From 9265252033e95a736d43b21bf2437b3629938ed4 Mon Sep 17 00:00:00 2001 From: tb <> Date: Wed, 22 Jan 2025 12:53:16 +0000 Subject: bn_recp: Avoid complication for negative moduli Instead of doing a weird dance, set the sign on N in BN_RECP_CTX_create(). Since we're not exposing a general purpose calculator API, we can simplify. ok jsing --- src/lib/libcrypto/bn/bn_exp.c | 15 +++------------ src/lib/libcrypto/bn/bn_recp.c | 3 ++- 2 files changed, 5 insertions(+), 13 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c index 129c12495c..2aa41f8658 100644 --- a/src/lib/libcrypto/bn/bn_exp.c +++ b/src/lib/libcrypto/bn/bn_exp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_exp.c,v 1.55 2025/01/22 10:08:10 tb Exp $ */ +/* $OpenBSD: bn_exp.c,v 1.56 2025/01/22 12:53:16 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1000,17 +1000,8 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, if ((val[0] = BN_CTX_get(ctx)) == NULL) goto err; - if (m->neg) { - /* ignore sign of 'm' */ - if (!bn_copy(aa, m)) - goto err; - aa->neg = 0; - if ((recp = BN_RECP_CTX_create(aa)) == 0) - goto err; - } else { - if ((recp = BN_RECP_CTX_create(m)) == 0) - goto err; - } + if ((recp = BN_RECP_CTX_create(m)) == NULL) + goto err; if (!BN_nnmod(val[0], a, m, ctx)) goto err; diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c index 6277b06dab..8f917e95db 100644 --- a/src/lib/libcrypto/bn/bn_recp.c +++ b/src/lib/libcrypto/bn/bn_recp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_recp.c,v 1.29 2025/01/22 10:12:01 tb Exp $ */ +/* $OpenBSD: bn_recp.c,v 1.30 2025/01/22 12:53:16 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -79,6 +79,7 @@ BN_RECP_CTX_create(const BIGNUM *N) if ((recp->N = BN_dup(N)) == NULL) goto err; + BN_set_negative(recp->N, 0); recp->num_bits = BN_num_bits(recp->N); if ((recp->Nr = BN_new()) == NULL) -- cgit v1.2.3-55-g6feb