GF2m bites the dust. It won't be missed.

diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile
index 14a2287..01cf968 100644 (file)
--- a/lib/libcrypto/Makefile
+++ b/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.115 2023/04/25 19:01:01 tb Exp $
+# $OpenBSD: Makefile,v 1.116 2023/04/25 19:53:30 tb Exp $
 
 LIB=   crypto
 LIBREBUILD=y
@@ -187,7 +187,6 @@ SRCS+= bn_div.c
 SRCS+= bn_err.c
 SRCS+= bn_exp.c
 SRCS+= bn_gcd.c
-#SRCS+= bn_gf2m.c
 SRCS+= bn_isqrt.c
 SRCS+= bn_kron.c
 SRCS+= bn_lib.c
@@ -333,9 +332,6 @@ SRCS+= dso_null.c
 SRCS+= dso_openssl.c
 
 # ec/
-#SRCS+= ec2_mult.c
-#SRCS+= ec2_oct.c
-#SRCS+= ec2_smpl.c
 SRCS+= ec_ameth.c
 SRCS+= ec_asn1.c
 SRCS+= ec_check.c

diff --git a/lib/libcrypto/bn/bn.h b/lib/libcrypto/bn/bn.h
index 52e3d07..b15e631 100644 (file)
--- a/lib/libcrypto/bn/bn.h
+++ b/lib/libcrypto/bn/bn.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn.h,v 1.68 2023/04/25 17:42:07 tb Exp $ */
+/* $OpenBSD: bn.h,v 1.69 2023/04/25 19:53:30 tb Exp $ */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -505,67 +505,6 @@ void BN_set_params(int mul, int high, int low, int mont);
 int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
 #endif
 
-#ifndef OPENSSL_NO_EC2M
-
-/* Functions for arithmetic over binary polynomials represented by BIGNUMs.
- *
- * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
- * ignored.
- *
- * Note that input arguments are not const so that their bit arrays can
- * be expanded to the appropriate size if needed.
- */
-
-int    BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/
-#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
-int    BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/
-int
-BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-       const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */
-int
-BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-       BN_CTX *ctx); /* r = (a * a) mod p */
-int
-BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
-       BN_CTX *ctx); /* r = (1 / b) mod p */
-int
-BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-       const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */
-int
-BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-       const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */
-int
-BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-       BN_CTX *ctx); /* r = sqrt(a) mod p */
-int    BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-       BN_CTX *ctx); /* r^2 + r = a mod p */
-#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/* Some functions allow for representation of the irreducible polynomials
- * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
- *     t^p[0] + t^p[1] + ... + t^p[k]
- * where m = p[0] > p[1] > ... > p[k] = 0.
- */
-int    BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
-/* r = a mod p */
-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-       const int p[], BN_CTX *ctx); /* r = (a * b) mod p */
-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
-       BN_CTX *ctx); /* r = (a * a) mod p */
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
-       BN_CTX *ctx); /* r = (1 / b) mod p */
-int    BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-       const int p[], BN_CTX *ctx); /* r = (a / b) mod p */
-int    BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-       const int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
-int    BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
-       const int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
-int    BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
-       const int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
-int    BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
-int    BN_GF2m_arr2poly(const int p[], BIGNUM *a);
-
-#endif
-
 /* Primes from RFC 2409 */
 BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
 BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);

diff --git a/lib/libcrypto/bn/bn_gf2m.c b/lib/libcrypto/bn/bn_gf2m.c
deleted file mode 100644 (file)
index 62ac2a5..0000000
--- a/lib/libcrypto/bn/bn_gf2m.c
+++ /dev/null
@@ -1,1268 +0,0 @@
-/* $OpenBSD: bn_gf2m.c,v 1.32 2023/03/27 10:25:02 tb Exp $ */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * In addition, Sun covenants to all licensees who provide a reciprocal
- * covenant with respect to their own patents if any, not to sue under
- * current and future patent claims necessarily infringed by the making,
- * using, practicing, selling, offering for sale and/or otherwise
- * disposing of the ECC Code as delivered hereunder (or portions thereof),
- * provided that such covenant shall not apply:
- *  1) for code that a licensee deletes from the ECC Code;
- *  2) separates from the ECC Code; or
- *  3) for infringements caused by:
- *       i) the modification of the ECC Code or
- *      ii) the combination of the ECC Code with other software or
- *          devices where such combination causes the infringement.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-/* NOTE: This file is licensed pursuant to the OpenSSL license below
- * and may be modified; but after modifications, the above covenant
- * may no longer apply!  In such cases, the corresponding paragraph
- * ["In addition, Sun covenants ... causes the infringement."] and
- * this note can be edited out; but please keep the Sun copyright
- * notice and attribution. */
-
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <limits.h>
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/err.h>
-
-#include "bn_local.h"
-
-#ifndef OPENSSL_NO_EC2M
-
-/* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */
-#define MAX_ITERATIONS 50
-
-static const BN_ULONG SQR_tb[16] =
-       {     0,     1,     4,     5,    16,    17,    20,    21,
-64,    65,    68,    69,    80,    81,    84,    85 };
-/* Platform-specific macros to accelerate squaring. */
-#ifdef _LP64
-#define SQR1(w) \
-    SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \
-    SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \
-    SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \
-    SQR_tb[(w) >> 36 & 0xF] <<  8 | SQR_tb[(w) >> 32 & 0xF]
-#define SQR0(w) \
-    SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \
-    SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \
-    SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >>  8 & 0xF] << 16 | \
-    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
-#else
-#define SQR1(w) \
-    SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \
-    SQR_tb[(w) >> 20 & 0xF] <<  8 | SQR_tb[(w) >> 16 & 0xF]
-#define SQR0(w) \
-    SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >>  8 & 0xF] << 16 | \
-    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
-#endif
-
-#if !defined(OPENSSL_BN_ASM_GF2m)
-/* Product of two polynomials a, b each with degree < BN_BITS2 - 1,
- * result is a polynomial r with degree < 2 * BN_BITS - 1
- * The caller MUST ensure that the variables have the right amount
- * of space allocated.
