Move BIGNUMs in EC_GROUP and EC_POINT to the heap

The only way to get an EC_GROUP or an EC_POINT is by calling the relevant _new() function and to get rid of it, something must call _free(). Thus we can establish the invariant that every group has Weierstrass coefficients p, a, b as well as order and cofactor hanging off it. Similarly, Every point has allocated BIGNUMs for its Jacobian projective coordinates. Unfortunately, a group has the generator as an optional component in addition to seed and montgomery context/one (where optionality makes more sense). This is a mostly mechanical diff and only drops a few silly comments and a couple of unnecessary NULL checks since in our part of the wrold the word invariant has a meaning. This should also appease Coverity who likes to throw fits at calling BN_free() for BIGNUM on the stack (yes, this is actually a thing). ok jsing
author: tb <> 2025-01-05 16:07:08 +0000
committer: tb <> 2025-01-05 16:07:08 +0000
commit: 2193869c42abbda84814f22a4ab38d0067921360 (patch)
tree: 01052cd554006bd8d0b366164df08e22b7dd6d57
parent: db85eb543d9f117c58266ef87044672cadbaa8be (diff)
download: openbsd-2193869c42abbda84814f22a4ab38d0067921360.tar.gz
openbsd-2193869c42abbda84814f22a4ab38d0067921360.tar.bz2
openbsd-2193869c42abbda84814f22a4ab38d0067921360.zip
5 files changed, 208 insertions, 194 deletions
diff --git a/src/lib/libcrypto/ec/ec_convert.c b/src/lib/libcrypto/ec/ec_convert.c
index b48fc85315..a18bc49132 100644
--- a/src/lib/libcrypto/ec/ec_convert.c
+++ b/src/lib/libcrypto/ec/ec_convert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_convert.c,v 1.13 2024/12/16 06:11:26 tb Exp $ */
+/* $OpenBSD: ec_convert.c,v 1.14 2025/01/05 16:07:08 tb Exp $ */
 /*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
@@ -157,11 +157,11 @@ ec_encoded_length(const EC_GROUP *group, uint8_t form, size_t *out_len)
                *out_len = 1;
                return 1;
        case EC_POINT_COMPRESSED:
-                *out_len = 1 + BN_num_bytes(&group->p);
+                *out_len = 1 + BN_num_bytes(group->p);
                return 1;
        case EC_POINT_UNCOMPRESSED:
        case EC_POINT_HYBRID:
-                *out_len = 1 + 2 * BN_num_bytes(&group->p);
+                *out_len = 1 + 2 * BN_num_bytes(group->p);
                return 1;
        default:
                return 0;
@@ -172,14 +172,14 @@ static int
 ec_field_element_is_valid(const EC_GROUP *group, const BIGNUM *bn)
 {
        /* Ensure bn is in the range [0, p). */
-        return !BN_is_negative(bn) && BN_cmp(&group->p, bn) > 0;
+        return !BN_is_negative(bn) && BN_cmp(group->p, bn) > 0;
 }
 static int
 ec_add_field_element_cbb(CBB *cbb, const EC_GROUP *group, const BIGNUM *bn)
 {
        uint8_t *buf = NULL;
-        int buf_len = BN_num_bytes(&group->p);
+        int buf_len = BN_num_bytes(group->p);
        if (!ec_field_element_is_valid(group, bn)) {
                ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
@@ -202,7 +202,7 @@ ec_get_field_element_cbs(CBS *cbs, const EC_GROUP *group, BIGNUM *bn)
 {
        CBS field_element;
-        if (!CBS_get_bytes(cbs, &field_element, BN_num_bytes(&group->p))) {
+        if (!CBS_get_bytes(cbs, &field_element, BN_num_bytes(group->p))) {
                ECerror(EC_R_INVALID_ENCODING);
                return 0;
        }
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 89d26e1177..d961ad0ee4 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.93 2025/01/01 10:01:31 tb Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.94 2025/01/05 16:07:08 tb Exp $ */
 /*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
@@ -94,6 +94,23 @@ EC_GROUP_new(const EC_METHOD *meth)
        group->asn1_flag = OPENSSL_EC_NAMED_CURVE;
        group->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
+        if ((group->p = BN_new()) == NULL)
+                goto err;
+        if ((group->a = BN_new()) == NULL)
+                goto err;
+        if ((group->b = BN_new()) == NULL)
+                goto err;
+        if ((group->order = BN_new()) == NULL)
+                goto err;
+        if ((group->cofactor = BN_new()) == NULL)
+                goto err;
+        /*
+         * generator and seed are optional. mont_ctx, mont_one are only for
+         * curves using EC_GFp_mont_method()
+         */
        return group;
 err:
@@ -109,16 +126,16 @@ EC_GROUP_free(EC_GROUP *group)
        if (group == NULL)
                return;
-        BN_free(&group->p);
+        BN_free(group->p);
-        BN_free(&group->a);
+        BN_free(group->a);
-        BN_free(&group->b);
+        BN_free(group->b);
        BN_MONT_CTX_free(group->mont_ctx);
        BN_free(group->mont_one);
        EC_POINT_free(group->generator);
-        BN_free(&group->order);
+        BN_free(group->order);
-        BN_free(&group->cofactor);
+        BN_free(group->cofactor);
        freezero(group->seed, group->seed_len);
        freezero(group, sizeof *group);
@@ -152,14 +169,14 @@ EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
        EC_POINT_free(dest->generator);
        dest->generator = NULL;
        if (src->generator != NULL) {
-                if (!EC_GROUP_set_generator(dest, src->generator, &src->order,
+                if (!EC_GROUP_set_generator(dest, src->generator, src->order,
-                    &src->cofactor))
+                    src->cofactor))
                        return 0;
        } else {
                /* XXX - should do the sanity checks as in set_generator() */
-                if (!bn_copy(&dest->order, &src->order))
+                if (!bn_copy(dest->order, src->order))
                        return 0;
-                if (!bn_copy(&dest->cofactor, &src->cofactor))
+                if (!bn_copy(dest->cofactor, src->cofactor))
                        return 0;
        }
@@ -241,7 +258,7 @@ ec_set_cofactor(EC_GROUP *group, const BIGNUM *in_cofactor)
        BIGNUM *cofactor;
        int ret = 0;
-        BN_zero(&group->cofactor);
+        BN_zero(group->cofactor);
        if ((ctx = BN_CTX_new()) == NULL)
                goto err;
@@ -269,7 +286,7 @@ ec_set_cofactor(EC_GROUP *group, const BIGNUM *in_cofactor)
         * If the cofactor is too large, we cannot guess it and default to zero.
