3 files changed, 48 insertions, 67 deletions

diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index c51296c3c3..8ff518e938 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_exp.c,v 1.53 2024/04/10 14:58:06 beck Exp $ */
+/* $OpenBSD: bn_exp.c,v 1.54 2025/01/21 15:44:22 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -972,7 +972,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
         BIGNUM *aa, *q;
         /* Table of variables obtained from 'ctx' */
         BIGNUM *val[TABLE_SIZE];
-        BN_RECP_CTX recp;
+        BN_RECP_CTX *recp = NULL;
         int ret = 0;
 
         if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
@@ -992,8 +992,6 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
                 return ret;
         }
 
-        BN_RECP_CTX_init(&recp);
-
         BN_CTX_start(ctx);
         if ((aa = BN_CTX_get(ctx)) == NULL)
                 goto err;
@@ -1007,10 +1005,10 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
                 if (!bn_copy(aa, m))
                         goto err;
                 aa->neg = 0;
-                if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0)
+                if ((recp = BN_RECP_CTX_create(aa)) == 0)
                         goto err;
         } else {
-                if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)
+                if ((recp = BN_RECP_CTX_create(m)) == 0)
                         goto err;
         }
 
@@ -1025,13 +1023,13 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 
         window = BN_window_bits_for_exponent_size(bits);
         if (window > 1) {
-                if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx))
+                if (!BN_mod_mul_reciprocal(aa, val[0], val[0], recp, ctx))
                         goto err;
                 j = 1 << (window - 1);
                 for (i = 1; i < j; i++) {
                         if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
                             !BN_mod_mul_reciprocal(val[i], val[i - 1],
-                            aa, &recp, ctx))
+                            aa, recp, ctx))
                                 goto err;
                 }
         }
@@ -1049,7 +1047,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
         for (;;) {
                 if (BN_is_bit_set(q, wstart) == 0) {
                         if (!start)
-                                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                                if (!BN_mod_mul_reciprocal(r, r, r, recp, ctx))
                                         goto err;
                         if (wstart == 0)
                                 break;
@@ -1078,12 +1076,12 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
                 /* add the 'bytes above' */
                 if (!start)
                         for (i = 0; i < j; i++) {
-                                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                                if (!BN_mod_mul_reciprocal(r, r, r, recp, ctx))
                                         goto err;
                         }
 
                 /* wvalue will be an odd number < 2^window */
-                if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx))
+                if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], recp, ctx))
                         goto err;
 
                 /* move the 'window' down further */
@@ -1099,7 +1097,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 
  err:
         BN_CTX_end(ctx);
-        BN_RECP_CTX_free(&recp);
+        BN_RECP_CTX_free(recp);
 
         return ret;
 }
diff --git a/src/lib/libcrypto/bn/bn_local.h b/src/lib/libcrypto/bn/bn_local.h
index 310cce2a0e..2042e0b193 100644
--- a/src/lib/libcrypto/bn/bn_local.h
+++ b/src/lib/libcrypto/bn/bn_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_local.h,v 1.45 2025/01/06 13:47:37 tb Exp $ */
+/* $OpenBSD: bn_local.h,v 1.46 2025/01/21 15:44:22 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -138,16 +138,7 @@ struct bn_mont_ctx_st {
         int flags;
 };
 
-/* Used for reciprocal division/mod functions
- * It cannot be shared between threads
- */
-typedef struct bn_recp_ctx_st {
-        BIGNUM N;       /* the divisor */
-        BIGNUM Nr;      /* the reciprocal */
-        int num_bits;
-        int shift;
-        int flags;
-} BN_RECP_CTX;
+typedef struct bn_recp_ctx_st BN_RECP_CTX;
 
 /* Used for slow "generation" functions. */
 struct bn_gencb_st {
@@ -280,10 +271,8 @@ int bn_rand_interval(BIGNUM *rnd, BN_ULONG lower_word, const BIGNUM *upper_exc);
 
 void    BN_init(BIGNUM *);
 
-void    BN_RECP_CTX_init(BN_RECP_CTX *recp);
-BN_RECP_CTX *BN_RECP_CTX_new(void);
-void    BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int     BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
+BN_RECP_CTX *BN_RECP_CTX_create(const BIGNUM *N);
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
 int     BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
     BN_CTX *ctx);
 int     BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c
index 44c5b05e4d..e7484f9f4b 100644
--- a/src/lib/libcrypto/bn/bn_recp.c
+++ b/src/lib/libcrypto/bn/bn_recp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_recp.c,v 1.25 2025/01/08 20:21:28 tb Exp $ */
+/* $OpenBSD: bn_recp.c,v 1.26 2025/01/21 15:44:22 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -62,26 +62,34 @@
 
