1 files changed, 38 insertions, 53 deletions
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index 85c192b30a..e925d325d2 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_exp.c,v 1.57 2025/02/12 21:21:34 tb Exp $ */
+/* $OpenBSD: bn_exp.c,v 1.58 2025/02/13 11:15:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -425,18 +425,10 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        BN_CTX_start(ctx);
-        /*
+        if ((mont = in_mont) == NULL)
-         * Allocate a Montgomery context if it was not supplied by the caller.
+                mont = BN_MONT_CTX_create(m, ctx);
-         * If this is not done, things will break in the montgomery part.
+        if (mont == NULL)
-         */
+                goto err;
-        if (in_mont != NULL)
-                mont = in_mont;
-        else {
-                if ((mont = BN_MONT_CTX_new()) == NULL)
-                        goto err;
-                if (!BN_MONT_CTX_set(mont, m, ctx))
-                        goto err;
-        }
        /* Get the window size to use with size of p. */
        window = BN_window_bits_for_ctime_exponent_size(bits);
@@ -636,14 +628,16 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        /* Convert the final result from montgomery to standard format */
        if (!BN_from_montgomery(rr, &tmp, mont, ctx))
                goto err;
        ret = 1;
-err:
+ err:
-        if ((in_mont == NULL) && (mont != NULL))
+        if (mont != in_mont)
                BN_MONT_CTX_free(mont);
-        freezero(powerbufFree, powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
        BN_CTX_end(ctx);
-        return (ret);
+        freezero(powerbufFree, powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
+        return ret;
 }
 LCRYPTO_ALIAS(BN_mod_exp_mont_consttime);
@@ -688,17 +682,10 @@ BN_mod_exp_mont_internal(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIG
        if ((val[0] = BN_CTX_get(ctx)) == NULL)
                goto err;
-        /* If this is not done, things will break in the montgomery
+        if ((mont = in_mont) == NULL)
-         * part */
+                mont = BN_MONT_CTX_create(m, ctx);
+        if (mont == NULL)
-        if (in_mont != NULL)
+                goto err;
-                mont = in_mont;
-        else {
-                if ((mont = BN_MONT_CTX_new()) == NULL)
-                        goto err;
-                if (!BN_MONT_CTX_set(mont, m, ctx))
-                        goto err;
-        }
        if (!BN_nnmod(val[0], a,m, ctx))
                goto err;
@@ -783,13 +770,15 @@ BN_mod_exp_mont_internal(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIG
        }
        if (!BN_from_montgomery(rr, r,mont, ctx))
                goto err;
        ret = 1;
-err:
+ err:
-        if ((in_mont == NULL) && (mont != NULL))
+        if (mont != in_mont)
                BN_MONT_CTX_free(mont);
        BN_CTX_end(ctx);
-        return (ret);
+        return ret;
 }
 int
@@ -879,14 +868,10 @@ BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m,
        if ((t = BN_CTX_get(ctx)) == NULL)
                goto err;
-        if (in_mont != NULL)
+        if ((mont = in_mont) == NULL)
-                mont = in_mont;
+                mont = BN_MONT_CTX_create(m, ctx);
-        else {
+        if (mont == NULL)
-                if ((mont = BN_MONT_CTX_new()) == NULL)
+                goto err;
-                        goto err;
-                if (!BN_MONT_CTX_set(mont, m, ctx))
-                        goto err;
-        }
        r_is_one = 1; /* except for Montgomery factor */
@@ -954,13 +939,15 @@ BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m,
                if (!BN_from_montgomery(rr, r, mont, ctx))
                        goto err;
        }
        ret = 1;
-err:
+ err:
-        if ((in_mont == NULL) && (mont != NULL))
+        if (mont != in_mont)
                BN_MONT_CTX_free(mont);
        BN_CTX_end(ctx);
-        return (ret);
+        return ret;
 }
 int
@@ -1203,14 +1190,10 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
        if ((val2[0] = BN_CTX_get(ctx)) == NULL)
                goto err;
-        if (in_mont != NULL)
+        if ((mont = in_mont) == NULL)
-                mont = in_mont;
+                mont = BN_MONT_CTX_create(m, ctx);
-        else {
+        if (mont == NULL)
-                if ((mont = BN_MONT_CTX_new()) == NULL)
+                goto err;
-                        goto err;
-                if (!BN_MONT_CTX_set(mont, m, ctx))
-                        goto err;
-        }
        window1 = BN_window_bits_for_exponent_size(bits1);
        window2 = BN_window_bits_for_exponent_size(bits2);
@@ -1335,11 +1318,13 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
        }
        if (!BN_from_montgomery(rr, r,mont, ctx))
                goto err;
        ret = 1;
-err:
+ err:
-        if ((in_mont == NULL) && (mont != NULL))
+        if (mont != in_mont)
                BN_MONT_CTX_free(mont);
        BN_CTX_end(ctx);
-        return (ret);
+        return ret;
 }

diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c index 85c192b30a..e925d325d2 100644 --- a/src/lib/libcrypto/bn/bn_exp.c +++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_exp.c,v 1.57 2025/02/12 21:21:34 tb Exp $ */	1	/* $OpenBSD: bn_exp.c,v 1.58 2025/02/13 11:15:09 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -425,18 +425,10 @@ BN_mod_exp_mont_consttime(BIGNUM rr, const BIGNUM a, const BIGNUM *p,
425		425
426	BN_CTX_start(ctx);	426	BN_CTX_start(ctx);
427		427
428	/*	428	if ((mont = in_mont) == NULL)
429	* Allocate a Montgomery context if it was not supplied by the caller.	429	mont = BN_MONT_CTX_create(m, ctx);
430	* If this is not done, things will break in the montgomery part.	430	if (mont == NULL)
431	*/	431	goto err;
432	if (in_mont != NULL)
433	mont = in_mont;
434	else {
435	if ((mont = BN_MONT_CTX_new()) == NULL)
436	goto err;
437	if (!BN_MONT_CTX_set(mont, m, ctx))
438	goto err;
439	}
440		432
441	/* Get the window size to use with size of p. */	433	/* Get the window size to use with size of p. */
442	window = BN_window_bits_for_ctime_exponent_size(bits);	434	window = BN_window_bits_for_ctime_exponent_size(bits);
@@ -636,14 +628,16 @@ BN_mod_exp_mont_consttime(BIGNUM rr, const BIGNUM a, const BIGNUM *p,
636	/* Convert the final result from montgomery to standard format */	628	/* Convert the final result from montgomery to standard format */
637	if (!BN_from_montgomery(rr, &tmp, mont, ctx))	629	if (!BN_from_montgomery(rr, &tmp, mont, ctx))
638	goto err;	630	goto err;
		631
639	ret = 1;	632	ret = 1;
640		633
641	err:	634	err:
642	if ((in_mont == NULL) && (mont != NULL))	635	if (mont != in_mont)
643	BN_MONT_CTX_free(mont);	636	BN_MONT_CTX_free(mont);
644	freezero(powerbufFree, powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
645	BN_CTX_end(ctx);	637	BN_CTX_end(ctx);
646	return (ret);	638	freezero(powerbufFree, powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
		639
		640	return ret;
647	}	641	}
648	LCRYPTO_ALIAS(BN_mod_exp_mont_consttime);	642	LCRYPTO_ALIAS(BN_mod_exp_mont_consttime);
649		643
@@ -688,17 +682,10 @@ BN_mod_exp_mont_internal(BIGNUM rr, const BIGNUM a, const BIGNUM *p, const BIG
