Stop caching one in the Montgomery domain

This is only used by ec_points_make_affine(), which is only used by the
wNAF multiplication, which is only used by ECDSA. We can afford computing
that one once per ECDSA verification given the cost of the rest of this.

Thus, the field_set_to_one() member disappears from the EC_METHOD and the
mont_one member disappears from EC_GROUP and with it all the complications
when setting/copying/freeing the group.

ok jsing

1 files changed, 2 insertions, 4 deletions

diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 03c6f3aa90..170bdedc57 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.95 2025/01/06 10:56:46 tb Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.96 2025/01/06 11:59:02 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -107,8 +107,7 @@ EC_GROUP_new(const EC_METHOD *meth)
                 goto err;
 
         /*
-         * generator and seed are optional. mont_ctx, mont_one are only for
-         * curves using EC_GFp_mont_method()
+         * generator, seed and mont_ctx are optional.
          */
 
         return group;
@@ -131,7 +130,6 @@ EC_GROUP_free(EC_GROUP *group)
         BN_free(group->b);
 
         BN_MONT_CTX_free(group->mont_ctx);
-        BN_free(group->mont_one);
 
         EC_POINT_free(group->generator);
         BN_free(group->order);