diff options
| author | tb <> | 2024-12-12 10:00:15 +0000 |
|---|---|---|
| committer | tb <> | 2024-12-12 10:00:15 +0000 |
| commit | 0073d22328d043ee79dbaa9705605bcc23456d4a (patch) | |
| tree | 98a84616ac40b666f16865baf0fa0460f47b7623 /src | |
| parent | 54217ad59c104792c80ade741f539d2f2e1c1a54 (diff) | |
| download | openbsd-0073d22328d043ee79dbaa9705605bcc23456d4a.tar.gz openbsd-0073d22328d043ee79dbaa9705605bcc23456d4a.tar.bz2 openbsd-0073d22328d043ee79dbaa9705605bcc23456d4a.zip | |
Rename group->field to group->p
Now that we only do curves over GF(p) fields, there's no need to use a
weird, confusing name for what we usually call p. Adjust some comments
in the vicinity as well.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/ec/ec_convert.c | 14 | ||||
| -rw-r--r-- | src/lib/libcrypto/ec/ec_lib.c | 15 | ||||
| -rw-r--r-- | src/lib/libcrypto/ec/ec_local.h | 15 | ||||
| -rw-r--r-- | src/lib/libcrypto/ec/ecp_methods.c | 54 |
4 files changed, 46 insertions, 52 deletions
diff --git a/src/lib/libcrypto/ec/ec_convert.c b/src/lib/libcrypto/ec/ec_convert.c index a4237cda95..f2410c163c 100644 --- a/src/lib/libcrypto/ec/ec_convert.c +++ b/src/lib/libcrypto/ec/ec_convert.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec_convert.c,v 1.11 2024/11/08 02:24:37 tb Exp $ */ | 1 | /* $OpenBSD: ec_convert.c,v 1.12 2024/12/12 10:00:15 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Originally written by Bodo Moeller for the OpenSSL project. | 3 | * Originally written by Bodo Moeller for the OpenSSL project. |
| 4 | */ | 4 | */ |
| @@ -157,11 +157,11 @@ ec_encoded_length(const EC_GROUP *group, uint8_t form, size_t *out_len) | |||
| 157 | *out_len = 1; | 157 | *out_len = 1; |
| 158 | return 1; | 158 | return 1; |
| 159 | case EC_POINT_COMPRESSED: | 159 | case EC_POINT_COMPRESSED: |
| 160 | *out_len = 1 + BN_num_bytes(&group->field); | 160 | *out_len = 1 + BN_num_bytes(&group->p); |
| 161 | return 1; | 161 | return 1; |
| 162 | case EC_POINT_UNCOMPRESSED: | 162 | case EC_POINT_UNCOMPRESSED: |
| 163 | case EC_POINT_HYBRID: | 163 | case EC_POINT_HYBRID: |
| 164 | *out_len = 1 + 2 * BN_num_bytes(&group->field); | 164 | *out_len = 1 + 2 * BN_num_bytes(&group->p); |
| 165 | return 1; | 165 | return 1; |
| 166 | default: | 166 | default: |
| 167 | return 0; | 167 | return 0; |
| @@ -171,15 +171,15 @@ ec_encoded_length(const EC_GROUP *group, uint8_t form, size_t *out_len) | |||
| 171 | static int | 171 | static int |
| 172 | ec_field_element_is_valid(const EC_GROUP *group, const BIGNUM *bn) | 172 | ec_field_element_is_valid(const EC_GROUP *group, const BIGNUM *bn) |
| 173 | { | 173 | { |
| 174 | /* Ensure bn is in the range [0, field). */ | 174 | /* Ensure bn is in the range [0, p). */ |
| 175 | return !BN_is_negative(bn) && BN_cmp(&group->field, bn) > 0; | 175 | return !BN_is_negative(bn) && BN_cmp(&group->p, bn) > 0; |
| 176 | } | 176 | } |
| 177 | 177 | ||
| 178 | static int | 178 | static int |
| 179 | ec_add_field_element_cbb(CBB *cbb, const EC_GROUP *group, const BIGNUM *bn) | 179 | ec_add_field_element_cbb(CBB *cbb, const EC_GROUP *group, const BIGNUM *bn) |
| 180 | { | 180 | { |
| 181 | uint8_t *buf = NULL; | 181 | uint8_t *buf = NULL; |
| 182 | int buf_len = BN_num_bytes(&group->field); | 182 | int buf_len = BN_num_bytes(&group->p); |
| 183 | 183 | ||
| 184 | if (!ec_field_element_is_valid(group, bn)) { | 184 | if (!ec_field_element_is_valid(group, bn)) { |
| 185 | ECerror(EC_R_BIGNUM_OUT_OF_RANGE); | 185 | ECerror(EC_R_BIGNUM_OUT_OF_RANGE); |
| @@ -202,7 +202,7 @@ ec_get_field_element_cbs(CBS *cbs, const EC_GROUP *group, BIGNUM *bn) | |||
| 202 | { | 202 | { |
| 203 | CBS field_element; | 203 | CBS field_element; |
| 204 | 204 | ||
| 205 | if (!CBS_get_bytes(cbs, &field_element, BN_num_bytes(&group->field))) { | 205 | if (!CBS_get_bytes(cbs, &field_element, BN_num_bytes(&group->p))) { |
| 206 | ECerror(EC_R_INVALID_ENCODING); | 206 | ECerror(EC_R_INVALID_ENCODING); |
| 207 | return 0; | 207 | return 0; |
| 208 | } | 208 | } |
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c index a1c80c328b..9f1a742d38 100644 --- a/src/lib/libcrypto/ec/ec_lib.c +++ b/src/lib/libcrypto/ec/ec_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec_lib.c,v 1.89 2024/11/30 21:09:59 tb Exp $ */ | 1 | /* $OpenBSD: ec_lib.c,v 1.90 2024/12/12 10:00:15 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Originally written by Bodo Moeller for the OpenSSL project. | 3 | * Originally written by Bodo Moeller for the OpenSSL project. |
| 4 | */ | 4 | */ |
| @@ -275,8 +275,7 @@ ec_set_cofactor(EC_GROUP *group, const BIGNUM *in_cofactor) | |||
| 275 | * If the cofactor is too large, we cannot guess it and default to zero. | 275 | * If the cofactor is too large, we cannot guess it and default to zero. |
| 276 | * The RHS of below is a strict overestimate of log(4 * sqrt(q)). | 276 | * The RHS of below is a strict overestimate of log(4 * sqrt(q)). |
| 277 | */ | 277 | */ |
| 278 | if (BN_num_bits(&group->order) <= | 278 | if (BN_num_bits(&group->order) <= (BN_num_bits(&group->p) + 1) / 2 + 3) |
| 279 | (BN_num_bits(&group->field) + 1) / 2 + 3) | ||
| 280 | goto done; | 279 | goto done; |
| 281 | 280 | ||
| 282 | /* | 281 | /* |
| @@ -291,7 +290,7 @@ ec_set_cofactor(EC_GROUP *group, const BIGNUM *in_cofactor) | |||
| 291 | if (!BN_add_word(cofactor, 1)) | 290 | if (!BN_add_word(cofactor, 1)) |
| 292 | goto err; | 291 | goto err; |
| 293 | /* h = q + 1 + n/2 */ | 292 | /* h = q + 1 + n/2 */ |
| 294 | if (!BN_add(cofactor, cofactor, &group->field)) | 293 | if (!BN_add(cofactor, cofactor, &group->p)) |
| 295 | goto err; | 294 | goto err; |
| 296 | /* h = (q + 1 + n/2) / n */ | 295 | /* h = (q + 1 + n/2) / n */ |
| 297 | if (!BN_div_ct(cofactor, NULL, cofactor, &group->order, ctx)) | 296 | if (!BN_div_ct(cofactor, NULL, cofactor, &group->order, ctx)) |
| @@ -299,7 +298,7 @@ ec_set_cofactor(EC_GROUP *group, const BIGNUM *in_cofactor) | |||
| 299 | 298 | ||
| 300 | done: | 299 | done: |
| 301 | /* Use Hasse's theorem to bound the cofactor. */ | 300 | /* Use Hasse's theorem to bound the cofactor. */ |
