diff options
| author | Geoff Thorpe <geoff@openssl.org> | 2004-03-25 02:52:04 +0000 |
|---|---|---|
| committer | Geoff Thorpe <geoff@openssl.org> | 2004-03-25 02:52:04 +0000 |
| commit | 46ef873f0b3c04b6415cddac5d4a7b27b53cc482 (patch) | |
| tree | d045819aeac3f9d4665713eb6917a5f351ca9bf9 /engines | |
| parent | 2d2a5ba32a6da293bbe290529293c485d36e1c19 (diff) | |
| download | openssl-46ef873f0b3c04b6415cddac5d4a7b27b53cc482.tar.gz | |
By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.
This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.
Diffstat (limited to 'engines')
| -rw-r--r-- | engines/e_aep.c | 12 | ||||
| -rw-r--r-- | engines/e_atalla.c | 9 | ||||
| -rw-r--r-- | engines/e_cswift.c | 9 | ||||
| -rw-r--r-- | engines/e_ncipher.c | 4 | ||||
| -rw-r--r-- | engines/e_nuron.c | 4 | ||||
| -rw-r--r-- | engines/e_ubsec.c | 12 |
6 files changed, 14 insertions, 36 deletions
diff --git a/engines/e_aep.c b/engines/e_aep.c index 5083c80ef8..aa4fe75704 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -106,7 +106,7 @@ static AEP_RV aep_mod_exp_crt(BIGNUM *r,const BIGNUM *a, const BIGNUM *p, /* RSA stuff */ #ifndef OPENSSL_NO_RSA -static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); +static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); #endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ @@ -745,15 +745,11 @@ static int aep_rand_status(void) #endif #ifndef OPENSSL_NO_RSA -static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { - BN_CTX *ctx = NULL; int to_return = 0; AEP_RV rv = AEP_R_OK; - if ((ctx = BN_CTX_new()) == NULL) - goto err; - if (!aep_dso) { AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_NOT_LOADED); @@ -767,7 +763,7 @@ static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) if (rv == FAIL_TO_SW){ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - to_return = (*meth->rsa_mod_exp)(r0, I, rsa); + to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); goto err; } else if (rv != AEP_R_OK) @@ -790,8 +786,6 @@ static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) to_return = 1; err: - if(ctx) - BN_CTX_free(ctx); return to_return; } #endif diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 79abc70678..cc6c9695f0 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -86,7 +86,7 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, #ifndef OPENSSL_NO_RSA /* RSA stuff */ -static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); +static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); #endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -502,9 +502,8 @@ err: } #ifndef OPENSSL_NO_RSA -static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { - BN_CTX *ctx = NULL; int to_return = 0; if(!atalla_dso) @@ -512,8 +511,6 @@ static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED); goto err; } - if((ctx = BN_CTX_new()) == NULL) - goto err; if(!rsa->d || !rsa->n) { ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS); @@ -521,8 +518,6 @@ static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) } to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx); err: - if(ctx) - BN_CTX_free(ctx); return to_return; } #endif diff --git a/engines/e_cswift.c b/engines/e_cswift.c index 793aaccb11..cc39cd4947 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -103,7 +103,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, #ifndef OPENSSL_NO_RSA /* RSA stuff */ -static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); +static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); #endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -668,13 +668,10 @@ err: } #ifndef OPENSSL_NO_RSA -static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { - BN_CTX *ctx; int to_return = 0; - if((ctx = BN_CTX_new()) == NULL) - goto err; if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS); @@ -683,8 +680,6 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, rsa->dmq1, rsa->iqmp, ctx); err: - if(ctx) - BN_CTX_free(ctx); return to_return; } #endif diff --git a/engines/e_ncipher.c b/engines/e_ncipher.c index e416cffedb..e075d1b459 100644 --- a/engines/e_ncipher.c +++ b/engines/e_ncipher.c @@ -102,7 +102,7 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, #ifndef OPENSSL_NO_RSA /* RSA stuff */ -static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa); +static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); #endif /* This function is aliased to mod_exp (with the mont stuff dropped). */ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -946,7 +946,7 @@ err: } #ifndef OPENSSL_NO_RSA -static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) +static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { char tempbuf[1024]; HWCryptoHook_ErrMsgBuf rmsg; diff --git a/engines/e_nuron.c b/engines/e_nuron.c index e3a9406c49..4df6f0495a 100644 --- a/engines/e_nuron.c +++ b/engines/e_nuron.c @@ -192,9 +192,9 @@ static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p, } #ifndef OPENSSL_NO_RSA -static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { - return nuron_mod_exp(r0,I,rsa->d,rsa->n,NULL); + return nuron_mod_exp(r0,I,rsa->d,rsa->n,ctx); } #endif diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 094458887c..5aa29f1c53 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -89,7 +89,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dp, const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx); #ifndef OPENSSL_NO_RSA -static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); +static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); #endif static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); @@ -590,14 +590,10 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } #ifndef OPENSSL_NO_RSA -static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { - BN_CTX *ctx; int to_return = 0; - if((ctx = BN_CTX_new()) == NULL) - goto err; - if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS); @@ -612,11 +608,9 @@ static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) * Do in software as hardware failed. */ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - to_return = (*meth->rsa_mod_exp)(r0, I, rsa); + to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); } err: - if(ctx) - BN_CTX_free(ctx); return to_return; } #endif |