• G
    Adjust various bignum functions to use BN_CTX for variables instead of · c86f2054
    Geoff Thorpe 提交于
    locally initialising their own.
    
    NB: I've removed the "BN_clear_free()" loops for the exit-paths in some of
    these functions, and that may be a major part of the performance
    improvements we're seeing. The "free" part can be removed because we're
    using BN_CTX. The "clear" part OTOH can be removed because BN_CTX
    destruction automatically performs this task, so performing it inside
    functions that may be called repeatedly is wasteful. This is currently safe
    within openssl due to the fact that BN_CTX objects are never created for
    longer than a single high-level operation. However, that is only because
    there's currently no mechanism in openssl for thread-local storage. Beyond
    that, this might be an issue for applications using the bignum API directly
    and caching their own BN_CTX objects. The solution is to introduce a flag
    to BN_CTX_start() that allows its variables to be automatically sanitised
    on release during BN_CTX_end(). This way any higher-level function (and
    perhaps the application) can specify this flag in its own
    BN_CTX_start()/BN_CTX_end() pair, and this will cause inner-loop functions
    specifying the flag to be ignored so that sanitisation is handled only once
    back out at the higher level. I will be implementing this in the near
    future.
    c86f2054
bn_recp.c 6.6 KB