Rework bn_sqr() to use bn_sqr_words().

Rework some of the squaring code so that it calls bn_sqr_words() and use
this as the integration point for assembly. Convert bn_sqr_normal() to
bn_sqr_words(), which is then used on architectures that do not provide
their own version.

This means that we resume using the assembly version of bn_sqr_words() on
i386, mips64 and powerpc, which can provide considerable performance gains.

ok tb@

4 files changed, 27 insertions, 26 deletions

diff --git a/src/lib/libcrypto/bn/arch/amd64/bn_arch.c b/src/lib/libcrypto/bn/arch/amd64/bn_arch.c
index 9ff8920ca2..e4fbb4cfc3 100644
--- a/src/lib/libcrypto/bn/arch/amd64/bn_arch.c
+++ b/src/lib/libcrypto/bn/arch/amd64/bn_arch.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: bn_arch.c,v 1.12 2025/08/14 15:29:17 jsing Exp $ */
+/*      $OpenBSD: bn_arch.c,v 1.13 2025/08/30 07:16:06 jsing Exp $ */
 /*
  * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
  *
@@ -142,16 +142,6 @@ bn_mul_comba8(BN_ULONG *rd, const BN_ULONG *ad, const BN_ULONG *bd)
 }
 #endif
 
-#ifdef HAVE_BN_SQR
-int
-bn_sqr(BIGNUM *r, const BIGNUM *a, int r_len, BN_CTX *ctx)
-{
-        bignum_sqr(r_len, (uint64_t *)r->d, a->top, (const uint64_t *)a->d);
-
-        return 1;
-}
-#endif
-
 #ifdef HAVE_BN_SQR_COMBA4
 void
 bn_sqr_comba4(BN_ULONG *rd, const BN_ULONG *ad)
@@ -191,6 +181,14 @@ bn_sqr_comba8(BN_ULONG *rd, const BN_ULONG *ad)
 }
 #endif
 
+#ifdef HAVE_BN_SQR_WORDS
+void
+bn_sqr_words(BN_ULONG *rd, const BN_ULONG *ad, int a_len)
+{
+        bignum_sqr(a_len * 2, (uint64_t *)rd, a_len, (const uint64_t *)ad);
+}
+#endif
+
 #ifdef HAVE_BN_WORD_CLZ
 int
 bn_word_clz(BN_ULONG w)
diff --git a/src/lib/libcrypto/bn/arch/amd64/bn_arch.h b/src/lib/libcrypto/bn/arch/amd64/bn_arch.h
index 7359f993a7..dd7abd3002 100644
--- a/src/lib/libcrypto/bn/arch/amd64/bn_arch.h
+++ b/src/lib/libcrypto/bn/arch/amd64/bn_arch.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: bn_arch.h,v 1.16 2025/08/14 15:22:54 jsing Exp $ */
+/*      $OpenBSD: bn_arch.h,v 1.17 2025/08/30 07:16:06 jsing Exp $ */
 /*
  * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
  *
@@ -36,10 +36,10 @@
 #define HAVE_BN_MUL_COMBA8
 #define HAVE_BN_MUL_WORDS
 
-#define HAVE_BN_SQR
 #define HAVE_BN_SQR_COMBA4
 #define HAVE_BN_SQR_COMBA6
 #define HAVE_BN_SQR_COMBA8
+#define HAVE_BN_SQR_WORDS
 
 #define HAVE_BN_SUB
 #define HAVE_BN_SUB_WORDS
diff --git a/src/lib/libcrypto/bn/bn_local.h b/src/lib/libcrypto/bn/bn_local.h
index 1bd4c16baf..16d270b6a1 100644
--- a/src/lib/libcrypto/bn/bn_local.h
+++ b/src/lib/libcrypto/bn/bn_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_local.h,v 1.54 2025/08/05 15:08:13 jsing Exp $ */
+/* $OpenBSD: bn_local.h,v 1.55 2025/08/30 07:16:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -247,6 +247,7 @@ void bn_mul_comba8(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b);
 void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
 void bn_sqr_comba6(BN_ULONG *r, const BN_ULONG *a);
 void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a);
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int a_len);
 
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
     const BN_ULONG *np, const BN_ULONG *n0, int num);
@@ -258,7 +259,6 @@ int bn_wexpand(BIGNUM *a, int words);
 
 BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
 BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
-void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
 BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
 void bn_div_rem_words(BN_ULONG h, BN_ULONG l, BN_ULONG d, BN_ULONG *out_q,
     BN_ULONG *out_r);
diff --git a/src/lib/libcrypto/bn/bn_sqr.c b/src/lib/libcrypto/bn/bn_sqr.c
index 2f7f71f819..3a6eed06c6 100644
--- a/src/lib/libcrypto/bn/bn_sqr.c
+++ b/src/lib/libcrypto/bn/bn_sqr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_sqr.c,v 1.38 2025/08/14 15:15:04 jsing Exp $ */
+/* $OpenBSD: bn_sqr.c,v 1.39 2025/08/30 07:16:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -64,8 +64,6 @@
 #include "bn_local.h"
 #include "bn_internal.h"
 
-int bn_sqr(BIGNUM *r, const BIGNUM *a, int max, BN_CTX *ctx);
-
 /*
  * bn_sqr_comba4() computes r[] = a[] * a[] using Comba multiplication
  * (https://everything2.com/title/Comba+multiplication), where a is a
@@ -205,7 +203,7 @@ bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
 }
 #endif
 
-#ifndef HAVE_BN_SQR
+#ifndef HAVE_BN_SQR_WORDS
 /*
  * bn_sqr_add_words() computes (r[i*2+1]:r[i*2]) = (r[i*2+1]:r[i*2]) + a[i] * a[i].
  */
@@ -242,12 +240,16 @@ bn_sqr_add_words(BN_ULONG *r, const BN_ULONG *a, int n)
         }
 }
 
-static void
-bn_sqr_normal(BN_ULONG *r, int r_len, const BN_ULONG *a, int a_len)
+/*
+ * bn_sqr_words() computes r[] = a[] * a[].
+ */
+void
+bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int a_len)
 {
         const BN_ULONG *ap;
         BN_ULONG *rp;
         BN_ULONG w;
+        int r_len;
         int n;
 
         if (a_len <= 0)
@@ -258,6 +260,7 @@ bn_sqr_normal(BN_ULONG *r, int r_len, const BN_ULONG *a, int a_len)
         ap++;
 
         rp = r;
+        r_len = a_len * 2;
         rp[0] = rp[r_len - 1] = 0;
         rp++;
 
@@ -285,20 +288,20 @@ bn_sqr_normal(BN_ULONG *r, int r_len, const BN_ULONG *a, int a_len)
         /* Add squares. */
         bn_sqr_add_words(r, a, a_len);
 }
+#endif
 
 /*
  * bn_sqr() computes a * a, storing the result in r. The caller must ensure that
  * r is not the same BIGNUM as a and that r has been expanded to rn = a->top * 2
  * words.
  */
-int
-bn_sqr(BIGNUM *r, const BIGNUM *a, int r_len, BN_CTX *ctx)
+static int
+bn_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 {
-        bn_sqr_normal(r->d, r_len, a->d, a->top);
+        bn_sqr_words(r->d, a->d, a->top);
 
         return 1;
 }
-#endif
 
 int
 BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
@@ -331,7 +334,7 @@ BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
         } else if (a->top == 8) {
                 bn_sqr_comba8(rr->d, a->d);
         } else {
-                if (!bn_sqr(rr, a, r_len, ctx))
+                if (!bn_sqr(rr, a, ctx))
                         goto err;
         }