Merge ecp_mont.c into ecp_methods.c

author: tb <> 2024-11-12 10:44:25 +0000
committer: tb <> 2024-11-12 10:44:25 +0000
commit: 62ef3857e7799820c922e269826a302dbfb1416a (patch)
tree: e3394b5fbb144659bde7d7f9b6cda5721b9b3ca3
parent: 87d0c26dfb60b5b40ce00952f8f5c491bc12ddad (diff)
download: openbsd-62ef3857e7799820c922e269826a302dbfb1416a.tar.gz
openbsd-62ef3857e7799820c922e269826a302dbfb1416a.tar.bz2
openbsd-62ef3857e7799820c922e269826a302dbfb1416a.zip
3 files changed, 206 insertions, 273 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index 796f6a2419..f42ac2b9bf 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.226 2024/11/12 10:25:16 tb Exp $
+# $OpenBSD: Makefile,v 1.227 2024/11/12 10:44:25 tb Exp $
 LIB=    crypto
 LIBREBUILD=y
@@ -287,7 +287,6 @@ SRCS+= ec_mult.c
 SRCS+= ec_pmeth.c
 SRCS+= eck_prn.c
 SRCS+= ecp_methods.c
-SRCS+= ecp_mont.c
 SRCS+= ecx_methods.c
 # ecdh/
diff --git a/src/lib/libcrypto/ec/ecp_methods.c b/src/lib/libcrypto/ec/ecp_methods.c
index 9cce6880df..f3c9f05850 100644
--- a/src/lib/libcrypto/ec/ecp_methods.c
+++ b/src/lib/libcrypto/ec/ecp_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_methods.c,v 1.2 2024/11/12 10:26:06 tb Exp $ */
+/* $OpenBSD: ecp_methods.c,v 1.3 2024/11/12 10:44:25 tb Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project.
 * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -1608,6 +1608,160 @@ ec_GFp_simple_mul_double_nonct(const EC_GROUP *group, EC_POINT *r,
        return ec_wNAF_mul(group, r, g_scalar, 1, &point, &p_scalar, ctx);
 }
+static void
+ec_GFp_mont_group_clear(EC_GROUP *group)
+{
+        BN_MONT_CTX_free(group->mont_ctx);
+        group->mont_ctx = NULL;
+        BN_free(group->mont_one);
+        group->mont_one = NULL;
+}
+static int
+ec_GFp_mont_group_init(EC_GROUP *group)
+{
+        int ok;
+        ok = ec_GFp_simple_group_init(group);
+        group->mont_ctx = NULL;
+        group->mont_one = NULL;
+        return ok;
+}
+static void
+ec_GFp_mont_group_finish(EC_GROUP *group)
+{
+        ec_GFp_mont_group_clear(group);
+        ec_GFp_simple_group_finish(group);
+}
+static int
+ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+        ec_GFp_mont_group_clear(dest);
+        if (!ec_GFp_simple_group_copy(dest, src))
+                return 0;
+        if (src->mont_ctx != NULL) {
+                dest->mont_ctx = BN_MONT_CTX_new();
+                if (dest->mont_ctx == NULL)
+                        return 0;
+                if (!BN_MONT_CTX_copy(dest->mont_ctx, src->mont_ctx))
+                        goto err;
+        }
+        if (src->mont_one != NULL) {
+                dest->mont_one = BN_dup(src->mont_one);
+                if (dest->mont_one == NULL)
+                        goto err;
+        }
+        return 1;
+ err:
+        if (dest->mont_ctx != NULL) {
+                BN_MONT_CTX_free(dest->mont_ctx);
+                dest->mont_ctx = NULL;
+        }
+        return 0;
+}
+static int
+ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+    const BIGNUM *b, BN_CTX *ctx)
+{
+        BN_MONT_CTX *mont = NULL;
+        BIGNUM *one = NULL;
+        int ret = 0;
+        ec_GFp_mont_group_clear(group);
+        mont = BN_MONT_CTX_new();
+        if (mont == NULL)
+                goto err;
+        if (!BN_MONT_CTX_set(mont, p, ctx)) {
+                ECerror(ERR_R_BN_LIB);
+                goto err;
+        }
+        one = BN_new();
+        if (one == NULL)
+                goto err;
+        if (!BN_to_montgomery(one, BN_value_one(), mont, ctx))
+                goto err;
+        group->mont_ctx = mont;
+        mont = NULL;
+        group->mont_one = one;
+        one = NULL;
+        ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+        if (!ret)
+                ec_GFp_mont_group_clear(group);
+ err:
+        BN_MONT_CTX_free(mont);
+        BN_free(one);
+        return ret;
+}
+static int
+ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *b, BN_CTX *ctx)