- */
-static void
-bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
-{
-#ifndef _LP64
-       BN_ULONG h, l, s;
-       BN_ULONG tab[8], top2b = a >> 30;
-       BN_ULONG a1, a2, a4;
-
-       a1 = a & (0x3FFFFFFF);
-       a2 = a1 << 1;
-       a4 = a2 << 1;
-
-       tab[0] = 0;
-       tab[1] = a1;
-       tab[2] = a2;
-       tab[3] = a1 ^ a2;
-       tab[4] = a4;
-       tab[5] = a1 ^ a4;
-       tab[6] = a2 ^ a4;
-       tab[7] = a1 ^ a2 ^ a4;
-
-       s = tab[b & 0x7];
-       l = s;
-       s = tab[b >> 3 & 0x7];
-       l ^= s << 3;
-       h = s >> 29;
-       s = tab[b >> 6 & 0x7];
-       l ^= s <<  6;
-       h ^= s >> 26;
-       s = tab[b >> 9 & 0x7];
-       l ^= s <<  9;
-       h ^= s >> 23;
-       s = tab[b >> 12 & 0x7];
-       l ^= s << 12;
-       h ^= s >> 20;
-       s = tab[b >> 15 & 0x7];
-       l ^= s << 15;
-       h ^= s >> 17;
-       s = tab[b >> 18 & 0x7];
-       l ^= s << 18;
-       h ^= s >> 14;
-       s = tab[b >> 21 & 0x7];
-       l ^= s << 21;
-       h ^= s >> 11;
-       s = tab[b >> 24 & 0x7];
-       l ^= s << 24;
-       h ^= s >>  8;
-       s = tab[b >> 27 & 0x7];
-       l ^= s << 27;
-       h ^= s >>  5;
-       s = tab[b >> 30];
-       l ^= s << 30;
-       h ^= s >> 2;
-
-       /* compensate for the top two bits of a */
-       if (top2b & 01) {
-               l ^= b << 30;
-               h ^= b >> 2;
-       }
-       if (top2b & 02) {
-               l ^= b << 31;
-               h ^= b >> 1;
-       }
-
-       *r1 = h;
-       *r0 = l;
-#else
-       BN_ULONG h, l, s;
-       BN_ULONG tab[16], top3b = a >> 61;
-       BN_ULONG a1, a2, a4, a8;
-
-       a1 = a & (0x1FFFFFFFFFFFFFFFULL);
-       a2 = a1 << 1;
-       a4 = a2 << 1;
-       a8 = a4 << 1;
-
-       tab[0] = 0;
-       tab[1] = a1;
-       tab[2] = a2;
-       tab[3] = a1 ^ a2;
-       tab[4] = a4;
-       tab[5] = a1 ^ a4;
-       tab[6] = a2 ^ a4;
-       tab[7] = a1 ^ a2 ^ a4;
-       tab[8] = a8;
-       tab[9] = a1 ^ a8;
-       tab[10] = a2 ^ a8;
-       tab[11] = a1 ^ a2 ^ a8;
-       tab[12] = a4 ^ a8;
-       tab[13] = a1 ^ a4 ^ a8;
-       tab[14] = a2 ^ a4 ^ a8;
-       tab[15] = a1 ^ a2 ^ a4 ^ a8;
-
-       s = tab[b & 0xF];
-       l = s;
-       s = tab[b >> 4 & 0xF];
-       l ^= s << 4;
-       h = s >> 60;
-       s = tab[b >> 8 & 0xF];
-       l ^= s << 8;
-       h ^= s >> 56;
-       s = tab[b >> 12 & 0xF];
-       l ^= s << 12;
-       h ^= s >> 52;
-       s = tab[b >> 16 & 0xF];
-       l ^= s << 16;
-       h ^= s >> 48;
-       s = tab[b >> 20 & 0xF];
-       l ^= s << 20;
-       h ^= s >> 44;
-       s = tab[b >> 24 & 0xF];
-       l ^= s << 24;
-       h ^= s >> 40;
-       s = tab[b >> 28 & 0xF];
-       l ^= s << 28;
-       h ^= s >> 36;
-       s = tab[b >> 32 & 0xF];
-       l ^= s << 32;
-       h ^= s >> 32;
-       s = tab[b >> 36 & 0xF];
-       l ^= s << 36;
-       h ^= s >> 28;
-       s = tab[b >> 40 & 0xF];
-       l ^= s << 40;
-       h ^= s >> 24;
-       s = tab[b >> 44 & 0xF];
-       l ^= s << 44;
-       h ^= s >> 20;
-       s = tab[b >> 48 & 0xF];
-       l ^= s << 48;
-       h ^= s >> 16;
-       s = tab[b >> 52 & 0xF];
-       l ^= s << 52;
-       h ^= s >> 12;
-       s = tab[b >> 56 & 0xF];
-       l ^= s << 56;
-       h ^= s >>  8;
-       s = tab[b >> 60];
-       l ^= s << 60;
-       h ^= s >>  4;
-
-       /* compensate for the top three bits of a */
-       if (top3b & 01) {
-               l ^= b << 61;
-               h ^= b >> 3;
-       }
-       if (top3b & 02) {
-               l ^= b << 62;
-               h ^= b >> 2;
-       }
-       if (top3b & 04) {
-               l ^= b << 63;
-               h ^= b >> 1;
-       }
-
-       *r1 = h;
-       *r0 = l;
-#endif
-}
-
-/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
- * result is a polynomial r with degree < 4 * BN_BITS2 - 1
- * The caller MUST ensure that the variables have the right amount
- * of space allocated.
- */
-static void
-bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0,
-    const BN_ULONG b1, const BN_ULONG b0)
-{
-       BN_ULONG m1, m0;
-
-       /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
-       bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1);
-       bn_GF2m_mul_1x1(r + 1, r, a0, b0);
-       bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
-       /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
-       r[2] ^= m1 ^ r[1] ^ r[3];  /* h0 ^= m1 ^ l1 ^ h1; */
-       r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0;  /* l1 ^= l0 ^ h0 ^ m0; */
-}
-#else
-void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1,
-    BN_ULONG b0);
-#endif
-
-/* Add polynomials a and b and store result in r; r could be a or b, a and b
- * could be equal; r is the bitwise XOR of a and b.
- */
-int
-BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-{
-       int i;
-       const BIGNUM *at, *bt;
-
-
-       if (a->top < b->top) {
-               at = b;
-               bt = a;
-       } else {
-               at = a;
-               bt = b;
-       }
-
-       if (!bn_wexpand(r, at->top))
-               return 0;
-
-       for (i = 0; i < bt->top; i++) {
-               r->d[i] = at->d[i] ^ bt->d[i];
-       }
-       for (; i < at->top; i++) {
-               r->d[i] = at->d[i];
-       }
-
-       r->top = at->top;
-       bn_correct_top(r);
-
-       return 1;
-}
-
-
-/* Some functions allow for representation of the irreducible polynomials
- * as an int[], say p.  The irreducible f(t) is then of the form:
- *     t^p[0] + t^p[1] + ... + t^p[k]
- * where m = p[0] > p[1] > ... > p[k] = 0.