688	if ((val[0] = BN_CTX_get(ctx)) == NULL)	682	if ((val[0] = BN_CTX_get(ctx)) == NULL)
689	goto err;	683	goto err;
690		684
691	/* If this is not done, things will break in the montgomery	685	if ((mont = in_mont) == NULL)
692	* part */	686	mont = BN_MONT_CTX_create(m, ctx);
693		687	if (mont == NULL)
694	if (in_mont != NULL)	688	goto err;
695	mont = in_mont;
696	else {
697	if ((mont = BN_MONT_CTX_new()) == NULL)
698	goto err;
699	if (!BN_MONT_CTX_set(mont, m, ctx))
700	goto err;
701	}
702		689
703	if (!BN_nnmod(val[0], a,m, ctx))	690	if (!BN_nnmod(val[0], a,m, ctx))
704	goto err;	691	goto err;
@@ -783,13 +770,15 @@ BN_mod_exp_mont_internal(BIGNUM rr, const BIGNUM a, const BIGNUM *p, const BIG
783	}	770	}
784	if (!BN_from_montgomery(rr, r,mont, ctx))	771	if (!BN_from_montgomery(rr, r,mont, ctx))
785	goto err;	772	goto err;
		773
786	ret = 1;	774	ret = 1;
787		775
788	err:	776	err:
789	if ((in_mont == NULL) && (mont != NULL))	777	if (mont != in_mont)
790	BN_MONT_CTX_free(mont);	778	BN_MONT_CTX_free(mont);
791	BN_CTX_end(ctx);	779	BN_CTX_end(ctx);
792	return (ret);	780
		781	return ret;
793	}	782	}
794		783
795	int	784	int
@@ -879,14 +868,10 @@ BN_mod_exp_mont_word(BIGNUM rr, BN_ULONG a, const BIGNUM p, const BIGNUM *m,
879	if ((t = BN_CTX_get(ctx)) == NULL)	868	if ((t = BN_CTX_get(ctx)) == NULL)
880	goto err;	869	goto err;
881		870
882	if (in_mont != NULL)	871	if ((mont = in_mont) == NULL)
883	mont = in_mont;	872	mont = BN_MONT_CTX_create(m, ctx);
884	else {	873	if (mont == NULL)
885	if ((mont = BN_MONT_CTX_new()) == NULL)	874	goto err;
886	goto err;
887	if (!BN_MONT_CTX_set(mont, m, ctx))
888	goto err;
889	}
890		875
891	r_is_one = 1; /* except for Montgomery factor */	876	r_is_one = 1; /* except for Montgomery factor */
892		877
@@ -954,13 +939,15 @@ BN_mod_exp_mont_word(BIGNUM rr, BN_ULONG a, const BIGNUM p, const BIGNUM *m,
954	if (!BN_from_montgomery(rr, r, mont, ctx))	939	if (!BN_from_montgomery(rr, r, mont, ctx))
955	goto err;	940	goto err;
956	}	941	}
		942
957	ret = 1;	943	ret = 1;
958		944
959	err:	945	err:
960	if ((in_mont == NULL) && (mont != NULL))	946	if (mont != in_mont)
961	BN_MONT_CTX_free(mont);	947	BN_MONT_CTX_free(mont);
962	BN_CTX_end(ctx);	948	BN_CTX_end(ctx);
963	return (ret);	949
		950	return ret;
964	}	951	}
965		952
966	int	953	int
@@ -1203,14 +1190,10 @@ BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,
1203	if ((val2[0] = BN_CTX_get(ctx)) == NULL)	1190	if ((val2[0] = BN_CTX_get(ctx)) == NULL)
1204	goto err;	1191	goto err;
1205		1192
1206	if (in_mont != NULL)	1193	if ((mont = in_mont) == NULL)
1207	mont = in_mont;	1194	mont = BN_MONT_CTX_create(m, ctx);
1208	else {	1195	if (mont == NULL)
1209	if ((mont = BN_MONT_CTX_new()) == NULL)	1196	goto err;
1210	goto err;
1211	if (!BN_MONT_CTX_set(mont, m, ctx))
1212	goto err;
1213	}
1214		1197
1215	window1 = BN_window_bits_for_exponent_size(bits1);	1198	window1 = BN_window_bits_for_exponent_size(bits1);
1216	window2 = BN_window_bits_for_exponent_size(bits2);	1199	window2 = BN_window_bits_for_exponent_size(bits2);
@@ -1335,11 +1318,13 @@ BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,
1335	}	1318	}
1336	if (!BN_from_montgomery(rr, r,mont, ctx))	1319	if (!BN_from_montgomery(rr, r,mont, ctx))
1337	goto err;	1320	goto err;
		1321
1338	ret = 1;	1322	ret = 1;
1339		1323
1340	err:	1324	err:
1341	if ((in_mont == NULL) && (mont != NULL))	1325	if (mont != in_mont)
1342	BN_MONT_CTX_free(mont);	1326	BN_MONT_CTX_free(mont);
1343	BN_CTX_end(ctx);	1327	BN_CTX_end(ctx);
1344	return (ret);	1328
		1329	return ret;
1345	}	1330	}