23 files changed, 24 insertions, 328 deletions

diff --git a/src/lib/libcrypto/bn/bn_add.c b/src/lib/libcrypto/bn/bn_add.c
index 3a8c0e847a..a81dd0ce75 100644
--- a/src/lib/libcrypto/bn/bn_add.c
+++ b/src/lib/libcrypto/bn/bn_add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_add.c,v 1.14 2022/11/24 01:30:01 jsing Exp $ */
+/* $OpenBSD: bn_add.c,v 1.15 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -67,8 +67,6 @@ BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 {
         int ret, r_neg;
 
-        bn_check_top(a);
-        bn_check_top(b);
 
         if (a->neg == b->neg) {
                 r_neg = a->neg;
@@ -90,7 +88,6 @@ BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
         }
 
         r->neg = r_neg;
-        bn_check_top(r);
         return ret;
 }
 
@@ -101,8 +98,6 @@ BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
         const BN_ULONG *ap, *bp;
         BN_ULONG *rp, carry, t1, t2;
 
-        bn_check_top(a);
-        bn_check_top(b);
 
         if (a->top < b->top) {
                 const BIGNUM *tmp;
@@ -139,7 +134,6 @@ BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
         r->top += carry;
 
         r->neg = 0;
-        bn_check_top(r);
         return 1;
 }
 
@@ -150,8 +144,6 @@ BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
         const BN_ULONG *ap, *bp;
         BN_ULONG t1, t2, borrow, *rp;
 
-        bn_check_top(a);
-        bn_check_top(b);
 
         max = a->top;
         min = b->top;
@@ -195,8 +187,6 @@ BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 {
         int ret, r_neg;
 
-        bn_check_top(a);
-        bn_check_top(b);
 
         if (a->neg != b->neg) {
                 r_neg = a->neg;
@@ -218,6 +208,5 @@ BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
         }
 
         r->neg = r_neg;
-        bn_check_top(r);
         return ret;
 }
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
index ecd6718279..412338ec02 100644
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_blind.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: bn_blind.c,v 1.18 2022/11/26 13:56:33 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -141,7 +141,6 @@ BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
 {
         BN_BLINDING *ret = NULL;
 
-        bn_check_top(mod);
 
         if ((ret = calloc(1, sizeof(BN_BLINDING))) == NULL) {
                 BNerror(ERR_R_MALLOC_FAILURE);
@@ -232,7 +231,6 @@ BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
 {
         int ret = 1;
 
-        bn_check_top(n);
 
         if ((b->A == NULL) || (b->Ai == NULL)) {
                 BNerror(BN_R_NOT_INITIALIZED);
@@ -267,7 +265,6 @@ BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
 {
         int ret;
 
-        bn_check_top(n);
 
         if (r != NULL)
                 ret = BN_mod_mul(n, n, r, b->mod, ctx);
@@ -279,7 +276,6 @@ BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
                 ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
         }
 
-        bn_check_top(n);
         return (ret);
 }
 
diff --git a/src/lib/libcrypto/bn/bn_ctx.c b/src/lib/libcrypto/bn/bn_ctx.c
index 0d64ccab93..8ac1685a00 100644
--- a/src/lib/libcrypto/bn/bn_ctx.c
+++ b/src/lib/libcrypto/bn/bn_ctx.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_ctx.c,v 1.16 2019/08/20 10:59:09 schwarze Exp $ */
+/* $OpenBSD: bn_ctx.c,v 1.17 2022/11/26 13:56:33 jsing Exp $ */
 /* Written by Ulf Moeller for the OpenSSL project. */
 /* ====================================================================
  * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
@@ -471,7 +471,6 @@ BN_POOL_release(BN_POOL *p, unsigned int num)
 
         p->used -= num;
         while (num--) {
-                bn_check_top(p->current->vals + offset);
                 if (!offset) {
                         offset = BN_CTX_POOL_SIZE - 1;
                         p->current = p->current->prev;
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
index f641386eb8..288ec92ef4 100644
--- a/src/lib/libcrypto/bn/bn_div.c
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_div.c,v 1.26 2022/11/24 01:30:01 jsing Exp $ */
+/* $OpenBSD: bn_div.c,v 1.27 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -127,23 +127,16 @@ BN_div_internal(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor
         int num_n, div_n;
         int no_branch = 0;
 
-        /* Invalid zero-padding would have particularly bad consequences
-         * in the case of 'num', so don't just rely on bn_check_top() for this one
-         * (bn_check_top() works only for BN_DEBUG builds) */
+        /* Invalid zero-padding would have particularly bad consequences. */
         if (num->top > 0 && num->d[num->top - 1] == 0) {
                 BNerror(BN_R_NOT_INITIALIZED);
                 return 0;
         }
 
-        bn_check_top(num);
 
         if (ct)
                 no_branch = 1;
 
-        bn_check_top(dv);
-        bn_check_top(rm);
-        /* bn_check_top(num); */ /* 'num' has been checked already */
-        bn_check_top(divisor);
 
         if (BN_is_zero(divisor)) {
                 BNerror(BN_R_DIV_BY_ZERO);
@@ -234,10 +227,6 @@ BN_div_internal(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor
 
         if (!no_branch) {
                 if (BN_ucmp(&wnum, sdiv) >= 0) {
-                        /* If BN_DEBUG_RAND is defined BN_ucmp changes (via
-                         * bn_pollute) the const bignum arguments =>
-                         * clean the values between top and max again */
-                        bn_clear_top2max(&wnum);
                         bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
                         *resp = 1;
                 } else
@@ -365,7 +354,6 @@ BN_div_internal(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor
                 BN_rshift(rm, snum, norm_shift);
                 if (!BN_is_zero(rm))
                         rm->neg = neg;
-                bn_check_top(rm);
         }
         if (no_branch)
                 bn_correct_top(res);
@@ -373,7 +361,6 @@ BN_div_internal(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor
         return (1);
 
 err:
-        bn_check_top(rm);
         BN_CTX_end(ctx);
         return (0);
 }
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index 64156f716f..3bb0dd1304 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_exp.c,v 1.33 2022/11/24 01:30:01 jsing Exp $ */
+/* $OpenBSD: bn_exp.c,v 1.34 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -168,7 +168,6 @@ err:
         if (r != rr && rr != NULL)
                 BN_copy(r, rr);
         BN_CTX_end(ctx);
-        bn_check_top(r);
         return (ret);
 }
 
