From bc6dc1ff28111bbeaccd1e4fbf2ba86016af9563 Mon Sep 17 00:00:00 2001 From: tb <> Date: Tue, 21 Jan 2025 15:44:22 +0000 Subject: Move BN_RECP_CTX to the heap This introduces a BN_RECP_CTX_create() function that allocates and populates the BN_RECP_CTX in a single call, without taking an unused BN_CTX argument. At the same time, make the N and Nr members BIGNUMs on the heap which are allocated by BN_RECP_CTX_create() and freed by BN_RECP_CTX_free() and remove the unnecessary flags argument. Garbage collect the now unused BN_RECP_CTX_{new,init,set}(). ok jsing --- src/lib/libcrypto/bn/bn_exp.c | 22 ++++++------ src/lib/libcrypto/bn/bn_local.h | 19 +++-------- src/lib/libcrypto/bn/bn_recp.c | 74 +++++++++++++++++++---------------------- 3 files changed, 48 insertions(+), 67 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c index c51296c3c3..8ff518e938 100644 --- a/src/lib/libcrypto/bn/bn_exp.c +++ b/src/lib/libcrypto/bn/bn_exp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_exp.c,v 1.53 2024/04/10 14:58:06 beck Exp $ */ +/* $OpenBSD: bn_exp.c,v 1.54 2025/01/21 15:44:22 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -972,7 +972,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BIGNUM *aa, *q; /* Table of variables obtained from 'ctx' */ BIGNUM *val[TABLE_SIZE]; - BN_RECP_CTX recp; + BN_RECP_CTX *recp = NULL; int ret = 0; if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { @@ -992,8 +992,6 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, return ret; } - BN_RECP_CTX_init(&recp); - BN_CTX_start(ctx); if ((aa = BN_CTX_get(ctx)) == NULL) goto err; @@ -1007,10 +1005,10 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, if (!bn_copy(aa, m)) goto err; aa->neg = 0; - if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0) + if ((recp = BN_RECP_CTX_create(aa)) == 0) goto err; } else { - if (BN_RECP_CTX_set(&recp, m, ctx) <= 0) + if ((recp = BN_RECP_CTX_create(m)) == 0) goto err; } @@ -1025,13 +1023,13 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, window = BN_window_bits_for_exponent_size(bits); if (window > 1) { - if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx)) + if (!BN_mod_mul_reciprocal(aa, val[0], val[0], recp, ctx)) goto err; j = 1 << (window - 1); for (i = 1; i < j; i++) { if (((val[i] = BN_CTX_get(ctx)) == NULL) || !BN_mod_mul_reciprocal(val[i], val[i - 1], - aa, &recp, ctx)) + aa, recp, ctx)) goto err; } } @@ -1049,7 +1047,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, for (;;) { if (BN_is_bit_set(q, wstart) == 0) { if (!start) - if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) + if (!BN_mod_mul_reciprocal(r, r, r, recp, ctx)) goto err; if (wstart == 0) break; @@ -1078,12 +1076,12 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, /* add the 'bytes above' */ if (!start) for (i = 0; i < j; i++) { - if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) + if (!BN_mod_mul_reciprocal(r, r, r, recp, ctx)) goto err; } /* wvalue will be an odd number < 2^window */ - if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx)) + if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], recp, ctx)) goto err; /* move the 'window' down further */ @@ -1099,7 +1097,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, err: BN_CTX_end(ctx); - BN_RECP_CTX_free(&recp); + BN_RECP_CTX_free(recp); return ret; } diff --git a/src/lib/libcrypto/bn/bn_local.h b/src/lib/libcrypto/bn/bn_local.h index 310cce2a0e..2042e0b193 100644 --- a/src/lib/libcrypto/bn/bn_local.h +++ b/src/lib/libcrypto/bn/bn_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_local.h,v 1.45 2025/01/06 13:47:37 tb Exp $ */ +/* $OpenBSD: bn_local.h,v 1.46 2025/01/21 15:44:22 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -138,16 +138,7 @@ struct bn_mont_ctx_st { int flags; }; -/* Used for reciprocal division/mod functions - * It cannot be shared between threads - */ -typedef struct bn_recp_ctx_st { - BIGNUM N; /* the