+{
+        if (group->mont_ctx == NULL) {
+                ECerror(EC_R_NOT_INITIALIZED);
+                return 0;
+        }
+        return BN_mod_mul_montgomery(r, a, b, group->mont_ctx, ctx);
+}
+static int
+ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+    BN_CTX *ctx)
+{
+        if (group->mont_ctx == NULL) {
+                ECerror(EC_R_NOT_INITIALIZED);
+                return 0;
+        }
+        return BN_mod_mul_montgomery(r, a, a, group->mont_ctx, ctx);
+}
+static int
+ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+    BN_CTX *ctx)
+{
+        if (group->mont_ctx == NULL) {
+                ECerror(EC_R_NOT_INITIALIZED);
+                return 0;
+        }
+        return BN_to_montgomery(r, a, group->mont_ctx, ctx);
+}
+static int
+ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+    BN_CTX *ctx)
+{
+        if (group->mont_ctx == NULL) {
+                ECerror(EC_R_NOT_INITIALIZED);
+                return 0;
+        }
+        return BN_from_montgomery(r, a, group->mont_ctx, ctx);
+}
+static int
+ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
+{
+        if (group->mont_one == NULL) {
+                ECerror(EC_R_NOT_INITIALIZED);
+                return 0;
+        }
+        if (!bn_copy(r, group->mont_one))
+                return 0;
+        return 1;
+}
 static const EC_METHOD ec_GFp_simple_method = {
        .field_type = NID_X9_62_prime_field,
        .group_init = ec_GFp_simple_group_init,
@@ -1654,3 +1808,53 @@ EC_GFp_simple_method(void)
        return &ec_GFp_simple_method;
 }
 LCRYPTO_ALIAS(EC_GFp_simple_method);
+static const EC_METHOD ec_GFp_mont_method = {
+        .field_type = NID_X9_62_prime_field,
+        .group_init = ec_GFp_mont_group_init,
+        .group_finish = ec_GFp_mont_group_finish,
+        .group_copy = ec_GFp_mont_group_copy,
+        .group_set_curve = ec_GFp_mont_group_set_curve,
+        .group_get_curve = ec_GFp_simple_group_get_curve,
+        .group_get_degree = ec_GFp_simple_group_get_degree,
+        .group_order_bits = ec_group_simple_order_bits,
+        .group_check_discriminant = ec_GFp_simple_group_check_discriminant,
+        .point_init = ec_GFp_simple_point_init,
+        .point_finish = ec_GFp_simple_point_finish,
+        .point_copy = ec_GFp_simple_point_copy,
+        .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
+        .point_set_Jprojective_coordinates =
+            ec_GFp_simple_set_Jprojective_coordinates,
+        .point_get_Jprojective_coordinates =
+            ec_GFp_simple_get_Jprojective_coordinates,
+        .point_set_affine_coordinates =
+            ec_GFp_simple_point_set_affine_coordinates,
+        .point_get_affine_coordinates =
+            ec_GFp_simple_point_get_affine_coordinates,
+        .point_set_compressed_coordinates =
+            ec_GFp_simple_set_compressed_coordinates,
+        .add = ec_GFp_simple_add,
+        .dbl = ec_GFp_simple_dbl,
+        .invert = ec_GFp_simple_invert,
+        .is_at_infinity = ec_GFp_simple_is_at_infinity,
+        .is_on_curve = ec_GFp_simple_is_on_curve,
+        .point_cmp = ec_GFp_simple_cmp,
+        .make_affine = ec_GFp_simple_make_affine,
+        .points_make_affine = ec_GFp_simple_points_make_affine,
+        .mul_generator_ct = ec_GFp_simple_mul_generator_ct,
+        .mul_single_ct = ec_GFp_simple_mul_single_ct,
+        .mul_double_nonct = ec_GFp_simple_mul_double_nonct,
+        .field_mul = ec_GFp_mont_field_mul,
+        .field_sqr = ec_GFp_mont_field_sqr,
+        .field_encode = ec_GFp_mont_field_encode,
+        .field_decode = ec_GFp_mont_field_decode,
+        .field_set_to_one = ec_GFp_mont_field_set_to_one,
+        .blind_coordinates = ec_GFp_simple_blind_coordinates,
+};
+const EC_METHOD *
+EC_GFp_mont_method(void)
+{
+        return &ec_GFp_mont_method;
+}
+LCRYPTO_ALIAS(EC_GFp_mont_method);
diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c