         * The RHS of below is a strict overestimate of log(4 * sqrt(p)).
         */
-        if (BN_num_bits(&group->order) <= (BN_num_bits(&group->p) + 1) / 2 + 3)
+        if (BN_num_bits(group->order) <= (BN_num_bits(group->p) + 1) / 2 + 3)
                goto done;
        /*
@@ -278,26 +295,26 @@ ec_set_cofactor(EC_GROUP *group, const BIGNUM *in_cofactor)
         */
        /* h = n/2 */
-        if (!BN_rshift1(cofactor, &group->order))
+        if (!BN_rshift1(cofactor, group->order))
                goto err;
        /* h = 1 + n/2 */
        if (!BN_add_word(cofactor, 1))
                goto err;
        /* h = p + 1 + n/2 */
-        if (!BN_add(cofactor, cofactor, &group->p))
+        if (!BN_add(cofactor, cofactor, group->p))
                goto err;
        /* h = (p + 1 + n/2) / n */
-        if (!BN_div_ct(cofactor, NULL, cofactor, &group->order, ctx))
+        if (!BN_div_ct(cofactor, NULL, cofactor, group->order, ctx))
                goto err;
 done:
        /* Use Hasse's theorem to bound the cofactor. */
-        if (BN_num_bits(cofactor) > BN_num_bits(&group->p) + 1) {
+        if (BN_num_bits(cofactor) > BN_num_bits(group->p) + 1) {
                ECerror(EC_R_INVALID_GROUP_ORDER);
                goto err;
        }
-        if (!bn_copy(&group->cofactor, cofactor))
+        if (!bn_copy(group->cofactor, cofactor))
                goto err;
        ret = 1;
@@ -319,7 +336,7 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
        }
        /* Require p >= 1. */
-        if (BN_is_zero(&group->p) || BN_is_negative(&group->p)) {
+        if (BN_is_zero(group->p) || BN_is_negative(group->p)) {
                ECerror(EC_R_INVALID_FIELD);
                return 0;
        }
@@ -329,7 +346,7 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
         * than the field cardinality due to Hasse's theorem.
         */
        if (order == NULL || BN_cmp(order, BN_value_one()) <= 0 ||
-            BN_num_bits(order) > BN_num_bits(&group->p) + 1) {
+            BN_num_bits(order) > BN_num_bits(group->p) + 1) {
                ECerror(EC_R_INVALID_GROUP_ORDER);
                return 0;
        }
@@ -342,7 +359,7 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
        if (!EC_POINT_copy(group->generator, generator))
                return 0;
-        if (!bn_copy(&group->order, order))
+        if (!bn_copy(group->order, order))
                return 0;
        if (!ec_set_cofactor(group, cofactor))
@@ -362,7 +379,7 @@ LCRYPTO_ALIAS(EC_GROUP_get0_generator);
 int
 EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
 {
-        if (!bn_copy(order, &group->order))
+        if (!bn_copy(order, group->order))
                return 0;
        return !BN_is_zero(order);
@@ -372,7 +389,7 @@ LCRYPTO_ALIAS(EC_GROUP_get_order);
 const BIGNUM *
 EC_GROUP_get0_order(const EC_GROUP *group)
 {
-        return &group->order;
+        return group->order;
 }
 int
@@ -385,17 +402,17 @@ LCRYPTO_ALIAS(EC_GROUP_order_bits);
 int
 EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
 {
-        if (!bn_copy(cofactor, &group->cofactor))
+        if (!bn_copy(cofactor, group->cofactor))
                return 0;
-        return !BN_is_zero(&group->cofactor);
+        return !BN_is_zero(group->cofactor);
 }
 LCRYPTO_ALIAS(EC_GROUP_get_cofactor);
 const BIGNUM *
 EC_GROUP_get0_cofactor(const EC_GROUP *group)
 {
-        return &group->cofactor;
+        return group->cofactor;
 }
 void
@@ -784,6 +801,13 @@ EC_POINT_new(const EC_GROUP *group)
                goto err;
        }
+        if ((point->X = BN_new()) == NULL)
+                goto err;
+        if ((point->Y = BN_new()) == NULL)
+                goto err;
+        if ((point->Z = BN_new()) == NULL)
+                goto err;
        point->meth = group->meth;
        return point;
@@ -801,9 +825,9 @@ EC_POINT_free(EC_POINT *point)
        if (point == NULL)
                return;
-        BN_free(&point->X);
+        BN_free(point->X);
-        BN_free(&point->Y);
+        BN_free(point->Y);
-        BN_free(&point->Z);
+        BN_free(point->Z);
        freezero(point, sizeof *point);
 }
