Fold away ec_point_set_Jprojective_coordinates_GFp.
p224-64.c can just write straight into the EC_POINT, as the other files
do, which saves the mess around BN_CTX. It's also more correct.
ec_point_set_Jprojective_coordinates_GFp abstracts out field_encode, but
then we would want to abstract out field_decode too when reading.
That then allows us to inline ec_point_set_Jprojective_coordinates_GFp
into ec_GFp_simple_point_set_affine_coordinates and get rid of an
unnecessary tower of helper functions. Also we can use the precomputed
value of one rather than recompute it each time.
Change-Id: I8282dc66a4a437f5a3b6a1a59cc39be4cb71ccf9
Reviewed-on: https://boringssl-review.googlesource.com/24687
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/fipsmodule/ec/ec.c b/crypto/fipsmodule/ec/ec.c
index 47a90ce..c9687a6 100644
--- a/crypto/fipsmodule/ec/ec.c
+++ b/crypto/fipsmodule/ec/ec.c
@@ -908,18 +908,6 @@
return group->meth->mul(group, r, g_scalar, p, p_scalar, ctx);
}
-int ec_point_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
- EC_POINT *point, const BIGNUM *x,
- const BIGNUM *y, const BIGNUM *z,
- BN_CTX *ctx) {
- if (EC_GROUP_cmp(group, point->group, NULL) != 0) {
- OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return ec_GFp_simple_set_Jprojective_coordinates_GFp(group, point, x, y, z,
- ctx);
-}
-
void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) {}
const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) {
diff --git a/crypto/fipsmodule/ec/internal.h b/crypto/fipsmodule/ec/internal.h
index 4278dd6..06fa371 100644
--- a/crypto/fipsmodule/ec/internal.h
+++ b/crypto/fipsmodule/ec/internal.h
@@ -223,10 +223,6 @@
void ec_GFp_simple_point_finish(EC_POINT *);
int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
-int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x,
- const BIGNUM *y,
- const BIGNUM *z, BN_CTX *);
int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, const BIGNUM *y,
BN_CTX *);
@@ -261,11 +257,6 @@
int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
BN_CTX *);
-int ec_point_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
- EC_POINT *point, const BIGNUM *x,
- const BIGNUM *y, const BIGNUM *z,
- BN_CTX *ctx);
-
void ec_GFp_nistp_recode_scalar_bits(uint8_t *sign, uint8_t *digit, uint8_t in);
const EC_METHOD *EC_GFp_nistp224_method(void);
diff --git a/crypto/fipsmodule/ec/p224-64.c b/crypto/fipsmodule/ec/p224-64.c
index 0097209..56ece93 100644
--- a/crypto/fipsmodule/ec/p224-64.c
+++ b/crypto/fipsmodule/ec/p224-64.c
@@ -1040,28 +1040,9 @@
const EC_SCALAR *g_scalar,
const EC_POINT *p,
const EC_SCALAR *p_scalar, BN_CTX *ctx) {
- int ret = 0;
- BN_CTX *new_ctx = NULL;
- BIGNUM *x, *y, *z, *tmp_scalar;
p224_felem p_pre_comp[17][3];
p224_felem x_in, y_in, z_in, x_out, y_out, z_out;
- if (ctx == NULL) {
- ctx = BN_CTX_new();
- new_ctx = ctx;
- if (ctx == NULL) {
- return 0;
- }
- }
-
- BN_CTX_start(ctx);
- if ((x = BN_CTX_get(ctx)) == NULL ||
- (y = BN_CTX_get(ctx)) == NULL ||
- (z = BN_CTX_get(ctx)) == NULL ||
- (tmp_scalar = BN_CTX_get(ctx)) == NULL) {
- goto err;
- }
-
if (p != NULL && p_scalar != NULL) {
// We treat NULL scalars as 0, and NULL points as points at infinity, i.e.,
// they contribute nothing to the linear combination.
@@ -1070,7 +1051,7 @@
if (!p224_BN_to_felem(x_out, &p->X) ||
!p224_BN_to_felem(y_out, &p->Y) ||
!p224_BN_to_felem(z_out, &p->Z)) {
- goto err;
+ return 0;
}
p224_felem_assign(p_pre_comp[1][0], x_out);
@@ -1100,18 +1081,13 @@
p224_felem_contract(x_in, x_out);
p224_felem_contract(y_in, y_out);
p224_felem_contract(z_in, z_out);
- if (!p224_felem_to_BN(x, x_in) ||
- !p224_felem_to_BN(y, y_in) ||
- !p224_felem_to_BN(z, z_in)) {
+ if (!p224_felem_to_BN(&r->X, x_in) ||
+ !p224_felem_to_BN(&r->Y, y_in) ||
+ !p224_felem_to_BN(&r->Z, z_in)) {
OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB);
- goto err;
+ return 0;
}
- ret = ec_point_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
-
-err:
- BN_CTX_end(ctx);
- BN_CTX_free(new_ctx);
- return ret;
+ return 1;
}
DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp224_method) {
diff --git a/crypto/fipsmodule/ec/simple.c b/crypto/fipsmodule/ec/simple.c
index bc39525..ab011ca 100644
--- a/crypto/fipsmodule/ec/simple.c
+++ b/crypto/fipsmodule/ec/simple.c
@@ -269,9 +269,14 @@
return BN_copy(out, in) != NULL;
}
-int ec_GFp_simple_set_Jprojective_coordinates_GFp(
- const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y,
- const BIGNUM *z, BN_CTX *ctx) {
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group,
+ EC_POINT *point, const BIGNUM *x,
+ const BIGNUM *y, BN_CTX *ctx) {
+ if (x == NULL || y == NULL) {
+ OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
BN_CTX *new_ctx = NULL;
int ret = 0;
@@ -284,7 +289,7 @@
if (!set_Jprojective_coordinate_GFp(group, &point->X, x, ctx) ||
!set_Jprojective_coordinate_GFp(group, &point->Y, y, ctx) ||
- !set_Jprojective_coordinate_GFp(group, &point->Z, z, ctx)) {
+ !BN_copy(&point->Z, &group->one)) {
goto err;
}
@@ -295,19 +300,6 @@
return ret;
}
-int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group,
- EC_POINT *point, const BIGNUM *x,
- const BIGNUM *y, BN_CTX *ctx) {
- if (x == NULL || y == NULL) {
- // unlike for projective coordinates, we do not tolerate this
- OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-
- return ec_point_set_Jprojective_coordinates_GFp(group, point, x, y,
- BN_value_one(), ctx);
-}
-
int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
const EC_POINT *b, BN_CTX *ctx) {
int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *,