Merge compressed coordinate setting back into ecp_smpl and ec_lib

The reason these were in separate files was FIPS. Not our problem.
author: tb <> 2024-11-02 15:50:50 +0000
committer: tb <> 2024-11-02 15:50:50 +0000
commit: 04277a8a70494b7b35dc16881dea60c36382073c (patch)
tree: afddf8953e07c4b922c56d9d930051ace171ebfe /src
parent: 7ac9d79f59c8680854d47ab54d8cb8d38183a391 (diff)
download: openbsd-04277a8a70494b7b35dc16881dea60c36382073c.tar.gz
openbsd-04277a8a70494b7b35dc16881dea60c36382073c.tar.bz2
openbsd-04277a8a70494b7b35dc16881dea60c36382073c.zip
5 files changed, 140 insertions, 286 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index 42fe269ade..d11e66cede 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.217 2024/11/01 03:10:09 tb Exp $
+# $OpenBSD: Makefile,v 1.218 2024/11/02 15:50:50 tb Exp $
 LIB=    crypto
 LIBREBUILD=y
@@ -288,11 +288,9 @@ SRCS+= ec_key.c
 SRCS+= ec_kmeth.c
 SRCS+= ec_lib.c
 SRCS+= ec_mult.c
-SRCS+= ec_oct.c
 SRCS+= ec_pmeth.c
 SRCS+= eck_prn.c
 SRCS+= ecp_mont.c
-SRCS+= ecp_oct.c
 SRCS+= ecp_smpl.c
 SRCS+= ecx_methods.c
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 0dcee7b278..423c5ac7e2 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.74 2024/10/25 00:37:51 tb Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.75 2024/11/02 15:50:50 tb Exp $ */
 /*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
@@ -1032,6 +1032,45 @@ EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point
 LCRYPTO_ALIAS(EC_POINT_get_affine_coordinates_GFp);
 int
+EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
+    const BIGNUM *x, int y_bit, BN_CTX *ctx_in)
+{
+        BN_CTX *ctx;
+        int ret = 0;
+        if ((ctx = ctx_in) == NULL)
+                ctx = BN_CTX_new();
+        if (ctx == NULL)
+                goto err;
+        if (group->meth->point_set_compressed_coordinates == NULL) {
+                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                goto err;
+        }
+        if (group->meth != point->meth) {
+                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
+                goto err;
+        }
+        ret = group->meth->point_set_compressed_coordinates(group, point,
+            x, y_bit, ctx);
+ err:
+        if (ctx != ctx_in)
+                BN_CTX_free(ctx);
+        return ret;
+}
+LCRYPTO_ALIAS(EC_POINT_set_compressed_coordinates);
+int
+EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+    const BIGNUM *x, int y_bit, BN_CTX *ctx)
+{
+        return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
+}
+LCRYPTO_ALIAS(EC_POINT_set_compressed_coordinates_GFp);
+int
 EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
    const EC_POINT *b, BN_CTX *ctx_in)
 {
diff --git a/src/lib/libcrypto/ec/ec_oct.c b/src/lib/libcrypto/ec/ec_oct.c
deleted file mode 100644
index 7eb7d51910..0000000000
--- a/src/lib/libcrypto/ec/ec_oct.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/* $OpenBSD: ec_oct.c,v 1.20 2024/10/30 18:14:49 tb Exp $ */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-#include <string.h>
-#include <openssl/opensslconf.h>
-#include <openssl/asn1.h>
-#include <openssl/err.h>
-#include <openssl/opensslv.h>
-#include "asn1_local.h"
-#include "ec_local.h"
-int
-EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
-    const BIGNUM *x, int y_bit, BN_CTX *ctx_in)
-{
-        BN_CTX *ctx;
-        int ret = 0;
-        if ((ctx = ctx_in) == NULL)
-                ctx = BN_CTX_new();
-        if (ctx == NULL)
-                goto err;
-        if (group->meth->point_set_compressed_coordinates == NULL) {
-                ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                goto err;
-        }
-        if (group->meth != point->meth) {
-                ECerror(EC_R_INCOMPATIBLE_OBJECTS);
-                goto err;
-        }
-        ret = group->meth->point_set_compressed_coordinates(group, point,
-            x, y_bit, ctx);
- err:
-        if (ctx != ctx_in)
-                BN_CTX_free(ctx);
-        return ret;
-}
-LCRYPTO_ALIAS(EC_POINT_set_compressed_coordinates);
-int
-EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-    const BIGNUM *x, int y_bit, BN_CTX *ctx)
-{
-        return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
-}
-LCRYPTO_ALIAS(EC_POINT_set_compressed_coordinates_GFp);
diff --git a/src/lib/libcrypto/ec/ecp_oct.c b/src/lib/libcrypto/ec/ecp_oct.c
deleted file mode 100644
index 85467a4143..0000000000
--- a/src/lib/libcrypto/ec/ecp_oct.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/* $OpenBSD: ecp_oct.c,v 1.32 2024/11/02 09:21:04 tb Exp $ */
-/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project.