deleted file mode 100644
index 8fd7ebc7b9..0000000000
--- a/src/lib/libcrypto/ec/ecp_mont.c
+++ /dev/null
@@ -1,270 +0,0 @@
-/* $OpenBSD: ecp_mont.c,v 1.31 2024/10/31 15:37:53 tb Exp $ */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-#include <openssl/err.h>
-#include "ec_local.h"
-static void
-ec_GFp_mont_group_clear(EC_GROUP *group)
-{
-        BN_MONT_CTX_free(group->mont_ctx);
-        group->mont_ctx = NULL;
-        BN_free(group->mont_one);
-        group->mont_one = NULL;
-}
-static int
-ec_GFp_mont_group_init(EC_GROUP *group)
-{
-        int ok;
-        ok = ec_GFp_simple_group_init(group);
-        group->mont_ctx = NULL;
-        group->mont_one = NULL;
-        return ok;
-}
-static void
-ec_GFp_mont_group_finish(EC_GROUP *group)
-{
-        ec_GFp_mont_group_clear(group);
-        ec_GFp_simple_group_finish(group);
-}
-static int
-ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-{
-        ec_GFp_mont_group_clear(dest);
-        if (!ec_GFp_simple_group_copy(dest, src))
-                return 0;
-        if (src->mont_ctx != NULL) {
-                dest->mont_ctx = BN_MONT_CTX_new();
-                if (dest->mont_ctx == NULL)
-                        return 0;
-                if (!BN_MONT_CTX_copy(dest->mont_ctx, src->mont_ctx))
-                        goto err;
-        }
-        if (src->mont_one != NULL) {
-                dest->mont_one = BN_dup(src->mont_one);
-                if (dest->mont_one == NULL)
-                        goto err;
-        }
-        return 1;
- err:
-        if (dest->mont_ctx != NULL) {
-                BN_MONT_CTX_free(dest->mont_ctx);
-                dest->mont_ctx = NULL;
-        }
-        return 0;
-}
-static int
-ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
-    const BIGNUM *b, BN_CTX *ctx)
-{
-        BN_MONT_CTX *mont = NULL;
-        BIGNUM *one = NULL;
-        int ret = 0;
-        ec_GFp_mont_group_clear(group);
-        mont = BN_MONT_CTX_new();
-        if (mont == NULL)
-                goto err;
-        if (!BN_MONT_CTX_set(mont, p, ctx)) {
-                ECerror(ERR_R_BN_LIB);
-                goto err;
-        }
-        one = BN_new();
-        if (one == NULL)
-                goto err;
-        if (!BN_to_montgomery(one, BN_value_one(), mont, ctx))
-                goto err;
-        group->mont_ctx = mont;
-        mont = NULL;
-        group->mont_one = one;
-        one = NULL;
-        ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
-        if (!ret)
-                ec_GFp_mont_group_clear(group);
- err:
-        BN_MONT_CTX_free(mont);
-        BN_free(one);
-        return ret;
-}
-static int
-ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *b, BN_CTX *ctx)
-{
-        if (group->mont_ctx == NULL) {
-                ECerror(EC_R_NOT_INITIALIZED);
-                return 0;
-        }
-        return BN_mod_mul_montgomery(r, a, b, group->mont_ctx, ctx);
-}
-static int
-ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
-    BN_CTX *ctx)
-{
-        if (group->mont_ctx == NULL) {
-                ECerror(EC_R_NOT_INITIALIZED);
-                return 0;
-        }
-        return BN_mod_mul_montgomery(r, a, a, group->mont_ctx, ctx);
-}
-static int
-ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
-    BN_CTX *ctx)
-{
-        if (group->mont_ctx == NULL) {
-                ECerror(EC_R_NOT_INITIALIZED);
-                return 0;
-        }
-        return BN_to_montgomery(r, a, group->mont_ctx, ctx);
-}
-static int
-ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
-    BN_CTX *ctx)
-{
-        if (group->mont_ctx == NULL) {
-                ECerror(EC_R_NOT_INITIALIZED);
-                return 0;
-        }
-        return BN_from_montgomery(r, a, group->mont_ctx, ctx);
-}
-static int
-ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
-{
-        if (group->mont_one == NULL) {
-                ECerror(EC_R_NOT_INITIALIZED);
-                return 0;
