3 files changed, 48 insertions, 67 deletions
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index c51296c3c3..8ff518e938 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_exp.c,v 1.53 2024/04/10 14:58:06 beck Exp $ */
+/* $OpenBSD: bn_exp.c,v 1.54 2025/01/21 15:44:22 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -972,7 +972,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
        BIGNUM *aa, *q;
        /* Table of variables obtained from 'ctx' */
        BIGNUM *val[TABLE_SIZE];
-        BN_RECP_CTX recp;
+        BN_RECP_CTX *recp = NULL;
        int ret = 0;
        if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
@@ -992,8 +992,6 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
                return ret;
        }
-        BN_RECP_CTX_init(&recp);
        BN_CTX_start(ctx);
        if ((aa = BN_CTX_get(ctx)) == NULL)
                goto err;
@@ -1007,10 +1005,10 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
                if (!bn_copy(aa, m))
                        goto err;
                aa->neg = 0;
-                if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0)
+                if ((recp = BN_RECP_CTX_create(aa)) == 0)
                        goto err;
        } else {
-                if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)
+                if ((recp = BN_RECP_CTX_create(m)) == 0)
                        goto err;
        }
@@ -1025,13 +1023,13 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
        window = BN_window_bits_for_exponent_size(bits);
        if (window > 1) {
-                if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx))
+                if (!BN_mod_mul_reciprocal(aa, val[0], val[0], recp, ctx))
                        goto err;
                j = 1 << (window - 1);
                for (i = 1; i < j; i++) {
                        if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
                            !BN_mod_mul_reciprocal(val[i], val[i - 1],
-                            aa, &recp, ctx))
+                            aa, recp, ctx))
                                goto err;
                }
        }
@@ -1049,7 +1047,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
        for (;;) {
                if (BN_is_bit_set(q, wstart) == 0) {
                        if (!start)
-                                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                                if (!BN_mod_mul_reciprocal(r, r, r, recp, ctx))
                                        goto err;
                        if (wstart == 0)
                                break;
@@ -1078,12 +1076,12 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
                /* add the 'bytes above' */
                if (!start)
                        for (i = 0; i < j; i++) {
-                                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                                if (!BN_mod_mul_reciprocal(r, r, r, recp, ctx))
                                        goto err;
                        }
                /* wvalue will be an odd number < 2^window */
-                if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx))
+                if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], recp, ctx))
                        goto err;
                /* move the 'window' down further */
@@ -1099,7 +1097,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 err:
        BN_CTX_end(ctx);
-        BN_RECP_CTX_free(&recp);
+        BN_RECP_CTX_free(recp);
        return ret;
 }
diff --git a/src/lib/libcrypto/bn/bn_local.h b/src/lib/libcrypto/bn/bn_local.h
index 310cce2a0e..2042e0b193 100644
--- a/src/lib/libcrypto/bn/bn_local.h
+++ b/src/lib/libcrypto/bn/bn_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_local.h,v 1.45 2025/01/06 13:47:37 tb Exp $ */
+/* $OpenBSD: bn_local.h,v 1.46 2025/01/21 15:44:22 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -138,16 +138,7 @@ struct bn_mont_ctx_st {
        int flags;
 };
-/* Used for reciprocal division/mod functions
+typedef struct bn_recp_ctx_st BN_RECP_CTX;
- * It cannot be shared between threads
- */
-typedef struct bn_recp_ctx_st {
-        BIGNUM N;       /* the divisor */
-        BIGNUM Nr;      /* the reciprocal */
-        int num_bits;
-        int shift;
-        int flags;
-} BN_RECP_CTX;
 /* Used for slow "generation" functions. */
 struct bn_gencb_st {
@@ -280,10 +271,8 @@ int bn_rand_interval(BIGNUM *rnd, BN_ULONG lower_word, const BIGNUM *upper_exc);