| 302 | if (BN_num_bits(cofactor) > BN_num_bits(&group->field) + 1) { | 301 | if (BN_num_bits(cofactor) > BN_num_bits(&group->p) + 1) { |
| 303 | ECerror(EC_R_INVALID_GROUP_ORDER); | 302 | ECerror(EC_R_INVALID_GROUP_ORDER); |
| 304 | goto err; | 303 | goto err; |
| 305 | } | 304 | } |
| @@ -325,8 +324,8 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, | |||
| 325 | return 0; | 324 | return 0; |
| 326 | } | 325 | } |
| 327 | 326 | ||
| 328 | /* Require group->field >= 1. */ | 327 | /* Require p >= 1. */ |
| 329 | if (BN_is_zero(&group->field) || BN_is_negative(&group->field)) { | 328 | if (BN_is_zero(&group->p) || BN_is_negative(&group->p)) { |
| 330 | ECerror(EC_R_INVALID_FIELD); | 329 | ECerror(EC_R_INVALID_FIELD); |
| 331 | return 0; | 330 | return 0; |
| 332 | } | 331 | } |
| @@ -336,7 +335,7 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, | |||
| 336 | * than the field cardinality due to Hasse's theorem. | 335 | * than the field cardinality due to Hasse's theorem. |
| 337 | */ | 336 | */ |
| 338 | if (order == NULL || BN_cmp(order, BN_value_one()) <= 0 || | 337 | if (order == NULL || BN_cmp(order, BN_value_one()) <= 0 || |
| 339 | BN_num_bits(order) > BN_num_bits(&group->field) + 1) { | 338 | BN_num_bits(order) > BN_num_bits(&group->p) + 1) { |
| 340 | ECerror(EC_R_INVALID_GROUP_ORDER); | 339 | ECerror(EC_R_INVALID_GROUP_ORDER); |
| 341 | return 0; | 340 | return 0; |
| 342 | } | 341 | } |
diff --git a/src/lib/libcrypto/ec/ec_local.h b/src/lib/libcrypto/ec/ec_local.h index da706d5324..ea1cd7adad 100644 --- a/src/lib/libcrypto/ec/ec_local.h +++ b/src/lib/libcrypto/ec/ec_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec_local.h,v 1.42 2024/12/06 15:49:37 tb Exp $ */ | 1 | /* $OpenBSD: ec_local.h,v 1.43 2024/12/12 10:00:15 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Originally written by Bodo Moeller for the OpenSSL project. | 3 | * Originally written by Bodo Moeller for the OpenSSL project. |
| 4 | */ | 4 | */ |
| @@ -181,16 +181,11 @@ struct ec_group_st { | |||
| 181 | */ | 181 | */ |
| 182 | 182 | ||
| 183 | /* | 183 | /* |
| 184 | * Field specification. For GF(p) this is the modulus; for GF(2^m), | 184 | * Coefficients of the Weierstrass equation y^2 = x^3 + a*x + b (mod p). |
| 185 | * this is the irreducible polynomial defining the field. | ||
| 186 | */ | 185 | */ |
| 187 | BIGNUM field; | 186 | BIGNUM p; |
| 188 | 187 | BIGNUM a; | |
| 189 | /* | 188 | BIGNUM b; |
| 190 | * Curve coefficients. In characteristic > 3, the curve is defined by a | ||
| 191 | * Weierstrass equation of the form y^2 = x^3 + a*x + b. | ||
| 192 | */ | ||
| 193 | BIGNUM a, b; | ||
| 194 | 189 | ||
| 195 | /* Enables optimized point arithmetics for special case. */ | 190 | /* Enables optimized point arithmetics for special case. */ |
| 196 | int a_is_minus3; | 191 | int a_is_minus3; |