@@ -178,9 +177,6 @@ BN_mod_exp_internal(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m
 {
         int ret;
 
-        bn_check_top(a);
-        bn_check_top(p);
-        bn_check_top(m);
 
         /* For even modulus  m = 2^k*m_odd,  it might make sense to compute
          * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
@@ -222,7 +218,6 @@ BN_mod_exp_internal(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m
                 ret = BN_mod_exp_recp(r, a,p, m, ctx);
         }
 
-        bn_check_top(r);
         return (ret);
 }
 
@@ -381,7 +376,6 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 err:
         BN_CTX_end(ctx);
         BN_RECP_CTX_free(&recp);
-        bn_check_top(r);
         return (ret);
 }
 
@@ -401,9 +395,6 @@ BN_mod_exp_mont_internal(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIG
                 return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
         }
 
-        bn_check_top(a);
-        bn_check_top(p);
-        bn_check_top(m);
 
         if (!BN_is_odd(m)) {
                 BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -533,7 +524,6 @@ err:
         if ((in_mont == NULL) && (mont != NULL))
                 BN_MONT_CTX_free(mont);
         BN_CTX_end(ctx);
-        bn_check_top(rr);
         return (ret);
 }
 
@@ -658,9 +648,6 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         unsigned char *powerbuf = NULL;
         BIGNUM tmp, am;
 
-        bn_check_top(a);
-        bn_check_top(p);
-        bn_check_top(m);
 
         if (!BN_is_odd(m)) {
                 BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -937,8 +924,6 @@ BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m,
                 return -1;
         }
 
-        bn_check_top(p);
-        bn_check_top(m);
 
         if (!BN_is_odd(m)) {
                 BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -1052,7 +1037,6 @@ err:
         if ((in_mont == NULL) && (mont != NULL))
                 BN_MONT_CTX_free(mont);
         BN_CTX_end(ctx);
-        bn_check_top(rr);
         return (ret);
 }
 
@@ -1172,6 +1156,5 @@ BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 
 err:
         BN_CTX_end(ctx);
-        bn_check_top(r);
         return (ret);
 }
diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c
index c63503f941..b2fd53e971 100644
--- a/src/lib/libcrypto/bn/bn_exp2.c
+++ b/src/lib/libcrypto/bn/bn_exp2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_exp2.c,v 1.13 2022/02/07 19:49:56 tb Exp $ */
+/* $OpenBSD: bn_exp2.c,v 1.14 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -130,11 +130,6 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
         BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
         BN_MONT_CTX *mont = NULL;
 
-        bn_check_top(a1);
-        bn_check_top(p1);
-        bn_check_top(a2);
-        bn_check_top(p2);
-        bn_check_top(m);
 
         if (!BN_is_odd(m)) {
                 BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -303,6 +298,5 @@ err:
         if ((in_mont == NULL) && (mont != NULL))
                 BN_MONT_CTX_free(mont);
         BN_CTX_end(ctx);
-        bn_check_top(rr);
         return (ret);
 }
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c
index d756398c8f..3d92a43cef 100644
--- a/src/lib/libcrypto/bn/bn_gcd.c
+++ b/src/lib/libcrypto/bn/bn_gcd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_gcd.c,v 1.16 2021/12/26 15:16:50 tb Exp $ */
+/* $OpenBSD: bn_gcd.c,v 1.17 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -123,8 +123,6 @@ BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
         BIGNUM *a, *b, *t;
         int ret = 0;
 
-        bn_check_top(in_a);
-        bn_check_top(in_b);
 
         BN_CTX_start(ctx);
         if ((a = BN_CTX_get(ctx)) == NULL)
@@ -154,7 +152,6 @@ BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
 
 err:
         BN_CTX_end(ctx);
-        bn_check_top(r);
         return (ret);
 }
 
@@ -179,8 +176,6 @@ euclid(BIGNUM *a, BIGNUM *b)
         BIGNUM *t;
         int shifts = 0;
 
-        bn_check_top(a);
-        bn_check_top(b);
 
         /* 0 <= b <= a */
         while (!BN_is_zero(b)) {
@@ -236,7 +231,6 @@ euclid(BIGNUM *a, BIGNUM *b)
                 if (!BN_lshift(a, a, shifts))
                         goto err;
         }
-        bn_check_top(a);
         return (a);
 
 err:
@@ -259,8 +253,6 @@ BN_mod_inverse_internal(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ct
         if (ct)
                 return BN_mod_inverse_no_branch(in, a, n, ctx);
 
-        bn_check_top(a);
-        bn_check_top(n);
 
         BN_CTX_start(ctx);
         if ((A = BN_CTX_get(ctx)) == NULL)
@@ -536,7 +528,6 @@ err:
         if ((ret == NULL) && (in == NULL))
                 BN_free(R);
         BN_CTX_end(ctx);
-        bn_check_top(ret);
         return (ret);
 }
 
@@ -573,8 +564,6 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
         BIGNUM *ret = NULL;
         int sign;
 
-        bn_check_top(a);
-        bn_check_top(n);
 
         BN_init(&local_A);
         BN_init(&local_B);
@@ -725,7 +714,6 @@ err:
         if ((ret == NULL) && (in == NULL))
                 BN_free(R);
         BN_CTX_end(ctx);
-        bn_check_top(ret);
         return (ret);
 }
 
