[tor-commits] [stegotorus/master] Use one global BN_CTX rather than allocating one per ECDH object.

zwol at torproject.org zwol at torproject.org
Fri Jul 20 23:17:08 UTC 2012


commit 379b9bae47b7671e90cdf9f8cd769630a4e4c4ca
Author: Zack Weinberg <zackw at cmu.edu>
Date:   Thu Jun 7 14:51:22 2012 -0700

    Use one global BN_CTX rather than allocating one per ECDH object.
---
 src/audit-globals.sh |    1 +
 src/crypt.cc         |   33 +++++++++++++++++----------------
 2 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/src/audit-globals.sh b/src/audit-globals.sh
index 025549f..27cab3a 100644
--- a/src/audit-globals.sh
+++ b/src/audit-globals.sh
@@ -35,6 +35,7 @@ sed '
   /^connections last_ckt_serial$/d
   /^connections last_conn_serial$/d
   /^connections shutting_down$/d
+  /^crypt bctx$/d
   /^crypt crypto_initialized$/d
   /^crypt crypto_errs_initialized$/d
   /^main allow_kq$/d
diff --git a/src/crypt.cc b/src/crypt.cc
index ec59511..1110d0b 100644
--- a/src/crypt.cc
+++ b/src/crypt.cc
@@ -15,6 +15,7 @@
 
 static bool crypto_initialized = false;
 static bool crypto_errs_initialized = false;
+static BN_CTX *bctx = 0;
 
 #define REQUIRE_INIT_CRYPTO() \
   log_assert(crypto_initialized)
@@ -28,19 +29,23 @@ init_crypto()
   CRYPTO_set_mem_functions(xmalloc, xrealloc, free);
   ENGINE_load_builtin_engines();
   ENGINE_register_all_complete();
+  bctx = BN_CTX_new();
+  if (!bctx)
+    log_crypto_abort("initialization");
 
-  // we don't need to call OpenSSL_add_all_algorithms, since we never
+  // We don't need to call OpenSSL_add_all_algorithms, since we never
   // look up ciphers by textual name.
 }
 
 void
 free_crypto()
 {
-  // we don't need to call EVP_cleanup, since we never called
-  // OpenSSL_add_all_algorithms.
-
-  if (crypto_initialized)
+  if (crypto_initialized) {
+    // We don't need to call EVP_cleanup, since we never called
+    // OpenSSL_add_all_algorithms.
+    BN_CTX_free(bctx);
     ENGINE_cleanup();
+  }
   if (crypto_errs_initialized)
     ERR_free_strings();
 }
@@ -420,7 +425,6 @@ namespace {
   struct ecdh_message_impl : ecdh_message
   {
     EC_KEY *key;
-    BN_CTX *ctx;
     ecdh_message_impl();
     ecdh_message_impl(const uint8_t *secret);
 
@@ -433,21 +437,19 @@ namespace {
 }
 
 ecdh_message_impl::ecdh_message_impl()
-  : key(EC_KEY_new_by_curve_name(NID_secp224r1)),
-    ctx(BN_CTX_new())
+  : key(EC_KEY_new_by_curve_name(NID_secp224r1))
 {
-  if (!key || !ctx)
+  if (!key)
     log_crypto_abort("ecdh_message::allocate data");
   if (!EC_KEY_generate_key(key))
     log_crypto_abort("ecdh_message::generate key");
 }
 
 ecdh_message_impl::ecdh_message_impl(const uint8_t *secret)
-  : key(EC_KEY_new_by_curve_name(NID_secp224r1)),
-    ctx(BN_CTX_new())
+  : key(EC_KEY_new_by_curve_name(NID_secp224r1))
 {
   BIGNUM *sb = BN_bin2bn(secret, EC_P224_LEN, 0);
-  if (!key || !ctx || !sb)
+  if (!key || !sb)
     log_crypto_abort("ecdh_message::allocate data");
 
   if (!EC_KEY_set_private_key(key, sb))
@@ -476,7 +478,7 @@ ecdh_message_impl::regen_pubkey()
   if (!pub)
     return -1;
 
-  if (!EC_POINT_mul(grp, pub, priv, 0, 0, ctx))
+  if (!EC_POINT_mul(grp, pub, priv, 0, 0, bctx))
     return -1;
 
   EC_KEY_set_public_key(key, pub);
@@ -510,7 +512,6 @@ ecdh_message::~ecdh_message() {}
 ecdh_message_impl::~ecdh_message_impl()
 {
   EC_KEY_free(key);
-  BN_CTX_free(ctx);
 }
 
 void
@@ -525,7 +526,7 @@ ecdh_message_impl::encode(uint8_t *xcoord_out) const
   if (!x)
     log_crypto_abort("ecdh_message_encode::allocate data");
 
-  if (!EC_POINT_get_affine_coordinates_GFp(grp, pub, x, 0, ctx))
+  if (!EC_POINT_get_affine_coordinates_GFp(grp, pub, x, 0, bctx))
     log_crypto_abort("ecdh_message_encode::extract x-coordinate");
 
   size_t sbytes = BN_num_bytes(x);
@@ -559,7 +560,7 @@ ecdh_message_impl::combine(const uint8_t *xcoord_other,
     goto done;
   }
 
-  if (!EC_POINT_set_compressed_coordinates_GFp(grp, pub, x, 0, ctx)) {
+  if (!EC_POINT_set_compressed_coordinates_GFp(grp, pub, x, 0, bctx)) {
     log_crypto_warn("ecdh_message_combine::recover their point");
     goto done;
   }





More information about the tor-commits mailing list