Implement BN_CTX_get #8388
Implement BN_CTX_get #8388
Conversation
julek-wolfssl
force-pushed
the
BN_CTX_get
branch
from
492430e to
fb0cb02
Compare
julek-wolfssl
force-pushed
the
BN_CTX_get
branch
from
fb0cb02 to
4c06c6a
Compare
| */ | ||
| WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void) | ||
| { | ||
| /* wolfcrypt doesn't need BN context. */ | ||
| static int ctx; | ||
| WOLFSSL_BN_CTX* ctx = NULL; |
There was a problem hiding this comment.
Ifdef to not allocate a BN_CTX.
There was a problem hiding this comment.
I don't understand. You want a macro to keep the old solution?
There was a problem hiding this comment.
BN_CTX is not needed most of the time - only when using the BN_CTX_get() API.
Most projects don't use this API.
Have a ifdef to return to the behaviour that uses less resources.
There was a problem hiding this comment.
Added option to compile it out.
src/ssl_bn.c
Outdated
| WOLFSSL_ENTER("wolfSSL_BN_CTX_init"); | ||
| if (ctx != NULL) { | ||
| XMEMSET(ctx, 0, sizeof(WOLFSSL_BN_CTX)); |
There was a problem hiding this comment.
Old implementations in OpenSSL reset the pool and isn't meant to be called in BN_CTX_new().
API only in 1.0.2 and earlier.
There was a problem hiding this comment.
Its called in the original implementations of BN_CTX_new (openssl/openssl@9b14112#diff-9ef8217a3064ad4a970c33b34c9c8cabc4d8452ae282e5c1a19cbb0d8793fd88R74). Would you like me to separate the functions out? Maybe we should deprecate wolfSSL_BN_CTX_init as its equivalent is no longer in OpenSSL for a long time.
There was a problem hiding this comment.
sigh our implementation is not doing the right thing then.
BN_CTX_init is an OpenSSL API - our implementation has to match theirs.
Definitely deprecate it!
There was a problem hiding this comment.
Removed BN_CTX_init.
|
Retest this please. |
julek-wolfssl
assigned wolfSSL-Bot and SparkiDev and unassigned wolfSSL-Bot and julek-wolfssl
No description provided.