- * Includes code written by Bodo Moeller for the OpenSSL project.
-*/
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-#include <stddef.h>
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/err.h>
-#include "ec_local.h"
-int
-ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
-    EC_POINT *point, const BIGNUM *in_x, int y_bit, BN_CTX *ctx)
-{
-        const BIGNUM *p = &group->field, *a = &group->a, *b = &group->b;
-        BIGNUM *w, *x, *y;
-        int ret = 0;
-        y_bit = (y_bit != 0);
-        BN_CTX_start(ctx);
-        if ((w = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((x = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((y = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        /*
-         * Weierstrass equation: y^2 = x^3 + ax + b, so y is one of the
-         * square roots of x^3 + ax + b. The y-bit indicates which one.
-         */
-        /* XXX - should we not insist on 0 <= x < p instead? */
-        if (!BN_nnmod(x, in_x, p, ctx))
-                goto err;
-        if (group->meth->field_encode != NULL) {
-                if (!group->meth->field_encode(group, x, x, ctx))
-                        goto err;
-        }
-        /* y = x^3 */
-        if (!group->meth->field_sqr(group, y, x, ctx))
-                goto err;
-        if (!group->meth->field_mul(group, y, y, x, ctx))
-                goto err;
-        /* y += ax */
-        if (group->a_is_minus3) {
-                if (!BN_mod_lshift1_quick(w, x, p))
-                        goto err;
-                if (!BN_mod_add_quick(w, w, x, p))
-                        goto err;
-                if (!BN_mod_sub_quick(y, y, w, p))
-                        goto err;
-        } else {
-                if (!group->meth->field_mul(group, w, a, x, ctx))
-                        goto err;
-                if (!BN_mod_add_quick(y, y, w, p))
-                        goto err;
-        }
-        /* y += b */
-        if (!BN_mod_add_quick(y, y, b, p))
-                goto err;
-        if (group->meth->field_decode != NULL) {
-                if (!group->meth->field_decode(group, x, x, ctx))
-                        goto err;
-                if (!group->meth->field_decode(group, y, y, ctx))
-                        goto err;
-        }
-        if (!BN_mod_sqrt(y, y, p, ctx)) {
-                ECerror(EC_R_INVALID_COMPRESSED_POINT);
-                goto err;
-        }
-        if (y_bit == BN_is_odd(y))
-                goto done;
-        if (BN_is_zero(y)) {
-                ECerror(EC_R_INVALID_COMPRESSION_BIT);
-                goto err;
-        }
-        if (!BN_usub(y, &group->field, y))
-                goto err;
-        if (y_bit != BN_is_odd(y)) {
-                /* Can only happen if p is even and should not be reachable. */
-                ECerror(ERR_R_INTERNAL_ERROR);
-                goto err;
-        }
- done:
-        if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
-                goto err;
-        ret = 1;
- err:
-        BN_CTX_end(ctx);
-        return ret;
-}
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
index ab79680742..5890ca994a 100644
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_smpl.c,v 1.57 2024/10/31 15:37:53 tb Exp $ */
+/* $OpenBSD: ecp_smpl.c,v 1.58 2024/11/02 15:50:50 tb Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project.
 * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -469,6 +469,104 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
 }
 int
+ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
+    EC_POINT *point, const BIGNUM *in_x, int y_bit, BN_CTX *ctx)
+{
+        const BIGNUM *p = &group->field, *a = &group->a, *b = &group->b;
+        BIGNUM *w, *x, *y;
+        int ret = 0;
+        y_bit = (y_bit != 0);
+        BN_CTX_start(ctx);
+        if ((w = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((x = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((y = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        /*
+         * Weierstrass equation: y^2 = x^3 + ax + b, so y is one of the
+         * square roots of x^3 + ax + b. The y-bit indicates which one.
+         */
+        /* XXX - should we not insist on 0 <= x < p instead? */
+        if (!BN_nnmod(x, in_x, p, ctx))
+                goto err;
+        if (group->meth->field_encode != NULL) {
+                if (!group->meth->field_encode(group, x, x, ctx))
+                        goto err;
+        }
+        /* y = x^3 */
+        if (!group->meth->field_sqr(group, y, x, ctx))
+                goto err;
+        if (!group->meth->field_mul(group, y, y, x, ctx))
+                goto err;
+        /* y += ax */
+        if (group->a_is_minus3) {
+                if (!BN_mod_lshift1_quick(w, x, p))
+                        goto err;
+                if (!BN_mod_add_quick(w, w, x, p))
+                        goto err;
+                if (!BN_mod_sub_quick(y, y, w, p))
+                        goto err;
+        } else {
+                if (!group->meth->field_mul(group, w, a, x, ctx))
+                        goto err;
+                if (!BN_mod_add_quick(y, y, w, p))
+                        goto err;
+        }
+        /* y += b */
+        if (!BN_mod_add_quick(y, y, b, p))
+                goto err;
+        if (group->meth->field_decode != NULL) {
+                if (!group->meth->field_decode(group, x, x, ctx))
+                        goto err;
+                if (!group->meth->field_decode(group, y, y, ctx))
+                        goto err;
+        }
+        if (!BN_mod_sqrt(y, y, p, ctx)) {
+                ECerror(EC_R_INVALID_COMPRESSED_POINT);
+                goto err;
+        }
+        if (y_bit == BN_is_odd(y))
+                goto done;
+        if (BN_is_zero(y)) {
+                ECerror(EC_R_INVALID_COMPRESSION_BIT);
+                goto err;
+        }
+        if (!BN_usub(y, &group->field, y))
+                goto err;
+        if (y_bit != BN_is_odd(y)) {
+                /* Can only happen if p is even and should not be reachable. */
+                ECerror(ERR_R_INTERNAL_ERROR);
+                goto err;
+        }
+ done:
+        if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
+                goto err;
+        ret = 1;
+ err:
+        BN_CTX_end(ctx);
+        return ret;
+}
+int
 ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
 {
        int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
author	tb <>	2024-11-02 15:50:50 +0000
committer	tb <>	2024-11-02 15:50:50 +0000
commit	04277a8a70494b7b35dc16881dea60c36382073c (patch)
tree	afddf8953e07c4b922c56d9d930051ace171ebfe /src
parent	7ac9d79f59c8680854d47ab54d8cb8d38183a391 (diff)