@@ -750,8 +738,6 @@ BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
         BN_init(&local_A);
         BN_init(&local_B);
 
-        bn_check_top(a);
-        bn_check_top(n);
 
         BN_CTX_start(ctx);
         if ((A = BN_CTX_get(ctx)) == NULL)
@@ -871,6 +857,5 @@ err:
         if ((ret == NULL) && (in == NULL))
                 BN_free(R);
         BN_CTX_end(ctx);
-        bn_check_top(ret);
         return (ret);
 }
diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c
index eceaba47c3..8adbbeb040 100644
--- a/src/lib/libcrypto/bn/bn_gf2m.c
+++ b/src/lib/libcrypto/bn/bn_gf2m.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_gf2m.c,v 1.26 2022/11/24 01:30:01 jsing Exp $ */
+/* $OpenBSD: bn_gf2m.c,v 1.27 2022/11/26 13:56:33 jsing Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -325,8 +325,6 @@ BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
         int i;
         const BIGNUM *at, *bt;
 
-        bn_check_top(a);
-        bn_check_top(b);
 
         if (a->top < b->top) {
                 at = b;
@@ -368,7 +366,6 @@ BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
         int n, dN, d0, d1;
         BN_ULONG zz, *z;
 
-        bn_check_top(a);
 
         if (!p[0]) {
                 /* reduction mod 1 => return 0 */
@@ -467,8 +464,6 @@ BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
         const int max = BN_num_bits(p) + 1;
         int *arr = NULL;
 
-        bn_check_top(a);
-        bn_check_top(p);
         if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
                 goto err;
         ret = BN_GF2m_poly2arr(p, arr, max);
@@ -477,7 +472,6 @@ BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
                 goto err;
         }
         ret = BN_GF2m_mod_arr(r, a, arr);
-        bn_check_top(r);
 
  err:
         free(arr);
@@ -496,8 +490,6 @@ BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[],
         BIGNUM *s;
         BN_ULONG x1, x0, y1, y0, zz[4];
 
-        bn_check_top(a);
-        bn_check_top(b);
 
         if (a == b) {
                 return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
@@ -530,7 +522,6 @@ BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[],
         bn_correct_top(s);
         if (BN_GF2m_mod_arr(r, s, p))
                 ret = 1;
-        bn_check_top(r);
 
 err:
         BN_CTX_end(ctx);
@@ -552,9 +543,6 @@ BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
         const int max = BN_num_bits(p) + 1;
         int *arr = NULL;
 
-        bn_check_top(a);
-        bn_check_top(b);
-        bn_check_top(p);
         if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
                 goto err;
         ret = BN_GF2m_poly2arr(p, arr, max);
@@ -563,7 +551,6 @@ BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
                 goto err;
         }
         ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
-        bn_check_top(r);
 
 err:
         free(arr);
@@ -578,7 +565,6 @@ BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
         int i, ret = 0;
         BIGNUM *s;
 
-        bn_check_top(a);
         BN_CTX_start(ctx);
         if ((s = BN_CTX_get(ctx)) == NULL)
                 goto err;
@@ -594,7 +580,6 @@ BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
         bn_correct_top(s);
         if (!BN_GF2m_mod_arr(r, s, p))
                 goto err;
-        bn_check_top(r);
         ret = 1;
 
 err:
@@ -615,8 +600,6 @@ BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
         const int max = BN_num_bits(p) + 1;
         int *arr = NULL;
 
-        bn_check_top(a);
-        bn_check_top(p);
         if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
                 goto err;
         ret = BN_GF2m_poly2arr(p, arr, max);
@@ -625,7 +608,6 @@ BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                 goto err;
         }
         ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
-        bn_check_top(r);
 
 err:
         free(arr);
@@ -644,8 +626,6 @@ BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
         BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
         int ret = 0;
 
-        bn_check_top(a);
-        bn_check_top(p);
 
         BN_CTX_start(ctx);
 
@@ -795,7 +775,6 @@ BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 
         if (!BN_copy(r, b))
                 goto err;
-        bn_check_top(r);
         ret = 1;
 
 err:
@@ -820,7 +799,6 @@ BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], BN_CTX *ctx)
         BIGNUM *field;
         int ret = 0;
 
-        bn_check_top(xx);
         BN_CTX_start(ctx);
         if ((field = BN_CTX_get(ctx)) == NULL)
                 goto err;
@@ -828,7 +806,6 @@ BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], BN_CTX *ctx)
                 goto err;
 
         ret = BN_GF2m_mod_inv(r, xx, field, ctx);
-        bn_check_top(r);
 
 err:
         BN_CTX_end(ctx);
@@ -847,9 +824,6 @@ BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p,
         BIGNUM *xinv = NULL;
         int ret = 0;
 
-        bn_check_top(y);
-        bn_check_top(x);
-        bn_check_top(p);
 
         BN_CTX_start(ctx);
         if ((xinv = BN_CTX_get(ctx)) == NULL)
@@ -859,7 +833,6 @@ BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p,
                 goto err;
         if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx))
                 goto err;
-        bn_check_top(r);
         ret = 1;
 
 err:
@@ -880,9 +853,6 @@ BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p,
         BIGNUM *a, *b, *u, *v;
         int ret = 0;
 
-        bn_check_top(y);
-        bn_check_top(x);
-        bn_check_top(p);
 
         BN_CTX_start(ctx);
 
@@ -949,7 +919,6 @@ BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p,
 
         if (!BN_copy(r, u))
                 goto err;
-        bn_check_top(r);
         ret = 1;
 
 err:
@@ -972,8 +941,6 @@ BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx,
         BIGNUM *field;
         int ret = 0;
 
-        bn_check_top(yy);
-        bn_check_top(xx);
 