-        }
-        if (!bn_copy(r, group->mont_one))
-                return 0;
-        return 1;
-}
-static const EC_METHOD ec_GFp_mont_method = {
-        .field_type = NID_X9_62_prime_field,
-        .group_init = ec_GFp_mont_group_init,
-        .group_finish = ec_GFp_mont_group_finish,
-        .group_copy = ec_GFp_mont_group_copy,
-        .group_set_curve = ec_GFp_mont_group_set_curve,
-        .group_get_curve = ec_GFp_simple_group_get_curve,
-        .group_get_degree = ec_GFp_simple_group_get_degree,
-        .group_order_bits = ec_group_simple_order_bits,
-        .group_check_discriminant = ec_GFp_simple_group_check_discriminant,
-        .point_init = ec_GFp_simple_point_init,
-        .point_finish = ec_GFp_simple_point_finish,
-        .point_copy = ec_GFp_simple_point_copy,
-        .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
-        .point_set_Jprojective_coordinates =
-            ec_GFp_simple_set_Jprojective_coordinates,
-        .point_get_Jprojective_coordinates =
-            ec_GFp_simple_get_Jprojective_coordinates,
-        .point_set_affine_coordinates =
-            ec_GFp_simple_point_set_affine_coordinates,
-        .point_get_affine_coordinates =
-            ec_GFp_simple_point_get_affine_coordinates,
-        .point_set_compressed_coordinates =
-            ec_GFp_simple_set_compressed_coordinates,
-        .add = ec_GFp_simple_add,
-        .dbl = ec_GFp_simple_dbl,
-        .invert = ec_GFp_simple_invert,
-        .is_at_infinity = ec_GFp_simple_is_at_infinity,
-        .is_on_curve = ec_GFp_simple_is_on_curve,
-        .point_cmp = ec_GFp_simple_cmp,
-        .make_affine = ec_GFp_simple_make_affine,
-        .points_make_affine = ec_GFp_simple_points_make_affine,
-        .mul_generator_ct = ec_GFp_simple_mul_generator_ct,
-        .mul_single_ct = ec_GFp_simple_mul_single_ct,
-        .mul_double_nonct = ec_GFp_simple_mul_double_nonct,
-        .field_mul = ec_GFp_mont_field_mul,
-        .field_sqr = ec_GFp_mont_field_sqr,
-        .field_encode = ec_GFp_mont_field_encode,
-        .field_decode = ec_GFp_mont_field_decode,
-        .field_set_to_one = ec_GFp_mont_field_set_to_one,
-        .blind_coordinates = ec_GFp_simple_blind_coordinates,
-};
-const EC_METHOD *
-EC_GFp_mont_method(void)
-{
-        return &ec_GFp_mont_method;
-}
-LCRYPTO_ALIAS(EC_GFp_mont_method);
author	tb <>	2024-11-12 10:44:25 +0000
committer	tb <>	2024-11-12 10:44:25 +0000
commit	62ef3857e7799820c922e269826a302dbfb1416a (patch)
tree	e3394b5fbb144659bde7d7f9b6cda5721b9b3ca3
parent	87d0c26dfb60b5b40ce00952f8f5c491bc12ddad (diff)
download	openbsd-62ef3857e7799820c922e269826a302dbfb1416a.tar.gz openbsd-62ef3857e7799820c922e269826a302dbfb1416a.tar.bz2 openbsd-62ef3857e7799820c922e269826a302dbfb1416a.zip

diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile index 796f6a2419..f42ac2b9bf 100644 --- a/src/lib/libcrypto/Makefile +++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.226 2024/11/12 10:25:16 tb Exp $	1	# $OpenBSD: Makefile,v 1.227 2024/11/12 10:44:25 tb Exp $
2		2
3	LIB= crypto	3	LIB= crypto
4	LIBREBUILD=y	4	LIBREBUILD=y
@@ -287,7 +287,6 @@ SRCS+= ec_mult.c
287	SRCS+= ec_pmeth.c	287	SRCS+= ec_pmeth.c
288	SRCS+= eck_prn.c	288	SRCS+= eck_prn.c
289	SRCS+= ecp_methods.c	289	SRCS+= ecp_methods.c
290	SRCS+= ecp_mont.c
291	SRCS+= ecx_methods.c	290	SRCS+= ecx_methods.c
292		291
293	# ecdh/	292	# ecdh/


diff --git a/src/lib/libcrypto/ec/ecp_methods.c b/src/lib/libcrypto/ec/ecp_methods.c index 9cce6880df..f3c9f05850 100644 --- a/src/lib/libcrypto/ec/ecp_methods.c +++ b/src/lib/libcrypto/ec/ecp_methods.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecp_methods.c,v 1.2 2024/11/12 10:26:06 tb Exp $ */	1	/* $OpenBSD: ecp_methods.c,v 1.3 2024/11/12 10:44:25 tb Exp $ */
2	/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>	2	/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3	* for the OpenSSL project.	3	* for the OpenSSL project.