- */
-
-
-/* Performs modular reduction of a and store result in r.  r could be a. */
-int
-BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
-{
-       int j, k;
-       int n, dN, d0, d1;
-       BN_ULONG zz, *z;
-
-
-       if (!p[0]) {
-               /* reduction mod 1 => return 0 */
-               BN_zero(r);
-               return 1;
-       }
-
-       /* Since the algorithm does reduction in the r value, if a != r, copy
-        * the contents of a into r so we can do reduction in r.
-        */
-       if (a != r) {
-               if (!bn_wexpand(r, a->top))
-                       return 0;
-               for (j = 0; j < a->top; j++) {
-                       r->d[j] = a->d[j];
-               }
-               r->top = a->top;
-       }
-       z = r->d;
-
-       /* start reduction */
-       dN = p[0] / BN_BITS2;
-       for (j = r->top - 1; j > dN; ) {
-               zz = z[j];
-               if (z[j] == 0) {
-                       j--;
-                       continue;
-               }
-               z[j] = 0;
-
-               for (k = 1; p[k] != 0; k++) {
-                       /* reducing component t^p[k] */
-                       n = p[0] - p[k];
-                       d0 = n % BN_BITS2;
-                       d1 = BN_BITS2 - d0;
-                       n /= BN_BITS2;
-                       z[j - n] ^= (zz >> d0);
-                       if (d0)
-                               z[j - n - 1] ^= (zz << d1);
-               }
-
-               /* reducing component t^0 */
-               n = dN;
-               d0 = p[0] % BN_BITS2;
-               d1 = BN_BITS2 - d0;
-               z[j - n] ^= (zz >> d0);
-               if (d0)
-                       z[j - n - 1] ^= (zz << d1);
-       }
-
-       /* final round of reduction */
-       while (j == dN) {
-
-               d0 = p[0] % BN_BITS2;
-               zz = z[dN] >> d0;
-               if (zz == 0)
-                       break;
-               d1 = BN_BITS2 - d0;
-
-               /* clear up the top d1 bits */
-               if (d0)
-                       z[dN] = (z[dN] << d1) >> d1;
-               else
-                       z[dN] = 0;
-               z[0] ^= zz; /* reduction t^0 component */
-
-               for (k = 1; p[k] != 0; k++) {
-                       BN_ULONG tmp_ulong;
-
-                       /* reducing component t^p[k]*/
-                       n = p[k] / BN_BITS2;
-                       d0 = p[k] % BN_BITS2;
-                       d1 = BN_BITS2 - d0;
-                       z[n] ^= (zz << d0);
-                       if (d0 && (tmp_ulong = zz >> d1))
-                               z[n + 1] ^= tmp_ulong;
-               }
-
-
-       }
-
-       bn_correct_top(r);
-       return 1;
-}
-
-/* Performs modular reduction of a by p and store result in r.  r could be a.
- *
- * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_arr function.
- */
-int
-BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
-{
-       int ret = 0;
-       const int max = BN_num_bits(p) + 1;
-       int *arr = NULL;
-
-       if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
-               goto err;
-       ret = BN_GF2m_poly2arr(p, arr, max);
-       if (!ret || ret > max) {
-               BNerror(BN_R_INVALID_LENGTH);
-               goto err;
-       }
-       ret = BN_GF2m_mod_arr(r, a, arr);
-
- err:
-       free(arr);
-       return ret;
-}
-
-
-/* Compute the product of two polynomials a and b, reduce modulo p, and store
- * the result in r.  r could be a or b; a could be b.
- */
-int
-BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[],
-    BN_CTX *ctx)
-{
-       int zlen, i, j, k, ret = 0;
-       BIGNUM *s;
-       BN_ULONG x1, x0, y1, y0, zz[4];
-
-
-       if (a == b) {
-               return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
-       }
-
-       BN_CTX_start(ctx);
-       if ((s = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       zlen = a->top + b->top + 4;
-       if (!bn_wexpand(s, zlen))
-               goto err;
-       s->top = zlen;
-
-       for (i = 0; i < zlen; i++)
-               s->d[i] = 0;
-
-       for (j = 0; j < b->top; j += 2) {
-               y0 = b->d[j];
-               y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1];
-               for (i = 0; i < a->top; i += 2) {
-                       x0 = a->d[i];
-                       x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1];
-                       bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
-                       for (k = 0; k < 4; k++)
-                               s->d[i + j + k] ^= zz[k];
-               }
-       }
-
-       bn_correct_top(s);
-       if (BN_GF2m_mod_arr(r, s, p))
-               ret = 1;
-
-err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-/* Compute the product of two polynomials a and b, reduce modulo p, and store
- * the result in r.  r could be a or b; a could equal b.
- *
- * This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_mul_arr function.
- */
-int
-BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
-    BN_CTX *ctx)
-{
-       int ret = 0;
-       const int max = BN_num_bits(p) + 1;
-       int *arr = NULL;
-
-       if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
-               goto err;
-       ret = BN_GF2m_poly2arr(p, arr, max);
-       if (!ret || ret > max) {
-               BNerror(BN_R_INVALID_LENGTH);
-               goto err;
-       }
-       ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
-
-err:
-       free(arr);
-       return ret;
-}
-
-
-/* Square a, reduce the result mod p, and store it in a.  r could be a. */
-int
-BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
-{
-       int i, ret = 0;
-       BIGNUM *s;
-
-       BN_CTX_start(ctx);
-       if ((s = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if (!bn_wexpand(s, 2 * a->top))
-               goto err;
-
-       for (i = a->top - 1; i >= 0; i--) {
-               s->d[2 * i + 1] = SQR1(a->d[i]);
-               s->d[2 * i] = SQR0(a->d[i]);
-       }
-
-       s->top = 2 * a->top;
-       bn_correct_top(s);
-       if (!BN_GF2m_mod_arr(r, s, p))
-               goto err;
-       ret = 1;
-
-err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-/* Square a, reduce the result mod p, and store it in a.  r could be a.
- *
- * This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_sqr_arr function.
- */
-int
-BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-{
-       int ret = 0;
-       const int max = BN_num_bits(p) + 1;
-       int *arr = NULL;
-
-       if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
-               goto err;
-       ret = BN_GF2m_poly2arr(p, arr, max);
-       if (!ret || ret > max) {
-               BNerror(BN_R_INVALID_LENGTH);
-               goto err;
-       }
-       ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
-
-err:
-       free(arr);
-       return ret;
-}
-
-
-/* Invert a, reduce modulo p, and store the result in r. r could be a.
