diff options
| author | tb <> | 2025-02-13 11:15:09 +0000 |
|---|---|---|
| committer | tb <> | 2025-02-13 11:15:09 +0000 |
| commit | c2cead087866346329b7a6d7cafc043d2bddc9e8 (patch) | |
| tree | 03b4a15e685206e93e53ad8ed47eab94811c87a4 | |
| parent | 9f74244c49777c6372916bb15863377b2ca08bb1 (diff) | |
| download | openbsd-c2cead087866346329b7a6d7cafc043d2bddc9e8.tar.gz openbsd-c2cead087866346329b7a6d7cafc043d2bddc9e8.tar.bz2 openbsd-c2cead087866346329b7a6d7cafc043d2bddc9e8.zip | |
Convert bn_exp to BN_MONT_CTX_create()
This simplifies the handling of the BN_MONT_CTX passed in and unifies the
exit paths. Also zap some particularly insightful comments by our favorite
captain.
ok jsing
| -rw-r--r-- | src/lib/libcrypto/bn/bn_exp.c | 91 |
1 files changed, 38 insertions, 53 deletions
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c index 85c192b30a..e925d325d2 100644 --- a/src/lib/libcrypto/bn/bn_exp.c +++ b/src/lib/libcrypto/bn/bn_exp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_exp.c,v 1.57 2025/02/12 21:21:34 tb Exp $ */ | 1 | /* $OpenBSD: bn_exp.c,v 1.58 2025/02/13 11:15:09 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -425,18 +425,10 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, | |||
| 425 | 425 | ||
| 426 | BN_CTX_start(ctx); | 426 | BN_CTX_start(ctx); |
| 427 | 427 | ||
| 428 | /* | 428 | if ((mont = in_mont) == NULL) |
| 429 | * Allocate a Montgomery context if it was not supplied by the caller. | 429 | mont = BN_MONT_CTX_create(m, ctx); |
| 430 | * If this is not done, things will break in the montgomery part. | 430 | if (mont == NULL) |
| 431 | */ | 431 | goto err; |
| 432 | if (in_mont != NULL) | ||
| 433 | mont = in_mont; | ||
| 434 | else { | ||
| 435 | if ((mont = BN_MONT_CTX_new()) == NULL) | ||
| 436 | goto err; | ||
| 437 | if (!BN_MONT_CTX_set(mont, m, ctx)) | ||
| 438 | goto err; | ||
| 439 | } | ||
| 440 | 432 | ||
| 441 | /* Get the window size to use with size of p. */ | 433 | /* Get the window size to use with size of p. */ |
| 442 | window = BN_window_bits_for_ctime_exponent_size(bits); | 434 | window = BN_window_bits_for_ctime_exponent_size(bits); |
| @@ -636,14 +628,16 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, | |||
| 636 | /* Convert the final result from montgomery to standard format */ | 628 | /* Convert the final result from montgomery to standard format */ |
| 637 | if (!BN_from_montgomery(rr, &tmp, mont, ctx)) | 629 | if (!BN_from_montgomery(rr, &tmp, mont, ctx)) |
| 638 | goto err; | 630 | goto err; |
| 631 | |||
| 639 | ret = 1; | 632 | ret = 1; |
| 640 | 633 | ||
| 641 | err: | 634 | err: |
| 642 | if ((in_mont == NULL) && (mont != NULL)) | 635 | if (mont != in_mont) |
| 643 | BN_MONT_CTX_free(mont); | 636 | BN_MONT_CTX_free(mont); |
| 644 | freezero(powerbufFree, powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH); | ||
| 645 | BN_CTX_end(ctx); | 637 | BN_CTX_end(ctx); |
| 646 | return (ret); | 638 | freezero(powerbufFree, powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH); |
| 639 | |||
| 640 | return ret; | ||
| 647 | } | 641 | } |
| 648 | LCRYPTO_ALIAS(BN_mod_exp_mont_consttime); | 642 | LCRYPTO_ALIAS(BN_mod_exp_mont_consttime); |
| 649 | 643 | ||
| @@ -688,17 +682,10 @@ BN_mod_exp_mont_internal(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIG | |||
| 688 | if ((val[0] = BN_CTX_get(ctx)) == NULL) | 682 | if ((val[0] = BN_CTX_get(ctx)) == NULL) |
| 689 | goto err; | 683 | goto err; |
| 690 | 684 | ||
| 691 | /* If this is not done, things will break in the montgomery | 685 | if ((mont = in_mont) == NULL) |
| 692 | * part */ | 686 | mont = BN_MONT_CTX_create(m, ctx); |
| 693 | 687 | if (mont == NULL) | |
| 694 | if (in_mont != NULL) | 688 | goto err; |
| 695 | mont = in_mont; | ||
| 696 | else { | ||
| 697 | if ((mont = BN_MONT_CTX_new()) == NULL) | ||
