Remove some easy BN_CTXs.

Change-Id: Ie7ff03a2c5b2ae8f56816b02182df40ce7ca0065
Reviewed-on: https://boringssl-review.googlesource.com/c/33066
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

crypto/ec_extra/ec_asn1.c

@@ -160,7 +160,7 @@ EC_KEY *EC_KEY_parse_private_key(CBS *cbs, const EC_GROUP *group) {
   } else {
     // Compute the public key instead.
     if (!ec_point_mul_scalar(group, ret->pub_key, &ret->priv_key->scalar, NULL,
-                             NULL, NULL)) {
+                             NULL)) {
       goto err;
     }
     // Remember the original private-key-only encoding.

crypto/ecdh_extra/ecdh_extra.c

@@ -105,7 +105,7 @@ int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
     goto err;
   }
 
-  if (!ec_point_mul_scalar(group, tmp, NULL, pub_key, priv, ctx)) {
+  if (!ec_point_mul_scalar(group, tmp, NULL, pub_key, priv)) {
     OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE);
     goto err;
   }

crypto/fipsmodule/ec/ec.c

@@ -871,7 +871,7 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
     p_scalar_arg = &p_scalar_storage;
   }
 
-  ret = ec_point_mul_scalar(group, r, g_scalar_arg, p, p_scalar_arg, ctx);
+  ret = ec_point_mul_scalar(group, r, g_scalar_arg, p, p_scalar_arg);
 
 err:
   BN_CTX_free(new_ctx);
@@ -882,7 +882,7 @@ err:
 
 int ec_point_mul_scalar_public(const EC_GROUP *group, EC_POINT *r,
                                const EC_SCALAR *g_scalar, const EC_POINT *p,
-                               const EC_SCALAR *p_scalar, BN_CTX *ctx) {
+                               const EC_SCALAR *p_scalar) {
   if ((g_scalar == NULL && p_scalar == NULL) ||
       (p == NULL) != (p_scalar == NULL))  {
     OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
@@ -901,7 +901,7 @@ int ec_point_mul_scalar_public(const EC_GROUP *group, EC_POINT *r,
 
 int ec_point_mul_scalar(const EC_GROUP *group, EC_POINT *r,
                         const EC_SCALAR *g_scalar, const EC_POINT *p,
-                        const EC_SCALAR *p_scalar, BN_CTX *ctx) {
+                        const EC_SCALAR *p_scalar) {
   if ((g_scalar == NULL && p_scalar == NULL) ||
       (p == NULL) != (p_scalar == NULL))  {
     OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);

crypto/fipsmodule/ec/ec_key.c

@@ -323,7 +323,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) {
     point = EC_POINT_new(eckey->group);
     if (point == NULL ||
         !ec_point_mul_scalar(eckey->group, point, &eckey->priv_key->scalar,
-                             NULL, NULL, ctx)) {
+                             NULL, NULL)) {
       OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
       goto err;
     }
@@ -413,7 +413,7 @@ int EC_KEY_generate_key(EC_KEY *key) {
       // Generate the private key by testing candidates (FIPS 186-4 B.4.2).
       !ec_random_nonzero_scalar(key->group, &priv_key->scalar,
                                 kDefaultAdditionalData) ||
-      !ec_point_mul_scalar(key->group, pub_key, &priv_key->scalar, NULL, NULL,
+      !ec_point_mul_scalar(key->group, pub_key, &priv_key->scalar, NULL,
                            NULL)) {
     EC_POINT_free(pub_key);
     ec_wrapped_scalar_free(priv_key);

crypto/fipsmodule/ec/ec_test.cc

@@ -726,8 +726,7 @@ TEST_P(ECCurveTest, DoubleSpecialCase) {
 
   EC_SCALAR one;
   ASSERT_TRUE(ec_bignum_to_scalar(group(), &one, BN_value_one()));
-  ASSERT_TRUE(
-      ec_point_mul_scalar_public(group(), p.get(), &one, g, &one, nullptr));
+  ASSERT_TRUE(ec_point_mul_scalar_public(group(), p.get(), &one, g, &one));
   EXPECT_EQ(0, EC_POINT_cmp(group(), p.get(), two_g.get(), nullptr));
 }
 
@@ -873,7 +872,7 @@ TEST(ECTest, ScalarBaseMultVectors) {
       ASSERT_TRUE(ec_bignum_to_scalar(group.get(), &a_scalar, a.get()));
       ASSERT_TRUE(ec_bignum_to_scalar(group.get(), &b_scalar, b.get()));
       ASSERT_TRUE(ec_point_mul_scalar_public(group.get(), p.get(), &a_scalar, g,
-                                             &b_scalar, ctx.get()));
+                                             &b_scalar));
       check_point(p.get());
     }
 #endif

crypto/fipsmodule/ec/internal.h

@@ -314,14 +314,14 @@ int ec_scalar_inv_montgomery_vartime(const EC_GROUP *group, EC_SCALAR *r,
 // the order.
 int ec_point_mul_scalar(const EC_GROUP *group, EC_POINT *r,
                         const EC_SCALAR *g_scalar, const EC_POINT *p,
-                        const EC_SCALAR *p_scalar, BN_CTX *ctx);
+                        const EC_SCALAR *p_scalar);
 