- * Uses Modified Almost Inverse Algorithm (Algorithm 10) from
- *     Hankerson, D., Hernandez, J.L., and Menezes, A.  "Software Implementation
- *     of Elliptic Curve Cryptography Over Binary Fields".
- */
-int
-BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-{
-       BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
-       int ret = 0;
-
-
-       BN_CTX_start(ctx);
-
-       if ((b = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((c = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((u = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((v = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (!BN_GF2m_mod(u, a, p))
-               goto err;
-       if (BN_is_zero(u))
-               goto err;
-
-       if (!bn_copy(v, p))
-               goto err;
-#if 0
-       if (!BN_one(b))
-               goto err;
-
-       while (1) {
-               while (!BN_is_odd(u)) {
-                       if (BN_is_zero(u))
-                               goto err;
-                       if (!BN_rshift1(u, u))
-                               goto err;
-                       if (BN_is_odd(b)) {
-                               if (!BN_GF2m_add(b, b, p))
-                                       goto err;
-                       }
-                       if (!BN_rshift1(b, b))
-                               goto err;
-               }
-
-               if (BN_abs_is_word(u, 1))
-                       break;
-
-               if (BN_num_bits(u) < BN_num_bits(v)) {
-                       tmp = u;
-                       u = v;
-                       v = tmp;
-                       tmp = b;
-                       b = c;
-                       c = tmp;
-               }
-
-               if (!BN_GF2m_add(u, u, v))
-                       goto err;
-               if (!BN_GF2m_add(b, b, c))
-                       goto err;
-       }
-#else
-       {
-               int i,  ubits = BN_num_bits(u),
-               vbits = BN_num_bits(v), /* v is copy of p */
-               top = p->top;
-               BN_ULONG *udp, *bdp, *vdp, *cdp;
-
-               if (!bn_wexpand(u, top))
-                        goto err;
-               udp = u->d;
-               for (i = u->top; i < top; i++)
-                       udp[i] = 0;
-               u->top = top;
-               if (!bn_wexpand(b, top))
-                        goto err;
-               bdp = b->d;
-               bdp[0] = 1;
-               for (i = 1; i < top; i++)
-                       bdp[i] = 0;
-               b->top = top;
-               if (!bn_wexpand(c, top))
-                        goto err;
-               cdp = c->d;
-               for (i = 0; i < top; i++)
-                       cdp[i] = 0;
-               c->top = top;
-               vdp = v->d;     /* It pays off to "cache" *->d pointers, because
-                                * it allows optimizer to be more aggressive.
-                                * But we don't have to "cache" p->d, because *p
-                                * is declared 'const'... */
-               while (1) {
-                       while (ubits && !(udp[0]&1)) {
-                               BN_ULONG u0, u1, b0, b1, mask;
-
-                               u0 = udp[0];
-                               b0 = bdp[0];
-                               mask = (BN_ULONG)0 - (b0 & 1);
-                               b0  ^= p->d[0] & mask;
-                               for (i = 0; i < top - 1; i++) {
-                                       u1 = udp[i + 1];
-                                       udp[i] = ((u0 >> 1) |
-                                           (u1 << (BN_BITS2 - 1))) & BN_MASK2;
-                                       u0 = u1;
-                                       b1 = bdp[i + 1] ^ (p->d[i + 1] & mask);
-                                       bdp[i] = ((b0 >> 1) |
-                                           (b1 << (BN_BITS2 - 1))) & BN_MASK2;
-                                       b0 = b1;
-                               }
-                               udp[i] = u0 >> 1;
-                               bdp[i] = b0 >> 1;
-                               ubits--;
-                       }
-
-                       if (ubits <= BN_BITS2) {
-                               /* See if poly was reducible. */
-                               if (udp[0] == 0)
-                                       goto err;
-                               if (udp[0] == 1)
-                                       break;
-                       }
-
-                       if (ubits < vbits) {
-                               i = ubits;
-                               ubits = vbits;
-                               vbits = i;
-                               tmp = u;
-                               u = v;
-                               v = tmp;
-                               tmp = b;
-                               b = c;
-                               c = tmp;
-                               udp = vdp;
-                               vdp = v->d;
-                               bdp = cdp;
-                               cdp = c->d;
-                       }
-                       for (i = 0; i < top; i++) {
-                               udp[i] ^= vdp[i];
-                               bdp[i] ^= cdp[i];
-                       }
-                       if (ubits == vbits) {
-                               BN_ULONG ul;
-                               int utop = (ubits - 1) / BN_BITS2;
-
-                               while ((ul = udp[utop]) == 0 && utop)
-                                       utop--;
-                               ubits = utop*BN_BITS2 + BN_num_bits_word(ul);
-                       }
-               }
-               bn_correct_top(b);
-       }
-#endif
-
-       if (!bn_copy(r, b))
-               goto err;
-       ret = 1;
-
-err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-/* Invert xx, reduce modulo p, and store the result in r. r could be xx.
- *
- * This function calls down to the BN_GF2m_mod_inv implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_inv function.
- */
-int
-BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], BN_CTX *ctx)
-{
-       BIGNUM *field;
-       int ret = 0;
-
-       BN_CTX_start(ctx);
-       if ((field = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if (!BN_GF2m_arr2poly(p, field))
-               goto err;
-
-       ret = BN_GF2m_mod_inv(r, xx, field, ctx);
-
-err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-
-#ifndef OPENSSL_SUN_GF2M_DIV
-/* Divide y by x, reduce modulo p, and store the result in r. r could be x
- * or y, x could equal y.
- */
-int
-BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p,
-    BN_CTX *ctx)
-{
-       BIGNUM *xinv = NULL;
-       int ret = 0;
-
-
-       BN_CTX_start(ctx);
-       if ((xinv = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (!BN_GF2m_mod_inv(xinv, x, p, ctx))
-               goto err;
-       if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx))
-               goto err;
-       ret = 1;
-
-err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-#else
-/* Divide y by x, reduce modulo p, and store the result in r. r could be x
- * or y, x could equal y.
- * Uses algorithm Modular_Division_GF(2^m) from
- *     Chang-Shantz, S.  "From Euclid's GCD to Montgomery Multiplication to
- *     the Great Divide".
