Merge compressed coordinate setting back into ecp_smpl and ec_lib

The reason these were in separate files was FIPS. Not our problem.

5 files changed, 140 insertions, 286 deletions

diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile
index 42fe269adef..d11e66cedef 100644
--- a/lib/libcrypto/Makefile
+++ b/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.217 2024/11/01 03:10:09 tb Exp $
+# $OpenBSD: Makefile,v 1.218 2024/11/02 15:50:50 tb Exp $
 
 LIB=	crypto
 LIBREBUILD=y
@@ -288,11 +288,9 @@ SRCS+= ec_key.c
 SRCS+= ec_kmeth.c
 SRCS+= ec_lib.c
 SRCS+= ec_mult.c
-SRCS+= ec_oct.c
 SRCS+= ec_pmeth.c
 SRCS+= eck_prn.c
 SRCS+= ecp_mont.c
-SRCS+= ecp_oct.c
 SRCS+= ecp_smpl.c
 SRCS+= ecx_methods.c
 
diff --git a/lib/libcrypto/ec/ec_lib.c b/lib/libcrypto/ec/ec_lib.c
index 0dcee7b2783..423c5ac7e25 100644
--- a/lib/libcrypto/ec/ec_lib.c
+++ b/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.74 2024/10/25 00:37:51 tb Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.75 2024/11/02 15:50:50 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -1032,6 +1032,45 @@ EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point
 LCRYPTO_ALIAS(EC_POINT_get_affine_coordinates_GFp);
 
 int
+EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
+    const BIGNUM *x, int y_bit, BN_CTX *ctx_in)
+{
+	BN_CTX *ctx;
+	int ret = 0;
+
+	if ((ctx = ctx_in) == NULL)
+		ctx = BN_CTX_new();
+	if (ctx == NULL)
+		goto err;
+
+	if (group->meth->point_set_compressed_coordinates == NULL) {
+		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		goto err;
+	}
+	if (group->meth != point->meth) {
+		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
+		goto err;
+	}
+	ret = group->meth->point_set_compressed_coordinates(group, point,
+	    x, y_bit, ctx);
+
+ err:
+	if (ctx != ctx_in)
+		BN_CTX_free(ctx);
+
+	return ret;
+}
+LCRYPTO_ALIAS(EC_POINT_set_compressed_coordinates);
+
+int
+EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+    const BIGNUM *x, int y_bit, BN_CTX *ctx)
+{
+	return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
+}
+LCRYPTO_ALIAS(EC_POINT_set_compressed_coordinates_GFp);
+
+int
 EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
     const EC_POINT *b, BN_CTX *ctx_in)
 {
diff --git a/lib/libcrypto/ec/ec_oct.c b/lib/libcrypto/ec/ec_oct.c
deleted file mode 100644
index 7eb7d51910b..00000000000
--- a/lib/libcrypto/ec/ec_oct.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/* $OpenBSD: ec_oct.c,v 1.20 2024/10/30 18:14:49 tb Exp $ */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <string.h>
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/asn1.h>
-#include <openssl/err.h>
-#include <openssl/opensslv.h>
-
-#include "asn1_local.h"
-#include "ec_local.h"
-
-int
-EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
-    const BIGNUM *x, int y_bit, BN_CTX *ctx_in)
-{
-	BN_CTX *ctx;
-	int ret = 0;
-
-	if ((ctx = ctx_in) == NULL)
-		ctx = BN_CTX_new();
-	if (ctx == NULL)
-		goto err;
-
-	if (group->meth->point_set_compressed_coordinates == NULL) {
-		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		goto err;
-	}
-	if (group->meth != point->meth) {
-		ECerror(EC_R_INCOMPATIBLE_OBJECTS);
-		goto err;
-	}
-	ret = group->meth->point_set_compressed_coordinates(group, point,
-	    x, y_bit, ctx);
-
- err:
-	if (ctx != ctx_in)
-		BN_CTX_free(ctx);
-
-	return ret;
-}
-LCRYPTO_ALIAS(EC_POINT_set_compressed_coordinates);
-
-int
-EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-    const BIGNUM *x, int y_bit, BN_CTX *ctx)
-{
-	return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
-}
-LCRYPTO_ALIAS(EC_POINT_set_compressed_coordinates_GFp);
diff --git a/lib/libcrypto/ec/ecp_oct.c b/lib/libcrypto/ec/ecp_oct.c
deleted file mode 100644
index 85467a41436..00000000000
--- a/lib/libcrypto/ec/ecp_oct.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/* $OpenBSD: ecp_oct.c,v 1.32 2024/11/02 09:21:04 tb Exp $ */
-/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project.
- * Includes code written by Bodo Moeller for the OpenSSL project.
-*/
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
-#include <stddef.h>
-
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/err.h>
-
-#include "ec_local.h"
-
-int
-ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
-    EC_POINT *point, const BIGNUM *in_x, int y_bit, BN_CTX *ctx)
-{
-	const BIGNUM *p = &group->field, *a = &group->a, *b = &group->b;
-	BIGNUM *w, *x, *y;
-	int ret = 0;
-
-	y_bit = (y_bit != 0);
-
-	BN_CTX_start(ctx);
-
-	if ((w = BN_CTX_get(ctx)) == NULL)
-		goto err;
-	if ((x = BN_CTX_get(ctx)) == NULL)
-		goto err;
-	if ((y = BN_CTX_get(ctx)) == NULL)
-		goto err;
-
-	/*
-	 * Weierstrass equation: y^2 = x^3 + ax + b, so y is one of the
-	 * square roots of x^3 + ax + b. The y-bit indicates which one.
-	 */
-
-	/* XXX - should we not insist on 0 <= x < p instead? */
-	if (!BN_nnmod(x, in_x, p, ctx))
-		goto err;
-
-	if (group->meth->field_encode != NULL) {
-		if (!group->meth->field_encode(group, x, x, ctx))
-			goto err;
-	}
-
-	/* y = x^3 */
-	if (!group->meth->field_sqr(group, y, x, ctx))
-		goto err;
-	if (!group->meth->field_mul(group, y, y, x, ctx))
-		goto err;
-
-	/* y += ax */
-	if (group->a_is_minus3) {
-		if (!BN_mod_lshift1_quick(w, x, p))
-			goto err;
-		if (!BN_mod_add_quick(w, w, x, p))
-			goto err;
-		if (!BN_mod_sub_quick(y, y, w, p))
-			goto err;
-	} else {
-		if (!group->meth->field_mul(group, w, a, x, ctx))
-			goto err;
-		if (!BN_mod_add_quick(y, y, w, p))
-			goto err;
-	}
-
-	/* y += b */
-	if (!BN_mod_add_quick(y, y, b, p))
-		goto err;
-
-	if (group->meth->field_decode != NULL) {
-		if (!group->meth->field_decode(group, x, x, ctx))
-			goto err;
-		if (!group->meth->field_decode(group, y, y, ctx))
-			goto err;
-	}
-
-	if (!BN_mod_sqrt(y, y, p, ctx)) {
-		ECerror(EC_R_INVALID_COMPRESSED_POINT);
-		goto err;
-	}
-
-	if (y_bit == BN_is_odd(y))
-		goto done;
-
-	if (BN_is_zero(y)) {
-		ECerror(EC_R_INVALID_COMPRESSION_BIT);
-		goto err;
-	}
-	if (!BN_usub(y, &group->field, y))
-		goto err;
-
-	if (y_bit != BN_is_odd(y)) {
-		/* Can only happen if p is even and should not be reachable. */
-		ECerror(ERR_R_INTERNAL_ERROR);
-		goto err;
-	}
-
- done:
-	if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
-		goto err;
-
-	ret = 1;
-
- err:
-	BN_CTX_end(ctx);
-
-	return ret;
-}
diff --git a/lib/libcrypto/ec/ecp_smpl.c b/lib/libcrypto/ec/ecp_smpl.c
index ab796807424..5890ca994a8 100644
--- a/lib/libcrypto/ec/ecp_smpl.c
+++ b/lib/libcrypto/ec/ecp_smpl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_smpl.c,v 1.57 2024/10/31 15:37:53 tb Exp $ */
+/* $OpenBSD: ecp_smpl.c,v 1.58 2024/11/02 15:50:50 tb Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project.
  * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -469,6 +469,104 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
 }
 