         BN_CTX_start(ctx);
         if ((field = BN_CTX_get(ctx)) == NULL)
@@ -982,7 +949,6 @@ BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx,
                 goto err;
 
         ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
-        bn_check_top(r);
 
 err:
         BN_CTX_end(ctx);
@@ -1001,8 +967,6 @@ BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[],
         int ret = 0, i, n;
         BIGNUM *u;
 
-        bn_check_top(a);
-        bn_check_top(b);
 
         if (BN_is_zero(b))
                 return (BN_one(r));
@@ -1028,7 +992,6 @@ BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[],
         }
         if (!BN_copy(r, u))
                 goto err;
-        bn_check_top(r);
         ret = 1;
 
 err:
@@ -1051,9 +1014,6 @@ BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
         const int max = BN_num_bits(p) + 1;
         int *arr = NULL;
 
-        bn_check_top(a);
-        bn_check_top(b);
-        bn_check_top(p);
         if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
                 goto err;
         ret = BN_GF2m_poly2arr(p, arr, max);
@@ -1062,7 +1022,6 @@ BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
                 goto err;
         }
         ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
-        bn_check_top(r);
 
 err:
         free(arr);
@@ -1079,7 +1038,6 @@ BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
         int ret = 0;
         BIGNUM *u;
 
-        bn_check_top(a);
 
         if (!p[0]) {
                 /* reduction mod 1 => return 0 */
@@ -1094,7 +1052,6 @@ BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
         if (!BN_set_bit(u, p[0] - 1))
                 goto err;
         ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
-        bn_check_top(r);
 
 err:
         BN_CTX_end(ctx);
@@ -1114,8 +1071,6 @@ BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
         int ret = 0;
         const int max = BN_num_bits(p) + 1;
         int *arr = NULL;
-        bn_check_top(a);
-        bn_check_top(p);
         if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
                 goto err;
         ret = BN_GF2m_poly2arr(p, arr, max);
@@ -1124,7 +1079,6 @@ BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                 goto err;
         }
         ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
-        bn_check_top(r);
 
 err:
         free(arr);
@@ -1141,7 +1095,6 @@ BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
         int ret = 0, count = 0, j;
         BIGNUM *a, *z, *rho, *w, *w2, *tmp;
 
-        bn_check_top(a_);
 
         if (!p[0]) {
                 /* reduction mod 1 => return 0 */
@@ -1228,7 +1181,6 @@ BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
 
         if (!BN_copy(r, z))
                 goto err;
-        bn_check_top(r);
 
         ret = 1;
 
@@ -1250,8 +1202,6 @@ BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
         const int max = BN_num_bits(p) + 1;
         int *arr = NULL;
 
-        bn_check_top(a);
-        bn_check_top(p);
         if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
                 goto err;
         ret = BN_GF2m_poly2arr(p, arr, max);
@@ -1260,7 +1210,6 @@ BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                 goto err;
         }
         ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
-        bn_check_top(r);
 
 err:
         free(arr);
@@ -1312,13 +1261,11 @@ BN_GF2m_arr2poly(const int p[], BIGNUM *a)
 {
         int i;
 
-        bn_check_top(a);
         BN_zero(a);
         for (i = 0; p[i] != -1; i++) {
                 if (BN_set_bit(a, p[i]) == 0)
                         return 0;
         }
-        bn_check_top(a);
 
         return 1;
 }
diff --git a/src/lib/libcrypto/bn/bn_kron.c b/src/lib/libcrypto/bn/bn_kron.c
index 998adedcd8..8629892a72 100644
--- a/src/lib/libcrypto/bn/bn_kron.c
+++ b/src/lib/libcrypto/bn/bn_kron.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_kron.c,v 1.10 2022/07/12 16:08:19 tb Exp $ */
+/* $OpenBSD: bn_kron.c,v 1.11 2022/11/26 13:56:33 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
  *
@@ -71,8 +71,6 @@ BN_kronecker(const BIGNUM *A, const BIGNUM *B, BN_CTX *ctx)
         int k, v;
         int ret = -2;
 
-        bn_check_top(A);
-        bn_check_top(B);
 
         BN_CTX_start(ctx);
 
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index d5f1250cfd..64855115f2 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_lcl.h,v 1.38 2022/11/24 01:30:01 jsing Exp $ */
+/* $OpenBSD: bn_lcl.h,v 1.39 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -327,18 +327,6 @@ struct bn_gencb_st {
 #define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
 #define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
 
-#ifdef BN_DEBUG_RAND
-#define bn_clear_top2max(a) \
-        { \
-        int      ind = (a)->dmax - (a)->top; \
-        BN_ULONG *ftl = &(a)->d[(a)->top-1]; \
-        for (; ind != 0; ind--) \
-                *(++ftl) = 0x0; \
-        }
-#else
-#define bn_clear_top2max(a)
-#endif
-
 #ifdef BN_LLONG
 #define mul_add(r,a,w,c) { \
         BN_ULLONG t; \
@@ -524,88 +512,6 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_U
 int bn_expand(BIGNUM *a, int bits);
 int bn_wexpand(BIGNUM *a, int words);
 
