1 files changed, 10 insertions, 36 deletions
diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c
index 757ed0c3d2..d5070bc003 100644
--- a/src/lib/libcrypto/bn/bn_recp.c
+++ b/src/lib/libcrypto/bn/bn_recp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_recp.c,v 1.31 2025/02/04 05:09:53 tb Exp $ */
+/* $OpenBSD: bn_recp.c,v 1.32 2025/02/04 12:47:58 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -104,34 +104,6 @@ BN_RECP_CTX_free(BN_RECP_CTX *recp)
        freezero(recp, sizeof(*recp));
 }
-/* len is the expected size of the result
- * We actually calculate with an extra word of precision, so
- * we can do faster division if the remainder is not required.
- */
-/* r := 2^len / m */
-static int
-BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
-{
-        int ret = -1;
-        BIGNUM *t;
-        BN_CTX_start(ctx);
-        if ((t = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if (!BN_set_bit(t, len))
-                goto err;
-        if (!BN_div_ct(r, NULL, t, m, ctx))
-                goto err;
-        ret = len;
-err:
-        BN_CTX_end(ctx);
-        return ret;
-}
 int
 BN_div_reciprocal(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
    BN_CTX *ctx)
@@ -174,13 +146,15 @@ BN_div_reciprocal(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
        if (j > i)
                i = j;
-        /* Nr := round(2^i / N) */
+        /* Compute Nr := (1 << i) / N if necessary. */
-        if (i != recp->shift)
+        if (i != recp->shift) {
-                recp->shift = BN_reciprocal(recp->Nr, recp->N, i, ctx);
+                BN_zero(recp->Nr);
+                if (!BN_set_bit(recp->Nr, i))
-        /* BN_reciprocal returns i, or -1 for an error */
+                        goto err;
-        if (recp->shift == -1)
+                if (!BN_div_ct(recp->Nr, NULL, recp->Nr, recp->N, ctx))
-                goto err;
+                        goto err;
+                recp->shift = i;
+        }
        /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
         *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|

diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c index 757ed0c3d2..d5070bc003 100644 --- a/src/lib/libcrypto/bn/bn_recp.c +++ b/src/lib/libcrypto/bn/bn_recp.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_recp.c,v 1.31 2025/02/04 05:09:53 tb Exp $ */	1	/* $OpenBSD: bn_recp.c,v 1.32 2025/02/04 12:47:58 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -104,34 +104,6 @@ BN_RECP_CTX_free(BN_RECP_CTX *recp)
104	freezero(recp, sizeof(*recp));	104	freezero(recp, sizeof(*recp));
105	}	105	}
106		106
107	/* len is the expected size of the result
108	* We actually calculate with an extra word of precision, so
109	* we can do faster division if the remainder is not required.
110	*/
111	/* r := 2^len / m */
112	static int
113	BN_reciprocal(BIGNUM r, const BIGNUM m, int len, BN_CTX *ctx)
114	{
115	int ret = -1;
116	BIGNUM *t;
117
118	BN_CTX_start(ctx);
119	if ((t = BN_CTX_get(ctx)) == NULL)
120	goto err;
121
122	if (!BN_set_bit(t, len))
123	goto err;
124
125	if (!BN_div_ct(r, NULL, t, m, ctx))
126	goto err;
127
128	ret = len;
129
130	err:
131	BN_CTX_end(ctx);
132	return ret;
133	}
134
135	int	107	int
136	BN_div_reciprocal(BIGNUM dv, BIGNUM rem, const BIGNUM m, BN_RECP_CTX recp,	108	BN_div_reciprocal(BIGNUM dv, BIGNUM rem, const BIGNUM m, BN_RECP_CTX recp,
137	BN_CTX *ctx)	109	BN_CTX *ctx)
@@ -174,13 +146,15 @@ BN_div_reciprocal(BIGNUM dv, BIGNUM rem, const BIGNUM m, BN_RECP_CTX recp,
174	if (j > i)	146	if (j > i)
175	i = j;	147	i = j;
176		148
177	/* Nr := round(2^i / N) */	149	/* Compute Nr := (1 << i) / N if necessary. */
178	if (i != recp->shift)	150	if (i != recp->shift) {
179	recp->shift = BN_reciprocal(recp->Nr, recp->N, i, ctx);	151	BN_zero(recp->Nr);
180		152	if (!BN_set_bit(recp->Nr, i))
181	/* BN_reciprocal returns i, or -1 for an error */	153	goto err;
182	if (recp->shift == -1)	154	if (!BN_div_ct(recp->Nr, NULL, recp->Nr, recp->N, ctx))
183	goto err;	155	goto err;
		156	recp->shift = i;
		157	}
184		158
185	/* d := \|round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))\|	159	/* d := \|round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))\|
186	* = \|round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))\|	160	* = \|round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))\|