Remove some easy BN_CTXs. Change-Id: Ie7ff03a2c5b2ae8f56816b02182df40ce7ca0065 Reviewed-on: https://boringssl-review.googlesource.com/c/33066 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/ec_extra/ec_asn1.c b/crypto/ec_extra/ec_asn1.c index bde6d0b..9d9a200 100644 --- a/crypto/ec_extra/ec_asn1.c +++ b/crypto/ec_extra/ec_asn1.c
@@ -160,7 +160,7 @@ } else { // Compute the public key instead. if (!ec_point_mul_scalar(group, ret->pub_key, &ret->priv_key->scalar, NULL, - NULL, NULL)) { + NULL)) { goto err; } // Remember the original private-key-only encoding.
diff --git a/crypto/ecdh_extra/ecdh_extra.c b/crypto/ecdh_extra/ecdh_extra.c index 7634ba5..80dcfb0 100644 --- a/crypto/ecdh_extra/ecdh_extra.c +++ b/crypto/ecdh_extra/ecdh_extra.c
@@ -105,7 +105,7 @@ goto err; } - if (!ec_point_mul_scalar(group, tmp, NULL, pub_key, priv, ctx)) { + if (!ec_point_mul_scalar(group, tmp, NULL, pub_key, priv)) { OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE); goto err; }
diff --git a/crypto/fipsmodule/ec/ec.c b/crypto/fipsmodule/ec/ec.c index 5d25550..a783b73 100644 --- a/crypto/fipsmodule/ec/ec.c +++ b/crypto/fipsmodule/ec/ec.c
@@ -871,7 +871,7 @@ p_scalar_arg = &p_scalar_storage; } - ret = ec_point_mul_scalar(group, r, g_scalar_arg, p, p_scalar_arg, ctx); + ret = ec_point_mul_scalar(group, r, g_scalar_arg, p, p_scalar_arg); err: BN_CTX_free(new_ctx); @@ -882,7 +882,7 @@ int ec_point_mul_scalar_public(const EC_GROUP *group, EC_POINT *r, const EC_SCALAR *g_scalar, const EC_POINT *p, - const EC_SCALAR *p_scalar, BN_CTX *ctx) { + const EC_SCALAR *p_scalar) { if ((g_scalar == NULL && p_scalar == NULL) || (p == NULL) != (p_scalar == NULL)) { OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); @@ -901,7 +901,7 @@ int ec_point_mul_scalar(const EC_GROUP *group, EC_POINT *r, const EC_SCALAR *g_scalar, const EC_POINT *p, - const EC_SCALAR *p_scalar, BN_CTX *ctx) { + const EC_SCALAR *p_scalar) { if ((g_scalar == NULL && p_scalar == NULL) || (p == NULL) != (p_scalar == NULL)) { OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
diff --git a/crypto/fipsmodule/ec/ec_key.c b/crypto/fipsmodule/ec/ec_key.c index a6d4697..defd77c 100644 --- a/crypto/fipsmodule/ec/ec_key.c +++ b/crypto/fipsmodule/ec/ec_key.c
@@ -323,7 +323,7 @@ point = EC_POINT_new(eckey->group); if (point == NULL || !ec_point_mul_scalar(eckey->group, point, &eckey->priv_key->scalar, - NULL, NULL, ctx)) { + NULL, NULL)) { OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } @@ -413,7 +413,7 @@ // Generate the private key by testing candidates (FIPS 186-4 B.4.2). !ec_random_nonzero_scalar(key->group, &priv_key->scalar, kDefaultAdditionalData) || - !ec_point_mul_scalar(key->group, pub_key, &priv_key->scalar, NULL, NULL, + !ec_point_mul_scalar(key->group, pub_key, &priv_key->scalar, NULL, NULL)) { EC_POINT_free(pub_key); ec_wrapped_scalar_free(priv_key);
diff --git a/crypto/fipsmodule/ec/ec_test.cc b/crypto/fipsmodule/ec/ec_test.cc index d2cd5f5..d45a52f 100644 --- a/crypto/fipsmodule/ec/ec_test.cc +++ b/crypto/fipsmodule/ec/ec_test.cc
@@ -726,8 +726,7 @@ EC_SCALAR one; ASSERT_TRUE(ec_bignum_to_scalar(group(), &one, BN_value_one())); - ASSERT_TRUE( - ec_point_mul_scalar_public(group(), p.get(), &one, g, &one, nullptr)); + ASSERT_TRUE(ec_point_mul_scalar_public(group(), p.get(), &one, g, &one)); EXPECT_EQ(0, EC_POINT_cmp(group(), p.get(), two_g.get(), nullptr)); } @@ -873,7 +872,7 @@ ASSERT_TRUE(ec_bignum_to_scalar(group.get(), &a_scalar, a.get())); ASSERT_TRUE(ec_bignum_to_scalar(group.get(), &b_scalar, b.get())); ASSERT_TRUE(ec_point_mul_scalar_public(group.get(), p.get(), &a_scalar, g, - &b_scalar, ctx.get())); + &b_scalar)); check_point(p.get()); } #endif
diff --git a/crypto/fipsmodule/ec/internal.h b/crypto/fipsmodule/ec/internal.h index d604f4d..89e945c 100644 --- a/crypto/fipsmodule/ec/internal.h +++ b/crypto/fipsmodule/ec/internal.h