-/* Bignum consistency macros
- * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
- * bignum data after direct manipulations on the data. There is also an
- * "internal" macro, bn_check_top(), for verifying that there are no leading
- * zeroes. Unfortunately, some auditing is required due to the fact that
- * bn_fix_top() has become an overabused duct-tape because bignum data is
- * occasionally passed around in an inconsistent state. So the following
- * changes have been made to sort this out;
- * - bn_fix_top()s implementation has been moved to bn_correct_top()
- * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
- *   bn_check_top() is as before.
- * - if BN_DEBUG *is* defined;
- *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
- *     consistent. (ed: only if BN_DEBUG_RAND is defined)
- *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
- * The idea is to have debug builds flag up inconsistent bignums when they
- * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
- * the use of bn_fix_top() was appropriate (ie. it follows directly after code
- * that manipulates the bignum) it is converted to bn_correct_top(), and if it
- * was not appropriate, we convert it permanently to bn_check_top() and track
- * down the cause of the bug. Eventually, no internal code should be using the
- * bn_fix_top() macro. External applications and libraries should try this with
- * their own code too, both in terms of building against the openssl headers
- * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
- * defined. This not only improves external code, it provides more test
- * coverage for openssl's own code.
- */
-
-#ifdef BN_DEBUG
-
-/* We only need assert() when debugging */
-#include <assert.h>
-
-#ifdef BN_DEBUG_RAND
-#define bn_pollute(a) \
-        do { \
-                const BIGNUM *_bnum1 = (a); \
-                if(_bnum1->top < _bnum1->dmax) { \
-                        unsigned char _tmp_char; \
-                        /* We cast away const without the compiler knowing, any \
-                         * *genuinely* constant variables that aren't mutable \
-                         * wouldn't be constructed with top!=dmax. */ \
-                        BN_ULONG *_not_const; \
-                        memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
-                        arc4random_buf(&_tmp_char, 1); \
-                        memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
-                                (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
-                } \
-        } while(0)
-#else
-#define bn_pollute(a)
-#endif
-
-#define bn_check_top(a) \
-        do { \
-                const BIGNUM *_bnum2 = (a); \
-                if (_bnum2 != NULL) { \
-                        assert((_bnum2->top == 0) || \
-                                (_bnum2->d[_bnum2->top - 1] != 0)); \
-                        bn_pollute(_bnum2); \
-                } \
-        } while(0)
-
-#define bn_fix_top(a)           bn_check_top(a)
-
-#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
-#define bn_wcheck_size(bn, words) \
-        do { \
-                const BIGNUM *_bnum2 = (bn); \
-                assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
-        } while(0)
-
-#else /* !BN_DEBUG */
-
-#define bn_pollute(a)
-#define bn_check_top(a)
-#define bn_fix_top(a)           bn_correct_top(a)
-#define bn_check_size(bn, bits)
-#define bn_wcheck_size(bn, words)
-
-#endif
-
 #define bn_correct_top(a) \
         { \
         BN_ULONG *ftl; \
@@ -616,7 +522,6 @@ int bn_wexpand(BIGNUM *a, int words);
                         if (*(ftl--)) break; \
                 (a)->top = tmp_top; \
                 } \
-        bn_pollute(a); \
         }
 
 BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index e67abf90b1..a3b6811986 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_lib.c,v 1.61 2022/11/24 01:30:01 jsing Exp $ */
+/* $OpenBSD: bn_lib.c,v 1.62 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -86,7 +86,6 @@ BN_new(void)
         ret->neg = 0;
         ret->dmax = 0;
         ret->d = NULL;
-        bn_check_top(ret);
         return (ret);
 }
 
@@ -94,13 +93,11 @@ void
 BN_init(BIGNUM *a)
 {
         memset(a, 0, sizeof(BIGNUM));
-        bn_check_top(a);
 }
 
 void
 BN_clear(BIGNUM *a)
 {
-        bn_check_top(a);
         if (a->d != NULL)
                 explicit_bzero(a->d, a->dmax * sizeof(a->d[0]));
         a->top = 0;
@@ -114,7 +111,6 @@ BN_clear_free(BIGNUM *a)
 
         if (a == NULL)
                 return;
-        bn_check_top(a);
         if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA)))
                 freezero(a->d, a->dmax * sizeof(a->d[0]));
         i = BN_get_flags(a, BN_FLG_MALLOCED);
@@ -256,7 +252,6 @@ BN_num_bits(const BIGNUM *a)
 {
         int i = a->top - 1;
 
-        bn_check_top(a);
 
         if (BN_is_zero(a))
                 return 0;
@@ -271,7 +266,6 @@ bn_expand_internal(const BIGNUM *b, int words)
         const BN_ULONG *B;
         int i;
 
-        bn_check_top(b);
 
         if (words > (INT_MAX/(4*BN_BITS2))) {
                 BNerror(BN_R_BIGNUM_TOO_LONG);
@@ -337,7 +331,6 @@ bn_expand_internal(const BIGNUM *b, int words)
 static int
 bn_expand2(BIGNUM *b, int words)
 {
-        bn_check_top(b);
 
         if (words > b->dmax) {
                 BN_ULONG *a = bn_expand_internal(b, words);
@@ -370,7 +363,6 @@ bn_expand2(BIGNUM *b, int words)
                 assert(A == &(b->d[b->dmax]));
         }
 #endif
-        bn_check_top(b);
         return 1;
 }
 
@@ -408,7 +400,6 @@ BN_dup(const BIGNUM *a)
 
         if (a == NULL)
                 return NULL;
-        bn_check_top(a);
 
         t = BN_new();
         if (t == NULL)
@@ -417,7 +408,6 @@ BN_dup(const BIGNUM *a)
                 BN_free(t);
                 return NULL;
         }
-        bn_check_top(t);
         return t;
 }
 
@@ -428,7 +418,6 @@ BN_copy(BIGNUM *a, const BIGNUM *b)
         BN_ULONG *A;
         const BN_ULONG *B;
 
-        bn_check_top(b);
 
         if (a == b)
                 return (a);
@@ -463,7 +452,6 @@ BN_copy(BIGNUM *a, const BIGNUM *b)
 
         a->top = b->top;
         a->neg = b->neg;
-        bn_check_top(a);
         return (a);
 }
 
@@ -474,8 +462,6 @@ BN_swap(BIGNUM *a, BIGNUM *b)
         BN_ULONG *tmp_d;
         int tmp_top, tmp_dmax, tmp_neg;
 