download	openbsd-04277a8a70494b7b35dc16881dea60c36382073c.tar.gz openbsd-04277a8a70494b7b35dc16881dea60c36382073c.tar.bz2 openbsd-04277a8a70494b7b35dc16881dea60c36382073c.zip

diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile index 42fe269ade..d11e66cede 100644 --- a/src/lib/libcrypto/Makefile +++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.217 2024/11/01 03:10:09 tb Exp $	1	# $OpenBSD: Makefile,v 1.218 2024/11/02 15:50:50 tb Exp $
2		2
3	LIB= crypto	3	LIB= crypto
4	LIBREBUILD=y	4	LIBREBUILD=y
@@ -288,11 +288,9 @@ SRCS+= ec_key.c
288	SRCS+= ec_kmeth.c	288	SRCS+= ec_kmeth.c
289	SRCS+= ec_lib.c	289	SRCS+= ec_lib.c
290	SRCS+= ec_mult.c	290	SRCS+= ec_mult.c
291	SRCS+= ec_oct.c
292	SRCS+= ec_pmeth.c	291	SRCS+= ec_pmeth.c
293	SRCS+= eck_prn.c	292	SRCS+= eck_prn.c
294	SRCS+= ecp_mont.c	293	SRCS+= ecp_mont.c
295	SRCS+= ecp_oct.c
296	SRCS+= ecp_smpl.c	294	SRCS+= ecp_smpl.c
297	SRCS+= ecx_methods.c	295	SRCS+= ecx_methods.c
298		296


diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c index 0dcee7b278..423c5ac7e2 100644 --- a/src/lib/libcrypto/ec/ec_lib.c +++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_lib.c,v 1.74 2024/10/25 00:37:51 tb Exp $ */	1	/* $OpenBSD: ec_lib.c,v 1.75 2024/11/02 15:50:50 tb Exp $ */
2	/*	2	/*
3	* Originally written by Bodo Moeller for the OpenSSL project.	3	* Originally written by Bodo Moeller for the OpenSSL project.
4	*/	4	*/
@@ -1032,6 +1032,45 @@ EC_POINT_get_affine_coordinates_GFp(const EC_GROUP group, const EC_POINT point
1032	LCRYPTO_ALIAS(EC_POINT_get_affine_coordinates_GFp);	1032	LCRYPTO_ALIAS(EC_POINT_get_affine_coordinates_GFp);
1033		1033
1034	int	1034	int
		1035	EC_POINT_set_compressed_coordinates(const EC_GROUP group, EC_POINT point,
		1036	const BIGNUM x, int y_bit, BN_CTX ctx_in)
		1037	{
		1038	BN_CTX *ctx;
		1039	int ret = 0;
		1040
		1041	if ((ctx = ctx_in) == NULL)
		1042	ctx = BN_CTX_new();
		1043	if (ctx == NULL)
		1044	goto err;
		1045
		1046	if (group->meth->point_set_compressed_coordinates == NULL) {
		1047	ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		1048	goto err;
		1049	}
		1050	if (group->meth != point->meth) {
		1051	ECerror(EC_R_INCOMPATIBLE_OBJECTS);
		1052	goto err;
		1053	}
		1054	ret = group->meth->point_set_compressed_coordinates(group, point,
		1055	x, y_bit, ctx);
		1056
		1057	err:
		1058	if (ctx != ctx_in)
		1059	BN_CTX_free(ctx);
		1060
		1061	return ret;
		1062	}
		1063	LCRYPTO_ALIAS(EC_POINT_set_compressed_coordinates);
		1064
		1065	int
		1066	EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP group, EC_POINT point,
		1067	const BIGNUM x, int y_bit, BN_CTX ctx)
		1068	{
		1069	return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
		1070	}
		1071	LCRYPTO_ALIAS(EC_POINT_set_compressed_coordinates_GFp);
		1072
		1073	int
1035	EC_POINT_add(const EC_GROUP group, EC_POINT r, const EC_POINT *a,	1074	EC_POINT_add(const EC_GROUP group, EC_POINT r, const EC_POINT *a,
1036	const EC_POINT b, BN_CTX ctx_in)	1075	const EC_POINT b, BN_CTX ctx_in)
1037	{	1076	{


diff --git a/src/lib/libcrypto/ec/ec_oct.c b/src/lib/libcrypto/ec/ec_oct.c deleted file mode 100644 index 7eb7d51910..0000000000 --- a/src/lib/libcrypto/ec/ec_oct.c +++ /dev/null
@@ -1,112 +0,0 @@
1	/* $OpenBSD: ec_oct.c,v 1.20 2024/10/30 18:14:49 tb Exp $ */
2	/*
3	* Originally written by Bodo Moeller for the OpenSSL project.
4	*/
5	/* ====================================================================
6	* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* openssl-core@openssl.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58	/* ====================================================================
59	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60	* Binary polynomial ECC support in OpenSSL originally developed by
61	* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
62	*/
63
64	#include <string.h>
65
66	#include <openssl/opensslconf.h>
67
68	#include <openssl/asn1.h>
69	#include <openssl/err.h>
70	#include <openssl/opensslv.h>
71
72	#include "asn1_local.h"
73	#include "ec_local.h"
74
75	int
76	EC_POINT_set_compressed_coordinates(const EC_GROUP group, EC_POINT point,
77	const BIGNUM x, int y_bit, BN_CTX ctx_in)
78	{
79	BN_CTX *ctx;
80	int ret = 0;
81
82	if ((ctx = ctx_in) == NULL)
83	ctx = BN_CTX_new();
84	if (ctx == NULL)
85	goto err;
86
87	if (group->meth->point_set_compressed_coordinates == NULL) {
88	ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
89	goto err;
90	}
91	if (group->meth != point->meth) {
92	ECerror(EC_R_INCOMPATIBLE_OBJECTS);
93	goto err;
94	}
95	ret = group->meth->point_set_compressed_coordinates(group, point,
96	x, y_bit, ctx);
97
98	err:
99	if (ctx != ctx_in)
100	BN_CTX_free(ctx);
101
102	return ret;
103	}
104	LCRYPTO_ALIAS(EC_POINT_set_compressed_coordinates);
105
106	int
107	EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP group, EC_POINT point,
108	const BIGNUM x, int y_bit, BN_CTX ctx)
109	{
110	return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
111	}
112	LCRYPTO_ALIAS(EC_POINT_set_compressed_coordinates_GFp);


diff --git a/src/lib/libcrypto/ec/ecp_oct.c b/src/lib/libcrypto/ec/ecp_oct.c deleted file mode 100644 index 85467a4143..0000000000 --- a/src/lib/libcrypto/ec/ecp_oct.c +++ /dev/null
@@ -1,169 +0,0 @@
1	/* $OpenBSD: ecp_oct.c,v 1.32 2024/11/02 09:21:04 tb Exp $ */
2	/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3	* for the OpenSSL project.
4	* Includes code written by Bodo Moeller for the OpenSSL project.
5	*/
6	/* ====================================================================
7	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
8	*
9	* Redistribution and use in source and binary forms, with or without
10	* modification, are permitted provided that the following conditions
11	* are met:
12	*
13	* 1. Redistributions of source code must retain the above copyright
14	* notice, this list of conditions and the following disclaimer.
15	*
16	* 2. Redistributions in binary form must reproduce the above copyright
17	* notice, this list of conditions and the following disclaimer in
18	* the documentation and/or other materials provided with the
19	* distribution.
20	*
21	* 3. All advertising materials mentioning features or use of this
22	* software must display the following acknowledgment:
23	* "This product includes software developed by the OpenSSL Project
24	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25	*
26	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27	* endorse or promote products derived from this software without
28	* prior written permission. For written permission, please contact
29	* openssl-core@openssl.org.
30	*
31	* 5. Products derived from this software may not be called "OpenSSL"
32	* nor may "OpenSSL" appear in their names without prior written
33	* permission of the OpenSSL Project.
34	*
35	* 6. Redistributions of any form whatsoever must retain the following
36	* acknowledgment:
37	* "This product includes software developed by the OpenSSL Project
38	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39	*
40	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51	* OF THE POSSIBILITY OF SUCH DAMAGE.
52	* ====================================================================
53	*
54	* This product includes cryptographic software written by Eric Young
55	* (eay@cryptsoft.com). This product includes software written by Tim
56	* Hudson (tjh@cryptsoft.com).