4	* Includes code written by Bodo Moeller for the OpenSSL project.	4	* Includes code written by Bodo Moeller for the OpenSSL project.
@@ -1608,6 +1608,160 @@ ec_GFp_simple_mul_double_nonct(const EC_GROUP group, EC_POINT r,
1608	return ec_wNAF_mul(group, r, g_scalar, 1, &point, &p_scalar, ctx);	1608	return ec_wNAF_mul(group, r, g_scalar, 1, &point, &p_scalar, ctx);
1609	}	1609	}
1610		1610
		1611	static void
		1612	ec_GFp_mont_group_clear(EC_GROUP *group)
		1613	{
		1614	BN_MONT_CTX_free(group->mont_ctx);
		1615	group->mont_ctx = NULL;
		1616
		1617	BN_free(group->mont_one);
		1618	group->mont_one = NULL;
		1619	}
		1620
		1621	static int
		1622	ec_GFp_mont_group_init(EC_GROUP *group)
		1623	{
		1624	int ok;
		1625
		1626	ok = ec_GFp_simple_group_init(group);
		1627	group->mont_ctx = NULL;
		1628	group->mont_one = NULL;
		1629	return ok;
		1630	}
		1631
		1632	static void
		1633	ec_GFp_mont_group_finish(EC_GROUP *group)
		1634	{
		1635	ec_GFp_mont_group_clear(group);
		1636	ec_GFp_simple_group_finish(group);
		1637	}
		1638
		1639	static int
		1640	ec_GFp_mont_group_copy(EC_GROUP dest, const EC_GROUP src)
		1641	{
		1642	ec_GFp_mont_group_clear(dest);
		1643
		1644	if (!ec_GFp_simple_group_copy(dest, src))
		1645	return 0;
		1646
		1647	if (src->mont_ctx != NULL) {
		1648	dest->mont_ctx = BN_MONT_CTX_new();
		1649	if (dest->mont_ctx == NULL)
		1650	return 0;
		1651	if (!BN_MONT_CTX_copy(dest->mont_ctx, src->mont_ctx))
		1652	goto err;
		1653	}
		1654	if (src->mont_one != NULL) {
		1655	dest->mont_one = BN_dup(src->mont_one);
		1656	if (dest->mont_one == NULL)
		1657	goto err;
		1658	}
		1659	return 1;
		1660
		1661	err:
		1662	if (dest->mont_ctx != NULL) {
		1663	BN_MONT_CTX_free(dest->mont_ctx);
		1664	dest->mont_ctx = NULL;
		1665	}
		1666	return 0;
		1667	}
		1668
		1669	static int
		1670	ec_GFp_mont_group_set_curve(EC_GROUP group, const BIGNUM p, const BIGNUM *a,
		1671	const BIGNUM b, BN_CTX ctx)
		1672	{
		1673	BN_MONT_CTX *mont = NULL;
		1674	BIGNUM *one = NULL;
		1675	int ret = 0;
		1676
		1677	ec_GFp_mont_group_clear(group);
		1678
		1679	mont = BN_MONT_CTX_new();
		1680	if (mont == NULL)
		1681	goto err;
		1682	if (!BN_MONT_CTX_set(mont, p, ctx)) {
		1683	ECerror(ERR_R_BN_LIB);
		1684	goto err;
		1685	}
		1686	one = BN_new();
		1687	if (one == NULL)
		1688	goto err;
		1689	if (!BN_to_montgomery(one, BN_value_one(), mont, ctx))
		1690	goto err;
		1691
		1692	group->mont_ctx = mont;
		1693	mont = NULL;
		1694	group->mont_one = one;
		1695	one = NULL;
		1696
		1697	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
		1698	if (!ret)
		1699	ec_GFp_mont_group_clear(group);
		1700
		1701	err:
		1702	BN_MONT_CTX_free(mont);
		1703	BN_free(one);
		1704
		1705	return ret;
		1706	}
		1707
		1708	static int
		1709	ec_GFp_mont_field_mul(const EC_GROUP group, BIGNUM r, const BIGNUM *a,
		1710	const BIGNUM b, BN_CTX ctx)
		1711	{
		1712	if (group->mont_ctx == NULL) {
		1713	ECerror(EC_R_NOT_INITIALIZED);
		1714	return 0;
		1715	}
		1716	return BN_mod_mul_montgomery(r, a, b, group->mont_ctx, ctx);
		1717	}
		1718
		1719	static int
		1720	ec_GFp_mont_field_sqr(const EC_GROUP group, BIGNUM r, const BIGNUM *a,
		1721	BN_CTX *ctx)
		1722	{
		1723	if (group->mont_ctx == NULL) {
		1724	ECerror(EC_R_NOT_INITIALIZED);
		1725	return 0;
		1726	}
		1727	return BN_mod_mul_montgomery(r, a, a, group->mont_ctx, ctx);
		1728	}
		1729
		1730	static int
		1731	ec_GFp_mont_field_encode(const EC_GROUP group, BIGNUM r, const BIGNUM *a,
		1732	BN_CTX *ctx)
		1733	{
		1734	if (group->mont_ctx == NULL) {
		1735	ECerror(EC_R_NOT_INITIALIZED);
		1736	return 0;
		1737	}
		1738	return BN_to_montgomery(r, a, group->mont_ctx, ctx);