 void    BN_init(BIGNUM *);
-void    BN_RECP_CTX_init(BN_RECP_CTX *recp);
+BN_RECP_CTX *BN_RECP_CTX_create(const BIGNUM *N);
-BN_RECP_CTX *BN_RECP_CTX_new(void);
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
-void    BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int     BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
 int     BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
    BN_CTX *ctx);
 int     BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c
index 44c5b05e4d..e7484f9f4b 100644
--- a/src/lib/libcrypto/bn/bn_recp.c
+++ b/src/lib/libcrypto/bn/bn_recp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_recp.c,v 1.25 2025/01/08 20:21:28 tb Exp $ */
+/* $OpenBSD: bn_recp.c,v 1.26 2025/01/21 15:44:22 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -62,26 +62,34 @@
 #include "bn_local.h"
-void
+struct bn_recp_ctx_st {
-BN_RECP_CTX_init(BN_RECP_CTX *recp)
+        BIGNUM *N;      /* the divisor */
-{
+        BIGNUM *Nr;     /* the reciprocal 2^shift / N */
-        BN_init(&recp->N);
+        int num_bits;   /* number of bits in N */
-        BN_init(&recp->Nr);
+        int shift;
-        recp->num_bits = 0;
+} /* BN_RECP_CTX */;
-        recp->flags = 0;
-}
 BN_RECP_CTX *
-BN_RECP_CTX_new(void)
+BN_RECP_CTX_create(const BIGNUM *N)
 {
-        BN_RECP_CTX *ret;
+        BN_RECP_CTX *recp;
-        if ((ret = malloc(sizeof(BN_RECP_CTX))) == NULL)
+        if ((recp = calloc(1, sizeof(*recp))) == NULL)
-                return NULL;
+                goto err;
-        BN_RECP_CTX_init(ret);
+        if ((recp->N = BN_dup(N)) == NULL)
-        ret->flags = BN_FLG_MALLOCED;
+                goto err;
-        return ret;
+        recp->num_bits = BN_num_bits(recp->N);
+        if ((recp->Nr = BN_new()) == NULL)
+                goto err;
+        return recp;
+ err:
+        BN_RECP_CTX_free(recp);
+        return NULL;
 }
 void
@@ -90,23 +98,9 @@ BN_RECP_CTX_free(BN_RECP_CTX *recp)
        if (recp == NULL)
                return;
-        BN_free(&recp->N);
+        BN_free(recp->N);
-        BN_free(&recp->Nr);
+        BN_free(recp->Nr);
-        if (recp->flags & BN_FLG_MALLOCED)
+        freezero(recp, sizeof(*recp));
-                free(recp);
-}
-int
-BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
-{
-        if (!bn_copy(&recp->N, d))
-                return 0;
-        recp->num_bits = BN_num_bits(&recp->N);
-        BN_zero(&recp->Nr);
-        recp->shift = 0;
-        return 1;
 }
 /* len is the expected size of the result
@@ -158,7 +152,7 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
        if (a == NULL || b == NULL || d == NULL || r == NULL)
                goto err;
-        if (BN_ucmp(m, &recp->N) < 0) {
+        if (BN_ucmp(m, recp->N) < 0) {
                BN_zero(d);
                if (!bn_copy(r, m)) {
                        BN_CTX_end(ctx);
@@ -182,7 +176,7 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
        /* Nr := round(2^i / N) */
        if (i != recp->shift)
-                recp->shift = BN_reciprocal(&recp->Nr, &recp->N, i, ctx);
+                recp->shift = BN_reciprocal(recp->Nr, recp->N, i, ctx);
        /* BN_reciprocal returns i, or -1 for an error */
        if (recp->shift == -1)
@@ -195,13 +189,13 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
         */
        if (!BN_rshift(a, m, recp->num_bits))
                goto err;
-        if (!BN_mul(b, a, &recp->Nr, ctx))
+        if (!BN_mul(b, a, recp->Nr, ctx))
                goto err;
        if (!BN_rshift(d, b, i - recp->num_bits))
                goto err;
        d->neg = 0;
-        if (!BN_mul(b, &recp->N, d, ctx))
+        if (!BN_mul(b, recp->N, d, ctx))
                goto err;
        if (!BN_usub(r, m, b))
                goto err;
@@ -209,12 +203,12 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
 #if 1
        j = 0;
-        while (BN_ucmp(r, &recp->N) >= 0) {
+        while (BN_ucmp(r, recp->N) >= 0) {
                if (j++ > 2) {
                        BNerror(BN_R_BAD_RECIPROCAL);
                        goto err;
                }
-                if (!BN_usub(r, r, &recp->N))
+                if (!BN_usub(r, r, recp->N))
                        goto err;
                if (!BN_add_word(d, 1))
                        goto err;
@@ -222,7 +216,7 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
 #endif
        BN_set_negative(r, m->neg);
-        BN_set_negative(d, m->neg ^ recp->N.neg);
+        BN_set_negative(d, m->neg ^ recp->N->neg);
        ret = 1;