diff --git a/src/lib/libcrypto/ec/ecp_methods.c b/src/lib/libcrypto/ec/ecp_methods.c index 50607ea216..8f04a24e28 100644 --- a/src/lib/libcrypto/ec/ecp_methods.c +++ b/src/lib/libcrypto/ec/ecp_methods.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecp_methods.c,v 1.13 2024/12/06 15:49:37 tb Exp $ */ | 1 | /* $OpenBSD: ecp_methods.c,v 1.14 2024/12/12 10:00:15 tb Exp $ */ |
| 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> | 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> |
| 3 | * for the OpenSSL project. | 3 | * for the OpenSSL project. |
| 4 | * Includes code written by Bodo Moeller for the OpenSSL project. | 4 | * Includes code written by Bodo Moeller for the OpenSSL project. |
| @@ -87,7 +87,7 @@ | |||
| 87 | static int | 87 | static int |
| 88 | ec_group_init(EC_GROUP *group) | 88 | ec_group_init(EC_GROUP *group) |
| 89 | { | 89 | { |
| 90 | BN_init(&group->field); | 90 | BN_init(&group->p); |
| 91 | BN_init(&group->a); | 91 | BN_init(&group->a); |
| 92 | BN_init(&group->b); | 92 | BN_init(&group->b); |
| 93 | group->a_is_minus3 = 0; | 93 | group->a_is_minus3 = 0; |
| @@ -97,7 +97,7 @@ ec_group_init(EC_GROUP *group) | |||
| 97 | static void | 97 | static void |
| 98 | ec_group_finish(EC_GROUP *group) | 98 | ec_group_finish(EC_GROUP *group) |
| 99 | { | 99 | { |
| 100 | BN_free(&group->field); | 100 | BN_free(&group->p); |
| 101 | BN_free(&group->a); | 101 | BN_free(&group->a); |
| 102 | BN_free(&group->b); | 102 | BN_free(&group->b); |
| 103 | } | 103 | } |
| @@ -105,7 +105,7 @@ ec_group_finish(EC_GROUP *group) | |||
| 105 | static int | 105 | static int |
| 106 | ec_group_copy(EC_GROUP *dest, const EC_GROUP *src) | 106 | ec_group_copy(EC_GROUP *dest, const EC_GROUP *src) |
| 107 | { | 107 | { |
| 108 | if (!bn_copy(&dest->field, &src->field)) | 108 | if (!bn_copy(&dest->p, &src->p)) |
| 109 | return 0; | 109 | return 0; |
| 110 | if (!bn_copy(&dest->a, &src->a)) | 110 | if (!bn_copy(&dest->a, &src->a)) |
| 111 | return 0; | 111 | return 0; |
| @@ -132,7 +132,7 @@ ec_decode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx | |||
| 132 | static int | 132 | static int |
| 133 | ec_encode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx) | 133 | ec_encode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx) |
| 134 | { | 134 | { |
| 135 | if (!BN_nnmod(bn, x, &group->field, ctx)) | 135 | if (!BN_nnmod(bn, x, &group->p, ctx)) |
| 136 | return 0; | 136 | return 0; |
| 137 | 137 | ||
| 138 | if (group->meth->field_encode != NULL) | 138 | if (group->meth->field_encode != NULL) |
| @@ -145,7 +145,7 @@ static int | |||
| 145 | ec_encode_z_coordinate(const EC_GROUP *group, BIGNUM *bn, int *is_one, | 145 | ec_encode_z_coordinate(const EC_GROUP *group, BIGNUM *bn, int *is_one, |
| 146 | const BIGNUM *z, BN_CTX *ctx) | 146 | const BIGNUM *z, BN_CTX *ctx) |
| 147 | { | 147 | { |
| 148 | if (!BN_nnmod(bn, z, &group->field, ctx)) | 148 | if (!BN_nnmod(bn, z, &group->p, ctx)) |
| 149 | return 0; | 149 | return 0; |
| 150 | 150 | ||
| 151 | *is_one = BN_is_one(bn); | 151 | *is_one = BN_is_one(bn); |
| @@ -176,9 +176,9 @@ ec_group_set_curve(EC_GROUP *group, | |||
| 176 | if ((a_plus_3 = BN_CTX_get(ctx)) == NULL) | 176 | if ((a_plus_3 = BN_CTX_get(ctx)) == NULL) |
| 177 | goto err; | 177 | goto err; |
| 178 | 178 | ||
| 179 | if (!bn_copy(&group->field, p)) | 179 | if (!bn_copy(&group->p, p)) |
| 180 | goto err; | 180 | goto err; |
| 181 | BN_set_negative(&group->field, 0); | 181 | BN_set_negative(&group->p, 0); |
| 182 | 182 | ||
| 183 | if (!ec_encode_scalar(group, &group->a, a, ctx)) | 183 | if (!ec_encode_scalar(group, &group->a, a, ctx)) |
| 184 | goto err; | 184 | goto err; |
| @@ -187,7 +187,7 @@ ec_group_set_curve(EC_GROUP *group, | |||
| 187 | 187 | ||
| 188 | if (!BN_set_word(a_plus_3, 3)) | 188 | if (!BN_set_word(a_plus_3, 3)) |
| 189 | goto err; | 189 | goto err; |
| 190 | if (!BN_mod_add(a_plus_3, a_plus_3, a, &group->field, ctx)) | 190 | if (!BN_mod_add(a_plus_3, a_plus_3, a, &group->p, ctx)) |
| 191 | goto err; | 191 | goto err; |
| 192 | 192 | ||
| 193 | group->a_is_minus3 = BN_is_zero(a_plus_3); | 193 | group->a_is_minus3 = BN_is_zero(a_plus_3); |
| @@ -205,7 +205,7 @@ ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, | |||
| 205 | BN_CTX *ctx) | 205 | BN_CTX *ctx) |
| 206 | { | 206 | { |
| 207 | if (p != NULL) { | 207 | if (p != NULL) { |
| 208 | if (!bn_copy(p, &group->field)) | 208 | if (!bn_copy(p, &group->p)) |
| 209 | return 0; | 209 | return 0; |
| 210 | } | 210 | } |
| 211 | if (!ec_decode_scalar(group, a, &group->a, ctx)) | 211 | if (!ec_decode_scalar(group, a, &group->a, ctx)) |
| @@ -219,7 +219,7 @@ ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, | |||
| 219 | static int | 219 | static int |
| 220 | ec_group_get_degree(const EC_GROUP *group) | 220 | ec_group_get_degree(const EC_GROUP *group) |
| 221 | { | 221 | { |
| 222 | return BN_num_bits(&group->field); | 222 | return BN_num_bits(&group->p); |
| 223 | } | 223 | } |
| 224 | 224 | ||
| 225 | static int | 225 | static int |
| @@ -375,7 +375,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, | |||
| 375 | goto done; | 375 | goto done; |
| 376 | } | 376 | } |
| 377 | 377 | ||
| 378 | if (BN_mod_inverse_ct(Z_1, z, &group->field, ctx) == NULL) { | 378 | if (BN_mod_inverse_ct(Z_1, z, &group->p, ctx) == NULL) { |
| 379 | ECerror(ERR_R_BN_LIB); | 379 | ECerror(ERR_R_BN_LIB); |
| 380 | goto err; | 380 | goto err; |
| 381 | } | 381 | } |
| @@ -384,7 +384,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, | |||
| 384 | if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) | 384 | if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) |
| 385 | goto err; | 385 | goto err; |
| 386 | } else { | 386 | } else { |
| 387 | if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) | 387 | if (!BN_mod_sqr(Z_2, Z_1, &group->p, ctx)) |
| 388 | goto err; | 388 | goto err; |
| 389 | } | 389 | } |
| 390 | 390 | ||
| @@ -402,7 +402,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, | |||
| 402 | if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) | 402 | if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) |
| 403 | goto err; | 403 | goto err; |
| 404 | } else { | 404 | } else { |
| 405 | if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) | 405 | if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->p, ctx)) |
| 406 | goto err; | 406 | goto err; |
| 407 | } | 407 | } |
| 408 | 408 | ||
| @@ -427,7 +427,7 @@ static int | |||
| 427 | ec_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, | 427 | ec_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, |
| 428 | const BIGNUM *in_x, int y_bit, BN_CTX *ctx) | 428 | const BIGNUM *in_x, int y_bit, BN_CTX *ctx) |
| 429 | { | 429 | { |
| 430 | const BIGNUM *p = &group->field, *a = &group->a, *b = &group->b; | 430 | const BIGNUM *p = &group->p, *a = &group->a, *b = &group->b; |
| 431 | BIGNUM *w, *x, *y; | 431 | BIGNUM *w, *x, *y; |
| 432 | int ret = 0; | 432 | int ret = 0; |
| 433 | 433 | ||
| @@ -500,7 +500,7 @@ ec_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, | |||
| 500 | ECerror(EC_R_INVALID_COMPRESSION_BIT); | 500 | ECerror(EC_R_INVALID_COMPRESSION_BIT); |
| 501 | goto err; | 501 | goto err; |
| 502 | } | 502 | } |
| 503 | if (!BN_usub(y, &group->field, y)) | 503 | if (!BN_usub(y, &group->p, y)) |
| 504 | goto err; | 504 | goto err; |
| 505 | 505 | ||
| 506 | if (y_bit != BN_is_odd(y)) { | 506 | if (y_bit != BN_is_odd(y)) { |
| @@ -540,7 +540,7 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, | |||
| 540 | 540 | ||
| 541 | field_mul = group->meth->field_mul; | 541 | field_mul = group->meth->field_mul; |
| 542 | field_sqr = group->meth->field_sqr; | 542 | field_sqr = group->meth->field_sqr; |
| 543 | p = &group->field; | 543 | p = &group->p; |
| 544 | 544 | ||
| 545 | BN_CTX_start(ctx); | 545 | BN_CTX_start(ctx); |
| 546 | 546 | ||
| @@ -718,7 +718,7 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) | |||
| 718 | 718 | ||
| 719 | field_mul = group->meth->field_mul; | 719 | field_mul = group->meth->field_mul; |
| 720 | field_sqr = group->meth->field_sqr; | 720 | field_sqr = group->meth->field_sqr; |
| 721 | p = &group->field; | 721 | p = &group->p; |
| 722 | 722 | ||
| 723 | BN_CTX_start(ctx); | 723 | BN_CTX_start(ctx); |
| 724 | 724 | ||
| @@ -845,7 +845,7 @@ ec_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) | |||
| 845 | /* point is its own inverse */ | 845 | /* point is its own inverse */ |
| 846 | return 1; | 846 | return 1; |
| 847 | 847 | ||
| 848 | return BN_usub(&point->Y, &group->field, &point->Y); | 848 | return BN_usub(&point->Y, &group->p, &point->Y); |
| 849 | } | 849 | } |
| 850 | 850 | ||
| 851 | static int | 851 | static int |
| @@ -862,7 +862,7 @@ ec_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) | |||
| 862 | 862 | ||
| 863 | field_mul = group->meth->field_mul; | 863 | field_mul = group->meth->field_mul; |
| 864 | field_sqr = group->meth->field_sqr; | 864 | field_sqr = group->meth->field_sqr; |
| 865 | p = &group->field; | 865 | p = &group->p; |
| 866 | 866 | ||
| 867 | BN_CTX_start(ctx); | 867 | BN_CTX_start(ctx); |
| 868 | 868 | ||
| @@ -1130,7 +1130,7 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], | |||