		1739	}
		1740
		1741	static int
		1742	ec_GFp_mont_field_decode(const EC_GROUP group, BIGNUM r, const BIGNUM *a,
		1743	BN_CTX *ctx)
		1744	{
		1745	if (group->mont_ctx == NULL) {
		1746	ECerror(EC_R_NOT_INITIALIZED);
		1747	return 0;
		1748	}
		1749	return BN_from_montgomery(r, a, group->mont_ctx, ctx);
		1750	}
		1751
		1752	static int
		1753	ec_GFp_mont_field_set_to_one(const EC_GROUP group, BIGNUM r, BN_CTX *ctx)
		1754	{
		1755	if (group->mont_one == NULL) {
		1756	ECerror(EC_R_NOT_INITIALIZED);
		1757	return 0;
		1758	}
		1759	if (!bn_copy(r, group->mont_one))
		1760	return 0;
		1761
		1762	return 1;
		1763	}
		1764
1611	static const EC_METHOD ec_GFp_simple_method = {	1765	static const EC_METHOD ec_GFp_simple_method = {
1612	.field_type = NID_X9_62_prime_field,	1766	.field_type = NID_X9_62_prime_field,
1613	.group_init = ec_GFp_simple_group_init,	1767	.group_init = ec_GFp_simple_group_init,
@@ -1654,3 +1808,53 @@ EC_GFp_simple_method(void)
1654	return &ec_GFp_simple_method;	1808	return &ec_GFp_simple_method;
1655	}	1809	}
1656	LCRYPTO_ALIAS(EC_GFp_simple_method);	1810	LCRYPTO_ALIAS(EC_GFp_simple_method);
		1811
		1812	static const EC_METHOD ec_GFp_mont_method = {
		1813	.field_type = NID_X9_62_prime_field,
		1814	.group_init = ec_GFp_mont_group_init,
		1815	.group_finish = ec_GFp_mont_group_finish,
		1816	.group_copy = ec_GFp_mont_group_copy,
		1817	.group_set_curve = ec_GFp_mont_group_set_curve,
		1818	.group_get_curve = ec_GFp_simple_group_get_curve,
		1819	.group_get_degree = ec_GFp_simple_group_get_degree,
		1820	.group_order_bits = ec_group_simple_order_bits,
		1821	.group_check_discriminant = ec_GFp_simple_group_check_discriminant,
		1822	.point_init = ec_GFp_simple_point_init,
		1823	.point_finish = ec_GFp_simple_point_finish,
		1824	.point_copy = ec_GFp_simple_point_copy,
		1825	.point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
		1826	.point_set_Jprojective_coordinates =
		1827	ec_GFp_simple_set_Jprojective_coordinates,
		1828	.point_get_Jprojective_coordinates =
		1829	ec_GFp_simple_get_Jprojective_coordinates,
		1830	.point_set_affine_coordinates =
		1831	ec_GFp_simple_point_set_affine_coordinates,
		1832	.point_get_affine_coordinates =
		1833	ec_GFp_simple_point_get_affine_coordinates,
		1834	.point_set_compressed_coordinates =
		1835	ec_GFp_simple_set_compressed_coordinates,
		1836	.add = ec_GFp_simple_add,
		1837	.dbl = ec_GFp_simple_dbl,
		1838	.invert = ec_GFp_simple_invert,
		1839	.is_at_infinity = ec_GFp_simple_is_at_infinity,
		1840	.is_on_curve = ec_GFp_simple_is_on_curve,
		1841	.point_cmp = ec_GFp_simple_cmp,
		1842	.make_affine = ec_GFp_simple_make_affine,
		1843	.points_make_affine = ec_GFp_simple_points_make_affine,
		1844	.mul_generator_ct = ec_GFp_simple_mul_generator_ct,
		1845	.mul_single_ct = ec_GFp_simple_mul_single_ct,
		1846	.mul_double_nonct = ec_GFp_simple_mul_double_nonct,
		1847	.field_mul = ec_GFp_mont_field_mul,
		1848	.field_sqr = ec_GFp_mont_field_sqr,
		1849	.field_encode = ec_GFp_mont_field_encode,
		1850	.field_decode = ec_GFp_mont_field_decode,
		1851	.field_set_to_one = ec_GFp_mont_field_set_to_one,
		1852	.blind_coordinates = ec_GFp_simple_blind_coordinates,
		1853	};
		1854
		1855	const EC_METHOD *
		1856	EC_GFp_mont_method(void)
		1857	{
		1858	return &ec_GFp_mont_method;
		1859	}
		1860	LCRYPTO_ALIAS(EC_GFp_mont_method);


diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c deleted file mode 100644 index 8fd7ebc7b9..0000000000 --- a/src/lib/libcrypto/ec/ecp_mont.c +++ /dev/null
@@ -1,270 +0,0 @@
1	/* $OpenBSD: ecp_mont.c,v 1.31 2024/10/31 15:37:53 tb Exp $ */
2	/*
3	* Originally written by Bodo Moeller for the OpenSSL project.