-        bn_check_top(a);
-        bn_check_top(b);
 
         flags_old_a = a->flags;
         flags_old_b = b->flags;
@@ -499,8 +485,6 @@ BN_swap(BIGNUM *a, BIGNUM *b)
             (flags_old_b & BN_FLG_STATIC_DATA);
         b->flags = (flags_old_b & BN_FLG_MALLOCED) |
             (flags_old_a & BN_FLG_STATIC_DATA);
-        bn_check_top(a);
-        bn_check_top(b);
 }
 
 BN_ULONG
@@ -517,13 +501,11 @@ BN_get_word(const BIGNUM *a)
 int
 BN_set_word(BIGNUM *a, BN_ULONG w)
 {
-        bn_check_top(a);
         if (!bn_wexpand(a, 1))
                 return (0);
         a->neg = 0;
         a->d[0] = w;
         a->top = (w ? 1 : 0);
-        bn_check_top(a);
         return (1);
 }
 
@@ -541,7 +523,6 @@ BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
                 ret = bn = BN_new();
         if (ret == NULL)
                 return (NULL);
-        bn_check_top(ret);
         l = 0;
         n = len;
         if (n == 0) {
@@ -658,7 +639,6 @@ BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
         if (ret == NULL)
                 return NULL;
 
-        bn_check_top(ret);
 
         s += len;
         /* Skip trailing zeroes. */
@@ -715,8 +695,6 @@ BN_ucmp(const BIGNUM *a, const BIGNUM *b)
         int i;
         BN_ULONG t1, t2, *ap, *bp;
 
-        bn_check_top(a);
-        bn_check_top(b);
 
         i = a->top - b->top;
         if (i != 0)
@@ -748,8 +726,6 @@ BN_cmp(const BIGNUM *a, const BIGNUM *b)
                         return (0);
         }
 
-        bn_check_top(a);
-        bn_check_top(b);
 
         if (a->neg != b->neg) {
                 if (a->neg)
@@ -799,7 +775,6 @@ BN_set_bit(BIGNUM *a, int n)
         }
 
         a->d[i] |= (((BN_ULONG)1) << j);
-        bn_check_top(a);
         return (1);
 }
 
@@ -808,7 +783,6 @@ BN_clear_bit(BIGNUM *a, int n)
 {
         int i, j;
 
-        bn_check_top(a);
         if (n < 0)
                 return 0;
 
@@ -827,7 +801,6 @@ BN_is_bit_set(const BIGNUM *a, int n)
 {
         int i, j;
 
-        bn_check_top(a);
         if (n < 0)
                 return 0;
         i = n / BN_BITS2;
@@ -842,7 +815,6 @@ BN_mask_bits(BIGNUM *a, int n)
 {
         int b, w;
 
-        bn_check_top(a);
         if (n < 0)
                 return 0;
 
@@ -932,9 +904,6 @@ BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
         BN_ULONG t;
         int i;
 
-        bn_wcheck_size(a, nwords);
-        bn_wcheck_size(b, nwords);
-
         assert(a != b);
         assert((condition & (condition - 1)) == 0);
         assert(sizeof(BN_ULONG) >= sizeof(int));
diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c
index 897ff434e9..5be8252f2d 100644
--- a/src/lib/libcrypto/bn/bn_mod.c
+++ b/src/lib/libcrypto/bn/bn_mod.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mod.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: bn_mod.c,v 1.13 2022/11/26 13:56:33 jsing Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project. */
 /* ====================================================================
@@ -182,9 +182,6 @@ BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
         BIGNUM *t;
         int ret = 0;
 
-        bn_check_top(a);
-        bn_check_top(b);
-        bn_check_top(m);
 
         BN_CTX_start(ctx);
         if ((t = BN_CTX_get(ctx)) == NULL)
@@ -198,7 +195,6 @@ BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
         }
         if (!BN_nnmod(r, t,m, ctx))
                 goto err;
-        bn_check_top(r);
         ret = 1;
 
 err:
@@ -220,7 +216,6 @@ BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
 {
         if (!BN_lshift1(r, a))
                 return 0;
-        bn_check_top(r);
         return BN_nnmod(r, r, m, ctx);
 }
 
@@ -231,7 +226,6 @@ BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
 {
         if (!BN_lshift1(r, a))
                 return 0;
-        bn_check_top(r);
         if (BN_cmp(r, m) >= 0)
                 return BN_sub(r, r, m);
         return 1;
@@ -254,7 +248,6 @@ BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
         }
 
         ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
-        bn_check_top(r);
 
         BN_free(abs_m);
         return ret;
@@ -302,7 +295,6 @@ BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
                                 return 0;
                 }
         }
-        bn_check_top(r);
 
         return 1;
 }
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
index 251c67b89d..24bc41e886 100644
--- a/src/lib/libcrypto/bn/bn_mont.c
+++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mont.c,v 1.30 2022/11/24 01:30:01 jsing Exp $ */
+/* $OpenBSD: bn_mont.c,v 1.31 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -152,7 +152,6 @@ BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
         if ((tmp = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
-        bn_check_top(tmp);
         if (a == b) {
                 if (!BN_sqr(tmp, a, ctx))
                         goto err;
@@ -168,7 +167,6 @@ BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
         if (!BN_from_montgomery(r, tmp, mont, ctx))
                 goto err;
 #endif
-        bn_check_top(r);
         ret = 1;
 err:
         BN_CTX_end(ctx);
@@ -272,7 +270,6 @@ BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
 #endif
         bn_correct_top(r);
         bn_correct_top(ret);
-        bn_check_top(ret);
 
         return (1);
 }
@@ -318,7 +315,6 @@ BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx)
                         goto err;
         }
         retn = 1;
-        bn_check_top(ret);
 
