diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-11-15 06:00:20 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-17 09:44:43 +1100 |
commit | fd1a96490cef7f945a1b3b5df4e90c8a1070f425 (patch) | |
tree | c806a64cad5969ddf02459d4535d5e9cf1ae9e4b /sk-usbhid.c | |
parent | 39b87104cdd47baf79ef77dc81de62cea07d119f (diff) |
upstream: remove most uses of BN_CTX
We weren't following the rules re BN_CTX_start/BN_CTX_end and the places
we were using it didn't benefit from its use anyway. ok dtucker@
OpenBSD-Commit-ID: ea9ba6c0d2e6f6adfe00b309a8f41842fe12fc7a
Diffstat (limited to 'sk-usbhid.c')
-rw-r--r-- | sk-usbhid.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/sk-usbhid.c b/sk-usbhid.c index 180f2eab9..d008b0a9a 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c | |||
@@ -282,15 +282,13 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) | |||
282 | BIGNUM *x = NULL, *y = NULL; | 282 | BIGNUM *x = NULL, *y = NULL; |
283 | EC_POINT *q = NULL; | 283 | EC_POINT *q = NULL; |
284 | EC_GROUP *g = NULL; | 284 | EC_GROUP *g = NULL; |
285 | BN_CTX *bn_ctx = NULL; | ||
286 | int ret = -1; | 285 | int ret = -1; |
287 | 286 | ||
288 | response->public_key = NULL; | 287 | response->public_key = NULL; |
289 | response->public_key_len = 0; | 288 | response->public_key_len = 0; |
290 | 289 | ||
291 | if ((bn_ctx = BN_CTX_new()) == NULL || | 290 | if ((x = BN_new()) == NULL || |
292 | (x = BN_CTX_get(bn_ctx)) == NULL || | 291 | (y = BN_new()) == NULL || |
293 | (y = BN_CTX_get(bn_ctx)) == NULL || | ||
294 | (g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL || | 292 | (g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL || |
295 | (q = EC_POINT_new(g)) == NULL) { | 293 | (q = EC_POINT_new(g)) == NULL) { |
296 | skdebug(__func__, "libcrypto setup failed"); | 294 | skdebug(__func__, "libcrypto setup failed"); |
@@ -311,12 +309,12 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) | |||
311 | skdebug(__func__, "BN_bin2bn failed"); | 309 | skdebug(__func__, "BN_bin2bn failed"); |
312 | goto out; | 310 | goto out; |
313 | } | 311 | } |
314 | if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, bn_ctx) != 1) { | 312 | if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) { |
315 | skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed"); | 313 | skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed"); |
316 | goto out; | 314 | goto out; |
317 | } | 315 | } |
318 | response->public_key_len = EC_POINT_point2oct(g, q, | 316 | response->public_key_len = EC_POINT_point2oct(g, q, |
319 | POINT_CONVERSION_UNCOMPRESSED, NULL, 0, bn_ctx); | 317 | POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL); |
320 | if (response->public_key_len == 0 || response->public_key_len > 2048) { | 318 | if (response->public_key_len == 0 || response->public_key_len > 2048) { |
321 | skdebug(__func__, "bad pubkey length %zu", | 319 | skdebug(__func__, "bad pubkey length %zu", |
322 | response->public_key_len); | 320 | response->public_key_len); |
@@ -327,7 +325,7 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) | |||
327 | goto out; | 325 | goto out; |
328 | } | 326 | } |
329 | if (EC_POINT_point2oct(g, q, POINT_CONVERSION_UNCOMPRESSED, | 327 | if (EC_POINT_point2oct(g, q, POINT_CONVERSION_UNCOMPRESSED, |
330 | response->public_key, response->public_key_len, bn_ctx) == 0) { | 328 | response->public_key, response->public_key_len, NULL) == 0) { |
331 | skdebug(__func__, "EC_POINT_point2oct failed"); | 329 | skdebug(__func__, "EC_POINT_point2oct failed"); |
332 | goto out; | 330 | goto out; |
333 | } | 331 | } |
@@ -341,7 +339,8 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response) | |||
341 | } | 339 | } |
342 | EC_POINT_free(q); | 340 | EC_POINT_free(q); |
343 | EC_GROUP_free(g); | 341 | EC_GROUP_free(g); |
344 | BN_CTX_free(bn_ctx); | 342 | BN_clear_free(x); |
343 | BN_clear_free(y); | ||
345 | return ret; | 344 | return ret; |
346 | } | 345 | } |
347 | 346 | ||