By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.
This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.
diff --git a/engines/e_cswift.c b/engines/e_cswift.c
index 793aacc..cc39cd4 100644
--- a/engines/e_cswift.c
+++ b/engines/e_cswift.c
@@ -103,7 +103,7 @@
#ifndef OPENSSL_NO_RSA
/* RSA stuff */
-static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
#endif
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -668,13 +668,10 @@
}
#ifndef OPENSSL_NO_RSA
-static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
- BN_CTX *ctx;
int to_return = 0;
- if((ctx = BN_CTX_new()) == NULL)
- goto err;
if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
{
CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
@@ -683,8 +680,6 @@
to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
rsa->dmq1, rsa->iqmp, ctx);
err:
- if(ctx)
- BN_CTX_free(ctx);
return to_return;
}
#endif