4	*/
5	/* ====================================================================
6	* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* openssl-core@openssl.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58	/* ====================================================================
59	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60	* Portions of this software developed by SUN MICROSYSTEMS, INC.,
61	* and contributed to the OpenSSL project.
62	*/
63
64	#include <openssl/err.h>
65
66	#include "ec_local.h"
67
68	static void
69	ec_GFp_mont_group_clear(EC_GROUP *group)
70	{
71	BN_MONT_CTX_free(group->mont_ctx);
72	group->mont_ctx = NULL;
73
74	BN_free(group->mont_one);
75	group->mont_one = NULL;
76	}
77
78	static int
79	ec_GFp_mont_group_init(EC_GROUP *group)
80	{
81	int ok;
82
83	ok = ec_GFp_simple_group_init(group);
84	group->mont_ctx = NULL;
85	group->mont_one = NULL;
86	return ok;
87	}
88
89	static void
90	ec_GFp_mont_group_finish(EC_GROUP *group)
91	{
92	ec_GFp_mont_group_clear(group);
93	ec_GFp_simple_group_finish(group);
94	}
95
96	static int
97	ec_GFp_mont_group_copy(EC_GROUP dest, const EC_GROUP src)
98	{
99	ec_GFp_mont_group_clear(dest);
100
101	if (!ec_GFp_simple_group_copy(dest, src))
102	return 0;
103
104	if (src->mont_ctx != NULL) {
105	dest->mont_ctx = BN_MONT_CTX_new();
106	if (dest->mont_ctx == NULL)
107	return 0;
108	if (!BN_MONT_CTX_copy(dest->mont_ctx, src->mont_ctx))
109	goto err;
110	}
111	if (src->mont_one != NULL) {
112	dest->mont_one = BN_dup(src->mont_one);
113	if (dest->mont_one == NULL)
114	goto err;
115	}
116	return 1;
117
118	err:
119	if (dest->mont_ctx != NULL) {
120	BN_MONT_CTX_free(dest->mont_ctx);
121	dest->mont_ctx = NULL;
122	}
123	return 0;
124	}
125
126	static int
127	ec_GFp_mont_group_set_curve(EC_GROUP group, const BIGNUM p, const BIGNUM *a,
128	const BIGNUM b, BN_CTX ctx)
129	{
130	BN_MONT_CTX *mont = NULL;
131	BIGNUM *one = NULL;
132	int ret = 0;
133
134	ec_GFp_mont_group_clear(group);
135
136	mont = BN_MONT_CTX_new();
137	if (mont == NULL)
138	goto err;
139	if (!BN_MONT_CTX_set(mont, p, ctx)) {
140	ECerror(ERR_R_BN_LIB);
141	goto err;
142	}
143	one = BN_new();
144	if (one == NULL)
145	goto err;
146	if (!BN_to_montgomery(one, BN_value_one(), mont, ctx))
147	goto err;
148
149	group->mont_ctx = mont;
150	mont = NULL;
151	group->mont_one = one;
152	one = NULL;
153
154	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
155	if (!ret)
156	ec_GFp_mont_group_clear(group);
157
158	err:
159	BN_MONT_CTX_free(mont);
160	BN_free(one);
161
162	return ret;
163	}
164
165	static int
166	ec_GFp_mont_field_mul(const EC_GROUP group, BIGNUM r, const BIGNUM *a,
167	const BIGNUM b, BN_CTX ctx)
168	{
169	if (group->mont_ctx == NULL) {
170	ECerror(EC_R_NOT_INITIALIZED);
171	return 0;
172	}
173	return BN_mod_mul_montgomery(r, a, b, group->mont_ctx, ctx);
174	}
175
176	static int
177	ec_GFp_mont_field_sqr(const EC_GROUP group, BIGNUM r, const BIGNUM *a,
178	BN_CTX *ctx)
179	{
180	if (group->mont_ctx == NULL) {
