Constify more BN_MONT_CTX parameters.
Most functions can take this in as const. Note this changes an
RSA_METHOD hook, though one I would not expect anyone to override.
Change-Id: Ib70ae65e5876b01169bdc594e465e3e3c4319a8b
Reviewed-on: https://boringssl-review.googlesource.com/6419
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/bn/exponentiation.c b/crypto/bn/exponentiation.c
index a24bb2e..c580248 100644
--- a/crypto/bn/exponentiation.c
+++ b/crypto/bn/exponentiation.c
@@ -613,17 +613,17 @@
}
int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) {
+ const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont) {
int i, j, bits, ret = 0, wstart, window;
int start = 1;
BIGNUM *d, *r;
const BIGNUM *aa;
/* Table of variables obtained from 'ctx' */
BIGNUM *val[TABLE_SIZE];
- BN_MONT_CTX *mont = NULL;
+ BN_MONT_CTX *new_mont = NULL;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
- return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+ return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, mont);
}
if (!BN_is_odd(m)) {
@@ -644,18 +644,13 @@
goto err;
}
- /* If this is not done, things will break in the montgomery part */
-
- if (in_mont != NULL) {
- mont = in_mont;
- } else {
- mont = BN_MONT_CTX_new();
- if (mont == NULL) {
+ /* Allocate a montgomery context if it was not supplied by the caller. */
+ if (mont == NULL) {
+ new_mont = BN_MONT_CTX_new();
+ if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) {
goto err;
}
- if (!BN_MONT_CTX_set(mont, m, ctx)) {
- goto err;
- }
+ mont = new_mont;
}
if (a->neg || BN_ucmp(a, m) >= 0) {
@@ -774,9 +769,7 @@
ret = 1;
err:
- if (in_mont == NULL) {
- BN_MONT_CTX_free(mont);
- }
+ BN_MONT_CTX_free(new_mont);
BN_CTX_end(ctx);
return ret;
}
@@ -1198,8 +1191,9 @@
}
int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) {
- BN_MONT_CTX *mont = NULL;
+ const BIGNUM *m, BN_CTX *ctx,
+ const BN_MONT_CTX *mont) {
+ BN_MONT_CTX *new_mont = NULL;
int b, bits, ret = 0;
int r_is_one;
BN_ULONG w, next_w;
@@ -1257,13 +1251,13 @@
goto err;
}
- if (in_mont != NULL) {
- mont = in_mont;
- } else {
- mont = BN_MONT_CTX_new();
- if (mont == NULL || !BN_MONT_CTX_set(mont, m, ctx)) {
+ /* Allocate a montgomery context if it was not supplied by the caller. */
+ if (mont == NULL) {
+ new_mont = BN_MONT_CTX_new();
+ if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) {
goto err;
}
+ mont = new_mont;
}
r_is_one = 1; /* except for Montgomery factor */
@@ -1345,9 +1339,7 @@
ret = 1;
err:
- if (in_mont == NULL) {
- BN_MONT_CTX_free(mont);
- }
+ BN_MONT_CTX_free(new_mont);
BN_CTX_end(ctx);
return ret;
}
@@ -1356,7 +1348,7 @@
int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont) {
+ BN_CTX *ctx, const BN_MONT_CTX *mont) {
int i, j, bits, b, bits1, bits2, ret = 0, wpos1, wpos2, window1, window2,
wvalue1, wvalue2;
int r_is_one = 1;
@@ -1364,7 +1356,7 @@
const BIGNUM *a_mod_m;
/* Tables of variables obtained from 'ctx' */
BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
- BN_MONT_CTX *mont = NULL;
+ BN_MONT_CTX *new_mont = NULL;
if (!(m->d[0] & 1)) {
OPENSSL_PUT_ERROR(BN, BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -1388,16 +1380,13 @@
goto err;
}
- if (in_mont != NULL) {
- mont = in_mont;
- } else {
- mont = BN_MONT_CTX_new();
- if (mont == NULL) {
+ /* Allocate a montgomery context if it was not supplied by the caller. */
+ if (mont == NULL) {
+ new_mont = BN_MONT_CTX_new();
+ if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) {
goto err;
}
- if (!BN_MONT_CTX_set(mont, m, ctx)) {
- goto err;
- }
+ mont = new_mont;
}