| 698 | goto err; | ||
| 699 | if (!BN_MONT_CTX_set(mont, m, ctx)) | ||
| 700 | goto err; | ||
| 701 | } | ||
| 702 | 689 | ||
| 703 | if (!BN_nnmod(val[0], a,m, ctx)) | 690 | if (!BN_nnmod(val[0], a,m, ctx)) |
| 704 | goto err; | 691 | goto err; |
| @@ -783,13 +770,15 @@ BN_mod_exp_mont_internal(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIG | |||
| 783 | } | 770 | } |
| 784 | if (!BN_from_montgomery(rr, r,mont, ctx)) | 771 | if (!BN_from_montgomery(rr, r,mont, ctx)) |
| 785 | goto err; | 772 | goto err; |
| 773 | |||
| 786 | ret = 1; | 774 | ret = 1; |
| 787 | 775 | ||
| 788 | err: | 776 | err: |
| 789 | if ((in_mont == NULL) && (mont != NULL)) | 777 | if (mont != in_mont) |
| 790 | BN_MONT_CTX_free(mont); | 778 | BN_MONT_CTX_free(mont); |
| 791 | BN_CTX_end(ctx); | 779 | BN_CTX_end(ctx); |
| 792 | return (ret); | 780 | |
| 781 | return ret; | ||
| 793 | } | 782 | } |
| 794 | 783 | ||
| 795 | int | 784 | int |
| @@ -879,14 +868,10 @@ BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m, | |||
| 879 | if ((t = BN_CTX_get(ctx)) == NULL) | 868 | if ((t = BN_CTX_get(ctx)) == NULL) |
| 880 | goto err; | 869 | goto err; |
| 881 | 870 | ||
| 882 | if (in_mont != NULL) | 871 | if ((mont = in_mont) == NULL) |
| 883 | mont = in_mont; | 872 | mont = BN_MONT_CTX_create(m, ctx); |
| 884 | else { | 873 | if (mont == NULL) |
| 885 | if ((mont = BN_MONT_CTX_new()) == NULL) | 874 | goto err; |
| 886 | goto err; | ||
| 887 | if (!BN_MONT_CTX_set(mont, m, ctx)) | ||
| 888 | goto err; | ||
| 889 | } | ||
| 890 | 875 | ||
| 891 | r_is_one = 1; /* except for Montgomery factor */ | 876 | r_is_one = 1; /* except for Montgomery factor */ |
| 892 | 877 | ||
| @@ -954,13 +939,15 @@ BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m, | |||
| 954 | if (!BN_from_montgomery(rr, r, mont, ctx)) | 939 | if (!BN_from_montgomery(rr, r, mont, ctx)) |
| 955 | goto err; | 940 | goto err; |
| 956 | } | 941 | } |
| 942 | |||
| 957 | ret = 1; | 943 | ret = 1; |
| 958 | 944 | ||
| 959 | err: | 945 | err: |
| 960 | if ((in_mont == NULL) && (mont != NULL)) | 946 | if (mont != in_mont) |
| 961 | BN_MONT_CTX_free(mont); | 947 | BN_MONT_CTX_free(mont); |
| 962 | BN_CTX_end(ctx); | 948 | BN_CTX_end(ctx); |
| 963 | return (ret); | 949 | |
| 950 | return ret; | ||
| 964 | } | 951 | } |
| 965 | 952 | ||
| 966 | int | 953 | int |
| @@ -1203,14 +1190,10 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 1203 | if ((val2[0] = BN_CTX_get(ctx)) == NULL) | 1190 | if ((val2[0] = BN_CTX_get(ctx)) == NULL) |
| 1204 | goto err; | 1191 | goto err; |
| 1205 | 1192 | ||
| 1206 | if (in_mont != NULL) | 1193 | if ((mont = in_mont) == NULL) |
| 1207 | mont = in_mont; | 1194 | mont = BN_MONT_CTX_create(m, ctx); |
| 1208 | else { | 1195 | if (mont == NULL) |
| 1209 | if ((mont = BN_MONT_CTX_new()) == NULL) | 1196 | goto err; |
| 1210 | goto err; | ||
| 1211 | if (!BN_MONT_CTX_set(mont, m, ctx)) | ||
| 1212 | goto err; | ||
| 1213 | } | ||
| 1214 | 1197 | ||
| 1215 | window1 = BN_window_bits_for_exponent_size(bits1); | 1198 | window1 = BN_window_bits_for_exponent_size(bits1); |
| 1216 | window2 = BN_window_bits_for_exponent_size(bits2); | 1199 | window2 = BN_window_bits_for_exponent_size(bits2); |
| @@ -1335,11 +1318,13 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 1335 | } | 1318 | } |
| 1336 | if (!BN_from_montgomery(rr, r,mont, ctx)) | 1319 | if (!BN_from_montgomery(rr, r,mont, ctx)) |
| 1337 | goto err; | 1320 | goto err; |
| 1321 | |||
| 1338 | ret = 1; | 1322 | ret = 1; |
| 1339 | 1323 | ||
| 1340 | err: | 1324 | err: |
| 1341 | if ((in_mont == NULL) && (mont != NULL)) | 1325 | if (mont != in_mont) |
| 1342 | BN_MONT_CTX_free(mont); | 1326 | BN_MONT_CTX_free(mont); |
| 1343 | BN_CTX_end(ctx); | 1327 | BN_CTX_end(ctx); |
| 1344 | return (ret); | 1328 | |
| 1329 | return ret; | ||
| 1345 | } | 1330 | } |