Move BIGNUMs in EC_GROUP and EC_POINT to the heap

The only way to get an EC_GROUP or an EC_POINT is by calling the relevant
_new() function and to get rid of it, something must call _free(). Thus we
can establish the invariant that every group has Weierstrass coefficients
p, a, b as well as order and cofactor hanging off it. Similarly, Every
point has allocated BIGNUMs for its Jacobian projective coordinates.

Unfortunately, a group has the generator as an optional component in
addition to seed and montgomery context/one (where optionality makes
more sense).

This is a mostly mechanical diff and only drops a few silly comments and
a couple of unnecessary NULL checks since in our part of the wrold the
word invariant has a meaning.

This should also appease Coverity who likes to throw fits at calling
BN_free() for BIGNUM on the stack (yes, this is actually a thing).

ok jsing

1 files changed, 6 insertions, 6 deletions

diff --git a/src/lib/libcrypto/ec/ec_convert.c b/src/lib/libcrypto/ec/ec_convert.c
index b48fc85315..a18bc49132 100644
--- a/src/lib/libcrypto/ec/ec_convert.c
+++ b/src/lib/libcrypto/ec/ec_convert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_convert.c,v 1.13 2024/12/16 06:11:26 tb Exp $ */
+/* $OpenBSD: ec_convert.c,v 1.14 2025/01/05 16:07:08 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -157,11 +157,11 @@ ec_encoded_length(const EC_GROUP *group, uint8_t form, size_t *out_len)
                 *out_len = 1;
                 return 1;
         case EC_POINT_COMPRESSED:
-                *out_len = 1 + BN_num_bytes(&group->p);
+                *out_len = 1 + BN_num_bytes(group->p);
                 return 1;
         case EC_POINT_UNCOMPRESSED:
         case EC_POINT_HYBRID:
-                *out_len = 1 + 2 * BN_num_bytes(&group->p);
+                *out_len = 1 + 2 * BN_num_bytes(group->p);
                 return 1;
         default:
                 return 0;
@@ -172,14 +172,14 @@ static int
 ec_field_element_is_valid(const EC_GROUP *group, const BIGNUM *bn)
 {
         /* Ensure bn is in the range [0, p). */
-        return !BN_is_negative(bn) && BN_cmp(&group->p, bn) > 0;
+        return !BN_is_negative(bn) && BN_cmp(group->p, bn) > 0;
 }
 
 static int
 ec_add_field_element_cbb(CBB *cbb, const EC_GROUP *group, const BIGNUM *bn)
 {
         uint8_t *buf = NULL;
-        int buf_len = BN_num_bytes(&group->p);
+        int buf_len = BN_num_bytes(group->p);
 
         if (!ec_field_element_is_valid(group, bn)) {
                 ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
@@ -202,7 +202,7 @@ ec_get_field_element_cbs(CBS *cbs, const EC_GROUP *group, BIGNUM *bn)
 {
         CBS field_element;
 
-        if (!CBS_get_bytes(cbs, &field_element, BN_num_bytes(&group->p))) {
+        if (!CBS_get_bytes(cbs, &field_element, BN_num_bytes(group->p))) {
                 ECerror(EC_R_INVALID_ENCODING);
                 return 0;
         }