CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2023/01/14 08:23:27
Modified files: lib/libcrypto/bn: bn_ctx.c Log message: Rewrite BN_CTX. The current BN_CTX implementation is an incredibly overengineered piece of code, which even includes its own debug system. Rewrite BN_CTX from scratch, simplifying things things considerably by having a "stack" of BIGNUM pointers and a matching array of group assignments. This means that BN_CTX_start() and BN_CTX_end() effectively do not fail. Unlike the previous implementation, if a failure occurs nothing will work and the BN_CTX must be freed/recreated, instead of trying to pick up at the point where the failure occurred (which does not make sense given its intended usage). Additionally, it has long been documented that BN_CTX_start() must be called before BN_CTX_get() can be used, however the previous implementation did not actually enforce this. Now that missing BN_CTX_start() and BN_CTX_end() calls have been added to DSA and EC, we can actually make this a hard requirement. ok tb@