 // ec_point_mul_scalar_public performs the same computation as
 // ec_point_mul_scalar.  It further assumes that the inputs are public so
 // there is no concern about leaking their values through timing.
 OPENSSL_EXPORT int ec_point_mul_scalar_public(
     const EC_GROUP *group, EC_POINT *r, const EC_SCALAR *g_scalar,
-    const EC_POINT *p, const EC_SCALAR *p_scalar, BN_CTX *ctx);
+    const EC_POINT *p, const EC_SCALAR *p_scalar);
 
 // ec_cmp_x_coordinate compares the x (affine) coordinate of |p|, mod the group
 // order, with |r|. It returns one if the values match and zero if |p| is the

crypto/fipsmodule/ecdh/ecdh.c

@@ -104,7 +104,7 @@ int ECDH_compute_key_fips(uint8_t *out, size_t out_len, const EC_POINT *pub_key,
     goto err;
   }
 
-  if (!ec_point_mul_scalar(group, shared_point, NULL, pub_key, priv, ctx)) {
+  if (!ec_point_mul_scalar(group, shared_point, NULL, pub_key, priv)) {
     OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE);
     goto err;
   }

crypto/fipsmodule/ecdsa/ecdsa.c

@@ -173,18 +173,13 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
   ec_scalar_mul_montgomery(group, &u1, &m, &s_inv_mont);
   ec_scalar_mul_montgomery(group, &u2, &r, &s_inv_mont);
 
-  BN_CTX *ctx = BN_CTX_new();
-  if (!ctx) {
-    OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
-    return 0;
-  }
   int ret = 0;
   EC_POINT *point = EC_POINT_new(group);
   if (point == NULL) {
     OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
     goto err;
   }
-  if (!ec_point_mul_scalar_public(group, point, &u1, pub_key, &u2, ctx)) {
+  if (!ec_point_mul_scalar_public(group, point, &u1, pub_key, &u2)) {
     OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB);
     goto err;
   }
@@ -197,15 +192,13 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
   ret = 1;
 
 err:
-  BN_CTX_free(ctx);
   EC_POINT_free(point);
   return ret;
 }
 
-static int ecdsa_sign_setup(const EC_KEY *eckey, BN_CTX *ctx,
-                            EC_SCALAR *out_kinv_mont, EC_SCALAR *out_r,
-                            const uint8_t *digest, size_t digest_len,
-                            const EC_SCALAR *priv_key) {
+static int ecdsa_sign_setup(const EC_KEY *eckey, EC_SCALAR *out_kinv_mont,
+                            EC_SCALAR *out_r, const uint8_t *digest,
+                            size_t digest_len, const EC_SCALAR *priv_key) {
   // Check that the size of the group order is FIPS compliant (FIPS 186-4
   // B.5.2).
   const EC_GROUP *group = EC_KEY_get0_group(eckey);
@@ -253,7 +246,7 @@ static int ecdsa_sign_setup(const EC_KEY *eckey, BN_CTX *ctx,
     ec_scalar_from_montgomery(group, out_kinv_mont, out_kinv_mont);
 
     // Compute r, the x-coordinate of generator * k.
-    if (!ec_point_mul_scalar(group, tmp_point, &k, NULL, NULL, ctx) ||
+    if (!ec_point_mul_scalar(group, tmp_point, &k, NULL, NULL) ||
         !ec_get_x_coordinate_as_scalar(group, out_r, &tmp_point->raw)) {
       goto err;
     }
@@ -284,16 +277,15 @@ ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest, size_t digest_len,
 
   int ok = 0;
   ECDSA_SIG *ret = ECDSA_SIG_new();
-  BN_CTX *ctx = BN_CTX_new();
   EC_SCALAR kinv_mont, r_mont, s, m, tmp;
-  if (ret == NULL || ctx == NULL) {
+  if (ret == NULL) {
     OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
 
   digest_to_scalar(group, &m, digest, digest_len);
   for (;;) {
-    if (!ecdsa_sign_setup(eckey, ctx, &kinv_mont, &r_mont, digest, digest_len,
+    if (!ecdsa_sign_setup(eckey, &kinv_mont, &r_mont, digest, digest_len,
                           priv_key) ||
         !bn_set_words(ret->r, r_mont.words, order->width)) {
       goto err;
@@ -327,7 +319,6 @@ err:
     ECDSA_SIG_free(ret);
     ret = NULL;
   }
-  BN_CTX_free(ctx);
   OPENSSL_cleanse(&kinv_mont, sizeof(kinv_mont));
   OPENSSL_cleanse(&r_mont, sizeof(r_mont));
   OPENSSL_cleanse(&s, sizeof(s));