summaryrefslogtreecommitdiff
path: root/sk-usbhid.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-11-15 06:00:20 +0000
committerDamien Miller <djm@mindrot.org>2019-11-17 09:44:43 +1100
commitfd1a96490cef7f945a1b3b5df4e90c8a1070f425 (patch)
treec806a64cad5969ddf02459d4535d5e9cf1ae9e4b /sk-usbhid.c
parent39b87104cdd47baf79ef77dc81de62cea07d119f (diff)
upstream: remove most uses of BN_CTX
We weren't following the rules re BN_CTX_start/BN_CTX_end and the places we were using it didn't benefit from its use anyway. ok dtucker@ OpenBSD-Commit-ID: ea9ba6c0d2e6f6adfe00b309a8f41842fe12fc7a
Diffstat (limited to 'sk-usbhid.c')
-rw-r--r--sk-usbhid.c15
1 files changed, 7 insertions, 8 deletions
diff --git a/sk-usbhid.c b/sk-usbhid.c
index 180f2eab9..d008b0a9a 100644
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -282,15 +282,13 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response)
282 BIGNUM *x = NULL, *y = NULL; 282 BIGNUM *x = NULL, *y = NULL;
283 EC_POINT *q = NULL; 283 EC_POINT *q = NULL;
284 EC_GROUP *g = NULL; 284 EC_GROUP *g = NULL;
285 BN_CTX *bn_ctx = NULL;
286 int ret = -1; 285 int ret = -1;
287 286
288 response->public_key = NULL; 287 response->public_key = NULL;
289 response->public_key_len = 0; 288 response->public_key_len = 0;
290 289
291 if ((bn_ctx = BN_CTX_new()) == NULL || 290 if ((x = BN_new()) == NULL ||
292 (x = BN_CTX_get(bn_ctx)) == NULL || 291 (y = BN_new()) == NULL ||
293 (y = BN_CTX_get(bn_ctx)) == NULL ||
294 (g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL || 292 (g = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL ||
295 (q = EC_POINT_new(g)) == NULL) { 293 (q = EC_POINT_new(g)) == NULL) {
296 skdebug(__func__, "libcrypto setup failed"); 294 skdebug(__func__, "libcrypto setup failed");
@@ -311,12 +309,12 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response)
311 skdebug(__func__, "BN_bin2bn failed"); 309 skdebug(__func__, "BN_bin2bn failed");
312 goto out; 310 goto out;
313 } 311 }
314 if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, bn_ctx) != 1) { 312 if (EC_POINT_set_affine_coordinates_GFp(g, q, x, y, NULL) != 1) {
315 skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed"); 313 skdebug(__func__, "EC_POINT_set_affine_coordinates_GFp failed");
316 goto out; 314 goto out;
317 } 315 }
318 response->public_key_len = EC_POINT_point2oct(g, q, 316 response->public_key_len = EC_POINT_point2oct(g, q,
319 POINT_CONVERSION_UNCOMPRESSED, NULL, 0, bn_ctx); 317 POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
320 if (response->public_key_len == 0 || response->public_key_len > 2048) { 318 if (response->public_key_len == 0 || response->public_key_len > 2048) {
321 skdebug(__func__, "bad pubkey length %zu", 319 skdebug(__func__, "bad pubkey length %zu",
322 response->public_key_len); 320 response->public_key_len);
@@ -327,7 +325,7 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response)
327 goto out; 325 goto out;
328 } 326 }
329 if (EC_POINT_point2oct(g, q, POINT_CONVERSION_UNCOMPRESSED, 327 if (EC_POINT_point2oct(g, q, POINT_CONVERSION_UNCOMPRESSED,
330 response->public_key, response->public_key_len, bn_ctx) == 0) { 328 response->public_key, response->public_key_len, NULL) == 0) {
331 skdebug(__func__, "EC_POINT_point2oct failed"); 329 skdebug(__func__, "EC_POINT_point2oct failed");
332 goto out; 330 goto out;
333 } 331 }
@@ -341,7 +339,8 @@ pack_public_key_ecdsa(fido_cred_t *cred, struct sk_enroll_response *response)
341 } 339 }
342 EC_POINT_free(q); 340 EC_POINT_free(q);
343 EC_GROUP_free(g); 341 EC_GROUP_free(g);
344 BN_CTX_free(bn_ctx); 342 BN_clear_free(x);
343 BN_clear_free(y);
345 return ret; 344 return ret;
346} 345}
347 346