2 files changed, 5 insertions, 75 deletions
diff --git a/src/lib/libcrypto/bn/bn_local.h b/src/lib/libcrypto/bn/bn_local.h
index d2c7a3983e..c763890695 100644
--- a/src/lib/libcrypto/bn/bn_local.h
+++ b/src/lib/libcrypto/bn/bn_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_local.h,v 1.13 2023/02/19 15:45:14 tb Exp $ */
+/* $OpenBSD: bn_local.h,v 1.14 2023/02/21 05:58:08 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -132,9 +132,7 @@ struct bn_mont_ctx_st {
        int ri;        /* number of bits in R */
        BIGNUM RR;     /* used to convert to montgomery form */
        BIGNUM N;      /* The modulus */
-        BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1
+        BN_ULONG n0[2];/* least significant word(s) of Ni; R*(1/R mod N) - N*Ni = 1
-                        * (Ni is only stored for bignum algorithm) */
-        BN_ULONG n0[2];/* least significant word(s) of Ni;
                          (type changed with 0.9.9, was "BN_ULONG n0;" before) */
        int flags;
 };
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
index 89df675459..53ad5aac63 100644
--- a/src/lib/libcrypto/bn/bn_mont.c
+++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mont.c,v 1.42 2023/02/19 15:45:14 tb Exp $ */
+/* $OpenBSD: bn_mont.c,v 1.43 2023/02/21 05:58:08 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -122,8 +122,6 @@
 #include "bn_local.h"
-#define MONT_WORD /* use the faster word-based algorithm */
 BN_MONT_CTX *
 BN_MONT_CTX_new(void)
 {
@@ -135,7 +133,6 @@ BN_MONT_CTX_new(void)
        BN_init(&mctx->RR);
        BN_init(&mctx->N);
-        BN_init(&mctx->Ni);
        return mctx;
 }
@@ -147,7 +144,6 @@ BN_MONT_CTX_init(BN_MONT_CTX *mctx)
        BN_init(&mctx->RR);
        BN_init(&mctx->N);
-        BN_init(&mctx->Ni);
 }
 void
@@ -158,7 +154,6 @@ BN_MONT_CTX_free(BN_MONT_CTX *mctx)
        BN_free(&mctx->RR);
        BN_free(&mctx->N);
-        BN_free(&mctx->Ni);
        if (mctx->flags & BN_FLG_MALLOCED)
                free(mctx);
@@ -174,8 +169,6 @@ BN_MONT_CTX_copy(BN_MONT_CTX *dst, BN_MONT_CTX *src)
                return NULL;
        if (!BN_copy(&dst->N, &src->N))
                return NULL;
-        if (!BN_copy(&dst->Ni, &src->Ni))
-                return NULL;
        dst->ri = src->ri;
        dst->n0[0] = src->n0[0];
@@ -201,7 +194,6 @@ BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
                 goto err;                              /* Set N */
        mont->N.neg = 0;
-#ifdef MONT_WORD
        {
                BIGNUM tmod;
                BN_ULONG buf[2];
@@ -284,24 +276,6 @@ BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
                mont->n0[1] = 0;
 #endif
        }
-#else /* !MONT_WORD */
-        { /* bignum version */
-                mont->ri = BN_num_bits(&mont->N);
-                BN_zero(R);
-                if (!BN_set_bit(R, mont->ri))
-                        goto err;  /* R = 2^ri */
-                /* Ri = R^-1 mod N*/
-                if ((BN_mod_inverse_ct(Ri, R, &mont->N, ctx)) == NULL)
-                        goto err;
-                if (!BN_lshift(Ri, Ri, mont->ri))
-                        goto err; /* R*Ri */
-                if (!BN_sub_word(Ri, 1))
-                        goto err;
-                /* Ni = (R*Ri-1) / N */
-                if (!BN_div_ct(&(mont->Ni), NULL, Ri, &mont->N, ctx))
