From 1d5dc8af4f29575850958ce2ca4c6ffcc27dece5 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 6 Jan 2025 10:56:46 +0000
Subject: Prepare removal accessors for Jprojective coordinates

That the BN-driven EC code uses Jacobian projective coordinates as an
optimization is an implementation detail. As such this should never have
leaked out of the library as part of the public API. No consumer should
ever care and if they do they're doing it wrong. The only port that cares
is one of those stupid little perl modules that expose all the things and
transform terrible OpenSSL regress tests into similarly horrible Perl.

In practice, only affine coordinates matter (perhaps in compressed form).

This prunes two more function pointers from EC_GROUP and prepares the
removal of the field_set_to_one() method which is now only used in
ec_points_make_affine().

ok jsing sthen
---
 src/lib/libcrypto/ec/ecp_methods.c | 79 +++++---------------------------------
 1 file changed, 10 insertions(+), 69 deletions(-)

(limited to 'src/lib/libcrypto/ec/ecp_methods.c')

diff --git a/src/lib/libcrypto/ec/ecp_methods.c b/src/lib/libcrypto/ec/ecp_methods.c
index b2ecc7e17a..7bdeb351da 100644
--- a/src/lib/libcrypto/ec/ecp_methods.c
+++ b/src/lib/libcrypto/ec/ecp_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_methods.c,v 1.18 2025/01/05 16:07:08 tb Exp $ */
+/* $OpenBSD: ecp_methods.c,v 1.19 2025/01/06 10:56:46 tb Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project.
  * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -123,23 +123,6 @@ ec_encode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx
 	return 1;
 }
 
-static int
-ec_encode_z_coordinate(const EC_GROUP *group, BIGNUM *bn, int *is_one,
-    const BIGNUM *z, BN_CTX *ctx)
-{
-	if (!BN_nnmod(bn, z, group->p, ctx))
-		return 0;
-
-	*is_one = BN_is_one(bn);
-	if (*is_one && group->meth->field_set_to_one != NULL)
-		return group->meth->field_set_to_one(group, bn, ctx);
-
-	if (group->meth->field_encode != NULL)
-		return group->meth->field_encode(group, bn, bn, ctx);
-
-	return 1;
-}
-
 static int
 ec_group_set_curve(EC_GROUP *group,
     const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
@@ -262,48 +245,23 @@ ec_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
 }
 
 static int
-ec_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *point,
-    const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
+ec_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
+    const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
 {
 	int ret = 0;
 
-	/*
-	 * Setting individual coordinates allows the creation of bad points.
-	 * EC_POINT_set_Jprojective_coordinates() checks at the API boundary.
-	 */
-
-	if (x != NULL) {
-		if (!ec_encode_scalar(group, point->X, x, ctx))
-			goto err;
-	}
-	if (y != NULL) {
-		if (!ec_encode_scalar(group, point->Y, y, ctx))
-			goto err;
-	}
-	if (z != NULL) {
-		if (!ec_encode_z_coordinate(group, point->Z, &point->Z_is_one,
-		    z, ctx))
-			goto err;
+	if (x == NULL || y == NULL) {
+		ECerror(ERR_R_PASSED_NULL_PARAMETER);
+		goto err;
 	}
 
-	ret = 1;
-
- err:
-	return ret;
-}
-
-static int
-ec_get_Jprojective_coordinates(const EC_GROUP *group, const EC_POINT *point,
-    BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
-{
-	int ret = 0;
-
-	if (!ec_decode_scalar(group, x, point->X, ctx))
+	if (!ec_encode_scalar(group, point->X, x, ctx))
 		goto err;
-	if (!ec_decode_scalar(group, y, point->Y, ctx))
+	if (!ec_encode_scalar(group, point->Y, y, ctx))
 		goto err;
-	if (!ec_decode_scalar(group, z, point->Z, ctx))
+	if (!ec_encode_scalar(group, point->Z, BN_value_one(), ctx))
 		goto err;
+	point->Z_is_one = 1;
 
 	ret = 1;
 
@@ -311,19 +269,6 @@ ec_get_Jprojective_coordinates(const EC_GROUP *group, const EC_POINT *point,
 	return ret;
 }
 
-static int
-ec_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
-    const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-{
-	if (x == NULL || y == NULL) {
-		/* unlike for projective coordinates, we do not tolerate this */
-		ECerror(ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-	}
-	return EC_POINT_set_Jprojective_coordinates(group, point, x, y,
-	    BN_value_one(), ctx);
-}
-
 static int
 ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
     BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
@@ -1652,8 +1597,6 @@ static const EC_METHOD ec_GFp_simple_method = {
 	.group_get_degree = ec_group_get_degree,
 	.group_order_bits = ec_group_simple_order_bits,
 	.group_check_discriminant = ec_group_check_discriminant,
-	.point_set_Jprojective_coordinates = ec_set_Jprojective_coordinates,
-	.point_get_Jprojective_coordinates = ec_get_Jprojective_coordinates,
 	.point_set_affine_coordinates = ec_point_set_affine_coordinates,
 	.point_get_affine_coordinates = ec_point_get_affine_coordinates,
 	.point_set_compressed_coordinates = ec_set_compressed_coordinates,
@@ -1687,8 +1630,6 @@ static const EC_METHOD ec_GFp_mont_method = {
 	.group_get_degree = ec_group_get_degree,
 	.group_order_bits = ec_group_simple_order_bits,
 	.group_check_discriminant = ec_group_check_discriminant,
-	.point_set_Jprojective_coordinates = ec_set_Jprojective_coordinates,
-	.point_get_Jprojective_coordinates = ec_get_Jprojective_coordinates,
 	.point_set_affine_coordinates = ec_point_set_affine_coordinates,
 	.point_get_affine_coordinates = ec_point_get_affine_coordinates,
 	.point_set_compressed_coordinates = ec_set_compressed_coordinates,
-- 
cgit v1.2.3-55-g6feb