Remove some easy BN_CTXs.
Change-Id: Ie7ff03a2c5b2ae8f56816b02182df40ce7ca0065
Reviewed-on: https://boringssl-review.googlesource.com/c/33066
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/ec_extra/ec_asn1.c b/crypto/ec_extra/ec_asn1.c
index bde6d0b..9d9a200 100644
--- a/crypto/ec_extra/ec_asn1.c
+++ b/crypto/ec_extra/ec_asn1.c
@@ -160,7 +160,7 @@
} else {
// Compute the public key instead.
if (!ec_point_mul_scalar(group, ret->pub_key, &ret->priv_key->scalar, NULL,
- NULL, NULL)) {
+ NULL)) {
goto err;
}
// Remember the original private-key-only encoding.
diff --git a/crypto/ecdh_extra/ecdh_extra.c b/crypto/ecdh_extra/ecdh_extra.c
index 7634ba5..80dcfb0 100644
--- a/crypto/ecdh_extra/ecdh_extra.c
+++ b/crypto/ecdh_extra/ecdh_extra.c
@@ -105,7 +105,7 @@
goto err;
}
- if (!ec_point_mul_scalar(group, tmp, NULL, pub_key, priv, ctx)) {
+ if (!ec_point_mul_scalar(group, tmp, NULL, pub_key, priv)) {
OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE);
goto err;
}
diff --git a/crypto/fipsmodule/ec/ec.c b/crypto/fipsmodule/ec/ec.c
index 5d25550..a783b73 100644
--- a/crypto/fipsmodule/ec/ec.c
+++ b/crypto/fipsmodule/ec/ec.c
@@ -871,7 +871,7 @@
p_scalar_arg = &p_scalar_storage;
}
- ret = ec_point_mul_scalar(group, r, g_scalar_arg, p, p_scalar_arg, ctx);
+ ret = ec_point_mul_scalar(group, r, g_scalar_arg, p, p_scalar_arg);
err:
BN_CTX_free(new_ctx);
@@ -882,7 +882,7 @@
int ec_point_mul_scalar_public(const EC_GROUP *group, EC_POINT *r,
const EC_SCALAR *g_scalar, const EC_POINT *p,
- const EC_SCALAR *p_scalar, BN_CTX *ctx) {
+ const EC_SCALAR *p_scalar) {
if ((g_scalar == NULL && p_scalar == NULL) ||
(p == NULL) != (p_scalar == NULL)) {
OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
@@ -901,7 +901,7 @@
int ec_point_mul_scalar(const EC_GROUP *group, EC_POINT *r,
const EC_SCALAR *g_scalar, const EC_POINT *p,
- const EC_SCALAR *p_scalar, BN_CTX *ctx) {
+ const EC_SCALAR *p_scalar) {
if ((g_scalar == NULL && p_scalar == NULL) ||
(p == NULL) != (p_scalar == NULL)) {
OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
diff --git a/crypto/fipsmodule/ec/ec_key.c b/crypto/fipsmodule/ec/ec_key.c
index a6d4697..defd77c 100644
--- a/crypto/fipsmodule/ec/ec_key.c
+++ b/crypto/fipsmodule/ec/ec_key.c
@@ -323,7 +323,7 @@
point = EC_POINT_new(eckey->group);
if (point == NULL ||
!ec_point_mul_scalar(eckey->group, point, &eckey->priv_key->scalar,
- NULL, NULL, ctx)) {
+ NULL, NULL)) {
OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
goto err;
}
@@ -413,7 +413,7 @@
// Generate the private key by testing candidates (FIPS 186-4 B.4.2).
!ec_random_nonzero_scalar(key->group, &priv_key->scalar,
kDefaultAdditionalData) ||
- !ec_point_mul_scalar(key->group, pub_key, &priv_key->scalar, NULL, NULL,
+ !ec_point_mul_scalar(key->group, pub_key, &priv_key->scalar, NULL,
NULL)) {
EC_POINT_free(pub_key);
ec_wrapped_scalar_free(priv_key);
diff --git a/crypto/fipsmodule/ec/ec_test.cc b/crypto/fipsmodule/ec/ec_test.cc
index d2cd5f5..d45a52f 100644
--- a/crypto/fipsmodule/ec/ec_test.cc
+++ b/crypto/fipsmodule/ec/ec_test.cc
@@ -726,8 +726,7 @@
EC_SCALAR one;
ASSERT_TRUE(ec_bignum_to_scalar(group(), &one, BN_value_one()));
- ASSERT_TRUE(
- ec_point_mul_scalar_public(group(), p.get(), &one, g, &one, nullptr));
+ ASSERT_TRUE(ec_point_mul_scalar_public(group(), p.get(), &one, g, &one));
EXPECT_EQ(0, EC_POINT_cmp(group(), p.get(), two_g.get(), nullptr));
}
@@ -873,7 +872,7 @@
ASSERT_TRUE(ec_bignum_to_scalar(group.get(), &a_scalar, a.get()));
ASSERT_TRUE(ec_bignum_to_scalar(group.get(), &b_scalar, b.get()));
ASSERT_TRUE(ec_point_mul_scalar_public(group.get(), p.get(), &a_scalar, g,
- &b_scalar, ctx.get()));
+ &b_scalar));
check_point(p.get());
}
#endif
diff --git a/crypto/fipsmodule/ec/internal.h b/crypto/fipsmodule/ec/internal.h
index d604f4d..89e945c 100644
--- a/crypto/fipsmodule/ec/internal.h
+++ b/crypto/fipsmodule/ec/internal.h
@@ -314,14 +314,14 @@
// the order.
int ec_point_mul_scalar(const EC_GROUP *group, EC_POINT *r,
const EC_SCALAR *g_scalar, const EC_POINT *p,
- const EC_SCALAR *p_scalar, BN_CTX *ctx);
+ const EC_SCALAR *p_scalar);
// ec_point_mul_scalar_public performs the same computation as
// ec_point_mul_scalar. It further assumes that the inputs are public so
// there is no concern about leaking their values through timing.