@@ -826,11 +850,11 @@ EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
        if (dest == src)
                return 1;
-        if (!bn_copy(&dest->X, &src->X))
+        if (!bn_copy(dest->X, src->X))
                return 0;
-        if (!bn_copy(&dest->Y, &src->Y))
+        if (!bn_copy(dest->Y, src->Y))
                return 0;
-        if (!bn_copy(&dest->Z, &src->Z))
+        if (!bn_copy(dest->Z, src->Z))
                return 0;
        dest->Z_is_one = src->Z_is_one;
@@ -876,7 +900,7 @@ EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
                return 0;
        }
-        BN_zero(&point->Z);
+        BN_zero(point->Z);
        point->Z_is_one = 0;
        return 1;
@@ -1193,7 +1217,7 @@ EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
                return 0;
        }
-        return BN_is_zero(&point->Z);
+        return BN_is_zero(point->Z);
 }
 LCRYPTO_ALIAS(EC_POINT_is_at_infinity);
@@ -1440,10 +1464,5 @@ LCRYPTO_ALIAS(EC_GROUP_have_precompute_mult);
 int
 ec_group_simple_order_bits(const EC_GROUP *group)
 {
-        /* XXX change group->order to a pointer? */
+        return BN_num_bits(group->order);
-#if 0
-        if (group->order == NULL)
-                return 0;
-#endif
-        return BN_num_bits(&group->order);
 }
diff --git a/src/lib/libcrypto/ec/ec_local.h b/src/lib/libcrypto/ec/ec_local.h
index cc918b38fd..0d734351de 100644
--- a/src/lib/libcrypto/ec/ec_local.h
+++ b/src/lib/libcrypto/ec/ec_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_local.h,v 1.45 2025/01/01 10:01:31 tb Exp $ */
+/* $OpenBSD: ec_local.h,v 1.46 2025/01/05 16:07:08 tb Exp $ */
 /*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
@@ -160,8 +160,8 @@ struct ec_group_st {
        const EC_METHOD *meth;
        EC_POINT *generator;    /* Optional */
-        BIGNUM order;
+        BIGNUM *order;
-        BIGNUM cofactor;
+        BIGNUM *cofactor;
        int nid;                /* Optional NID for named curve. */
@@ -181,9 +181,9 @@ struct ec_group_st {
        /*
         * Coefficients of the Weierstrass equation y^2 = x^3 + a*x + b (mod p).
         */
-        BIGNUM p;
+        BIGNUM *p;
-        BIGNUM a;
+        BIGNUM *a;
-        BIGNUM b;
+        BIGNUM *b;
        /* Enables optimized point arithmetics for special case. */
        int a_is_minus3;
@@ -216,17 +216,12 @@ struct ec_point_st {
        const EC_METHOD *meth;
        /*
-         * All members except 'meth' are handled by the method functions,
-         * even if they appear generic.
-         */
-        /*
         * Jacobian projective coordinates: (X, Y, Z) represents (X/Z^2, Y/Z^3)
         * if Z != 0
         */
-        BIGNUM X;
+        BIGNUM *X;
-        BIGNUM Y;
+        BIGNUM *Y;
-        BIGNUM Z;
+        BIGNUM *Z;
        int Z_is_one; /* enable optimized point arithmetics for special case */
 } /* EC_POINT */;
diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c
index 424d1896b2..6d74a7f8a4 100644
--- a/src/lib/libcrypto/ec/ec_pmeth.c
+++ b/src/lib/libcrypto/ec/ec_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_pmeth.c,v 1.23 2024/10/19 14:41:03 tb Exp $ */
+/* $OpenBSD: ec_pmeth.c,v 1.24 2025/01/05 16:07:08 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -323,7 +323,7 @@ pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                        if (!ec_key->group)
                                return -2;
                        /* If cofactor is 1 cofactor mode does nothing */
-                        if (BN_is_one(&ec_key->group->cofactor))
+                        if (BN_is_one(ec_key->group->cofactor))
                                return 1;
                        if (!dctx->co_key) {
                                dctx->co_key = EC_KEY_dup(ec_key);
diff --git a/src/lib/libcrypto/ec/ecp_methods.c b/src/lib/libcrypto/ec/ecp_methods.c
index af19addab4..b2ecc7e17a 100644
--- a/src/lib/libcrypto/ec/ecp_methods.c
+++ b/src/lib/libcrypto/ec/ecp_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_methods.c,v 1.17 2025/01/01 10:01:31 tb Exp $ */
+/* $OpenBSD: ecp_methods.c,v 1.18 2025/01/05 16:07:08 tb Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project.
 * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -87,11 +87,11 @@
 static int
 ec_group_copy(EC_GROUP *dest, const EC_GROUP *src)
 {
-        if (!bn_copy(&dest->p, &src->p))
+        if (!bn_copy(dest->p, src->p))
                return 0;
-        if (!bn_copy(&dest->a, &src->a))
+        if (!bn_copy(dest->a, src->a))
                return 0;
-        if (!bn_copy(&dest->b, &src->b))
+        if (!bn_copy(dest->b, src->b))
                return 0;
        dest->a_is_minus3 = src->a_is_minus3;
@@ -114,7 +114,7 @@ ec_decode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx
 static int
 ec_encode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx)
 {
-        if (!BN_nnmod(bn, x, &group->p, ctx))
+        if (!BN_nnmod(bn, x, group->p, ctx))
                return 0;
        if (group->meth->field_encode != NULL)
@@ -127,7 +127,7 @@ static int
 ec_encode_z_coordinate(const EC_GROUP *group, BIGNUM *bn, int *is_one,
    const BIGNUM *z, BN_CTX *ctx)
 {
-        if (!BN_nnmod(bn, z, &group->p, ctx))
+        if (!BN_nnmod(bn, z, group->p, ctx))
                return 0;
        *is_one = BN_is_one(bn);
@@ -158,18 +158,18 @@ ec_group_set_curve(EC_GROUP *group,
        if ((a_plus_3 = BN_CTX_get(ctx)) == NULL)
                goto err;
-        if (!bn_copy(&group->p, p))
+        if (!bn_copy(group->p, p))
                goto err;
-        BN_set_negative(&group->p, 0);
+        BN_set_negative(group->p, 0);
-        if (!ec_encode_scalar(group, &group->a, a, ctx))
+        if (!ec_encode_scalar(group, group->a, a, ctx))
                goto err;
-        if (!ec_encode_scalar(group, &group->b, b, ctx))
+        if (!ec_encode_scalar(group, group->b, b, ctx))
                goto err;
        if (!BN_set_word(a_plus_3, 3))
                goto err;
-        if (!BN_mod_add(a_plus_3, a_plus_3, a, &group->p, ctx))
+        if (!BN_mod_add(a_plus_3, a_plus_3, a, group->p, ctx))
                goto err;
        group->a_is_minus3 = BN_is_zero(a_plus_3);
@@ -187,12 +187,12 @@ ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
    BN_CTX *ctx)
 {
        if (p != NULL) {
-                if (!bn_copy(p, &group->p))
+                if (!bn_copy(p, group->p))
                        return 0;
        }
-        if (!ec_decode_scalar(group, a, &group->a, ctx))
+        if (!ec_decode_scalar(group, a, group->a, ctx))
                return 0;
-        if (!ec_decode_scalar(group, b, &group->b, ctx))
+        if (!ec_decode_scalar(group, b, group->b, ctx))
                return 0;
        return 1;
@@ -201,7 +201,7 @@ ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
 static int
 ec_group_get_degree(const EC_GROUP *group)
 {
-        return BN_num_bits(&group->p);
+        return BN_num_bits(group->p);
 }
 static int
@@ -273,15 +273,15 @@ ec_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *point,
         */
        if (x != NULL) {
-                if (!ec_encode_scalar(group, &point->X, x, ctx))
+                if (!ec_encode_scalar(group, point->X, x, ctx))
                        goto err;
        }
        if (y != NULL) {
-                if (!ec_encode_scalar(group, &point->Y, y, ctx))
+                if (!ec_encode_scalar(group, point->Y, y, ctx))
                        goto err;
        }
        if (z != NULL) {
-                if (!ec_encode_z_coordinate(group, &point->Z, &point->Z_is_one,
+                if (!ec_encode_z_coordinate(group, point->Z, &point->Z_is_one,
                    z, ctx))
                        goto err;
        }
@@ -298,11 +298,11 @@ ec_get_Jprojective_coordinates(const EC_GROUP *group, const EC_POINT *point,
 {
        int ret = 0;
-        if (!ec_decode_scalar(group, x, &point->X, ctx))
+        if (!ec_decode_scalar(group, x, point->X, ctx))
                goto err;
-        if (!ec_decode_scalar(group, y, &point->Y, ctx))
+        if (!ec_decode_scalar(group, y, point->Y, ctx))
                goto err;
-        if (!ec_decode_scalar(group, z, &point->Z, ctx))
+        if (!ec_decode_scalar(group, z, point->Z, ctx))
                goto err;
        ret = 1;
@@ -346,18 +346,18 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
        /* Convert from projective coordinates (X, Y, Z) into (X/Z^2, Y/Z^3). */
-        if (!ec_decode_scalar(group, z, &point->Z, ctx))
+        if (!ec_decode_scalar(group, z, point->Z, ctx))
                goto err;
        if (BN_is_one(z)) {
-                if (!ec_decode_scalar(group, x, &point->X, ctx))
+                if (!ec_decode_scalar(group, x, point->X, ctx))
                        goto err;
-                if (!ec_decode_scalar(group, y, &point->Y, ctx))
+                if (!ec_decode_scalar(group, y, point->Y, ctx))
                        goto err;
                goto done;
        }
-        if (BN_mod_inverse_ct(Z_1, z, &group->p, ctx) == NULL) {
+        if (BN_mod_inverse_ct(Z_1, z, group->p, ctx) == NULL) {
                ECerror(ERR_R_BN_LIB);
                goto err;
        }
@@ -366,7 +366,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
                if (!group->meth->field_sqr(group, Z_2, Z_1, ctx))
                        goto err;
        } else {
-                if (!BN_mod_sqr(Z_2, Z_1, &group->p, ctx))
+                if (!BN_mod_sqr(Z_2, Z_1, group->p, ctx))
                        goto err;
        }
@@ -375,7 +375,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
                 * in the Montgomery case, field_mul will cancel out
                 * Montgomery factor in X:
                 */
-                if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx))
+                if (!group->meth->field_mul(group, x, point->X, Z_2, ctx))
                        goto err;
        }
        if (y != NULL) {
@@ -384,7 +384,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
                        if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx))