window1 = BN_window_bits_for_exponent_size(bits1);
@@ -1549,9 +1538,7 @@
ret = 1;
err:
- if (in_mont == NULL) {
- BN_MONT_CTX_free(mont);
- }
+ BN_MONT_CTX_free(new_mont);
BN_CTX_end(ctx);
return ret;
}
diff --git a/crypto/bn/montgomery.c b/crypto/bn/montgomery.c
index 3fec7e3..db673a1 100644
--- a/crypto/bn/montgomery.c
+++ b/crypto/bn/montgomery.c
@@ -149,7 +149,7 @@
OPENSSL_free(mont);
}
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) {
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, const BN_MONT_CTX *from) {
if (to == from) {
return to;
}
diff --git a/crypto/rsa/blinding.c b/crypto/rsa/blinding.c
index b6a06c8..d21633f 100644
--- a/crypto/rsa/blinding.c
+++ b/crypto/rsa/blinding.c
@@ -127,9 +127,11 @@
BIGNUM *mod; /* just a reference */
int counter;
unsigned long flags;
- BN_MONT_CTX *m_ctx;
+ /* mont is the Montgomery context used for this |BN_BLINDING|. It is not
+ * owned and must outlive this structure. */
+ const BN_MONT_CTX *mont;
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont);
};
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) {
@@ -284,8 +286,8 @@
BN_BLINDING *BN_BLINDING_create_param(
BN_BLINDING *b, const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx) {
+ const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont),
+ const BN_MONT_CTX *mont) {
int retry_counter = 32;
BN_BLINDING *ret = NULL;
@@ -317,8 +319,8 @@
if (bn_mod_exp != NULL) {
ret->bn_mod_exp = bn_mod_exp;
}
- if (m_ctx != NULL) {
- ret->m_ctx = m_ctx;
+ if (mont != NULL) {
+ ret->mont = mont;
}
do {
@@ -343,8 +345,8 @@
}
} while (1);
- if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
- if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) {
+ if (ret->bn_mod_exp != NULL && ret->mont != NULL) {
+ if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->mont)) {
goto err;
}
} else {
diff --git a/crypto/rsa/internal.h b/crypto/rsa/internal.h
index 24eab90..4e896e2 100644
--- a/crypto/rsa/internal.h
+++ b/crypto/rsa/internal.h
@@ -106,8 +106,8 @@
BN_BLINDING *BN_BLINDING_create_param(
BN_BLINDING *b, const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx);
+ const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont),
+ const BN_MONT_CTX *mont);
BN_BLINDING *rsa_setup_blinding(RSA *rsa, BN_CTX *in_ctx);
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 1a3958f..01115c8 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -737,7 +737,7 @@
/* BN_MONT_CTX_copy sets |to| equal to |from|. It returns |to| on success or
* NULL on error. */
OPENSSL_EXPORT BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,
- BN_MONT_CTX *from);
+ const BN_MONT_CTX *from);
/* BN_MONT_CTX_set sets up a Montgomery context given the modulus, |mod|. It
* returns one on success and zero on error. */
@@ -787,7 +787,7 @@
OPENSSL_EXPORT int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
+ const BN_MONT_CTX *mont);
OPENSSL_EXPORT int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
@@ -796,11 +796,11 @@
OPENSSL_EXPORT int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
+ const BN_MONT_CTX *mont);
OPENSSL_EXPORT int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1,
const BIGNUM *p1, const BIGNUM *a2,
const BIGNUM *p2, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ BN_CTX *ctx, const BN_MONT_CTX *mont);
/* Deprecated functions */
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index c970751..e624f7c 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -525,7 +525,7 @@
BN_CTX *ctx); /* Can be null */
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
+ const BN_MONT_CTX *mont);
int flags;
