From 4c06c6a54b5a170a2987bbb7efbcffa165ccf6ea Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Tue, 28 Jan 2025 12:54:56 +0100
Subject: [PATCH] Implement BN_CTX_get

---
 src/ssl_bn.c         | 67 +++++++++++++++++++++++++++++---------------
 tests/api.c          | 17 ++++++-----
 wolfssl/openssl/bn.h |  8 +++++-
 3 files changed, 62 insertions(+), 30 deletions(-)

diff --git a/src/ssl_bn.c b/src/ssl_bn.c
index dfa897e29c..a08296caea 100644
--- a/src/ssl_bn.c
+++ b/src/ssl_bn.c
@@ -2366,61 +2366,84 @@ int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn)
  * BN_CTX APIs
  ******************************************************************************/
 
-/* Allocate and return a new BN context object.
+/* Create a new BN context object.
  *
- * BN context not needed for operations.
- *
- * @return  Pointer to dummy object.
+ * @return  BN context object on success.
+ * @return  NULL on failure.
  */
 WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void)
 {
-    /* wolfcrypt doesn't need BN context. */
-    static int ctx;
+    WOLFSSL_BN_CTX* ctx = NULL;
+
     WOLFSSL_ENTER("wolfSSL_BN_CTX_new");
-    return (WOLFSSL_BN_CTX*)&ctx;
+    ctx = (WOLFSSL_BN_CTX*)XMALLOC(sizeof(WOLFSSL_BN_CTX), NULL,
+            DYNAMIC_TYPE_OPENSSL);
+    if (ctx != NULL) {
+        wolfSSL_BN_CTX_init(ctx);
+    }
+
+    return ctx;
 }
 
 /* Initialize a BN context object.
  *
- * BN context not needed for operations.
- *
- * @param [in] ctx  Dummy BN context.
+ * @param [in] ctx  BN context object.
  */
 void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx)
 {
-    (void)ctx;
     WOLFSSL_ENTER("wolfSSL_BN_CTX_init");
+    if (ctx != NULL) {
+        XMEMSET(ctx, 0, sizeof(WOLFSSL_BN_CTX));
+    }
 }
 
 
 /* Free a BN context object.
  *
- * BN context not needed for operations.
- *
- * @param [in] ctx  Dummy BN context.
+ * @param [in] ctx  BN context object.
  */
 void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx)
 {
-    (void)ctx;
     WOLFSSL_ENTER("wolfSSL_BN_CTX_free");
-    /* Don't do anything since using dummy, static BN context. */
+    if (ctx != NULL) {
+        while (ctx->list != NULL) {
+            struct WOLFSSL_BN_CTX_LIST* tmp = ctx->list;
+            ctx->list = ctx->list->next;
+            wolfSSL_BN_free(tmp->bn);
+            XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
+        }
+        XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
+    }
 }
 
-/* Get a big number based on the BN context.
+/* Get a big number from the BN context.
  *
- * @param [in] ctx  BN context. Not used.
+ * @param [in] ctx  BN context object.
  * @return  Big number on success.
  * @return  NULL on failure.
  */
 WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
 {
-    /* ctx is not used - returning a new big number. */
-    (void)ctx;
+    WOLFSSL_BIGNUM* bn = NULL;
 
     WOLFSSL_ENTER("wolfSSL_BN_CTX_get");
+    if (ctx != NULL) {
+        struct WOLFSSL_BN_CTX_LIST** prev = &ctx->list;
+        while (*prev != NULL)
+            prev = &(*prev)->next;
+        *prev = (struct WOLFSSL_BN_CTX_LIST*)XMALLOC(
+                sizeof(struct WOLFSSL_BN_CTX_LIST), NULL, DYNAMIC_TYPE_OPENSSL);
+        if (*prev != NULL) {
+            XMEMSET(*prev, 0, sizeof(struct WOLFSSL_BN_CTX_LIST));
+            bn = (*prev)->bn = wolfSSL_BN_new();
+            if ((*prev)->bn == NULL) {
+                XFREE(*prev, NULL, DYNAMIC_TYPE_OPENSSL);
+                *prev = NULL;
+            }
+        }
+    }
 
-    /* Return a new big number. */
-    return wolfSSL_BN_new();
+    return bn;
 }
 
 #ifndef NO_WOLFSSL_STUB
diff --git a/tests/api.c b/tests/api.c
index b941ea01ee..fd86becaef 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -62628,17 +62628,19 @@ static int test_wolfSSL_BN_CTX(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
     !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
     WOLFSSL_BN_CTX* bn_ctx = NULL;
-    WOLFSSL_BIGNUM* t = NULL;
 
-    ExpectNotNull(bn_ctx = wolfSSL_BN_CTX_new());
+    ExpectNotNull(bn_ctx = BN_CTX_new());
 
     /* No implementation. */
     BN_CTX_init(NULL);
 
-    ExpectNotNull(t = BN_CTX_get(NULL));
-    BN_free(t);
-    ExpectNotNull(t = BN_CTX_get(bn_ctx));
-    BN_free(t);
+    ExpectNull(BN_CTX_get(NULL));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
 
 #ifndef NO_WOLFSSL_STUB
     /* No implementation. */
@@ -77996,7 +77998,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     int derLen;
     unsigned char pub_buf[65];
     const int pub_len = 65;
-    BN_CTX* ctx;
+    BN_CTX* ctx = NULL;
     EC_GROUP* curve = NULL;
     EC_KEY* ephemeral_key = NULL;
     const EC_POINT* h = NULL;
@@ -78036,6 +78038,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     EVP_PKEY_free(pkey);
     EC_KEY_free(ephemeral_key);
     EC_GROUP_free(curve);
+    BN_CTX_free(ctx);
 #endif
     return EXPECT_RESULT();
 }
diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h
index 39b6bf384e..bfdb2add01 100644
--- a/wolfssl/openssl/bn.h
+++ b/wolfssl/openssl/bn.h
@@ -77,7 +77,13 @@ typedef struct WOLFSSL_BIGNUM {
 
 #define WOLFSSL_BN_MAX_VAL          ((BN_ULONG)-1)
 
-typedef struct WOLFSSL_BN_CTX      WOLFSSL_BN_CTX;
+struct WOLFSSL_BN_CTX_LIST {
+    WOLFSSL_BIGNUM* bn;
+    struct WOLFSSL_BN_CTX_LIST* next;
+};
+typedef struct WOLFSSL_BN_CTX {
+    struct WOLFSSL_BN_CTX_LIST* list;
+} WOLFSSL_BN_CTX;
 typedef struct WOLFSSL_BN_MONT_CTX WOLFSSL_BN_MONT_CTX;
 typedef struct WOLFSSL_BN_GENCB    WOLFSSL_BN_GENCB;