                                goto err;
                } else {
-                        if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->p, ctx))
+                        if (!BN_mod_mul(Z_3, Z_2, Z_1, group->p, ctx))
                                goto err;
                }
@@ -392,7 +392,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
                 * in the Montgomery case, field_mul will cancel out
                 * Montgomery factor in Y:
                 */
-                if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx))
+                if (!group->meth->field_mul(group, y, point->Y, Z_3, ctx))
                        goto err;
        }
@@ -409,7 +409,7 @@ static int
 ec_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
    const BIGNUM *in_x, int y_bit, BN_CTX *ctx)
 {
-        const BIGNUM *p = &group->p, *a = &group->a, *b = &group->b;
+        const BIGNUM *p = group->p, *a = group->a, *b = group->b;
        BIGNUM *w, *x, *y;
        int ret = 0;
@@ -522,7 +522,7 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
        field_mul = group->meth->field_mul;
        field_sqr = group->meth->field_sqr;
-        p = &group->p;
+        p = group->p;
        BN_CTX_start(ctx);
@@ -549,44 +549,44 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
        /* n1, n2 */
        if (b->Z_is_one) {
-                if (!bn_copy(n1, &a->X))
+                if (!bn_copy(n1, a->X))
                        goto end;
-                if (!bn_copy(n2, &a->Y))
+                if (!bn_copy(n2, a->Y))
                        goto end;
                /* n1 = X_a */
                /* n2 = Y_a */
        } else {
-                if (!field_sqr(group, n0, &b->Z, ctx))
+                if (!field_sqr(group, n0, b->Z, ctx))
                        goto end;
-                if (!field_mul(group, n1, &a->X, n0, ctx))
+                if (!field_mul(group, n1, a->X, n0, ctx))
                        goto end;
                /* n1 = X_a * Z_b^2 */
-                if (!field_mul(group, n0, n0, &b->Z, ctx))
+                if (!field_mul(group, n0, n0, b->Z, ctx))
                        goto end;
-                if (!field_mul(group, n2, &a->Y, n0, ctx))
+                if (!field_mul(group, n2, a->Y, n0, ctx))
                        goto end;
                /* n2 = Y_a * Z_b^3 */
        }
        /* n3, n4 */
        if (a->Z_is_one) {
-                if (!bn_copy(n3, &b->X))
+                if (!bn_copy(n3, b->X))
                        goto end;
-                if (!bn_copy(n4, &b->Y))
+                if (!bn_copy(n4, b->Y))
                        goto end;
                /* n3 = X_b */
                /* n4 = Y_b */
        } else {
-                if (!field_sqr(group, n0, &a->Z, ctx))
+                if (!field_sqr(group, n0, a->Z, ctx))
                        goto end;
-                if (!field_mul(group, n3, &b->X, n0, ctx))
+                if (!field_mul(group, n3, b->X, n0, ctx))
                        goto end;
                /* n3 = X_b * Z_a^2 */
-                if (!field_mul(group, n0, n0, &a->Z, ctx))
+                if (!field_mul(group, n0, n0, a->Z, ctx))
                        goto end;
-                if (!field_mul(group, n4, &b->Y, n0, ctx))
+                if (!field_mul(group, n4, b->Y, n0, ctx))
                        goto end;
                /* n4 = Y_b * Z_a^3 */
        }
@@ -608,7 +608,7 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
                        goto end;
                } else {
                        /* a is the inverse of b */
-                        BN_zero(&r->Z);
+                        BN_zero(r->Z);
                        r->Z_is_one = 0;
                        ret = 1;
                        goto end;
@@ -624,20 +624,20 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
        /* Z_r */
        if (a->Z_is_one && b->Z_is_one) {
-                if (!bn_copy(&r->Z, n5))
+                if (!bn_copy(r->Z, n5))
                        goto end;
        } else {
                if (a->Z_is_one) {
-                        if (!bn_copy(n0, &b->Z))
+                        if (!bn_copy(n0, b->Z))
                                goto end;
                } else if (b->Z_is_one) {
-                        if (!bn_copy(n0, &a->Z))
+                        if (!bn_copy(n0, a->Z))
                                goto end;
                } else {
-                        if (!field_mul(group, n0, &a->Z, &b->Z, ctx))
+                        if (!field_mul(group, n0, a->Z, b->Z, ctx))
                                goto end;
                }
-                if (!field_mul(group, &r->Z, n0, n5, ctx))
+                if (!field_mul(group, r->Z, n0, n5, ctx))
                        goto end;
        }
        r->Z_is_one = 0;
@@ -650,12 +650,12 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
                goto end;
        if (!field_mul(group, n3, n1, n4, ctx))
                goto end;
-        if (!BN_mod_sub_quick(&r->X, n0, n3, p))
+        if (!BN_mod_sub_quick(r->X, n0, n3, p))
                goto end;
        /* X_r = n6^2 - n5^2 * 'n7' */
        /* 'n9' */
-        if (!BN_mod_lshift1_quick(n0, &r->X, p))
+        if (!BN_mod_lshift1_quick(n0, r->X, p))
                goto end;
        if (!BN_mod_sub_quick(n0, n3, n0, p))
                goto end;
@@ -674,7 +674,7 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
                if (!BN_add(n0, n0, p))
                        goto end;
        /* now  0 <= n0 < 2*p,  and n0 is even */
-        if (!BN_rshift1(&r->Y, n0))
+        if (!BN_rshift1(r->Y, n0))
                goto end;
        /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
@@ -700,7 +700,7 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
        field_mul = group->meth->field_mul;