| 1130 | * Now use a single explicit inversion to replace every non-zero | 1130 | * Now use a single explicit inversion to replace every non-zero |
| 1131 | * points[i]->Z by its inverse. | 1131 | * points[i]->Z by its inverse. |
| 1132 | */ | 1132 | */ |
| 1133 | if (!BN_mod_inverse_nonct(tmp, prod_Z[num - 1], &group->field, ctx)) { | 1133 | if (!BN_mod_inverse_nonct(tmp, prod_Z[num - 1], &group->p, ctx)) { |
| 1134 | ECerror(ERR_R_BN_LIB); | 1134 | ECerror(ERR_R_BN_LIB); |
| 1135 | goto err; | 1135 | goto err; |
| 1136 | } | 1136 | } |
| @@ -1214,13 +1214,13 @@ static int | |||
| 1214 | ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, | 1214 | ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, |
| 1215 | BN_CTX *ctx) | 1215 | BN_CTX *ctx) |
| 1216 | { | 1216 | { |
| 1217 | return BN_mod_mul(r, a, b, &group->field, ctx); | 1217 | return BN_mod_mul(r, a, b, &group->p, ctx); |
| 1218 | } | 1218 | } |
| 1219 | 1219 | ||
| 1220 | static int | 1220 | static int |
| 1221 | ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) | 1221 | ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) |
| 1222 | { | 1222 | { |
| 1223 | return BN_mod_sqr(r, a, &group->field, ctx); | 1223 | return BN_mod_sqr(r, a, &group->p, ctx); |
| 1224 | } | 1224 | } |
| 1225 | 1225 | ||
| 1226 | /* | 1226 | /* |
| @@ -1228,7 +1228,7 @@ ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) | |||
| 1228 | * | 1228 | * |
| 1229 | * (X, Y, Z) = (lambda^2 * X, lambda^3 * Y, lambda * Z) | 1229 | * (X, Y, Z) = (lambda^2 * X, lambda^3 * Y, lambda * Z) |
| 1230 | * | 1230 | * |
| 1231 | * where lambda is in the interval [1, group->field). | 1231 | * where lambda is in the interval [1, p). |
| 1232 | */ | 1232 | */ |
| 1233 | static int | 1233 | static int |
| 1234 | ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) | 1234 | ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) |
| @@ -1243,8 +1243,8 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) | |||
| 1243 | if ((tmp = BN_CTX_get(ctx)) == NULL) | 1243 | if ((tmp = BN_CTX_get(ctx)) == NULL) |
| 1244 | goto err; | 1244 | goto err; |
| 1245 | 1245 | ||
| 1246 | /* Generate lambda in [1, group->field). */ | 1246 | /* Generate lambda in [1, p). */ |
| 1247 | if (!bn_rand_interval(lambda, 1, &group->field)) | 1247 | if (!bn_rand_interval(lambda, 1, &group->p)) |
| 1248 | goto err; | 1248 | goto err; |
| 1249 | 1249 | ||
| 1250 | if (group->meth->field_encode != NULL && | 1250 | if (group->meth->field_encode != NULL && |
| @@ -1392,7 +1392,7 @@ ec_mul_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |||
| 1392 | if (!BN_swap_ct(kbit, k, lambda, group_top + 2)) | 1392 | if (!BN_swap_ct(kbit, k, lambda, group_top + 2)) |
| 1393 | goto err; | 1393 | goto err; |
| 1394 | 1394 | ||
| 1395 | group_top = group->field.top; | 1395 | group_top = group->p.top; |
| 1396 | if (!bn_wexpand(&s->X, group_top) || | 1396 | if (!bn_wexpand(&s->X, group_top) || |
| 1397 | !bn_wexpand(&s->Y, group_top) || | 1397 | !bn_wexpand(&s->Y, group_top) || |
| 1398 | !bn_wexpand(&s->Z, group_top) || | 1398 | !bn_wexpand(&s->Z, group_top) || |