-                        goto err;
-        }
-#endif
        /* setup RR for conversions */
        BN_zero(&(mont->RR));
@@ -406,9 +380,7 @@ bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
 #endif /* !OPENSSL_BN_ASM_MONT */
 #endif /* OPENSSL_NO_ASM */
-#ifdef MONT_WORD
 static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
-#endif
 int
 BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
@@ -416,7 +388,8 @@ BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
 {
        BIGNUM *tmp;
        int ret = 0;
-#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
+#if defined(OPENSSL_BN_ASM_MONT)
        int num = mont->N.top;
        if (num > 1 && a->top == num && b->top == num) {
@@ -443,13 +416,8 @@ BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
                        goto err;
        }
        /* reduce from aRR to aR */
-#ifdef MONT_WORD
        if (!BN_from_montgomery_word(r, tmp, mont))
                goto err;
-#else
-        if (!BN_from_montgomery(r, tmp, mont, ctx))
-                goto err;
-#endif
        ret = 1;
 err:
        BN_CTX_end(ctx);
@@ -462,7 +430,6 @@ BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx)
        return BN_mod_mul_montgomery(r, a, &mont->RR, mont, ctx);
 }
-#ifdef MONT_WORD
 static int
 BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
 {
@@ -553,51 +520,16 @@ BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
        return (1);
 }
-#endif  /* MONT_WORD */
 int
 BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx)
 {
        int retn = 0;
-#ifdef MONT_WORD
        BIGNUM *t;
        BN_CTX_start(ctx);
        if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
                retn = BN_from_montgomery_word(ret, t, mont);
        BN_CTX_end(ctx);
-#else /* !MONT_WORD */
-        BIGNUM *t1, *t2;
-        BN_CTX_start(ctx);
-        if ((t1 = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((t2 = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if (!BN_copy(t1, a))
-                goto err;
-        BN_mask_bits(t1, mont->ri);
-        if (!BN_mul(t2, t1, &mont->Ni, ctx))
-                goto err;
-        BN_mask_bits(t2, mont->ri);
-        if (!BN_mul(t1, t2, &mont->N, ctx))
-                goto err;
-        if (!BN_add(t2, a, t1))
-                goto err;
-        if (!BN_rshift(ret, t2, mont->ri))
-                goto err;
-        if (BN_ucmp(ret, &(mont->N)) >= 0) {
-                if (!BN_usub(ret, ret, &(mont->N)))
-                        goto err;
-        }
-        retn = 1;
-err:
-        BN_CTX_end(ctx);
-#endif /* MONT_WORD */
        return (retn);
 }

diff --git a/src/lib/libcrypto/bn/bn_local.h b/src/lib/libcrypto/bn/bn_local.h index d2c7a3983e..c763890695 100644 --- a/src/lib/libcrypto/bn/bn_local.h +++ b/src/lib/libcrypto/bn/bn_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_local.h,v 1.13 2023/02/19 15:45:14 tb Exp $ */	1	/* $OpenBSD: bn_local.h,v 1.14 2023/02/21 05:58:08 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -132,9 +132,7 @@ struct bn_mont_ctx_st {
132	int ri; /* number of bits in R */	132	int ri; /* number of bits in R */
133	BIGNUM RR; /* used to convert to montgomery form */	133	BIGNUM RR; /* used to convert to montgomery form */
134	BIGNUM N; /* The modulus */	134	BIGNUM N; /* The modulus */