        field_sqr = group->meth->field_sqr;
-        p = &group->p;
+        p = group->p;
        BN_CTX_start(ctx);
@@ -721,21 +721,21 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
        /* n1 */
        if (a->Z_is_one) {
-                if (!field_sqr(group, n0, &a->X, ctx))
+                if (!field_sqr(group, n0, a->X, ctx))
                        goto err;
                if (!BN_mod_lshift1_quick(n1, n0, p))
                        goto err;
                if (!BN_mod_add_quick(n0, n0, n1, p))
                        goto err;
-                if (!BN_mod_add_quick(n1, n0, &group->a, p))
+                if (!BN_mod_add_quick(n1, n0, group->a, p))
                        goto err;
                /* n1 = 3 * X_a^2 + a_curve */
        } else if (group->a_is_minus3) {
-                if (!field_sqr(group, n1, &a->Z, ctx))
+                if (!field_sqr(group, n1, a->Z, ctx))
                        goto err;
-                if (!BN_mod_add_quick(n0, &a->X, n1, p))
+                if (!BN_mod_add_quick(n0, a->X, n1, p))
                        goto err;
-                if (!BN_mod_sub_quick(n2, &a->X, n1, p))
+                if (!BN_mod_sub_quick(n2, a->X, n1, p))
                        goto err;
                if (!field_mul(group, n1, n0, n2, ctx))
                        goto err;
@@ -748,17 +748,17 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
                 * Z_a^4
                 */
        } else {
-                if (!field_sqr(group, n0, &a->X, ctx))
+                if (!field_sqr(group, n0, a->X, ctx))
                        goto err;
                if (!BN_mod_lshift1_quick(n1, n0, p))
                        goto err;
                if (!BN_mod_add_quick(n0, n0, n1, p))
                        goto err;
-                if (!field_sqr(group, n1, &a->Z, ctx))
+                if (!field_sqr(group, n1, a->Z, ctx))
                        goto err;
                if (!field_sqr(group, n1, n1, ctx))
                        goto err;
-                if (!field_mul(group, n1, n1, &group->a, ctx))
+                if (!field_mul(group, n1, n1, group->a, ctx))
                        goto err;
                if (!BN_mod_add_quick(n1, n1, n0, p))
                        goto err;
@@ -767,21 +767,21 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
        /* Z_r */
        if (a->Z_is_one) {
-                if (!bn_copy(n0, &a->Y))
+                if (!bn_copy(n0, a->Y))
                        goto err;
        } else {
-                if (!field_mul(group, n0, &a->Y, &a->Z, ctx))
+                if (!field_mul(group, n0, a->Y, a->Z, ctx))
                        goto err;
        }
-        if (!BN_mod_lshift1_quick(&r->Z, n0, p))
+        if (!BN_mod_lshift1_quick(r->Z, n0, p))
                goto err;
        r->Z_is_one = 0;
        /* Z_r = 2 * Y_a * Z_a */
        /* n2 */
-        if (!field_sqr(group, n3, &a->Y, ctx))
+        if (!field_sqr(group, n3, a->Y, ctx))
                goto err;
-        if (!field_mul(group, n2, &a->X, n3, ctx))
+        if (!field_mul(group, n2, a->X, n3, ctx))
                goto err;
        if (!BN_mod_lshift_quick(n2, n2, 2, p))
                goto err;
@@ -790,9 +790,9 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
        /* X_r */
        if (!BN_mod_lshift1_quick(n0, n2, p))
                goto err;
-        if (!field_sqr(group, &r->X, n1, ctx))
+        if (!field_sqr(group, r->X, n1, ctx))
                goto err;
-        if (!BN_mod_sub_quick(&r->X, &r->X, n0, p))
+        if (!BN_mod_sub_quick(r->X, r->X, n0, p))
                goto err;
        /* X_r = n1^2 - 2 * n2 */
@@ -804,11 +804,11 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
        /* n3 = 8 * Y_a^4 */
        /* Y_r */
-        if (!BN_mod_sub_quick(n0, n2, &r->X, p))
+        if (!BN_mod_sub_quick(n0, n2, r->X, p))
                goto err;
        if (!field_mul(group, n0, n1, n0, ctx))
                goto err;
-        if (!BN_mod_sub_quick(&r->Y, n0, n3, p))
+        if (!BN_mod_sub_quick(r->Y, n0, n3, p))
                goto err;
        /* Y_r = n1 * (n2 - X_r) - n3 */
@@ -823,11 +823,11 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
 static int
 ec_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
 {
-        if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
+        if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y))
                /* point is its own inverse */
                return 1;
-        return BN_usub(&point->Y, &group->p, &point->Y);
+        return BN_usub(point->Y, group->p, point->Y);
 }
 static int
@@ -844,7 +844,7 @@ ec_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
        field_mul = group->meth->field_mul;
        field_sqr = group->meth->field_sqr;
-        p = &group->p;
+        p = group->p;
        BN_CTX_start(ctx);
@@ -867,11 +867,11 @@ ec_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
         */
        /* rh := X^2 */
-        if (!field_sqr(group, rh, &point->X, ctx))
+        if (!field_sqr(group, rh, point->X, ctx))
                goto err;
        if (!point->Z_is_one) {
-                if (!field_sqr(group, tmp, &point->Z, ctx))
+                if (!field_sqr(group, tmp, point->Z, ctx))
                        goto err;
                if (!field_sqr(group, Z4, tmp, ctx))
                        goto err;
@@ -886,19 +886,19 @@ ec_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
                                goto err;
                        if (!BN_mod_sub_quick(rh, rh, tmp, p))
                                goto err;
-                        if (!field_mul(group, rh, rh, &point->X, ctx))
+                        if (!field_mul(group, rh, rh, point->X, ctx))
                                goto err;
                } else {
-                        if (!field_mul(group, tmp, Z4, &group->a, ctx))