- */
-int
-BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p,
-    BN_CTX *ctx)
-{
-       BIGNUM *a, *b, *u, *v;
-       int ret = 0;
-
-
-       BN_CTX_start(ctx);
-
-       if ((a = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((b = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((u = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((v = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       /* reduce x and y mod p */
-       if (!BN_GF2m_mod(u, y, p))
-               goto err;
-       if (!BN_GF2m_mod(a, x, p))
-               goto err;
-       if (!bn_copy(b, p))
-               goto err;
-
-       while (!BN_is_odd(a)) {
-               if (!BN_rshift1(a, a))
-                       goto err;
-               if (BN_is_odd(u))
-                       if (!BN_GF2m_add(u, u, p))
-                               goto err;
-               if (!BN_rshift1(u, u))
-                       goto err;
-       }
-
-       do {
-               if (BN_GF2m_cmp(b, a) > 0) {
-                       if (!BN_GF2m_add(b, b, a))
-                               goto err;
-                       if (!BN_GF2m_add(v, v, u))
-                               goto err;
-                       do {
-                               if (!BN_rshift1(b, b))
-                                       goto err;
-                               if (BN_is_odd(v))
-                                       if (!BN_GF2m_add(v, v, p))
-                                               goto err;
-                               if (!BN_rshift1(v, v))
-                                       goto err;
-                       } while (!BN_is_odd(b));
-               } else if (BN_abs_is_word(a, 1))
-                       break;
-               else {
-                       if (!BN_GF2m_add(a, a, b))
-                               goto err;
-                       if (!BN_GF2m_add(u, u, v))
-                               goto err;
-                       do {
-                               if (!BN_rshift1(a, a))
-                                       goto err;
-                               if (BN_is_odd(u))
-                                       if (!BN_GF2m_add(u, u, p))
-                                               goto err;
-                               if (!BN_rshift1(u, u))
-                                       goto err;
-                       } while (!BN_is_odd(a));
-               }
-       } while (1);
-
-       if (!bn_copy(r, u))
-               goto err;
-       ret = 1;
-
-err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-#endif
-
-/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
- * or yy, xx could equal yy.
- *
- * This function calls down to the BN_GF2m_mod_div implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_div function.
- */
-int
-BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx,
-    const int p[], BN_CTX *ctx)
-{
-       BIGNUM *field;
-       int ret = 0;
-
-
-       BN_CTX_start(ctx);
-       if ((field = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if (!BN_GF2m_arr2poly(p, field))
-               goto err;
-
-       ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
-
-err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-
-/* Compute the bth power of a, reduce modulo p, and store
- * the result in r.  r could be a.
- * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363.
- */
-int
-BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[],
-    BN_CTX *ctx)
-{
-       int ret = 0, i, n;
-       BIGNUM *u;
-
-
-       if (BN_is_zero(b))
-               return BN_one(r);
-
-       if (BN_abs_is_word(b, 1))
-               return bn_copy(r, a);
-
-       BN_CTX_start(ctx);
-       if ((u = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (!BN_GF2m_mod_arr(u, a, p))
-               goto err;
-
-       n = BN_num_bits(b) - 1;
-       for (i = n - 1; i >= 0; i--) {
-               if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx))
-                       goto err;
-               if (BN_is_bit_set(b, i)) {
-                       if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx))
-                               goto err;
-               }
-       }
-       if (!bn_copy(r, u))
-               goto err;
-       ret = 1;
-
-err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-/* Compute the bth power of a, reduce modulo p, and store
- * the result in r.  r could be a.
- *
- * This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_exp_arr function.
- */
-int
-BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
-    BN_CTX *ctx)
-{
-       int ret = 0;
-       const int max = BN_num_bits(p) + 1;
-       int *arr = NULL;
-
-       if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
-               goto err;
-       ret = BN_GF2m_poly2arr(p, arr, max);
-       if (!ret || ret > max) {
-               BNerror(BN_R_INVALID_LENGTH);
-               goto err;
-       }
-       ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
-
-err:
-       free(arr);
-       return ret;
-}
-
-/* Compute the square root of a, reduce modulo p, and store
- * the result in r.  r could be a.
- * Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
- */
-int
-BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
-{
-       int ret = 0;
-       BIGNUM *u;
-
-
-       if (!p[0]) {
-               /* reduction mod 1 => return 0 */
-               BN_zero(r);
-               return 1;
-       }
-
-       BN_CTX_start(ctx);
-       if ((u = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (!BN_set_bit(u, p[0] - 1))
-               goto err;
-       ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
-
-err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-/* Compute the square root of a, reduce modulo p, and store
- * the result in r.  r could be a.
- *
- * This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_sqrt_arr function.
- */
-int
-BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-{
-       int ret = 0;
-       const int max = BN_num_bits(p) + 1;
-       int *arr = NULL;
-       if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
-               goto err;
-       ret = BN_GF2m_poly2arr(p, arr, max);
-       if (!ret || ret > max) {
-               BNerror(BN_R_INVALID_LENGTH);
-               goto err;
-       }
-       ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
-
-err:
-       free(arr);
-       return ret;
-}
-
-/* Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns 0.
- * Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
- */
-int
-BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
-    BN_CTX *ctx)
-{
-       int ret = 0, count = 0, j;
-       BIGNUM *a, *z, *rho, *w, *w2, *tmp;
-
-
-       if (!p[0]) {
-               /* reduction mod 1 => return 0 */
-               BN_zero(r);
-               return 1;
-       }
-
-       BN_CTX_start(ctx);
-       if ((a = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((z = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((w = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (!BN_GF2m_mod_arr(a, a_, p))
-               goto err;
-
-       if (BN_is_zero(a)) {
-               BN_zero(r);
-               ret = 1;
-               goto err;
-       }
-
-       if (p[0] & 0x1) /* m is odd */
-       {
-               /* compute half-trace of a */
-               if (!bn_copy(z, a))
-                       goto err;
-               for (j = 1; j <= (p[0] - 1) / 2; j++) {
-                       if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
-                               goto err;
-                       if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
-                               goto err;
-                       if (!BN_GF2m_add(z, z, a))
-                               goto err;
-               }
-
-       }
-       else /* m is even */
-       {
-               if ((rho = BN_CTX_get(ctx)) == NULL)
-                       goto err;
-               if ((w2 = BN_CTX_get(ctx)) == NULL)
-                       goto err;
-               if ((tmp = BN_CTX_get(ctx)) == NULL)
-                       goto err;
-               do {
-                       if (!BN_rand(rho, p[0], 0, 0))
-                               goto err;
-                       if (!BN_GF2m_mod_arr(rho, rho, p))
-                               goto err;
-                       BN_zero(z);
-                       if (!bn_copy(w, rho))
-                               goto err;
-                       for (j = 1; j <= p[0] - 1; j++) {
-                               if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
-                                       goto err;
-                               if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx))
-                                       goto err;
-                               if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx))
-                                       goto err;
-                               if (!BN_GF2m_add(z, z, tmp))
-                                       goto err;
-                               if (!BN_GF2m_add(w, w2, rho))
-                                       goto err;
-                       }
-                       count++;
-               } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
-               if (BN_is_zero(w)) {
-                       BNerror(BN_R_TOO_MANY_ITERATIONS);
-                       goto err;
-               }
-       }
-
-       if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx))
-               goto err;
-       if (!BN_GF2m_add(w, z, w))
-               goto err;
-       if (BN_GF2m_cmp(w, a)) {
-               BNerror(BN_R_NO_SOLUTION);
-               goto err;
-       }
-
-       if (!bn_copy(r, z))
-               goto err;
-
-       ret = 1;
-
-err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-/* Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns 0.