135	BIGNUM Ni; /* R(1/R mod N) - NNi = 1	135	BN_ULONG n0[2];/* least significant word(s) of Ni; R(1/R mod N) - NNi = 1
136	* (Ni is only stored for bignum algorithm) */
137	BN_ULONG n0[2];/* least significant word(s) of Ni;
138	(type changed with 0.9.9, was "BN_ULONG n0;" before) */	136	(type changed with 0.9.9, was "BN_ULONG n0;" before) */
139	int flags;	137	int flags;
140	};	138	};


diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c index 89df675459..53ad5aac63 100644 --- a/src/lib/libcrypto/bn/bn_mont.c +++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_mont.c,v 1.42 2023/02/19 15:45:14 tb Exp $ */	1	/* $OpenBSD: bn_mont.c,v 1.43 2023/02/21 05:58:08 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -122,8 +122,6 @@
122		122
123	#include "bn_local.h"	123	#include "bn_local.h"
124		124
125	#define MONT_WORD /* use the faster word-based algorithm */
126
127	BN_MONT_CTX *	125	BN_MONT_CTX *
128	BN_MONT_CTX_new(void)	126	BN_MONT_CTX_new(void)
129	{	127	{
@@ -135,7 +133,6 @@ BN_MONT_CTX_new(void)
135		133
136	BN_init(&mctx->RR);	134	BN_init(&mctx->RR);
137	BN_init(&mctx->N);	135	BN_init(&mctx->N);
138	BN_init(&mctx->Ni);
139		136
140	return mctx;	137	return mctx;
141	}	138	}
@@ -147,7 +144,6 @@ BN_MONT_CTX_init(BN_MONT_CTX *mctx)
147		144
148	BN_init(&mctx->RR);	145	BN_init(&mctx->RR);
149	BN_init(&mctx->N);	146	BN_init(&mctx->N);
150	BN_init(&mctx->Ni);
151	}	147	}
152		148
153	void	149	void
@@ -158,7 +154,6 @@ BN_MONT_CTX_free(BN_MONT_CTX *mctx)
158		154
159	BN_free(&mctx->RR);	155	BN_free(&mctx->RR);
160	BN_free(&mctx->N);	156	BN_free(&mctx->N);
161	BN_free(&mctx->Ni);
162		157
163	if (mctx->flags & BN_FLG_MALLOCED)	158	if (mctx->flags & BN_FLG_MALLOCED)
164	free(mctx);	159	free(mctx);
@@ -174,8 +169,6 @@ BN_MONT_CTX_copy(BN_MONT_CTX dst, BN_MONT_CTX src)
174	return NULL;	169	return NULL;
175	if (!BN_copy(&dst->N, &src->N))	170	if (!BN_copy(&dst->N, &src->N))
176	return NULL;	171	return NULL;
177	if (!BN_copy(&dst->Ni, &src->Ni))
178	return NULL;
179		172
180	dst->ri = src->ri;	173	dst->ri = src->ri;
181	dst->n0[0] = src->n0[0];	174	dst->n0[0] = src->n0[0];
@@ -201,7 +194,6 @@ BN_MONT_CTX_set(BN_MONT_CTX mont, const BIGNUM mod, BN_CTX *ctx)
201	goto err; /* Set N */	194	goto err; /* Set N */
202	mont->N.neg = 0;	195	mont->N.neg = 0;
203		196
204	#ifdef MONT_WORD
205	{	197	{
206	BIGNUM tmod;	198	BIGNUM tmod;
207	BN_ULONG buf[2];	199	BN_ULONG buf[2];
@@ -284,24 +276,6 @@ BN_MONT_CTX_set(BN_MONT_CTX mont, const BIGNUM mod, BN_CTX *ctx)
284	mont->n0[1] = 0;	276	mont->n0[1] = 0;
285	#endif	277	#endif
286	}	278	}
287	#else /* !MONT_WORD */
288	{ /* bignum version */
289	mont->ri = BN_num_bits(&mont->N);
290	BN_zero(R);
291	if (!BN_set_bit(R, mont->ri))
292	goto err; /* R = 2^ri */
293	/* Ri = R^-1 mod N*/
294	if ((BN_mod_inverse_ct(Ri, R, &mont->N, ctx)) == NULL)
295	goto err;
296	if (!BN_lshift(Ri, Ri, mont->ri))
297	goto err; /* RRi /
298	if (!BN_sub_word(Ri, 1))
299	goto err;
300	/* Ni = (RRi-1) / N /
301	if (!BN_div_ct(&(mont->Ni), NULL, Ri, &mont->N, ctx))
302	goto err;
303	}
304	#endif
305		279
306	/* setup RR for conversions */	280	/* setup RR for conversions */
307	BN_zero(&(mont->RR));	281	BN_zero(&(mont->RR));
@@ -406,9 +380,7 @@ bn_mul_mont(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp,
406	#endif /* !OPENSSL_BN_ASM_MONT */	380	#endif /* !OPENSSL_BN_ASM_MONT */