+                        if (!field_mul(group, tmp, Z4, group->a, ctx))
                                goto err;
                        if (!BN_mod_add_quick(rh, rh, tmp, p))
                                goto err;
-                        if (!field_mul(group, rh, rh, &point->X, ctx))
+                        if (!field_mul(group, rh, rh, point->X, ctx))
                                goto err;
                }
                /* rh := rh + b*Z^6 */
-                if (!field_mul(group, tmp, &group->b, Z6, ctx))
+                if (!field_mul(group, tmp, group->b, Z6, ctx))
                        goto err;
                if (!BN_mod_add_quick(rh, rh, tmp, p))
                        goto err;
@@ -906,17 +906,17 @@ ec_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
                /* point->Z_is_one */
                /* rh := (rh + a)*X */
-                if (!BN_mod_add_quick(rh, rh, &group->a, p))
+                if (!BN_mod_add_quick(rh, rh, group->a, p))
                        goto err;
-                if (!field_mul(group, rh, rh, &point->X, ctx))
+                if (!field_mul(group, rh, rh, point->X, ctx))
                        goto err;
                /* rh := rh + b */
-                if (!BN_mod_add_quick(rh, rh, &group->b, p))
+                if (!BN_mod_add_quick(rh, rh, group->b, p))
                        goto err;
        }
        /* 'lh' := Y^2 */
-        if (!field_sqr(group, tmp, &point->Y, ctx))
+        if (!field_sqr(group, tmp, point->Y, ctx))
                goto err;
        ret = (0 == BN_ucmp(tmp, rh));
@@ -946,7 +946,7 @@ ec_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
                return 1;
        if (a->Z_is_one && b->Z_is_one)
-                return BN_cmp(&a->X, &b->X) != 0 || BN_cmp(&a->Y, &b->Y) != 0;
+                return BN_cmp(a->X, b->X) != 0 || BN_cmp(a->Y, b->Y) != 0;
        field_mul = group->meth->field_mul;
        field_sqr = group->meth->field_sqr;
@@ -969,21 +969,21 @@ ec_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
         */
        if (!b->Z_is_one) {
-                if (!field_sqr(group, Zb23, &b->Z, ctx))
+                if (!field_sqr(group, Zb23, b->Z, ctx))
                        goto end;
-                if (!field_mul(group, tmp1, &a->X, Zb23, ctx))
+                if (!field_mul(group, tmp1, a->X, Zb23, ctx))
                        goto end;
                tmp1_ = tmp1;
        } else
-                tmp1_ = &a->X;
+                tmp1_ = a->X;
        if (!a->Z_is_one) {
-                if (!field_sqr(group, Za23, &a->Z, ctx))
+                if (!field_sqr(group, Za23, a->Z, ctx))
                        goto end;
-                if (!field_mul(group, tmp2, &b->X, Za23, ctx))
+                if (!field_mul(group, tmp2, b->X, Za23, ctx))
                        goto end;
                tmp2_ = tmp2;
        } else
-                tmp2_ = &b->X;
+                tmp2_ = b->X;
        /* compare  X_a*Z_b^2  with  X_b*Z_a^2 */
        if (BN_cmp(tmp1_, tmp2_) != 0) {
@@ -991,21 +991,21 @@ ec_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
                goto end;
        }
        if (!b->Z_is_one) {
-                if (!field_mul(group, Zb23, Zb23, &b->Z, ctx))
+                if (!field_mul(group, Zb23, Zb23, b->Z, ctx))
                        goto end;
-                if (!field_mul(group, tmp1, &a->Y, Zb23, ctx))
+                if (!field_mul(group, tmp1, a->Y, Zb23, ctx))
                        goto end;
                /* tmp1_ = tmp1 */
        } else
-                tmp1_ = &a->Y;
+                tmp1_ = a->Y;
        if (!a->Z_is_one) {
-                if (!field_mul(group, Za23, Za23, &a->Z, ctx))
+                if (!field_mul(group, Za23, Za23, a->Z, ctx))
                        goto end;
-                if (!field_mul(group, tmp2, &b->Y, Za23, ctx))
+                if (!field_mul(group, tmp2, b->Y, Za23, ctx))
                        goto end;
                /* tmp2_ = tmp2 */
        } else
-                tmp2_ = &b->Y;
+                tmp2_ = b->Y;
        /* compare  Y_a*Z_b^3  with  Y_b*Z_a^3 */
        if (BN_cmp(tmp1_, tmp2_) != 0) {
@@ -1084,8 +1084,8 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
         * skipping any zero-valued inputs (pretend that they're 1).
         */
-        if (!BN_is_zero(&points[0]->Z)) {
+        if (!BN_is_zero(points[0]->Z)) {
-                if (!bn_copy(prod_Z[0], &points[0]->Z))
+                if (!bn_copy(prod_Z[0], points[0]->Z))
                        goto err;
        } else {
                if (group->meth->field_set_to_one != NULL) {
@@ -1098,9 +1098,9 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
        }
        for (i = 1; i < num; i++) {
-                if (!BN_is_zero(&points[i]->Z)) {
+                if (!BN_is_zero(points[i]->Z)) {
                        if (!group->meth->field_mul(group, prod_Z[i],
-                            prod_Z[i - 1], &points[i]->Z, ctx))
+                            prod_Z[i - 1], points[i]->Z, ctx))
                                goto err;
                } else {
                        if (!bn_copy(prod_Z[i], prod_Z[i - 1]))
@@ -1112,7 +1112,7 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
         * Now use a single explicit inversion to replace every non-zero
         * points[i]->Z by its inverse.
         */
-        if (!BN_mod_inverse_nonct(tmp, prod_Z[num - 1], &group->p, ctx)) {
+        if (!BN_mod_inverse_nonct(tmp, prod_Z[num - 1], group->p, ctx)) {
                ECerror(ERR_R_BN_LIB);
                goto err;
        }
@@ -1134,23 +1134,23 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
                 * Loop invariant: tmp is the product of the inverses of
                 * points[0]->Z, ..., points[i]->Z (zero-valued inputs skipped).