 err:
         BN_CTX_end(ctx);
diff --git a/src/lib/libcrypto/bn/bn_mpi.c b/src/lib/libcrypto/bn/bn_mpi.c
index 9b743cca8c..75b34511fe 100644
--- a/src/lib/libcrypto/bn/bn_mpi.c
+++ b/src/lib/libcrypto/bn/bn_mpi.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mpi.c,v 1.9 2022/11/09 01:05:45 tobhe Exp $ */
+/* $OpenBSD: bn_mpi.c,v 1.10 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -131,6 +131,5 @@ BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
         if (neg) {
                 BN_clear_bit(a, BN_num_bits(a) - 1);
         }
-        bn_check_top(a);
         return (a);
 }
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
index fa9d559da9..0d8da8a6f6 100644
--- a/src/lib/libcrypto/bn/bn_mul.c
+++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mul.c,v 1.21 2022/11/24 01:30:01 jsing Exp $ */
+/* $OpenBSD: bn_mul.c,v 1.22 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -954,9 +954,6 @@ BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
         fprintf(stderr, "BN_mul %d * %d\n",a->top,b->top);
 #endif
 
-        bn_check_top(a);
-        bn_check_top(b);
-        bn_check_top(r);
 
         al = a->top;
         bl = b->top;
@@ -1092,7 +1089,6 @@ end:
                 BN_copy(r, rr);
         ret = 1;
 err:
-        bn_check_top(r);
         BN_CTX_end(ctx);
         return (ret);
 }
diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c
index bf3f931644..0ba288c46a 100644
--- a/src/lib/libcrypto/bn/bn_prime.c
+++ b/src/lib/libcrypto/bn/bn_prime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_prime.c,v 1.26 2022/11/09 22:52:51 tb Exp $ */
+/* $OpenBSD: bn_prime.c,v 1.27 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -232,7 +232,6 @@ BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
  err:
         BN_CTX_end(ctx);
         BN_CTX_free(ctx);
-        bn_check_top(ret);
 
         return found;
 }
@@ -288,7 +287,6 @@ loop:
         }
         if (!BN_add_word(rnd, delta))
                 return (0);
-        bn_check_top(rnd);
         return (1);
 }
 
@@ -338,7 +336,6 @@ loop:
 
 err:
         BN_CTX_end(ctx);
-        bn_check_top(rnd);
         return (ret);
 }
 
@@ -406,6 +403,5 @@ loop:
 
 err:
         BN_CTX_end(ctx);
-        bn_check_top(p);
         return (ret);
 }
diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c
index ad2e3ba16c..4576e25f49 100644
--- a/src/lib/libcrypto/bn/bn_print.c
+++ b/src/lib/libcrypto/bn/bn_print.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_print.c,v 1.35 2022/11/24 01:30:01 jsing Exp $ */
+/* $OpenBSD: bn_print.c,v 1.36 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -254,7 +254,6 @@ BN_hex2bn(BIGNUM **bn, const char *a)
         ret->neg = neg;
 
         *bn = ret;
-        bn_check_top(ret);
         return (num);
 
 err:
@@ -322,7 +321,6 @@ BN_dec2bn(BIGNUM **bn, const char *a)
 
         bn_correct_top(ret);
         *bn = ret;
-        bn_check_top(ret);
         return (num);
 
 err:
diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c
index b21692c949..17f1868350 100644
--- a/src/lib/libcrypto/bn/bn_rand.c
+++ b/src/lib/libcrypto/bn/bn_rand.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_rand.c,v 1.25 2021/08/31 11:19:19 tb Exp $ */
+/* $OpenBSD: bn_rand.c,v 1.26 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -190,7 +190,6 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 
 err:
         freezero(buf, bytes);
-        bn_check_top(rnd);
         return (ret);
 }
 
@@ -272,7 +271,6 @@ bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
                 } while (BN_cmp(r, range) >= 0);
         }
 
-        bn_check_top(r);
         return 1;
 }
 
diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c
index 6588d33033..8959f6bd3c 100644
--- a/src/lib/libcrypto/bn/bn_recp.c
+++ b/src/lib/libcrypto/bn/bn_recp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_recp.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: bn_recp.c,v 1.16 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -134,7 +134,6 @@ BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
 
 err:
         BN_CTX_end(ctx);
-        bn_check_top(r);
         return (ret);
 }
 
@@ -228,8 +227,6 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
 
 err:
         BN_CTX_end(ctx);
-        bn_check_top(dv);
-        bn_check_top(rem);
         return (ret);
 }
 
@@ -257,7 +254,6 @@ BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
         ret = len;
 
 err:
-        bn_check_top(r);
         BN_CTX_end(ctx);
         return (ret);
 }
diff --git a/src/lib/libcrypto/bn/bn_shift.c b/src/lib/libcrypto/bn/bn_shift.c
index e2612d1e9d..6dbaffb194 100644
--- a/src/lib/libcrypto/bn/bn_shift.c
+++ b/src/lib/libcrypto/bn/bn_shift.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_shift.c,v 1.15 2022/11/24 01:30:01 jsing Exp $ */
+/* $OpenBSD: bn_shift.c,v 1.16 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -69,8 +69,6 @@ BN_lshift1(BIGNUM *r, const BIGNUM *a)
         BN_ULONG *ap, *rp, t, c;
         int i;
 
-        bn_check_top(r);
-        bn_check_top(a);
 
         if (r != a) {
                 r->neg = a->neg;
@@ -93,7 +91,6 @@ BN_lshift1(BIGNUM *r, const BIGNUM *a)
                 *rp = 1;
                 r->top++;
         }
-        bn_check_top(r);
         return (1);
 }
 
@@ -103,8 +100,6 @@ BN_rshift1(BIGNUM *r, const BIGNUM *a)
         BN_ULONG *ap, *rp, t, c;
         int i, j;
 