407	#endif /* OPENSSL_NO_ASM */	381	#endif /* OPENSSL_NO_ASM */
408		382
409	#ifdef MONT_WORD
410	static int BN_from_montgomery_word(BIGNUM ret, BIGNUM r, BN_MONT_CTX *mont);	383	static int BN_from_montgomery_word(BIGNUM ret, BIGNUM r, BN_MONT_CTX *mont);
411	#endif
412		384
413	int	385	int
414	BN_mod_mul_montgomery(BIGNUM r, const BIGNUM a, const BIGNUM *b,	386	BN_mod_mul_montgomery(BIGNUM r, const BIGNUM a, const BIGNUM *b,
@@ -416,7 +388,8 @@ BN_mod_mul_montgomery(BIGNUM r, const BIGNUM a, const BIGNUM *b,
416	{	388	{
417	BIGNUM *tmp;	389	BIGNUM *tmp;
418	int ret = 0;	390	int ret = 0;
419	#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)	391
		392	#if defined(OPENSSL_BN_ASM_MONT)
420	int num = mont->N.top;	393	int num = mont->N.top;
421		394
422	if (num > 1 && a->top == num && b->top == num) {	395	if (num > 1 && a->top == num && b->top == num) {
@@ -443,13 +416,8 @@ BN_mod_mul_montgomery(BIGNUM r, const BIGNUM a, const BIGNUM *b,
443	goto err;	416	goto err;
444	}	417	}
445	/* reduce from aRR to aR */	418	/* reduce from aRR to aR */
446	#ifdef MONT_WORD
447	if (!BN_from_montgomery_word(r, tmp, mont))	419	if (!BN_from_montgomery_word(r, tmp, mont))
448	goto err;	420	goto err;
449	#else
450	if (!BN_from_montgomery(r, tmp, mont, ctx))
451	goto err;
452	#endif
453	ret = 1;	421	ret = 1;
454	err:	422	err:
455	BN_CTX_end(ctx);	423	BN_CTX_end(ctx);
@@ -462,7 +430,6 @@ BN_to_montgomery(BIGNUM r, const BIGNUM a, BN_MONT_CTX mont, BN_CTX ctx)
462	return BN_mod_mul_montgomery(r, a, &mont->RR, mont, ctx);	430	return BN_mod_mul_montgomery(r, a, &mont->RR, mont, ctx);
463	}	431	}
464		432
465	#ifdef MONT_WORD
466	static int	433	static int
467	BN_from_montgomery_word(BIGNUM ret, BIGNUM r, BN_MONT_CTX *mont)	434	BN_from_montgomery_word(BIGNUM ret, BIGNUM r, BN_MONT_CTX *mont)
468	{	435	{
@@ -553,51 +520,16 @@ BN_from_montgomery_word(BIGNUM ret, BIGNUM r, BN_MONT_CTX *mont)
553		520
554	return (1);	521	return (1);
555	}	522	}
556	#endif /* MONT_WORD */
557		523
558	int	524	int
559	BN_from_montgomery(BIGNUM ret, const BIGNUM a, BN_MONT_CTX mont, BN_CTX ctx)	525	BN_from_montgomery(BIGNUM ret, const BIGNUM a, BN_MONT_CTX mont, BN_CTX ctx)
560	{	526	{
561	int retn = 0;	527	int retn = 0;
562	#ifdef MONT_WORD
563	BIGNUM *t;	528	BIGNUM *t;
564		529
565	BN_CTX_start(ctx);	530	BN_CTX_start(ctx);
566	if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))	531	if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
567	retn = BN_from_montgomery_word(ret, t, mont);	532	retn = BN_from_montgomery_word(ret, t, mont);
568	BN_CTX_end(ctx);	533	BN_CTX_end(ctx);
569	#else /* !MONT_WORD */
570	BIGNUM t1, t2;
571
572	BN_CTX_start(ctx);
573	if ((t1 = BN_CTX_get(ctx)) == NULL)
574	goto err;
575	if ((t2 = BN_CTX_get(ctx)) == NULL)
576	goto err;
577
578	if (!BN_copy(t1, a))
579	goto err;
580	BN_mask_bits(t1, mont->ri);
581
582	if (!BN_mul(t2, t1, &mont->Ni, ctx))
583	goto err;
584	BN_mask_bits(t2, mont->ri);
585
586	if (!BN_mul(t1, t2, &mont->N, ctx))
587	goto err;
588	if (!BN_add(t2, a, t1))
589	goto err;
590	if (!BN_rshift(ret, t2, mont->ri))
591	goto err;
592
593	if (BN_ucmp(ret, &(mont->N)) >= 0) {
594	if (!BN_usub(ret, ret, &(mont->N)))
595	goto err;
596	}
597	retn = 1;
598
599	err:
600	BN_CTX_end(ctx);
601	#endif /* MONT_WORD */
602	return (retn);	534	return (retn);
603	}	535	}