57	*
58	*/
59	/* ====================================================================
60	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
61	* Portions of this software developed by SUN MICROSYSTEMS, INC.,
62	* and contributed to the OpenSSL project.
63	*/
64
65	#include <stddef.h>
66
67	#include <openssl/bn.h>
68	#include <openssl/ec.h>
69	#include <openssl/err.h>
70
71	#include "ec_local.h"
72
73	int
74	ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
75	EC_POINT point, const BIGNUM in_x, int y_bit, BN_CTX *ctx)
76	{
77	const BIGNUM p = &group->field, a = &group->a, *b = &group->b;
78	BIGNUM w, x, *y;
79	int ret = 0;
80
81	y_bit = (y_bit != 0);
82
83	BN_CTX_start(ctx);
84
85	if ((w = BN_CTX_get(ctx)) == NULL)
86	goto err;
87	if ((x = BN_CTX_get(ctx)) == NULL)
88	goto err;
89	if ((y = BN_CTX_get(ctx)) == NULL)
90	goto err;
91
92	/*
93	* Weierstrass equation: y^2 = x^3 + ax + b, so y is one of the
94	* square roots of x^3 + ax + b. The y-bit indicates which one.
95	*/
96
97	/* XXX - should we not insist on 0 <= x < p instead? */
98	if (!BN_nnmod(x, in_x, p, ctx))
99	goto err;
100
101	if (group->meth->field_encode != NULL) {
102	if (!group->meth->field_encode(group, x, x, ctx))
103	goto err;
104	}
105
106	/* y = x^3 */
107	if (!group->meth->field_sqr(group, y, x, ctx))
108	goto err;
109	if (!group->meth->field_mul(group, y, y, x, ctx))
110	goto err;
111
112	/* y += ax */
113	if (group->a_is_minus3) {
114	if (!BN_mod_lshift1_quick(w, x, p))
115	goto err;
116	if (!BN_mod_add_quick(w, w, x, p))
117	goto err;
118	if (!BN_mod_sub_quick(y, y, w, p))
119	goto err;
120	} else {
121	if (!group->meth->field_mul(group, w, a, x, ctx))
122	goto err;
123	if (!BN_mod_add_quick(y, y, w, p))
124	goto err;
125	}
126
127	/* y += b */
128	if (!BN_mod_add_quick(y, y, b, p))
129	goto err;
130
131	if (group->meth->field_decode != NULL) {
132	if (!group->meth->field_decode(group, x, x, ctx))
133	goto err;
134	if (!group->meth->field_decode(group, y, y, ctx))
135	goto err;
136	}
137
138	if (!BN_mod_sqrt(y, y, p, ctx)) {
139	ECerror(EC_R_INVALID_COMPRESSED_POINT);
140	goto err;
141	}
142
143	if (y_bit == BN_is_odd(y))
144	goto done;
145
146	if (BN_is_zero(y)) {
147	ECerror(EC_R_INVALID_COMPRESSION_BIT);
148	goto err;
149	}
150	if (!BN_usub(y, &group->field, y))
151	goto err;
152
153	if (y_bit != BN_is_odd(y)) {
154	/* Can only happen if p is even and should not be reachable. */
155	ECerror(ERR_R_INTERNAL_ERROR);
156	goto err;
157	}
158
159	done:
160	if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
161	goto err;
162
163	ret = 1;
164
165	err:
166	BN_CTX_end(ctx);
167
168	return ret;
169	}


diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c index ab79680742..5890ca994a 100644 --- a/src/lib/libcrypto/ec/ecp_smpl.c +++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecp_smpl.c,v 1.57 2024/10/31 15:37:53 tb Exp $ */	1	/* $OpenBSD: ecp_smpl.c,v 1.58 2024/11/02 15:50:50 tb Exp $ */
2	/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>	2	/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3	* for the OpenSSL project.	3	* for the OpenSSL project.
4	* Includes code written by Bodo Moeller for the OpenSSL project.	4	* Includes code written by Bodo Moeller for the OpenSSL project.
