diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-11-15 06:00:20 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-11-17 09:44:43 +1100 |
| commit | fd1a96490cef7f945a1b3b5df4e90c8a1070f425 (patch) | |
| tree | c806a64cad5969ddf02459d4535d5e9cf1ae9e4b /sk-usbhid.c | |
| parent | 39b87104cdd47baf79ef77dc81de62cea07d119f (diff) | |
| download | openssh-git-fd1a96490cef7f945a1b3b5df4e90c8a1070f425.tar.gz | |
upstream: remove most uses of BN_CTX
We weren't following the rules re BN_CTX_start/BN_CTX_end and the places
we were using it didn't benefit from its use anyway. ok dtucker@
OpenBSD-Commit-ID: ea9ba6c0d2e6f6adfe00b309a8f41842fe12fc7a
Diffstat (limited to 'sk-usbhid.c')
| -rw-r--r-- | sk-usbhid.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/sk-usbhid.c b/sk-usbhid.c index 180f2eab..d008b0a9 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c @@ -282,15 +282,13 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) BIGNUM *x = NULL, *y = NULL; EC_POINT *q = NULL; EC_GROUP *g = NULL; - BN_CTX *bn_ctx = NULL; int ret = -1; response->public_key = NULL; response->public_key_len = 0; - if ((bn_ctx = BN_CTX_new()) == NULL || - (x = BN_CTX_get(bn_ctx)) == NULL || - (y = BN_CTX_get(bn_ctx)) == NULL || + if ((x = BN_new()) == NULL || + (y = BN_new()) == NULL || (g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL || (q = EC_POINT_new(g)) == NULL) { skdebug(__func__, "libcrypto setup failed"); @@ -311,12 +309,12 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) skdebug(__func__, "BN_bin2bn failed"); goto out; } - if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, bn_ctx) != 1) { + if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) { skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed"); goto out; } response->public_key_len = EC_POINT_point2oct(g, q, - POINT_CONVERSION_UNCOMPRESSED, NULL, 0, bn_ctx); + POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL); if (response->public_key_len == 0 || response->public_key_len > 2048) { skdebug(__func__, "bad pubkey length %zu", response->public_key_len); @@ -327,7 +325,7 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) goto out; } if (EC_POINT_point2oct(g, q, POINT_CONVERSION_UNCOMPRESSED, - response->public_key, response->public_key_len, bn_ctx) == 0) { + response->public_key, response->public_key_len, NULL) == 0) { skdebug(__func__, "EC_POINT_point2oct failed"); goto out; } @@ -341,7 +339,8 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) } EC_POINT_free(q); EC_GROUP_free(g); - BN_CTX_free(bn_ctx); + BN_clear_free(x); + BN_clear_free(y); return ret; } |