Set custom bn_mod_exp functions in openssl 1.1.1

prudvi raj rajprudvi98 at gmail.com
Mon Dec 21 21:12:31 UTC 2020


Thanks for the Reply!!.
I have a doubt , is it necessary to create a duplicate method ?? , Actually
in my case this custom "set" function would be called only once during
system initialization &  we need to use those hardware accelerator
functions for all the crypto operations to be done later. So here's what i
did :
--
new code :
    static DH_METHOD *Intoto_DH_Method;
    static RSA_METHOD *Intoto_RSA_Method;
    static DSA_METHOD *Intoto_DSA_Method;

    void updatePublicKeyMethods()
    {
        Intoto_DH_Method = (DH_METHOD *)DH_get_default_method();
        DH_meth_set_bn_mod_exp(Intoto_DH_Method, Intoto_DH_mod_exp);
        DH_set_default_method(Intoto_DH_Method);          << I guess,
there's no need to set the same as default again ??

        Intoto_RSA_Method = (RSA_METHOD *)RSA_get_default_method();
        RSA_meth_set_bn_mod_exp(Intoto_RSA_Method, Intoto_RSA_mod_exp);
        RSA_set_default_method(Intoto_RSA_Method);

        Intoto_DSA_Method = (DSA_METHOD *)DSA_get_default_method();
        DSA_meth_set_bn_mod_exp(Intoto_DSA_Method, Intoto_DSA_mod_exp);
        DSA_set_default_method(Intoto_DSA_Method);
        return;
    }
--
old code :
    static DH_METHOD Intoto_DH_Method;
    static RSA_METHOD Intoto_RSA_Method;
    static DSA_METHOD Intoto_DSA_Method;

    void updatePublicKeyMethods()
    {
        Intoto_DH_Method = *(DH_get_default_method());
        Intoto_DH_Method.bn_mod_exp = Intoto_DH_mod_exp;
        DH_set_default_method(&Intoto_DH_Method);

        Intoto_RSA_Method = *(RSA_get_default_method());
        Intoto_RSA_Method.bn_mod_exp = Intoto_RSA_mod_exp;
        RSA_set_default_method(&Intoto_RSA_Method);

        Intoto_DSA_Method = *(DSA_get_default_method());
        Intoto_DSA_Method.bn_mod_exp = Intoto_DSA_mod_exp;
        DSA_set_default_method(&Intoto_DSA_Method);

        return;
    }
--
Do you suggest any modifications, If any ??

Thanks,
Prudvi.


On Thu, Dec 17, 2020 at 4:07 PM Tomas Mraz <tmraz at redhat.com> wrote:

> On Thu, 2020-12-17 at 15:16 +0530, prudvi raj wrote:
> > Hi,
> >
> > I need to set custom accelerated functions for bn_mod_exp methods in
> > openssl 1.1.1, while upgrading for openssl 1.0.2. Here's the code
> > snippet () :
> > --
> >     static DH_METHOD Intoto_DH_Method;
> >     static RSA_METHOD Intoto_RSA_Method;
> >     static DSA_METHOD Intoto_DSA_Method;
> >
> >     void updatePublicKeyMethods()
> >     {
> >         Intoto_DH_Method = *(DH_get_default_method());
> >         Intoto_DH_Method.bn_mod_exp = Intoto_DH_mod_exp;
> >         DH_set_default_method(&Intoto_DH_Method);
> >
> >         Intoto_RSA_Method = *(RSA_get_default_method());
> >         Intoto_RSA_Method.bn_mod_exp = Intoto_RSA_mod_exp;
> >         RSA_set_default_method(&Intoto_RSA_Method);
> >
> >         Intoto_DSA_Method = *(DSA_get_default_method());
> >         Intoto_DSA_Method.bn_mod_exp = Intoto_DSA_mod_exp;
> >         DSA_set_default_method(&Intoto_DSA_Method);
> >
> >         return;
> >     }
> > --
> > As RSA_METHOD,DSA_METHOD & DH_METHOD objects are Opaque now , Can
> > anyone help me with what would be the replacement for above code ??
>
> There is RSA_meth_set_bn_mod_exp() function and the respective
> equivalents for DH and DSA. Of course you'll also have to use
> RSA_meth_dup() to duplicate the default method before you can
> manipulate it. And you'll need to free it once you stop using the
> OpenSSL functions.
>
> --
> Tomáš Mráz
> No matter how far down the wrong road you've gone, turn back.
>                                               Turkish proverb
> [You'll know whether the road is wrong if you carefully listen to your
> conscience.]
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201222/a4e91fb4/attachment.html>


More information about the openssl-users mailing list