From 2a03b7cb56aaed711ed59aee8972dbd1c4129344 Mon Sep 17 00:00:00 2001 From: tb <> Date: Wed, 22 Jan 2025 10:08:10 +0000 Subject: Split BN_mod_sqr_reciprocal() out of BN_mod_mul_reciprocal() There's no need for BN_mod_mul_reciprocal() to have this complication. The caller knows when x == y, so place the burden on the caller. This simplifies both the caller side and the implementation in bn_recp.c. ok jsing --- src/lib/libcrypto/bn/bn_exp.c | 8 ++++---- src/lib/libcrypto/bn/bn_local.h | 4 +++- src/lib/libcrypto/bn/bn_recp.c | 30 ++++++++++++------------------ 3 files changed, 19 insertions(+), 23 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c index 8ff518e938..129c12495c 100644 --- a/src/lib/libcrypto/bn/bn_exp.c +++ b/src/lib/libcrypto/bn/bn_exp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_exp.c,v 1.54 2025/01/21 15:44:22 tb Exp $ */ +/* $OpenBSD: bn_exp.c,v 1.55 2025/01/22 10:08:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1023,7 +1023,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, window = BN_window_bits_for_exponent_size(bits); if (window > 1) { - if (!BN_mod_mul_reciprocal(aa, val[0], val[0], recp, ctx)) + if (!BN_mod_sqr_reciprocal(aa, val[0], recp, ctx)) goto err; j = 1 << (window - 1); for (i = 1; i < j; i++) { @@ -1047,7 +1047,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, for (;;) { if (BN_is_bit_set(q, wstart) == 0) { if (!start) - if (!BN_mod_mul_reciprocal(r, r, r, recp, ctx)) + if (!BN_mod_sqr_reciprocal(r, r, recp, ctx)) goto err; if (wstart == 0) break; @@ -1076,7 +1076,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, /* add the 'bytes above' */ if (!start) for (i = 0; i < j; i++) { - if (!BN_mod_mul_reciprocal(r, r, r, recp, ctx)) + if (!BN_mod_sqr_reciprocal(r, r, recp, ctx)) goto err; } diff --git a/src/lib/libcrypto/bn/bn_local.h b/src/lib/libcrypto/bn/bn_local.h index 2042e0b193..d9389995f7 100644 --- a/src/lib/libcrypto/bn/bn_local.h +++ b/src/lib/libcrypto/bn/bn_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_local.h,v 1.46 2025/01/21 15:44:22 tb Exp $ */ +/* $OpenBSD: bn_local.h,v 1.47 2025/01/22 10:08:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -277,6 +277,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp, BN_CTX *ctx); int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, BN_RECP_CTX *recp, BN_CTX *ctx); +int BN_mod_sqr_reciprocal(BIGNUM *r, const BIGNUM *x, BN_RECP_CTX *recp, + BN_CTX *ctx); int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c index 8dd6b8af65..bf38380710 100644 --- a/src/lib/libcrypto/bn/bn_recp.c +++ b/src/lib/libcrypto/bn/bn_recp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_recp.c,v 1.27 2025/01/22 09:39:56 tb Exp $ */ +/* $OpenBSD: bn_recp.c,v 1.28 2025/01/22 10:08:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -230,24 +230,18 @@ int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, BN_RECP_CTX *recp, BN_CTX *ctx) { - int ret = 0; - BIGNUM *a; + if (!BN_mul(r, x, y, ctx)) + return 0; - BN_CTX_start(ctx); - if ((a = BN_CTX_get(ctx)) == NULL) - goto err; - - if (x == y) { - if (!BN_sqr(a, x, ctx)) - goto err; - } else { - if (!BN_mul(a, x, y, ctx)) - goto err; - } + return BN_div_recp(NULL, r, r, recp, ctx); +} - ret = BN_div_recp(NULL, r, a, recp, ctx); +/* Compute r = x^2 % m. */ +int +BN_mod_sqr_reciprocal(BIGNUM *r, const BIGNUM *x, BN_RECP_CTX *recp, BN_CTX *ctx) +{ + if (!BN_sqr(r, x, ctx)) + return 0; -err: - BN_CTX_end(ctx); - return ret; + return BN_div_recp(NULL, r, r, recp, ctx); } -- cgit v1.2.3-55-g6feb