 #include "bn_local.h"
 
-void
-BN_RECP_CTX_init(BN_RECP_CTX *recp)
-{
-        BN_init(&recp->N);
-        BN_init(&recp->Nr);
-        recp->num_bits = 0;
-        recp->flags = 0;
-}
+struct bn_recp_ctx_st {
+        BIGNUM *N;      /* the divisor */
+        BIGNUM *Nr;     /* the reciprocal 2^shift / N */
+        int num_bits;   /* number of bits in N */
+        int shift;
+} /* BN_RECP_CTX */;
 
 BN_RECP_CTX *
-BN_RECP_CTX_new(void)
+BN_RECP_CTX_create(const BIGNUM *N)
 {
-        BN_RECP_CTX *ret;
+        BN_RECP_CTX *recp;
 
-        if ((ret = malloc(sizeof(BN_RECP_CTX))) == NULL)
-                return NULL;
+        if ((recp = calloc(1, sizeof(*recp))) == NULL)
+                goto err;
 
-        BN_RECP_CTX_init(ret);
-        ret->flags = BN_FLG_MALLOCED;
-        return ret;
+        if ((recp->N = BN_dup(N)) == NULL)
+                goto err;
+        recp->num_bits = BN_num_bits(recp->N);
+
+        if ((recp->Nr = BN_new()) == NULL)
+                goto err;
+
+        return recp;
+
+ err:
+        BN_RECP_CTX_free(recp);
+
+        return NULL;
 }
 
 void
@@ -90,23 +98,9 @@ BN_RECP_CTX_free(BN_RECP_CTX *recp)
         if (recp == NULL)
                 return;
 
-        BN_free(&recp->N);
-        BN_free(&recp->Nr);
-        if (recp->flags & BN_FLG_MALLOCED)
-                free(recp);
-}
-
-int
-BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
-{
-        if (!bn_copy(&recp->N, d))
-                return 0;
-        recp->num_bits = BN_num_bits(&recp->N);
-
-        BN_zero(&recp->Nr);
-        recp->shift = 0;
-
-        return 1;
+        BN_free(recp->N);
+        BN_free(recp->Nr);
+        freezero(recp, sizeof(*recp));
 }
 
 /* len is the expected size of the result
@@ -158,7 +152,7 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
         if (a == NULL || b == NULL || d == NULL || r == NULL)
                 goto err;
 
-        if (BN_ucmp(m, &recp->N) < 0) {
+        if (BN_ucmp(m, recp->N) < 0) {
                 BN_zero(d);
                 if (!bn_copy(r, m)) {
                         BN_CTX_end(ctx);
@@ -182,7 +176,7 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
 
         /* Nr := round(2^i / N) */
         if (i != recp->shift)
-                recp->shift = BN_reciprocal(&recp->Nr, &recp->N, i, ctx);
+                recp->shift = BN_reciprocal(recp->Nr, recp->N, i, ctx);
 
         /* BN_reciprocal returns i, or -1 for an error */
         if (recp->shift == -1)
@@ -195,13 +189,13 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
          */
         if (!BN_rshift(a, m, recp->num_bits))
                 goto err;
-        if (!BN_mul(b, a, &recp->Nr, ctx))
+        if (!BN_mul(b, a, recp->Nr, ctx))
                 goto err;
         if (!BN_rshift(d, b, i - recp->num_bits))
                 goto err;
         d->neg = 0;
 
-        if (!BN_mul(b, &recp->N, d, ctx))
+        if (!BN_mul(b, recp->N, d, ctx))
                 goto err;
         if (!BN_usub(r, m, b))
                 goto err;
@@ -209,12 +203,12 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
 
 #if 1
         j = 0;
-        while (BN_ucmp(r, &recp->N) >= 0) {
+        while (BN_ucmp(r, recp->N) >= 0) {
                 if (j++ > 2) {
                         BNerror(BN_R_BAD_RECIPROCAL);
                         goto err;
                 }
-                if (!BN_usub(r, r, &recp->N))
+                if (!BN_usub(r, r, recp->N))
                         goto err;
                 if (!BN_add_word(d, 1))
                         goto err;
@@ -222,7 +216,7 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
 #endif
 
         BN_set_negative(r, m->neg);
-        BN_set_negative(d, m->neg ^ recp->N.neg);
+        BN_set_negative(d, m->neg ^ recp->N->neg);
 
         ret = 1;