- *
- * This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_solve_quad_arr function.
- */
-int
-BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-{
-       int ret = 0;
-       const int max = BN_num_bits(p) + 1;
-       int *arr = NULL;
-
-       if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL)
-               goto err;
-       ret = BN_GF2m_poly2arr(p, arr, max);
-       if (!ret || ret > max) {
-               BNerror(BN_R_INVALID_LENGTH);
-               goto err;
-       }
-       ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
-
-err:
-       free(arr);
-       return ret;
-}
-
-/* Convert the bit-string representation of a polynomial
- * ( \sum_{i=0}^n a_i * x^i) into an array of integers corresponding
- * to the bits with non-zero coefficient.  Array is terminated with -1.
- * Up to max elements of the array will be filled.  Return value is total
- * number of array elements that would be filled if array was large enough.
- */
-int
-BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
-{
-       int i, j, k = 0;
-       BN_ULONG mask;
-
-       if (BN_is_zero(a))
-               return 0;
-
-       for (i = a->top - 1; i >= 0; i--) {
-               if (!a->d[i])
-                       /* skip word if a->d[i] == 0 */
-                       continue;
-               mask = BN_TBIT;
-               for (j = BN_BITS2 - 1; j >= 0; j--) {
-                       if (a->d[i] & mask) {
-                               if (k < max)
-                                       p[k] = BN_BITS2 * i + j;
-                               k++;
-                       }
-                       mask >>= 1;
-               }
-       }
-
-       if (k < max)
-               p[k] = -1;
-       k++;
-
-       return k;
-}
-
-/* Convert the coefficient array representation of a polynomial to a
- * bit-string.  The array must be terminated by -1.
- */
-int
-BN_GF2m_arr2poly(const int p[], BIGNUM *a)
-{
-       int i;
-
-       BN_zero(a);
-       for (i = 0; p[i] != -1; i++) {
-               if (BN_set_bit(a, p[i]) == 0)
-                       return 0;
-       }
-
-       return 1;
-}
-
-#endif

diff --git a/lib/libcrypto/ec/ec.h b/lib/libcrypto/ec/ec.h
index a0dbbe6..1afbe0a 100644 (file)
--- a/lib/libcrypto/ec/ec.h
+++ b/lib/libcrypto/ec/ec.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec.h,v 1.37 2023/04/25 19:28:22 tb Exp $ */
+/* $OpenBSD: ec.h,v 1.38 2023/04/25 19:53:30 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -143,18 +143,6 @@ const EC_METHOD *EC_GFp_simple_method(void);
  */
 const EC_METHOD *EC_GFp_mont_method(void);
 
-#ifndef OPENSSL_NO_EC2M
-/********************************************************************/ 
-/*           EC_METHOD for curves over GF(2^m)                      */
-/********************************************************************/
-
-/** Returns the basic GF2m ec method 
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GF2m_simple_method(void);
-
-#endif
-
 
 /********************************************************************/
 /*                   EC_GROUP functions                             */
@@ -284,28 +272,6 @@ int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, co
  *  \return 1 on success and 0 if an error occurred
  */
 int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-
-#ifndef OPENSSL_NO_EC2M
-/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
- *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM with the polynomial defining the underlying field
- *  \param  a      BIGNUM with parameter a of the equation
- *  \param  b      BIGNUM with parameter b of the equation
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occurred
- */
-int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-
-/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
- *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM for the polynomial defining the underlying field
- *  \param  a      BIGNUM for parameter a of the equation
- *  \param  b      BIGNUM for parameter b of the equation
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occurred
- */
-int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-#endif
 #endif
 
 /** Returns the number of bits needed to represent a field element 
@@ -348,17 +314,6 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
  *  \return newly created EC_GROUP object with the specified parameters
  */
 EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-#ifndef OPENSSL_NO_EC2M
-/** Creates a new EC_GROUP object with the specified parameters defined
- *  over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b)
- *  \param  p    BIGNUM with the polynomial defining the underlying field
- *  \param  a    BIGNUM with the parameter a of the equation
- *  \param  b    BIGNUM with the parameter b of the equation
- *  \param  ctx  BN_CTX object (optional)
- *  \return newly created EC_GROUP object with the specified parameters
- */
-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-#endif
 /** Creates a EC_GROUP object with a curve specified by a NID
  *  \param  nid  NID of the OID of the curve name
  *  \return newly created EC_GROUP object with specified curve or NULL
@@ -507,41 +462,6 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
  */
 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
        const BIGNUM *x, int y_bit, BN_CTX *ctx);
-
-#ifndef OPENSSL_NO_EC2M
-/** Sets the affine coordinates of a EC_POINT over GF2m
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM with the x-coordinate
- *  \param  y      BIGNUM with the y-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occurred
- */
-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
-       const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
-
-/** Gets the affine coordinates of a EC_POINT over GF2m
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM for the x-coordinate
- *  \param  y      BIGNUM for the y-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occurred
- */
-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
-       const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
-
-/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM with x-coordinate
- *  \param  y_bit  integer with the y-Bit (either 0 or 1)
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occurred
- */
-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
-       const BIGNUM *x, int y_bit, BN_CTX *ctx);
-#endif /* OPENSSL_NO_EC2M */
 #endif /* !LIBRESSL_INTERNAL */
 
 /** Encodes a EC_POINT object to a octet string
@@ -682,11 +602,6 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
 /* EC_GROUP_get_basis_type() returns the NID of the basis type
  * used to represent the field elements */
 int EC_GROUP_get_basis_type(const EC_GROUP *);
-#ifndef OPENSSL_NO_EC2M
-int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
-int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, 
-       unsigned int *k2, unsigned int *k3);
-#endif
 
 #define OPENSSL_EC_EXPLICIT_CURVE      0x000
 #define OPENSSL_EC_NAMED_CURVE         0x001

diff --git a/lib/libcrypto/ec/ec2_mult.c b/lib/libcrypto/ec/ec2_mult.c
deleted file mode 100644 (file)
index d7cbd93..0000000
--- a/lib/libcrypto/ec/ec2_mult.c
+++ /dev/null
@@ -1,449 +0,0 @@
-/* $OpenBSD: ec2_mult.c,v 1.17 2023/04/11 18:58:20 jsing Exp $ */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/err.h>
-
-#include "bn_local.h"
-#include "ec_local.h"
-
-#ifndef OPENSSL_NO_EC2M
-
-
-/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective
- * coordinates.
