DO NOT MERGE
Constify more BN_MONT_CTX parameters.
Most functions can take this in as const. Note this changes an
RSA_METHOD hook, though one I would not expect anyone to override.
This is cherry-picked so the next cherry-pick will apply cleanly.
(cherry picked from commit e82e6f6696127e660584d5809d72046b87a81cb1)
Bug: 33752052
Change-Id: I2ca484dcb92498b7c258bcd13465b8bb1677b3aa
(cherry picked from commit 8ed10fb2bfd217d40084717b1fbd848f95fa7822)
diff --git a/src/crypto/bn/exponentiation.c b/src/crypto/bn/exponentiation.c
index d3063c9..187b49c 100644
--- a/src/crypto/bn/exponentiation.c
+++ b/src/crypto/bn/exponentiation.c
@@ -602,17 +602,17 @@
}
int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) {
+ const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont) {
int i, j, bits, ret = 0, wstart, window;
int start = 1;
BIGNUM *d, *r;
const BIGNUM *aa;
/* Table of variables obtained from 'ctx' */
BIGNUM *val[TABLE_SIZE];
- BN_MONT_CTX *mont = NULL;
+ BN_MONT_CTX *new_mont = NULL;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
- return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+ return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, mont);
}
if (!BN_is_odd(m)) {
@@ -633,18 +633,13 @@
goto err;
}
- /* If this is not done, things will break in the montgomery part */
-
- if (in_mont != NULL) {
- mont = in_mont;
- } else {
- mont = BN_MONT_CTX_new();
- if (mont == NULL) {
+ /* Allocate a montgomery context if it was not supplied by the caller. */
+ if (mont == NULL) {
+ new_mont = BN_MONT_CTX_new();
+ if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) {
goto err;
}
- if (!BN_MONT_CTX_set(mont, m, ctx)) {
- goto err;
- }
+ mont = new_mont;
}
if (a->neg || BN_ucmp(a, m) >= 0) {
@@ -763,9 +758,7 @@
ret = 1;
err:
- if (in_mont == NULL) {
- BN_MONT_CTX_free(mont);
- }
+ BN_MONT_CTX_free(new_mont);
BN_CTX_end(ctx);
return ret;
}
@@ -1202,8 +1195,9 @@
}
int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) {
- BN_MONT_CTX *mont = NULL;
+ const BIGNUM *m, BN_CTX *ctx,
+ const BN_MONT_CTX *mont) {
+ BN_MONT_CTX *new_mont = NULL;
int b, bits, ret = 0;
int r_is_one;
BN_ULONG w, next_w;
@@ -1262,13 +1256,13 @@
goto err;
}
- if (in_mont != NULL) {
- mont = in_mont;
- } else {
- mont = BN_MONT_CTX_new();
- if (mont == NULL || !BN_MONT_CTX_set(mont, m, ctx)) {
+ /* Allocate a montgomery context if it was not supplied by the caller. */
+ if (mont == NULL) {
+ new_mont = BN_MONT_CTX_new();
+ if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) {
goto err;
}
+ mont = new_mont;
}
r_is_one = 1; /* except for Montgomery factor */
@@ -1350,9 +1344,7 @@
ret = 1;
err:
- if (in_mont == NULL) {
- BN_MONT_CTX_free(mont);
- }
+ BN_MONT_CTX_free(new_mont);
BN_CTX_end(ctx);
return ret;
}
@@ -1361,7 +1353,7 @@
int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont) {
+ BN_CTX *ctx, const BN_MONT_CTX *mont) {
int i, j, bits, b, bits1, bits2, ret = 0, wpos1, wpos2, window1, window2,
wvalue1, wvalue2;
int r_is_one = 1;
@@ -1369,7 +1361,7 @@
const BIGNUM *a_mod_m;
/* Tables of variables obtained from 'ctx' */
BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
- BN_MONT_CTX *mont = NULL;
+ BN_MONT_CTX *new_mont = NULL;
if (!(m->d[0] & 1)) {
OPENSSL_PUT_ERROR(BN, BN_mod_exp2_mont, BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -1393,16 +1385,13 @@
goto err;
}
- if (in_mont != NULL) {
- mont = in_mont;
- } else {
- mont = BN_MONT_CTX_new();
- if (mont == NULL) {
+ /* Allocate a montgomery context if it was not supplied by the caller. */
+ if (mont == NULL) {
+ new_mont = BN_MONT_CTX_new();
+ if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) {
goto err;
}
- if (!BN_MONT_CTX_set(mont, m, ctx)) {
- goto err;