divisor */ - BIGNUM Nr; /* the reciprocal */ - int num_bits; - int shift; - int flags; -} BN_RECP_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; /* Used for slow "generation" functions. */ struct bn_gencb_st { @@ -280,10 +271,8 @@ int bn_rand_interval(BIGNUM *rnd, BN_ULONG lower_word, const BIGNUM *upper_exc); void BN_init(BIGNUM *); -void BN_RECP_CTX_init(BN_RECP_CTX *recp); -BN_RECP_CTX *BN_RECP_CTX_new(void); -void BN_RECP_CTX_free(BN_RECP_CTX *recp); -int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); +BN_RECP_CTX *BN_RECP_CTX_create(const BIGNUM *N); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp, BN_CTX *ctx); int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c index 44c5b05e4d..e7484f9f4b 100644 --- a/src/lib/libcrypto/bn/bn_recp.c +++ b/src/lib/libcrypto/bn/bn_recp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_recp.c,v 1.25 2025/01/08 20:21:28 tb Exp $ */ +/* $OpenBSD: bn_recp.c,v 1.26 2025/01/21 15:44:22 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,26 +62,34 @@ #include "bn_local.h" -void -BN_RECP_CTX_init(BN_RECP_CTX *recp) -{ - BN_init(&recp->N); - BN_init(&recp->Nr); - recp->num_bits = 0; - recp->flags = 0; -} +struct bn_recp_ctx_st { + BIGNUM *N; /* the divisor */ + BIGNUM *Nr; /* the reciprocal 2^shift / N */ + int num_bits; /* number of bits in N */ + int shift; +} /* BN_RECP_CTX */; BN_RECP_CTX * -BN_RECP_CTX_new(void) +BN_RECP_CTX_create(const BIGNUM *N) { - BN_RECP_CTX *ret; + BN_RECP_CTX *recp; - if ((ret = malloc(sizeof(BN_RECP_CTX))) == NULL) - return NULL; + if ((recp = calloc(1, sizeof(*recp))) == NULL) + goto err; - BN_RECP_CTX_init(ret); - ret->flags = BN_FLG_MALLOCED; - return ret; + if ((recp->N = BN_dup(N)) == NULL) + goto err; + recp->num_bits = BN_num_bits(recp->N); + + if ((recp->Nr = BN_new()) == NULL) + goto err; + + return recp; + + err: + BN_RECP_CTX_free(recp); + + return NULL; } void @@ -90,23 +98,9 @@ BN_RECP_CTX_free(BN_RECP_CTX *recp) if (recp == NULL) return; - BN_free(&recp->N); - BN_free(&recp->Nr); - if (recp->flags & BN_FLG_MALLOCED) - free(recp); -} - -int -BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) -{ - if (!bn_copy(&recp->N, d)) - return 0; - recp->num_bits = BN_num_bits(&recp->N); - - BN_zero(&recp->Nr); - recp->shift = 0; - - return 1; + BN_free(recp->N); + BN_free(recp->Nr); + freezero(recp, sizeof(*recp)); } /* len is the expected size of the result @@ -158,7 +152,7 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp, if (a == NULL || b == NULL || d == NULL || r == NULL) goto err; - if (BN_ucmp(m, &recp->N) < 0) { + if (BN_ucmp(m, recp->N) < 0) { BN_zero(d); if (!bn_copy(r, m)) { BN_CTX_end(ctx); @@ -182,7 +176,7 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp, /* Nr := round(2^i / N) */ if (i != recp->shift) - recp->shift = BN_reciprocal(&recp->Nr, &recp->N, i, ctx); + recp->shift = BN_reciprocal(recp->Nr, recp->N, i, ctx); /* BN_reciprocal returns i, or -1 for an error */ if (recp->shift == -1) @@ -195,13 +189,13 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp, */ if (!BN_rshift(a, m, recp->num_bits)) goto err; - if (!BN_mul(b, a, &recp->Nr, ctx)) + if (!BN_mul(b, a, recp->Nr, ctx)) goto err; if (!BN_rshift(d, b, i - recp->num_bits)) goto err; d->neg = 0; - if (!BN_mul(b, &recp->N, d, ctx)) + if (!BN_mul(b, recp->N, d, ctx)) goto err; if (!BN_usub(r, m, b)) goto err; @@ -209,12 +203,12 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp, #if 1 j = 0; - while (BN_ucmp(r, &recp->N) >= 0) { + while (BN_ucmp(r, recp->N) >= 0) { if (j++ > 2) { BNerror(BN_R_BAD_RECIPROCAL); goto err; } - if (!BN_usub(r, r, &recp->N)) + if (!BN_usub(r, r, recp->N)) goto err; if (!BN_add_word(d, 1)) goto err; @@ -222,7 +216,7 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp, #endif BN_set_negative(r, m->neg); - BN_set_negative(d, m->neg ^ recp->N.neg); + BN_set_negative(d, m->neg ^ recp->N->neg); ret = 1; -- cgit v1.2.3-55-g6feb