-        bn_check_top(r);
-        bn_check_top(a);
 
         if (BN_is_zero(a)) {
                 BN_zero(r);
@@ -129,7 +124,6 @@ BN_rshift1(BIGNUM *r, const BIGNUM *a)
                 c = (t & 1) ? BN_TBIT : 0;
         }
         r->top = j;
-        bn_check_top(r);
         return (1);
 }
 
@@ -145,8 +139,6 @@ BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
                 return 0;
         }
 
-        bn_check_top(r);
-        bn_check_top(a);
 
         r->neg = a->neg;
         nw = n / BN_BITS2;
@@ -171,7 +163,6 @@ BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
                 t[i]=0;*/
         r->top = a->top + nw + 1;
         bn_correct_top(r);
-        bn_check_top(r);
         return (1);
 }
 
@@ -187,8 +178,6 @@ BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
                 return 0;
         }
 
-        bn_check_top(r);
-        bn_check_top(a);
 
         nw = n / BN_BITS2;
         rb = n % BN_BITS2;
@@ -225,6 +214,5 @@ BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
                 if ((l = (l >> rb) & BN_MASK2))
                         *(t) = l;
         }
-        bn_check_top(r);
         return (1);
 }
diff --git a/src/lib/libcrypto/bn/bn_sqr.c b/src/lib/libcrypto/bn/bn_sqr.c
index 36b3965207..80070831ab 100644
--- a/src/lib/libcrypto/bn/bn_sqr.c
+++ b/src/lib/libcrypto/bn/bn_sqr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_sqr.c,v 1.14 2022/11/24 01:30:01 jsing Exp $ */
+/* $OpenBSD: bn_sqr.c,v 1.15 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -72,7 +72,6 @@ BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 #ifdef BN_COUNT
         fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top);
 #endif
-        bn_check_top(a);
 
         al = a->top;
         if (al <= 0) {
@@ -145,8 +144,6 @@ BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
         ret = 1;
 
 err:
-        bn_check_top(rr);
-        bn_check_top(tmp);
         BN_CTX_end(ctx);
         return (ret);
 }
diff --git a/src/lib/libcrypto/bn/bn_sqrt.c b/src/lib/libcrypto/bn/bn_sqrt.c
index d9ab545496..e964c578e3 100644
--- a/src/lib/libcrypto/bn/bn_sqrt.c
+++ b/src/lib/libcrypto/bn/bn_sqrt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_sqrt.c,v 1.12 2022/11/19 12:25:23 tb Exp $ */
+/* $OpenBSD: bn_sqrt.c,v 1.13 2022/11/26 13:56:33 jsing Exp $ */
 /* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * and Bodo Moeller for the OpenSSL project. */
 /* ====================================================================
@@ -87,7 +87,6 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                                         BN_free(ret);
                                 return NULL;
                         }
-                        bn_check_top(ret);
                         return ret;
                 }
 
@@ -105,7 +104,6 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                                 BN_free(ret);
                         return NULL;
                 }
-                bn_check_top(ret);
                 return ret;
         }
 
@@ -407,6 +405,5 @@ end:
                 ret = NULL;
         }
         BN_CTX_end(ctx);
-        bn_check_top(ret);
         return ret;
 }
diff --git a/src/lib/libcrypto/bn/bn_word.c b/src/lib/libcrypto/bn/bn_word.c
index 683668c52d..9719808520 100644
--- a/src/lib/libcrypto/bn/bn_word.c
+++ b/src/lib/libcrypto/bn/bn_word.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_word.c,v 1.14 2022/11/24 01:30:01 jsing Exp $ */
+/* $OpenBSD: bn_word.c,v 1.15 2022/11/26 13:56:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -87,7 +87,6 @@ BN_mod_word(const BIGNUM *a, BN_ULONG w)
         }
 #endif
 
-        bn_check_top(a);
         w &= BN_MASK2;
         for (i = a->top - 1; i >= 0; i--) {
 #ifndef BN_LLONG
@@ -108,7 +107,6 @@ BN_div_word(BIGNUM *a, BN_ULONG w)
         BN_ULONG ret = 0;
         int i, j;
 
-        bn_check_top(a);
         w &= BN_MASK2;
 
         if (!w)
@@ -134,7 +132,6 @@ BN_div_word(BIGNUM *a, BN_ULONG w)
         if ((a->top > 0) && (a->d[a->top - 1] == 0))
                 a->top--;
         ret >>= j;
-        bn_check_top(a);
         return (ret);
 }
 
@@ -144,7 +141,6 @@ BN_add_word(BIGNUM *a, BN_ULONG w)
         BN_ULONG l;
         int i;
 
-        bn_check_top(a);
         w &= BN_MASK2;
 
         /* degenerate case: w is zero */
@@ -171,7 +167,6 @@ BN_add_word(BIGNUM *a, BN_ULONG w)
                 a->top++;
                 a->d[i] = w;
         }
-        bn_check_top(a);
         return (1);
 }
 
@@ -180,7 +175,6 @@ BN_sub_word(BIGNUM *a, BN_ULONG w)
 {
         int i;
 
-        bn_check_top(a);
         w &= BN_MASK2;
 
         /* degenerate case: w is zero */
@@ -219,7 +213,6 @@ BN_sub_word(BIGNUM *a, BN_ULONG w)
         }
         if ((a->d[i] == 0) && (i == (a->top - 1)))
                 a->top--;
-        bn_check_top(a);
         return (1);
 }
 
@@ -228,7 +221,6 @@ BN_mul_word(BIGNUM *a, BN_ULONG w)
 {
         BN_ULONG ll;
 
-        bn_check_top(a);
         w &= BN_MASK2;
         if (a->top) {
                 if (w == 0)
@@ -242,6 +234,5 @@ BN_mul_word(BIGNUM *a, BN_ULONG w)
                         }
                 }
         }
-        bn_check_top(a);
         return (1);
 }