[tor-commits] [stegotorus/master] Use one global BN_CTX rather than allocating one per ECDH object.
zwol at torproject.org
zwol at torproject.org
Fri Jul 20 23:17:08 UTC 2012
commit 379b9bae47b7671e90cdf9f8cd769630a4e4c4ca
Author: Zack Weinberg <zackw at cmu.edu>
Date: Thu Jun 7 14:51:22 2012 -0700
Use one global BN_CTX rather than allocating one per ECDH object.
---
src/audit-globals.sh | 1 +
src/crypt.cc | 33 +++++++++++++++++----------------
2 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/src/audit-globals.sh b/src/audit-globals.sh
index 025549f..27cab3a 100644
--- a/src/audit-globals.sh
+++ b/src/audit-globals.sh
@@ -35,6 +35,7 @@ sed '
/^connections last_ckt_serial$/d
/^connections last_conn_serial$/d
/^connections shutting_down$/d
+ /^crypt bctx$/d
/^crypt crypto_initialized$/d
/^crypt crypto_errs_initialized$/d
/^main allow_kq$/d
diff --git a/src/crypt.cc b/src/crypt.cc
index ec59511..1110d0b 100644
--- a/src/crypt.cc
+++ b/src/crypt.cc
@@ -15,6 +15,7 @@
static bool crypto_initialized = false;
static bool crypto_errs_initialized = false;
+static BN_CTX *bctx = 0;
#define REQUIRE_INIT_CRYPTO() \
log_assert(crypto_initialized)
@@ -28,19 +29,23 @@ init_crypto()
CRYPTO_set_mem_functions(xmalloc, xrealloc, free);
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
+ bctx = BN_CTX_new();
+ if (!bctx)
+ log_crypto_abort("initialization");
- // we don't need to call OpenSSL_add_all_algorithms, since we never
+ // We don't need to call OpenSSL_add_all_algorithms, since we never
// look up ciphers by textual name.
}
void
free_crypto()
{
- // we don't need to call EVP_cleanup, since we never called
- // OpenSSL_add_all_algorithms.
-
- if (crypto_initialized)
+ if (crypto_initialized) {
+ // We don't need to call EVP_cleanup, since we never called
+ // OpenSSL_add_all_algorithms.
+ BN_CTX_free(bctx);
ENGINE_cleanup();
+ }
if (crypto_errs_initialized)
ERR_free_strings();
}
@@ -420,7 +425,6 @@ namespace {
struct ecdh_message_impl : ecdh_message
{
EC_KEY *key;
- BN_CTX *ctx;
ecdh_message_impl();
ecdh_message_impl(const uint8_t *secret);
@@ -433,21 +437,19 @@ namespace {
}
ecdh_message_impl::ecdh_message_impl()
- : key(EC_KEY_new_by_curve_name(NID_secp224r1)),
- ctx(BN_CTX_new())
+ : key(EC_KEY_new_by_curve_name(NID_secp224r1))
{
- if (!key || !ctx)
+ if (!key)
log_crypto_abort("ecdh_message::allocate data");
if (!EC_KEY_generate_key(key))
log_crypto_abort("ecdh_message::generate key");
}
ecdh_message_impl::ecdh_message_impl(const uint8_t *secret)
- : key(EC_KEY_new_by_curve_name(NID_secp224r1)),
- ctx(BN_CTX_new())
+ : key(EC_KEY_new_by_curve_name(NID_secp224r1))
{
BIGNUM *sb = BN_bin2bn(secret, EC_P224_LEN, 0);
- if (!key || !ctx || !sb)
+ if (!key || !sb)
log_crypto_abort("ecdh_message::allocate data");
if (!EC_KEY_set_private_key(key, sb))
@@ -476,7 +478,7 @@ ecdh_message_impl::regen_pubkey()
if (!pub)
return -1;
- if (!EC_POINT_mul(grp, pub, priv, 0, 0, ctx))
+ if (!EC_POINT_mul(grp, pub, priv, 0, 0, bctx))
return -1;
EC_KEY_set_public_key(key, pub);
@@ -510,7 +512,6 @@ ecdh_message::~ecdh_message() {}
ecdh_message_impl::~ecdh_message_impl()
{
EC_KEY_free(key);
- BN_CTX_free(ctx);
}
void
@@ -525,7 +526,7 @@ ecdh_message_impl::encode(uint8_t *xcoord_out) const
if (!x)
log_crypto_abort("ecdh_message_encode::allocate data");
- if (!EC_POINT_get_affine_coordinates_GFp(grp, pub, x, 0, ctx))
+ if (!EC_POINT_get_affine_coordinates_GFp(grp, pub, x, 0, bctx))
log_crypto_abort("ecdh_message_encode::extract x-coordinate");
size_t sbytes = BN_num_bytes(x);
@@ -559,7 +560,7 @@ ecdh_message_impl::combine(const uint8_t *xcoord_other,
goto done;
}
- if (!EC_POINT_set_compressed_coordinates_GFp(grp, pub, x, 0, ctx)) {
+ if (!EC_POINT_set_compressed_coordinates_GFp(grp, pub, x, 0, bctx)) {
log_crypto_warn("ecdh_message_combine::recover their point");
goto done;
}
More information about the tor-commits
mailing list