dr Paul Dale wrote:
> > What about: apps/rsa.c, apps/rsautl.c and apps/genrsa.c
> > 3.0 doesn't use the RSA structure in the non-deprecated
public API.
> >
> > You probably want the EVP_PKEY_fromdata call.
>
> An example of building an RSA key from its constituent parts is
> available on the EVP_PKEY_fromdata() man page:
>
> https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html
<https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html>
>
<https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html
<https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html>>
>
> Matt
>
>
> >
> >
> > Pauli
> >
> >
> > On 24/9/21 8:55 pm, Antonio Santagiuliana wrote:
> >> Hello
> >> Is there any app or command in the current Openssl master
> repository
> >> that initialises and uses the new RSA provider?
> >> I would like to see how the RSA* context parameter is
filled in and
> >> used, but I can't find an example using the RSA provider.
> >>
> >>
> >> Thank you
> >>
> >
>