Split BN_mod_sqr_reciprocal() out of BN_mod_mul_reciprocal()

There's no need for BN_mod_mul_reciprocal() to have this complication.
The caller knows when x == y, so place the burden on the caller. This
simplifies both the caller side and the implementation in bn_recp.c.

ok jsing

1 files changed, 12 insertions, 18 deletions

diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c
index 8dd6b8af65..bf38380710 100644
--- a/src/lib/libcrypto/bn/bn_recp.c
+++ b/src/lib/libcrypto/bn/bn_recp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_recp.c,v 1.27 2025/01/22 09:39:56 tb Exp $ */
+/* $OpenBSD: bn_recp.c,v 1.28 2025/01/22 10:08:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -230,24 +230,18 @@ int
 BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
     BN_RECP_CTX *recp, BN_CTX *ctx)
 {
-        int ret = 0;
-        BIGNUM *a;
+        if (!BN_mul(r, x, y, ctx))
+                return 0;
 
-        BN_CTX_start(ctx);
-        if ((a = BN_CTX_get(ctx)) == NULL)
-                goto err;
-
-        if (x == y) {
-                if (!BN_sqr(a, x, ctx))
-                        goto err;
-        } else {
-                if (!BN_mul(a, x, y, ctx))
-                        goto err;
-        }
+        return BN_div_recp(NULL, r, r, recp, ctx);
+}
 
-        ret = BN_div_recp(NULL, r, a, recp, ctx);
+/* Compute r = x^2 % m. */
+int
+BN_mod_sqr_reciprocal(BIGNUM *r, const BIGNUM *x, BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+        if (!BN_sqr(r, x, ctx))
+                return 0;
 
-err:
-        BN_CTX_end(ctx);
-        return ret;
+        return BN_div_recp(NULL, r, r, recp, ctx);
 }