- * Uses algorithm Mdouble in appendix of
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- * modified to not require precomputation of c=b^{2^{m-1}}.
- */
-static int
-gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)
-{
-       BIGNUM *t1;
-       int ret = 0;
-
-       /* Since Mdouble is static we can guarantee that ctx != NULL. */
-       BN_CTX_start(ctx);
-       if ((t1 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (!group->meth->field_sqr(group, x, x, ctx))
-               goto err;
-       if (!group->meth->field_sqr(group, t1, z, ctx))
-               goto err;
-       if (!group->meth->field_mul(group, z, x, t1, ctx))
-               goto err;
-       if (!group->meth->field_sqr(group, x, x, ctx))
-               goto err;
-       if (!group->meth->field_sqr(group, t1, t1, ctx))
-               goto err;
-       if (!group->meth->field_mul(group, t1, &group->b, t1, ctx))
-               goto err;
-       if (!BN_GF2m_add(x, x, t1))
-               goto err;
-
-       ret = 1;
-
- err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery
- * projective coordinates.
- * Uses algorithm Madd in appendix of
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- */
-static int
-gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1,
-    const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx)
-{
-       BIGNUM *t1, *t2;
-       int ret = 0;
-
-       /* Since Madd is static we can guarantee that ctx != NULL. */
-       BN_CTX_start(ctx);
-       if ((t1 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((t2 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (!bn_copy(t1, x))
-               goto err;
-       if (!group->meth->field_mul(group, x1, x1, z2, ctx))
-               goto err;
-       if (!group->meth->field_mul(group, z1, z1, x2, ctx))
-               goto err;
-       if (!group->meth->field_mul(group, t2, x1, z1, ctx))
-               goto err;
-       if (!BN_GF2m_add(z1, z1, x1))
-               goto err;
-       if (!group->meth->field_sqr(group, z1, z1, ctx))
-               goto err;
-       if (!group->meth->field_mul(group, x1, z1, t1, ctx))
-               goto err;
-       if (!BN_GF2m_add(x1, x1, t2))
-               goto err;
-
-       ret = 1;
-
- err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
- * using Montgomery point multiplication algorithm Mxy() in appendix of
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- * Returns:
- *     0 on error
- *     1 if return value should be the point at infinity
- *     2 otherwise
- */
-static int
-gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1,
-    BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx)
-{
-       BIGNUM *t3, *t4, *t5;
-       int ret = 0;
-
-       if (BN_is_zero(z1)) {
-               BN_zero(x2);
-               BN_zero(z2);
-               return 1;
-       }
-       if (BN_is_zero(z2)) {
-               if (!bn_copy(x2, x))
-                       return 0;
-               if (!BN_GF2m_add(z2, x, y))
-                       return 0;
-               return 2;
-       }
-       /* Since Mxy is static we can guarantee that ctx != NULL. */
-       BN_CTX_start(ctx);
-       if ((t3 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((t4 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((t5 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (!BN_one(t5))
-               goto err;
-
-       if (!group->meth->field_mul(group, t3, z1, z2, ctx))
-               goto err;
-
-       if (!group->meth->field_mul(group, z1, z1, x, ctx))
-               goto err;
-       if (!BN_GF2m_add(z1, z1, x1))
-               goto err;
-       if (!group->meth->field_mul(group, z2, z2, x, ctx))
-               goto err;
-       if (!group->meth->field_mul(group, x1, z2, x1, ctx))
-               goto err;
-       if (!BN_GF2m_add(z2, z2, x2))
-               goto err;
-
-       if (!group->meth->field_mul(group, z2, z2, z1, ctx))
-               goto err;
-       if (!group->meth->field_sqr(group, t4, x, ctx))
-               goto err;
-       if (!BN_GF2m_add(t4, t4, y))
-               goto err;
-       if (!group->meth->field_mul(group, t4, t4, t3, ctx))
-               goto err;
-       if (!BN_GF2m_add(t4, t4, z2))
-               goto err;
-
-       if (!group->meth->field_mul(group, t3, t3, x, ctx))
-               goto err;
-       if (!group->meth->field_div(group, t3, t5, t3, ctx))
-               goto err;
-       if (!group->meth->field_mul(group, t4, t3, t4, ctx))
-               goto err;
-       if (!group->meth->field_mul(group, x2, x1, t3, ctx))
-               goto err;
-       if (!BN_GF2m_add(z2, x2, x))
-               goto err;
-
-       if (!group->meth->field_mul(group, z2, z2, t4, ctx))
-               goto err;
-       if (!BN_GF2m_add(z2, z2, y))
-               goto err;
-
-       ret = 2;
-
- err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-
-/* Computes scalar*point and stores the result in r.
- * point can not equal r.
- * Uses a modified algorithm 2P of
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- *
- * To protect against side-channel attack the function uses constant time swap,
- * avoiding conditional branches.
