<div dir="auto"><div dir="ltr"><div dir="auto">In openssl 1.1.1,</div><div>I see that this bn_mod_exp function is called from "<span style="font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">rsa_ossl_public_decrypt</span>" :</div><div><br></div><div>566 if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,<br>567 rsa->_method_mod_n)) {<br>568 goto err;<br>569 }<br></div><div><br></div><div>so we are doing "f^(rsa->e)mod(rsa->n)" , this result is being filled in ret (a BIGNUM* type). </div><div>This 'ret' variable is not a part of the RSA structure . So I think we need look for any bignum "BN" set functions(if available) to modify the BIGNUM structure attributes like 'd' array,top & dmax values , ..as this ret variable isn't the part of RSA structure (yet) when the bn_mod_exp is called.</div><div dir="auto"><br></div><div dir="auto">Checkout this function "rsa_ossl_public_decrypt" for more details.</div><div dir="auto"><br></div><div dir="auto">Hope that clarifies the scenario .</div><div dir="auto">Please let me know if you have any questions.</div><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto">Prudvi.</div><div dir="auto"><br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Tue, Dec 22, 2020 at 3:45 AM prudvi raj <<a href="mailto:rajprudvi98@gmail.com" target="_blank" rel="noreferrer">rajprudvi98@gmail.com</a>> wrote:<br>
><br>
> Hello all,<br>
><br>
> We use a hardware accelerator to calculate BIGNUM rr = a^p mod m .( bn_mod_exp). I am trying to rewrite that logic for openssl 1.1.1. Code snippet of custom bn_mod_exp function:<br>
> --<br>
> if(rr->d)<br>
> {<br>
> OPENSSL_free(rr->d);<br>
> }<br>
> rr->d = ( BN_ULONG * )( malloc( m->top * sizeof(BN_ULONG) ) );<br>
> rr->top = m->top;<br>
> rr->dmax = m->top;<br>
> rr->neg = 0;<br>
><br>
> publicKeyData.operandALength = a->top * sizeof(BN_ULONG);<br>
> publicKeyData.operandA = ( System::BYTE * )( a->d );<br>
> publicKeyData.operandBLength = p->top * sizeof(BN_ULONG);<br>
> publicKeyData.operandB = ( System::BYTE * )( p->d );<br>
> publicKeyData.modulusLength = m->top * sizeof(BN_ULONG);<br>
> publicKeyData.modulus = ( System::BYTE * )( m->d );<br>
><br>
> publicKeyData.resultLength = m->top * sizeof(BN_ULONG);<br>
> publicKeyData.result = ( System::BYTE * )( rr->d );<br>
><br>
> calculate ( publicKeyData ); <<calculate fills out the Result Bytes in "rr->d" buffer.<br>
> --<br>
> I found a few 'get' functions (no set functions though) like -- bn_get_top , bn_get_dmax. These are in "bn_intern.c" , not in "bn_lib.c" (or BN API).<br>
> OPENSSL_free(rr->d)<br>
> rr->d = ( BN_ULONG * )( malloc( m->top * sizeof(BN_ULONG) ) );<br>
> rr->top = m->top;<br>
> rr->dmax = m->top;<br>
> rr->neg = 0<br>
><br>
> As forward declarations are no longer allowed in openssl 1.1.1 , how to replicate above operations in openssl 1.1.1 ?<br>
> Are there any Set functions for set, dmax , d values (allocate memory for rr->d) . ?!<br>
> Please help me on this!!<br>
><br>
> Thanks,<br>
> Prudvi.<br>
><br>
<br>
IIUC, this is just a side effect of not being able to access the RSA<br>
structure directly like in openssl 1.0.2 days.<br>
The function RSA_set0_key() will allow you to set D, and there are<br>
routines for other portions of the struct as well.<br>
When the structure went opaque, getter and setters we're added for<br>
your use, see:<br>
- <a href="https://www.openssl.org/docs/man1.1.1/man3/RSA_set0_key.html" rel="noreferrer noreferrer" target="_blank">https://www.openssl.org/docs/man1.1.1/man3/RSA_set0_key.html</a><br>
<br>
If you need to keep backwards compat with 1.0.2, you can define those<br>
getter/setter functions when building with 1.0.2 in your source<br>
code. However, it's strongly recommended to not be using 1.0.2.<br>
<br>
Bill<br>
</blockquote></div></div></div>