181	ECerror(EC_R_NOT_INITIALIZED);
182	return 0;
183	}
184	return BN_mod_mul_montgomery(r, a, a, group->mont_ctx, ctx);
185	}
186
187	static int
188	ec_GFp_mont_field_encode(const EC_GROUP group, BIGNUM r, const BIGNUM *a,
189	BN_CTX *ctx)
190	{
191	if (group->mont_ctx == NULL) {
192	ECerror(EC_R_NOT_INITIALIZED);
193	return 0;
194	}
195	return BN_to_montgomery(r, a, group->mont_ctx, ctx);
196	}
197
198	static int
199	ec_GFp_mont_field_decode(const EC_GROUP group, BIGNUM r, const BIGNUM *a,
200	BN_CTX *ctx)
201	{
202	if (group->mont_ctx == NULL) {
203	ECerror(EC_R_NOT_INITIALIZED);
204	return 0;
205	}
206	return BN_from_montgomery(r, a, group->mont_ctx, ctx);
207	}
208
209	static int
210	ec_GFp_mont_field_set_to_one(const EC_GROUP group, BIGNUM r, BN_CTX *ctx)
211	{
212	if (group->mont_one == NULL) {
213	ECerror(EC_R_NOT_INITIALIZED);
214	return 0;
215	}
216	if (!bn_copy(r, group->mont_one))
217	return 0;
218
219	return 1;
220	}
221
222	static const EC_METHOD ec_GFp_mont_method = {
223	.field_type = NID_X9_62_prime_field,
224	.group_init = ec_GFp_mont_group_init,
225	.group_finish = ec_GFp_mont_group_finish,
226	.group_copy = ec_GFp_mont_group_copy,
227	.group_set_curve = ec_GFp_mont_group_set_curve,
228	.group_get_curve = ec_GFp_simple_group_get_curve,
229	.group_get_degree = ec_GFp_simple_group_get_degree,
230	.group_order_bits = ec_group_simple_order_bits,
231	.group_check_discriminant = ec_GFp_simple_group_check_discriminant,
232	.point_init = ec_GFp_simple_point_init,
233	.point_finish = ec_GFp_simple_point_finish,
234	.point_copy = ec_GFp_simple_point_copy,
235	.point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
236	.point_set_Jprojective_coordinates =
237	ec_GFp_simple_set_Jprojective_coordinates,
238	.point_get_Jprojective_coordinates =
239	ec_GFp_simple_get_Jprojective_coordinates,
240	.point_set_affine_coordinates =
241	ec_GFp_simple_point_set_affine_coordinates,
242	.point_get_affine_coordinates =
243	ec_GFp_simple_point_get_affine_coordinates,
244	.point_set_compressed_coordinates =
245	ec_GFp_simple_set_compressed_coordinates,
246	.add = ec_GFp_simple_add,
247	.dbl = ec_GFp_simple_dbl,
248	.invert = ec_GFp_simple_invert,
249	.is_at_infinity = ec_GFp_simple_is_at_infinity,
250	.is_on_curve = ec_GFp_simple_is_on_curve,
251	.point_cmp = ec_GFp_simple_cmp,
252	.make_affine = ec_GFp_simple_make_affine,
253	.points_make_affine = ec_GFp_simple_points_make_affine,
254	.mul_generator_ct = ec_GFp_simple_mul_generator_ct,
255	.mul_single_ct = ec_GFp_simple_mul_single_ct,
256	.mul_double_nonct = ec_GFp_simple_mul_double_nonct,
257	.field_mul = ec_GFp_mont_field_mul,
258	.field_sqr = ec_GFp_mont_field_sqr,
259	.field_encode = ec_GFp_mont_field_encode,
260	.field_decode = ec_GFp_mont_field_decode,
261	.field_set_to_one = ec_GFp_mont_field_set_to_one,
262	.blind_coordinates = ec_GFp_simple_blind_coordinates,
263	};
264
265	const EC_METHOD *
266	EC_GFp_mont_method(void)
267	{
268	return &ec_GFp_mont_method;
269	}
270	LCRYPTO_ALIAS(EC_GFp_mont_method);