 int
+ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
+    EC_POINT *point, const BIGNUM *in_x, int y_bit, BN_CTX *ctx)
+{
+	const BIGNUM *p = &group->field, *a = &group->a, *b = &group->b;
+	BIGNUM *w, *x, *y;
+	int ret = 0;
+
+	y_bit = (y_bit != 0);
+
+	BN_CTX_start(ctx);
+
+	if ((w = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((x = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((y = BN_CTX_get(ctx)) == NULL)
+		goto err;
+
+	/*
+	 * Weierstrass equation: y^2 = x^3 + ax + b, so y is one of the
+	 * square roots of x^3 + ax + b. The y-bit indicates which one.
+	 */
+
+	/* XXX - should we not insist on 0 <= x < p instead? */
+	if (!BN_nnmod(x, in_x, p, ctx))
+		goto err;
+
+	if (group->meth->field_encode != NULL) {
+		if (!group->meth->field_encode(group, x, x, ctx))
+			goto err;
+	}
+
+	/* y = x^3 */
+	if (!group->meth->field_sqr(group, y, x, ctx))
+		goto err;
+	if (!group->meth->field_mul(group, y, y, x, ctx))
+		goto err;
+
+	/* y += ax */
+	if (group->a_is_minus3) {
+		if (!BN_mod_lshift1_quick(w, x, p))
+			goto err;
+		if (!BN_mod_add_quick(w, w, x, p))
+			goto err;
+		if (!BN_mod_sub_quick(y, y, w, p))
+			goto err;
+	} else {
+		if (!group->meth->field_mul(group, w, a, x, ctx))
+			goto err;
+		if (!BN_mod_add_quick(y, y, w, p))
+			goto err;
+	}
+
+	/* y += b */
+	if (!BN_mod_add_quick(y, y, b, p))
+		goto err;
+
+	if (group->meth->field_decode != NULL) {
+		if (!group->meth->field_decode(group, x, x, ctx))
+			goto err;
+		if (!group->meth->field_decode(group, y, y, ctx))
+			goto err;
+	}
+
+	if (!BN_mod_sqrt(y, y, p, ctx)) {
+		ECerror(EC_R_INVALID_COMPRESSED_POINT);
+		goto err;
+	}
+
+	if (y_bit == BN_is_odd(y))
+		goto done;
+
+	if (BN_is_zero(y)) {
+		ECerror(EC_R_INVALID_COMPRESSION_BIT);
+		goto err;
+	}
+	if (!BN_usub(y, &group->field, y))
+		goto err;
+
+	if (y_bit != BN_is_odd(y)) {
+		/* Can only happen if p is even and should not be reachable. */
+		ECerror(ERR_R_INTERNAL_ERROR);
+		goto err;
+	}
+
+ done:
+	if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
+		goto err;
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+
+	return ret;
+}
+
+int
 ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
 {
 	int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);