                 */
-                if (BN_is_zero(&points[i]->Z))
+                if (BN_is_zero(points[i]->Z))
                        continue;
                /* Set tmp_Z to the inverse of points[i]->Z. */
                if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx))
                        goto err;
                /* Adjust tmp to satisfy loop invariant. */
-                if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx))
+                if (!group->meth->field_mul(group, tmp, tmp, points[i]->Z, ctx))
                        goto err;
                /* Replace points[i]->Z by its inverse. */
-                if (!bn_copy(&points[i]->Z, tmp_Z))
+                if (!bn_copy(points[i]->Z, tmp_Z))
                        goto err;
        }
-        if (!BN_is_zero(&points[0]->Z)) {
+        if (!BN_is_zero(points[0]->Z)) {
                /* Replace points[0]->Z by its inverse. */
-                if (!bn_copy(&points[0]->Z, tmp))
+                if (!bn_copy(points[0]->Z, tmp))
                        goto err;
        }
@@ -1158,26 +1158,26 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
        for (i = 0; i < num; i++) {
                EC_POINT *p = points[i];
-                if (BN_is_zero(&p->Z))
+                if (BN_is_zero(p->Z))
                        continue;
                /* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
-                if (!group->meth->field_sqr(group, tmp, &p->Z, ctx))
+                if (!group->meth->field_sqr(group, tmp, p->Z, ctx))
                        goto err;
-                if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx))
+                if (!group->meth->field_mul(group, p->X, p->X, tmp, ctx))
                        goto err;
-                if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx))
+                if (!group->meth->field_mul(group, tmp, tmp, p->Z, ctx))
                        goto err;
-                if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx))
+                if (!group->meth->field_mul(group, p->Y, p->Y, tmp, ctx))
                        goto err;
                if (group->meth->field_set_to_one != NULL) {
-                        if (!group->meth->field_set_to_one(group, &p->Z, ctx))
+                        if (!group->meth->field_set_to_one(group, p->Z, ctx))
                                goto err;
                } else {
-                        if (!BN_one(&p->Z))
+                        if (!BN_one(p->Z))
                                goto err;
                }
                p->Z_is_one = 1;
@@ -1196,13 +1196,13 @@ static int
 ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
    BN_CTX *ctx)
 {
-        return BN_mod_mul(r, a, b, &group->p, ctx);
+        return BN_mod_mul(r, a, b, group->p, ctx);
 }
 static int
 ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 {
-        return BN_mod_sqr(r, a, &group->p, ctx);
+        return BN_mod_sqr(r, a, group->p, ctx);
 }
 /*
@@ -1226,7 +1226,7 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
                goto err;
        /* Generate lambda in [1, p). */
-        if (!bn_rand_interval(lambda, 1, &group->p))
+        if (!bn_rand_interval(lambda, 1, group->p))
                goto err;
        if (group->meth->field_encode != NULL &&
@@ -1234,7 +1234,7 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
                goto err;
        /* Z = lambda * Z */
-        if (!group->meth->field_mul(group, &p->Z, lambda, &p->Z, ctx))
+        if (!group->meth->field_mul(group, p->Z, lambda, p->Z, ctx))
                goto err;
        /* tmp = lambda^2 */
@@ -1242,7 +1242,7 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
                goto err;
        /* X = lambda^2 * X */
-        if (!group->meth->field_mul(group, &p->X, tmp, &p->X, ctx))
+        if (!group->meth->field_mul(group, p->X, tmp, p->X, ctx))
                goto err;
        /* tmp = lambda^3 */
@@ -1250,7 +1250,7 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
                goto err;
        /* Y = lambda^3 * Y */
-        if (!group->meth->field_mul(group, &p->Y, tmp, &p->Y, ctx))
+        if (!group->meth->field_mul(group, p->Y, tmp, p->Y, ctx))
                goto err;
        /* Disable optimized arithmetics after replacing Z by lambda * Z. */
@@ -1264,15 +1264,15 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
 }
 #define EC_POINT_BN_set_flags(P, flags) do {                            \
-        BN_set_flags(&(P)->X, (flags));                                 \
+        BN_set_flags((P)->X, (flags));                                  \
-        BN_set_flags(&(P)->Y, (flags));                                 \
+        BN_set_flags((P)->Y, (flags));                                  \
-        BN_set_flags(&(P)->Z, (flags));                                 \
+        BN_set_flags((P)->Z, (flags));                                  \
 } while(0)
 #define EC_POINT_CSWAP(c, a, b, w, t) do {                              \
-        if (!BN_swap_ct(c, &(a)->X, &(b)->X, w) ||                      \
+        if (!BN_swap_ct(c, (a)->X, (b)->X, w)   ||                      \
-            !BN_swap_ct(c, &(a)->Y, &(b)->Y, w) ||                      \
+            !BN_swap_ct(c, (a)->Y, (b)->Y, w)   ||                      \
-            !BN_swap_ct(c, &(a)->Z, &(b)->Z, w))                        \
+            !BN_swap_ct(c, (a)->Z, (b)->Z, w))                  \
                goto err;                                               \
        t = ((a)->Z_is_one ^ (b)->Z_is_one) & (c);                      \
        (a)->Z_is_one ^= (t);                                           \
@@ -1332,7 +1332,7 @@ ec_mul_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                goto err;
        if ((k = BN_CTX_get(ctx)) == NULL)
                goto err;
-        if (!BN_mul(cardinality, &group->order, &group->cofactor, ctx))
+        if (!BN_mul(cardinality, group->order, group->cofactor, ctx))
                goto err;
        /*
@@ -1374,13 +1374,13 @@ ec_mul_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
        if (!BN_swap_ct(kbit, k, lambda, group_top + 2))
                goto err;
-        group_top = group->p.top;
+        group_top = group->p->top;
-        if (!bn_wexpand(&s->X, group_top) ||
+        if (!bn_wexpand(s->X, group_top) ||
-            !bn_wexpand(&s->Y, group_top) ||
+            !bn_wexpand(s->Y, group_top) ||
-            !bn_wexpand(&s->Z, group_top) ||
+            !bn_wexpand(s->Z, group_top) ||
-            !bn_wexpand(&r->X, group_top) ||
+            !bn_wexpand(r->X, group_top) ||
-            !bn_wexpand(&r->Y, group_top) ||
+            !bn_wexpand(r->Y, group_top) ||
-            !bn_wexpand(&r->Z, group_top))
+            !bn_wexpand(r->Z, group_top))
                goto err;
        /*
author	tb <>	2025-01-05 16:07:08 +0000
committer	tb <>	2025-01-05 16:07:08 +0000
commit	2193869c42abbda84814f22a4ab38d0067921360 (patch)
tree	01052cd554006bd8d0b366164df08e22b7dd6d57
parent	db85eb543d9f117c58266ef87044672cadbaa8be (diff)
download	openbsd-2193869c42abbda84814f22a4ab38d0067921360.tar.gz openbsd-2193869c42abbda84814f22a4ab38d0067921360.tar.bz2 openbsd-2193869c42abbda84814f22a4ab38d0067921360.zip