@@ -314,14 +314,14 @@ // the order. int ec_point_mul_scalar(const EC_GROUP *group, EC_POINT *r, const EC_SCALAR *g_scalar, const EC_POINT *p, - const EC_SCALAR *p_scalar, BN_CTX *ctx); + const EC_SCALAR *p_scalar); // ec_point_mul_scalar_public performs the same computation as // ec_point_mul_scalar. It further assumes that the inputs are public so // there is no concern about leaking their values through timing. OPENSSL_EXPORT int ec_point_mul_scalar_public( const EC_GROUP *group, EC_POINT *r, const EC_SCALAR *g_scalar, - const EC_POINT *p, const EC_SCALAR *p_scalar, BN_CTX *ctx); + const EC_POINT *p, const EC_SCALAR *p_scalar); // ec_cmp_x_coordinate compares the x (affine) coordinate of |p|, mod the group // order, with |r|. It returns one if the values match and zero if |p| is the
diff --git a/crypto/fipsmodule/ecdh/ecdh.c b/crypto/fipsmodule/ecdh/ecdh.c index cd9d7ea..726fa6d 100644 --- a/crypto/fipsmodule/ecdh/ecdh.c +++ b/crypto/fipsmodule/ecdh/ecdh.c
@@ -104,7 +104,7 @@ goto err; } - if (!ec_point_mul_scalar(group, shared_point, NULL, pub_key, priv, ctx)) { + if (!ec_point_mul_scalar(group, shared_point, NULL, pub_key, priv)) { OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE); goto err; }
diff --git a/crypto/fipsmodule/ecdsa/ecdsa.c b/crypto/fipsmodule/ecdsa/ecdsa.c index 96f9dc5..6d5d388 100644 --- a/crypto/fipsmodule/ecdsa/ecdsa.c +++ b/crypto/fipsmodule/ecdsa/ecdsa.c
@@ -173,18 +173,13 @@ ec_scalar_mul_montgomery(group, &u1, &m, &s_inv_mont); ec_scalar_mul_montgomery(group, &u2, &r, &s_inv_mont); - BN_CTX *ctx = BN_CTX_new(); - if (!ctx) { - OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); - return 0; - } int ret = 0; EC_POINT *point = EC_POINT_new(group); if (point == NULL) { OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); goto err; } - if (!ec_point_mul_scalar_public(group, point, &u1, pub_key, &u2, ctx)) { + if (!ec_point_mul_scalar_public(group, point, &u1, pub_key, &u2)) { OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); goto err; } @@ -197,15 +192,13 @@ ret = 1; err: - BN_CTX_free(ctx); EC_POINT_free(point); return ret; } -static int ecdsa_sign_setup(const EC_KEY *eckey, BN_CTX *ctx, - EC_SCALAR *out_kinv_mont, EC_SCALAR *out_r, - const uint8_t *digest, size_t digest_len, - const EC_SCALAR *priv_key) { +static int ecdsa_sign_setup(const EC_KEY *eckey, EC_SCALAR *out_kinv_mont, + EC_SCALAR *out_r, const uint8_t *digest, + size_t digest_len, const EC_SCALAR *priv_key) { // Check that the size of the group order is FIPS compliant (FIPS 186-4 // B.5.2). const EC_GROUP *group = EC_KEY_get0_group(eckey); @@ -253,7 +246,7 @@ ec_scalar_from_montgomery(group, out_kinv_mont, out_kinv_mont); // Compute r, the x-coordinate of generator * k. - if (!ec_point_mul_scalar(group, tmp_point, &k, NULL, NULL, ctx) || + if (!ec_point_mul_scalar(group, tmp_point, &k, NULL, NULL) || !ec_get_x_coordinate_as_scalar(group, out_r, &tmp_point->raw)) { goto err; } @@ -284,16 +277,15 @@ int ok = 0; ECDSA_SIG *ret = ECDSA_SIG_new(); - BN_CTX *ctx = BN_CTX_new(); EC_SCALAR kinv_mont, r_mont, s, m, tmp; - if (ret == NULL || ctx == NULL) { + if (ret == NULL) { OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); return NULL; } digest_to_scalar(group, &m, digest, digest_len); for (;;) { - if (!ecdsa_sign_setup(eckey, ctx, &kinv_mont, &r_mont, digest, digest_len, + if (!ecdsa_sign_setup(eckey, &kinv_mont, &r_mont, digest, digest_len, priv_key) || !bn_set_words(ret->r, r_mont.words, order->width)) { goto err; @@ -327,7 +319,6 @@ ECDSA_SIG_free(ret); ret = NULL; } - BN_CTX_free(ctx); OPENSSL_cleanse(&kinv_mont, sizeof(kinv_mont)); OPENSSL_cleanse(&r_mont, sizeof(r_mont)); OPENSSL_cleanse(&s, sizeof(s));