From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat, 7 Jan 2023 06:58:21 +0000 (+0100)
Subject: Revert "Limit size of modulus for BN_mod_exp_mont_consttime()"
X-Git-Tag: openssl-3.2.0-alpha1~1456
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92d306b32b63dd502531a89fb96c4172be0ddb49;p=thirdparty%2Fopenssl.git

Revert "Limit size of modulus for BN_mod_exp_mont_consttime()"

This reverts commit 4378e3cd2a4d73a97a2349efaa143059d8ed05e8.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20005)
---

diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 1f6532dc6b4..c7b62232f3a 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -615,15 +615,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
     top = m->top;
 
-    if (in_mont != NULL && BN_is_zero(&in_mont->N)) {
-        ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
-        return 0;
-    }
-    if ((unsigned int)top > INT_MAX / sizeof(m->d[0]) / (1 << 8)) {
-        /* Prevent overflowing the powerbufLen computation below */
-        ERR_raise(ERR_LIB_BN, BN_R_BIGNUM_TOO_LONG);
-        return 0;
-    }
     /*
      * Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak
      * whether the top bits are zero.
diff --git a/test/exptest.c b/test/exptest.c
index b1c6f4bbe16..8baf8c37acd 100644
--- a/test/exptest.c
+++ b/test/exptest.c
@@ -50,7 +50,6 @@ static int test_mod_exp_zero(void)
     BN_ULONG one_word = 1;
     BN_CTX *ctx = BN_CTX_new();
     int ret = 0, failed = 0;
-    BN_MONT_CTX *mont = NULL;
 
     if (!TEST_ptr(m = BN_new())
         || !TEST_ptr(a = BN_new())
@@ -95,24 +94,6 @@ static int test_mod_exp_zero(void)
     if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)))
         failed = 1;
 
-    if (!TEST_ptr(mont = BN_MONT_CTX_new()))
-        goto err;
-
-    ERR_set_mark();
-    /* mont is not set but passed in */
-    if (!TEST_false(BN_mod_exp_mont_consttime(r, a, p, m, ctx, mont)))
-        goto err;
-    ERR_pop_to_mark();
-
-    if (!TEST_true(BN_MONT_CTX_set(mont, m, ctx)))
-        goto err;
-
-    if (!TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, ctx, mont)))
-        goto err;
-
-    if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)))
-        failed = 1;
-
     /*
      * A different codepath exists for single word multiplication
      * in non-constant-time only.
@@ -133,7 +114,6 @@ static int test_mod_exp_zero(void)
     BN_free(a);
     BN_free(p);
     BN_free(m);
-    BN_MONT_CTX_free(mont);
     BN_CTX_free(ctx);
 
     return ret;