Adjust various bignum functions to use BN_CTX for variables instead of

locally initialising their own.

NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
these functions, and that may be a major part of the performance
improvements we're seeing. The "free" part can be removed because we're
using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
destruction automatically performs this task, so performing it inside
functions that may be called repeatedly is wasteful. This is currently safe
within openssl due to the fact that BN_CTX objects are never created for
longer than a single high-level operation. However, that is only because
there's currently no mechanism in openssl for thread-local storage. Beyond
that, this might be an issue for applications using the bignum API directly
and caching their own BN_CTX objects. The solution is to introduce a flag
to BN_CTX_start() that allows its variables to be automatically sanitised
on release during BN_CTX_end(). This way any higher-level function (and
perhaps the application) can specify this flag in its own
BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
specifying the flag to be ignored so that sanitisation is handled only once
back out at the higher level. I will be implementing this in the near
future.

1 files changed, 6 insertions, 5 deletions

diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
index 05b845b2a1..a08489e04a 100644
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -217,17 +217,18 @@ err:
 int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
 	{
 	int ret= -1;
-	BIGNUM t;
+	BIGNUM *t;
 
-	BN_init(&t);
+	BN_CTX_start(ctx);
+	if((t = BN_CTX_get(ctx)) == NULL) goto err;
 
-	if (!BN_set_bit(&t,len)) goto err;
+	if (!BN_set_bit(t,len)) goto err;
 
-	if (!BN_div(r,NULL,&t,m,ctx)) goto err;
+	if (!BN_div(r,NULL,t,m,ctx)) goto err;
 
 	ret=len;
 err:
-	BN_free(&t);
 	bn_check_top(r);
+	BN_CTX_end(ctx);
 	return(ret);
 	}