Set custom bn_mod_exp functions in openssl 1.1.1

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Set custom bn_mod_exp functions in openssl 1.1.1

prudvi raj
Hi,

I need to set custom accelerated functions for bn_mod_exp methods in openssl 1.1.1, while upgrading for openssl 1.0.2. Here's the code snippet () :
--
    static DH_METHOD Intoto_DH_Method;
    static RSA_METHOD Intoto_RSA_Method;
    static DSA_METHOD Intoto_DSA_Method;

    void updatePublicKeyMethods()
    {    
        Intoto_DH_Method = *(DH_get_default_method());
        Intoto_DH_Method.bn_mod_exp = Intoto_DH_mod_exp;
        DH_set_default_method(&Intoto_DH_Method);

        Intoto_RSA_Method = *(RSA_get_default_method());
        Intoto_RSA_Method.bn_mod_exp = Intoto_RSA_mod_exp;
        RSA_set_default_method(&Intoto_RSA_Method);

        Intoto_DSA_Method = *(DSA_get_default_method());
        Intoto_DSA_Method.bn_mod_exp = Intoto_DSA_mod_exp;
        DSA_set_default_method(&Intoto_DSA_Method);

        return;
    } 
--
As RSA_METHOD,DSA_METHOD & DH_METHOD objects are Opaque now , Can anyone help me with what would be the replacement for above code ??

Thanks,
Prudvi 
Reply | Threaded
Open this post in threaded view
|

Re: Set custom bn_mod_exp functions in openssl 1.1.1

Tomas Mraz-2
On Thu, 2020-12-17 at 15:16 +0530, prudvi raj wrote:

> Hi,
>
> I need to set custom accelerated functions for bn_mod_exp methods in
> openssl 1.1.1, while upgrading for openssl 1.0.2. Here's the code
> snippet () :
> --
>     static DH_METHOD Intoto_DH_Method;
>     static RSA_METHOD Intoto_RSA_Method;
>     static DSA_METHOD Intoto_DSA_Method;
>
>     void updatePublicKeyMethods()
>     {    
>         Intoto_DH_Method = *(DH_get_default_method());
>         Intoto_DH_Method.bn_mod_exp = Intoto_DH_mod_exp;
>         DH_set_default_method(&Intoto_DH_Method);
>
>         Intoto_RSA_Method = *(RSA_get_default_method());
>         Intoto_RSA_Method.bn_mod_exp = Intoto_RSA_mod_exp;
>         RSA_set_default_method(&Intoto_RSA_Method);
>
>         Intoto_DSA_Method = *(DSA_get_default_method());
>         Intoto_DSA_Method.bn_mod_exp = Intoto_DSA_mod_exp;
>         DSA_set_default_method(&Intoto_DSA_Method);
>
>         return;
>     }
> --
> As RSA_METHOD,DSA_METHOD & DH_METHOD objects are Opaque now , Can
> anyone help me with what would be the replacement for above code ??

There is RSA_meth_set_bn_mod_exp() function and the respective
equivalents for DH and DSA. Of course you'll also have to use
RSA_meth_dup() to duplicate the default method before you can
manipulate it. And you'll need to free it once you stop using the
OpenSSL functions.

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]


Reply | Threaded
Open this post in threaded view
|

Re: Set custom bn_mod_exp functions in openssl 1.1.1

prudvi raj
Thanks for the Reply!!.
I have a doubt , is it necessary to create a duplicate method ?? , Actually in my case this custom "set" function would be called only once during system initialization &  we need to use those hardware accelerator functions for all the crypto operations to be done later. So here's what i did : 
--
new code :
    static DH_METHOD *Intoto_DH_Method;
    static RSA_METHOD *Intoto_RSA_Method;
    static DSA_METHOD *Intoto_DSA_Method;

    void updatePublicKeyMethods()
    {    
        Intoto_DH_Method = (DH_METHOD *)DH_get_default_method();
        DH_meth_set_bn_mod_exp(Intoto_DH_Method, Intoto_DH_mod_exp);
        DH_set_default_method(Intoto_DH_Method);          << I guess, there's no need to set the same as default again ??

        Intoto_RSA_Method = (RSA_METHOD *)RSA_get_default_method();
        RSA_meth_set_bn_mod_exp(Intoto_RSA_Method, Intoto_RSA_mod_exp);
        RSA_set_default_method(Intoto_RSA_Method);

        Intoto_DSA_Method = (DSA_METHOD *)DSA_get_default_method();
        DSA_meth_set_bn_mod_exp(Intoto_DSA_Method, Intoto_DSA_mod_exp);
        DSA_set_default_method(Intoto_DSA_Method);   
        return;
    } 
--
old code :
    static DH_METHOD Intoto_DH_Method;
    static RSA_METHOD Intoto_RSA_Method;
    static DSA_METHOD Intoto_DSA_Method;

    void updatePublicKeyMethods()
    {    
        Intoto_DH_Method = *(DH_get_default_method());
        Intoto_DH_Method.bn_mod_exp = Intoto_DH_mod_exp;
        DH_set_default_method(&Intoto_DH_Method);

        Intoto_RSA_Method = *(RSA_get_default_method());
        Intoto_RSA_Method.bn_mod_exp = Intoto_RSA_mod_exp;
        RSA_set_default_method(&Intoto_RSA_Method);

        Intoto_DSA_Method = *(DSA_get_default_method());
        Intoto_DSA_Method.bn_mod_exp = Intoto_DSA_mod_exp;
        DSA_set_default_method(&Intoto_DSA_Method);

        return;
    } 
--
Do you suggest any modifications, If any ??

Thanks,
Prudvi.


On Thu, Dec 17, 2020 at 4:07 PM Tomas Mraz <[hidden email]> wrote:
On Thu, 2020-12-17 at 15:16 +0530, prudvi raj wrote:
> Hi,
>
> I need to set custom accelerated functions for bn_mod_exp methods in
> openssl 1.1.1, while upgrading for openssl 1.0.2. Here's the code
> snippet () :
> --
>     static DH_METHOD Intoto_DH_Method;
>     static RSA_METHOD Intoto_RSA_Method;
>     static DSA_METHOD Intoto_DSA_Method;
>
>     void updatePublicKeyMethods()
>     {   
>         Intoto_DH_Method = *(DH_get_default_method());
>         Intoto_DH_Method.bn_mod_exp = Intoto_DH_mod_exp;
>         DH_set_default_method(&Intoto_DH_Method);
>
>         Intoto_RSA_Method = *(RSA_get_default_method());
>         Intoto_RSA_Method.bn_mod_exp = Intoto_RSA_mod_exp;
>         RSA_set_default_method(&Intoto_RSA_Method);
>
>         Intoto_DSA_Method = *(DSA_get_default_method());
>         Intoto_DSA_Method.bn_mod_exp = Intoto_DSA_mod_exp;
>         DSA_set_default_method(&Intoto_DSA_Method);
>
>         return;
>     }
> --
> As RSA_METHOD,DSA_METHOD & DH_METHOD objects are Opaque now , Can
> anyone help me with what would be the replacement for above code ??

There is RSA_meth_set_bn_mod_exp() function and the respective
equivalents for DH and DSA. Of course you'll also have to use
RSA_meth_dup() to duplicate the default method before you can
manipulate it. And you'll need to free it once you stop using the
OpenSSL functions.

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]