OPENSSL_EXPORT int ec_point_mul_scalar_public(
const EC_GROUP *group, EC_POINT *r, const EC_SCALAR *g_scalar,
- const EC_POINT *p, const EC_SCALAR *p_scalar, BN_CTX *ctx);
+ const EC_POINT *p, const EC_SCALAR *p_scalar);
// ec_cmp_x_coordinate compares the x (affine) coordinate of |p|, mod the group
// order, with |r|. It returns one if the values match and zero if |p| is the
diff --git a/crypto/fipsmodule/ecdh/ecdh.c b/crypto/fipsmodule/ecdh/ecdh.c
index cd9d7ea..726fa6d 100644
--- a/crypto/fipsmodule/ecdh/ecdh.c
+++ b/crypto/fipsmodule/ecdh/ecdh.c
@@ -104,7 +104,7 @@
goto err;
}
- if (!ec_point_mul_scalar(group, shared_point, NULL, pub_key, priv, ctx)) {
+ if (!ec_point_mul_scalar(group, shared_point, NULL, pub_key, priv)) {
OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE);
goto err;
}
diff --git a/crypto/fipsmodule/ecdsa/ecdsa.c b/crypto/fipsmodule/ecdsa/ecdsa.c
index 96f9dc5..6d5d388 100644
--- a/crypto/fipsmodule/ecdsa/ecdsa.c
+++ b/crypto/fipsmodule/ecdsa/ecdsa.c
@@ -173,18 +173,13 @@
ec_scalar_mul_montgomery(group, &u1, &m, &s_inv_mont);
ec_scalar_mul_montgomery(group, &u2, &r, &s_inv_mont);
- BN_CTX *ctx = BN_CTX_new();
- if (!ctx) {
- OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
- return 0;
- }
int ret = 0;
EC_POINT *point = EC_POINT_new(group);
if (point == NULL) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!ec_point_mul_scalar_public(group, point, &u1, pub_key, &u2, ctx)) {
+ if (!ec_point_mul_scalar_public(group, point, &u1, pub_key, &u2)) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
goto err;
}
@@ -197,15 +192,13 @@
ret = 1;
err:
- BN_CTX_free(ctx);
EC_POINT_free(point);
return ret;
}
-static int ecdsa_sign_setup(const EC_KEY *eckey, BN_CTX *ctx,
- EC_SCALAR *out_kinv_mont, EC_SCALAR *out_r,
- const uint8_t *digest, size_t digest_len,
- const EC_SCALAR *priv_key) {
+static int ecdsa_sign_setup(const EC_KEY *eckey, EC_SCALAR *out_kinv_mont,
+ EC_SCALAR *out_r, const uint8_t *digest,
+ size_t digest_len, const EC_SCALAR *priv_key) {
// Check that the size of the group order is FIPS compliant (FIPS 186-4
// B.5.2).
const EC_GROUP *group = EC_KEY_get0_group(eckey);
@@ -253,7 +246,7 @@
ec_scalar_from_montgomery(group, out_kinv_mont, out_kinv_mont);
// Compute r, the x-coordinate of generator * k.
- if (!ec_point_mul_scalar(group, tmp_point, &k, NULL, NULL, ctx) ||
+ if (!ec_point_mul_scalar(group, tmp_point, &k, NULL, NULL) ||
!ec_get_x_coordinate_as_scalar(group, out_r, &tmp_point->raw)) {
goto err;
}
@@ -284,16 +277,15 @@
int ok = 0;
ECDSA_SIG *ret = ECDSA_SIG_new();
- BN_CTX *ctx = BN_CTX_new();
EC_SCALAR kinv_mont, r_mont, s, m, tmp;
- if (ret == NULL || ctx == NULL) {
+ if (ret == NULL) {
OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
return NULL;
}
digest_to_scalar(group, &m, digest, digest_len);
for (;;) {
- if (!ecdsa_sign_setup(eckey, ctx, &kinv_mont, &r_mont, digest, digest_len,
+ if (!ecdsa_sign_setup(eckey, &kinv_mont, &r_mont, digest, digest_len,
priv_key) ||
!bn_set_words(ret->r, r_mont.words, order->width)) {
goto err;
@@ -327,7 +319,6 @@
ECDSA_SIG_free(ret);
ret = NULL;
}
- BN_CTX_free(ctx);
OPENSSL_cleanse(&kinv_mont, sizeof(kinv_mont));
OPENSSL_cleanse(&r_mont, sizeof(r_mont));
OPENSSL_cleanse(&s, sizeof(s));