- }
+ mont = new_mont;
}
window1 = BN_window_bits_for_exponent_size(bits1);
@@ -1554,9 +1543,7 @@
ret = 1;
err:
- if (in_mont == NULL) {
- BN_MONT_CTX_free(mont);
- }
+ BN_MONT_CTX_free(new_mont);
BN_CTX_end(ctx);
return ret;
}
diff --git a/src/crypto/bn/montgomery.c b/src/crypto/bn/montgomery.c
index 152cf2d..4eacfd3 100644
--- a/src/crypto/bn/montgomery.c
+++ b/src/crypto/bn/montgomery.c
@@ -154,7 +154,7 @@
}
}
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) {
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, const BN_MONT_CTX *from) {
if (to == from) {
return to;
}
diff --git a/src/crypto/rsa/blinding.c b/src/crypto/rsa/blinding.c
index 245142b..38e1f79 100644
--- a/src/crypto/rsa/blinding.c
+++ b/src/crypto/rsa/blinding.c
@@ -127,9 +127,11 @@
BIGNUM *mod; /* just a reference */
int counter;
unsigned long flags;
- BN_MONT_CTX *m_ctx;
+ /* mont is the Montgomery context used for this |BN_BLINDING|. It is not
+ * owned and must outlive this structure. */
+ const BN_MONT_CTX *mont;
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont);
};
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) {
@@ -284,8 +286,8 @@
BN_BLINDING *BN_BLINDING_create_param(
BN_BLINDING *b, const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx) {
+ const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont),
+ const BN_MONT_CTX *mont) {
int retry_counter = 32;
BN_BLINDING *ret = NULL;
@@ -317,8 +319,8 @@
if (bn_mod_exp != NULL) {
ret->bn_mod_exp = bn_mod_exp;
}
- if (m_ctx != NULL) {
- ret->m_ctx = m_ctx;
+ if (mont != NULL) {
+ ret->mont = mont;
}
do {
@@ -343,8 +345,8 @@
}
} while (1);
- if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
- if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) {
+ if (ret->bn_mod_exp != NULL && ret->mont != NULL) {
+ if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->mont)) {
goto err;
}
} else {
diff --git a/src/crypto/rsa/internal.h b/src/crypto/rsa/internal.h
index d15f2a5..a4d27f6 100644
--- a/src/crypto/rsa/internal.h
+++ b/src/crypto/rsa/internal.h
@@ -86,8 +86,8 @@
BN_BLINDING *BN_BLINDING_create_param(
BN_BLINDING *b, const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx);
+ const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont),
+ const BN_MONT_CTX *mont);
BN_BLINDING *rsa_setup_blinding(RSA *rsa, BN_CTX *in_ctx);
diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h
index ec1c8ff..1e6c74d 100644
--- a/src/include/openssl/bn.h
+++ b/src/include/openssl/bn.h
@@ -717,7 +717,7 @@
/* BN_MONT_CTX_copy sets |to| equal to |from|. It returns |to| on success or
* NULL on error. */
OPENSSL_EXPORT BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,
- BN_MONT_CTX *from);
+ const BN_MONT_CTX *from);
/* BN_MONT_CTX_set sets up a Montgomery context given the modulus, |mod|. It
* returns one on success and zero on error. */
@@ -767,7 +767,7 @@
OPENSSL_EXPORT int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
+ const BN_MONT_CTX *mont);
OPENSSL_EXPORT int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
@@ -775,11 +775,11 @@
OPENSSL_EXPORT int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
+ const BN_MONT_CTX *mont);
OPENSSL_EXPORT int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1,
const BIGNUM *p1, const BIGNUM *a2,
const BIGNUM *p2, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ BN_CTX *ctx, const BN_MONT_CTX *mont);
/* Private functions */
diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h
index 9b415d7..f1ed8e0 100644
--- a/src/include/openssl/rsa.h
+++ b/src/include/openssl/rsa.h
@@ -444,7 +444,7 @@
BN_CTX *ctx); /* Can be null */
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
+ const BN_MONT_CTX *mont);
int flags;