diff options
| author | Geoff Thorpe <geoff@openssl.org> | 2004-03-25 02:52:04 +0000 |
|---|---|---|
| committer | Geoff Thorpe <geoff@openssl.org> | 2004-03-25 02:52:04 +0000 |
| commit | 46ef873f0b3c04b6415cddac5d4a7b27b53cc482 (patch) | |
| tree | d045819aeac3f9d4665713eb6917a5f351ca9bf9 /engines/e_ubsec.c | |
| parent | 2d2a5ba32a6da293bbe290529293c485d36e1c19 (diff) | |
| download | openssl-46ef873f0b3c04b6415cddac5d4a7b27b53cc482.zip openssl-46ef873f0b3c04b6415cddac5d4a7b27b53cc482.tar.gz openssl-46ef873f0b3c04b6415cddac5d4a7b27b53cc482.tar.bz2 | |
By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.
This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.
Diffstat (limited to 'engines/e_ubsec.c')
| -rw-r--r-- | engines/e_ubsec.c | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 0944588..5aa29f1 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -89,7 +89,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *q, const BIGNUM *dp, const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx); #ifndef OPENSSL_NO_RSA -static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); +static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); #endif static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); @@ -590,14 +590,10 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } #ifndef OPENSSL_NO_RSA -static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { - BN_CTX *ctx; int to_return = 0; - if((ctx = BN_CTX_new()) == NULL) - goto err; - if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS); @@ -612,11 +608,9 @@ static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) * Do in software as hardware failed. */ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - to_return = (*meth->rsa_mod_exp)(r0, I, rsa); + to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); } err: - if(ctx) - BN_CTX_free(ctx); return to_return; } #endif |