From 39d33c1bb185014e05def87e04f21103d92dc455 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 2 Aug 2025 16:20:00 +0000
Subject: Provide bn_mod_sqr_words() and call it from ec_field_element_sqr().

For now this still calls bn_montgomery_multiply_words(), however it can
be optimised further in the future.
---
 src/lib/libcrypto/bn/bn_internal.h  |  4 +++-
 src/lib/libcrypto/bn/bn_mod_words.c | 16 +++++++++++++++-
 src/lib/libcrypto/ec/ec_field.c     |  4 ++--
 3 files changed, 20 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/bn/bn_internal.h b/src/lib/libcrypto/bn/bn_internal.h
index a1f1515b57..8b5145e225 100644
--- a/src/lib/libcrypto/bn/bn_internal.h
+++ b/src/lib/libcrypto/bn/bn_internal.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bn_internal.h,v 1.19 2025/05/25 05:12:05 jsing Exp $ */
+/*	$OpenBSD: bn_internal.h,v 1.20 2025/08/02 16:20:00 jsing Exp $ */
 /*
  * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
  *
@@ -41,6 +41,8 @@ void bn_mod_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
     const BN_ULONG *m, size_t n);
 void bn_mod_mul_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
     const BN_ULONG *m, BN_ULONG *t, BN_ULONG m0, size_t n);
+void bn_mod_sqr_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *m,
+    BN_ULONG *t, BN_ULONG m0, size_t n);
 
 void bn_montgomery_multiply_words(BN_ULONG *rp, const BN_ULONG *ap,
     const BN_ULONG *bp, const BN_ULONG *np, BN_ULONG *tp, BN_ULONG n0,
diff --git a/src/lib/libcrypto/bn/bn_mod_words.c b/src/lib/libcrypto/bn/bn_mod_words.c
index 8971f9f306..4cc41717b4 100644
--- a/src/lib/libcrypto/bn/bn_mod_words.c
+++ b/src/lib/libcrypto/bn/bn_mod_words.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bn_mod_words.c,v 1.1 2025/05/25 04:58:32 jsing Exp $	*/
+/*	$OpenBSD: bn_mod_words.c,v 1.2 2025/08/02 16:20:00 jsing Exp $	*/
 /*
  * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
  *
@@ -76,3 +76,17 @@ bn_mod_mul_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
 	bn_montgomery_multiply_words(r, a, b, m, t, m0, n);
 }
 #endif
+
+/*
+ * bn_mod_sqr_words() computes r[] = (a[] * a[]) mod m[], where a, r and
+ * m are arrays of words with length n (r may be the same as a) in the
+ * Montgomery domain. The result remains in the Montgomery domain.
+ */
+#ifndef HAVE_BN_MOD_SQR_WORDS
+void
+bn_mod_sqr_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *m,
+    BN_ULONG *t, BN_ULONG m0, size_t n)
+{
+	bn_montgomery_multiply_words(r, a, a, m, t, m0, n);
+}
+#endif
diff --git a/src/lib/libcrypto/ec/ec_field.c b/src/lib/libcrypto/ec/ec_field.c
index 0513b9f410..6576526e77 100644
--- a/src/lib/libcrypto/ec/ec_field.c
+++ b/src/lib/libcrypto/ec/ec_field.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ec_field.c,v 1.2 2025/08/02 15:44:09 jsing Exp $	*/
+/*	$OpenBSD: ec_field.c,v 1.3 2025/08/02 16:20:00 jsing Exp $	*/
 /*
  * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
  *
@@ -198,5 +198,5 @@ ec_field_element_sqr(const EC_FIELD_MODULUS *m, EC_FIELD_ELEMENT *r,
 {
 	BN_ULONG t[EC_FIELD_ELEMENT_MAX_WORDS * 2 + 2];
 
-	bn_mod_mul_words(r->w, a->w, a->w, m->m.w, t, m->minv0, m->n);
+	bn_mod_sqr_words(r->w, a->w, m->m.w, t, m->minv0, m->n);
 }
-- 
cgit v1.2.3-55-g6feb