diff options
| author | Geoff Thorpe <geoff@openssl.org> | 2004-03-25 04:32:24 +0000 |
|---|---|---|
| committer | Geoff Thorpe <geoff@openssl.org> | 2004-03-25 04:32:24 +0000 |
| commit | c86f2054f39c7005bc03f91db2d7bcf38f0a92ac (patch) | |
| tree | d44ff598397b7c8c61b254d32aaba1479a34deda /crypto/bn/bn_prime.c | |
| parent | 5c98b2caf5ce545fbf77611431c7084979da8177 (diff) | |
Adjust various bignum functions to use BN_CTX for variables instead of
locally initialising their own.
NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
these functions, and that may be a major part of the performance
improvements we're seeing. The "free" part can be removed because we're
using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
destruction automatically performs this task, so performing it inside
functions that may be called repeatedly is wasteful. This is currently safe
within openssl due to the fact that BN_CTX objects are never created for
longer than a single high-level operation. However, that is only because
there's currently no mechanism in openssl for thread-local storage. Beyond
that, this might be an issue for applications using the bignum API directly
and caching their own BN_CTX objects. The solution is to introduce a flag
to BN_CTX_start() that allows its variables to be automatically sanitised
on release during BN_CTX_end(). This way any higher-level function (and
perhaps the application) can specify this flag in its own
BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
specifying the flag to be ignored so that sanitisation is handled only once
back out at the higher level. I will be implementing this in the near
future.
Diffstat (limited to 'crypto/bn/bn_prime.c')
| -rw-r--r-- | crypto/bn/bn_prime.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 4430e90df5..d03403a600 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -159,15 +159,17 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b) int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) { - BIGNUM t; + BIGNUM *t; int found=0; int i,j,c1=0; BN_CTX *ctx; int checks = BN_prime_checks_for_size(bits); - BN_init(&t); ctx=BN_CTX_new(); if (ctx == NULL) goto err; + BN_CTX_start(ctx); + t = BN_CTX_get(ctx); + if(!t) goto err; loop: /* make a random number and set the top and bottom bits */ if (add == NULL) @@ -204,7 +206,7 @@ loop: * check that (p-1)/2 is prime. * Since a prime is odd, We just * need to divide by 2 */ - if (!BN_rshift1(&t,ret)) goto err; + if (!BN_rshift1(t,ret)) goto err; for (i=0; i<checks; i++) { @@ -212,7 +214,7 @@ loop: if (j == -1) goto err; if (j == 0) goto loop; - j=BN_is_prime_fasttest_ex(&t,1,ctx,0,cb); + j=BN_is_prime_fasttest_ex(t,1,ctx,0,cb); if (j == -1) goto err; if (j == 0) goto loop; @@ -224,8 +226,11 @@ loop: /* we have a prime :-) */ found = 1; err: - BN_free(&t); - if (ctx != NULL) BN_CTX_free(ctx); + if (ctx != NULL) + { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } bn_check_top(ret); return found; } |