@@ -469,6 +469,104 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
469	}	469	}
470		470
471	int	471	int
		472	ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
		473	EC_POINT point, const BIGNUM in_x, int y_bit, BN_CTX *ctx)
		474	{
		475	const BIGNUM p = &group->field, a = &group->a, *b = &group->b;
		476	BIGNUM w, x, *y;
		477	int ret = 0;
		478
		479	y_bit = (y_bit != 0);
		480
		481	BN_CTX_start(ctx);
		482
		483	if ((w = BN_CTX_get(ctx)) == NULL)
		484	goto err;
		485	if ((x = BN_CTX_get(ctx)) == NULL)
		486	goto err;
		487	if ((y = BN_CTX_get(ctx)) == NULL)
		488	goto err;
		489
		490	/*
		491	* Weierstrass equation: y^2 = x^3 + ax + b, so y is one of the
		492	* square roots of x^3 + ax + b. The y-bit indicates which one.
		493	*/
		494
		495	/* XXX - should we not insist on 0 <= x < p instead? */
		496	if (!BN_nnmod(x, in_x, p, ctx))
		497	goto err;
		498
		499	if (group->meth->field_encode != NULL) {
		500	if (!group->meth->field_encode(group, x, x, ctx))
		501	goto err;
		502	}
		503
		504	/* y = x^3 */
		505	if (!group->meth->field_sqr(group, y, x, ctx))
		506	goto err;
		507	if (!group->meth->field_mul(group, y, y, x, ctx))
		508	goto err;
		509
		510	/* y += ax */
		511	if (group->a_is_minus3) {
		512	if (!BN_mod_lshift1_quick(w, x, p))
		513	goto err;
		514	if (!BN_mod_add_quick(w, w, x, p))
		515	goto err;
		516	if (!BN_mod_sub_quick(y, y, w, p))
		517	goto err;
		518	} else {
		519	if (!group->meth->field_mul(group, w, a, x, ctx))
		520	goto err;
		521	if (!BN_mod_add_quick(y, y, w, p))
		522	goto err;
		523	}
		524
		525	/* y += b */
		526	if (!BN_mod_add_quick(y, y, b, p))
		527	goto err;
		528
		529	if (group->meth->field_decode != NULL) {
		530	if (!group->meth->field_decode(group, x, x, ctx))
		531	goto err;
		532	if (!group->meth->field_decode(group, y, y, ctx))
		533	goto err;
		534	}
		535
		536	if (!BN_mod_sqrt(y, y, p, ctx)) {
		537	ECerror(EC_R_INVALID_COMPRESSED_POINT);
		538	goto err;
		539	}
		540
		541	if (y_bit == BN_is_odd(y))
		542	goto done;
		543
		544	if (BN_is_zero(y)) {
		545	ECerror(EC_R_INVALID_COMPRESSION_BIT);
		546	goto err;
		547	}
		548	if (!BN_usub(y, &group->field, y))
		549	goto err;
		550
		551	if (y_bit != BN_is_odd(y)) {
		552	/* Can only happen if p is even and should not be reachable. */
		553	ECerror(ERR_R_INTERNAL_ERROR);
		554	goto err;
		555	}
		556
		557	done:
		558	if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
		559	goto err;
		560
		561	ret = 1;
		562
		563	err:
		564	BN_CTX_end(ctx);
		565
		566	return ret;
		567	}
		568
		569	int
472	ec_GFp_simple_add(const EC_GROUP group, EC_POINT r, const EC_POINT a, const EC_POINT b, BN_CTX *ctx)	570	ec_GFp_simple_add(const EC_GROUP group, EC_POINT r, const EC_POINT a, const EC_POINT b, BN_CTX *ctx)
473	{	571	{
474	int (field_mul) (const EC_GROUP , BIGNUM , const BIGNUM , const BIGNUM , BN_CTX );	572	int (field_mul) (const EC_GROUP , BIGNUM , const BIGNUM , const BIGNUM , BN_CTX );