- */
-static int
-ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
-    const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx)
-{
-       BIGNUM *x1, *x2, *z1, *z2;
-       int ret = 0, i;
-       BN_ULONG mask, word;
-
-       if (r == point) {
-               ECerror(EC_R_INVALID_ARGUMENT);
-               return 0;
-       }
-       /* if result should be point at infinity */
-       if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) ||
-           EC_POINT_is_at_infinity(group, point) > 0) {
-               return EC_POINT_set_to_infinity(group, r);
-       }
-       /* only support affine coordinates */
-       if (!point->Z_is_one)
-               return 0;
-
-       /* Since point_multiply is static we can guarantee that ctx != NULL. */
-       BN_CTX_start(ctx);
-       if ((x1 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((z1 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       x2 = &r->X;
-       z2 = &r->Y;
-
-       if (!bn_wexpand(x1, group->field.top))
-                goto err;
-       if (!bn_wexpand(z1, group->field.top))
-                goto err;
-       if (!bn_wexpand(x2, group->field.top))
-                goto err;
-       if (!bn_wexpand(z2, group->field.top))
-                goto err;
-
-       if (!BN_GF2m_mod_arr(x1, &point->X, group->poly))
-               goto err;       /* x1 = x */
-       if (!BN_one(z1))
-               goto err;       /* z1 = 1 */
-       if (!group->meth->field_sqr(group, z2, x1, ctx))
-               goto err;       /* z2 = x1^2 = x^2 */
-       if (!group->meth->field_sqr(group, x2, z2, ctx))
-               goto err;
-       if (!BN_GF2m_add(x2, x2, &group->b))
-               goto err;       /* x2 = x^4 + b */
-
-       /* find top most bit and go one past it */
-       i = scalar->top - 1;
-       mask = BN_TBIT;
-       word = scalar->d[i];
-       while (!(word & mask))
-               mask >>= 1;
-       mask >>= 1;
-       /* if top most bit was at word break, go to next word */
-       if (!mask) {
-               i--;
-               mask = BN_TBIT;
-       }
-       for (; i >= 0; i--) {
-               word = scalar->d[i];
-               while (mask) {
-                       if (!BN_swap_ct(word & mask, x1, x2, group->field.top))
-                               goto err;
-                       if (!BN_swap_ct(word & mask, z1, z2, group->field.top))
-                               goto err;
-                       if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx))
-                               goto err;
-                       if (!gf2m_Mdouble(group, x1, z1, ctx))
-                               goto err;
-                       if (!BN_swap_ct(word & mask, x1, x2, group->field.top))
-                               goto err;
-                       if (!BN_swap_ct(word & mask, z1, z2, group->field.top))
-                               goto err;
-                       mask >>= 1;
-               }
-               mask = BN_TBIT;
-       }
-
-       /* convert out of "projective" coordinates */
-       i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx);
-       if (i == 0)
-               goto err;
-       else if (i == 1) {
-               if (!EC_POINT_set_to_infinity(group, r))
-                       goto err;
-       } else {
-               if (!BN_one(&r->Z))
-                       goto err;
-               r->Z_is_one = 1;
-       }
-
-       /* GF(2^m) field elements should always have BIGNUM::neg = 0 */
-       BN_set_negative(&r->X, 0);
-       BN_set_negative(&r->Y, 0);
-
-       ret = 1;
-
- err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-
-/* Computes the sum
- *     scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1]
- * gracefully ignoring NULL scalar values.
- */
-int
-ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-    size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
-{
-       EC_POINT *p = NULL;
-       EC_POINT *acc = NULL;
-       size_t i;
-       int ret = 0;
-
-       /*
-        * This implementation is more efficient than the wNAF implementation
-        * for 2 or fewer points.  Use the ec_wNAF_mul implementation for 3
-        * or more points, or if we can perform a fast multiplication based
-        * on precomputation.
-        */
-       if ((scalar && (num > 1)) || (num > 2) ||
-           (num == 0 && EC_GROUP_have_precompute_mult(group))) {
-               ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
-               goto err;
-       }
-       if ((p = EC_POINT_new(group)) == NULL)
-               goto err;
-       if ((acc = EC_POINT_new(group)) == NULL)
-               goto err;
-
-       if (!EC_POINT_set_to_infinity(group, acc))
-               goto err;
-
-       if (scalar) {
-               if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx))
-                       goto err;
-               if (BN_is_negative(scalar))
-                       if (!group->meth->invert(group, p, ctx))
-                               goto err;
-               if (!group->meth->add(group, acc, acc, p, ctx))
-                       goto err;
-       }
-       for (i = 0; i < num; i++) {
-               if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx))
-                       goto err;
-               if (BN_is_negative(scalars[i]))
-                       if (!group->meth->invert(group, p, ctx))
-                               goto err;
-               if (!group->meth->add(group, acc, acc, p, ctx))
-                       goto err;
-       }
-
-       if (!EC_POINT_copy(r, acc))
-               goto err;
-
-       ret = 1;
-
- err:
-       EC_POINT_free(p);
-       EC_POINT_free(acc);
-
-       return ret;
-}
-
-
-/* Precomputation for point multiplication: fall back to wNAF methods
- * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */
-
-int
-ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
-{
-       return ec_wNAF_precompute_mult(group, ctx);
-}
-
-int
-ec_GF2m_have_precompute_mult(const EC_GROUP *group)
-{
-       return ec_wNAF_have_precompute_mult(group);
-}
-
-#endif

diff --git a/lib/libcrypto/ec/ec2_oct.c b/lib/libcrypto/ec/ec2_oct.c
deleted file mode 100644 (file)
index 6cb7259..0000000
--- a/lib/libcrypto/ec/ec2_oct.c
+++ /dev/null
@@ -1,402 +0,0 @@
-/* $OpenBSD: ec2_oct.c,v 1.20 2023/04/11 18:58:20 jsing Exp $ */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/err.h>
-
-#include "ec_local.h"
-
-#ifndef OPENSSL_NO_EC2M
-
-/* Calculates and sets the affine coordinates of an EC_POINT from the given
- * compressed coordinates.  Uses algorithm 2.3.4 of SEC 1.
- * Note that the simple implementation only uses affine coordinates.
- *
- * The method is from the following publication:
- *
- *     Harper, Menezes, Vanstone:
- *     "Public-Key Cryptosystems with Very Small Key Lengths",
- *     EUROCRYPT '92, Springer-Verlag LNCS 658,
- *     published February 1993
- *
- * US Patents 6,141,420 and 6,618,483 (Vanstone, Mullin, Agnew) describe
- * the same method, but claim no priority date earlier than July 29, 1994
- * (and additionally fail to cite the EUROCRYPT '92 publication as prior art).
- */
-int
-ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
-    const BIGNUM *x_, int y_bit, BN_CTX *ctx)
-{
-       BIGNUM *tmp, *x, *y, *z;
-       int z0;
-       int ret = 0;
-
-       /* clear error queue */
-       ERR_clear_error();
-
-       y_bit = (y_bit != 0) ? 1 : 0;
-
-       BN_CTX_start(ctx);
-
-       if ((tmp = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((x = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((y = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((z = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (!BN_GF2m_mod_arr(x, x_, group->poly))
-               goto err;
-       if (BN_is_zero(x)) {
-               if (y_bit != 0) {
-                       ECerror(EC_R_INVALID_COMPRESSED_POINT);
-                       goto err;
-               }
-               if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx))
-                       goto err;
-       } else {
-               if (!group->meth->field_sqr(group, tmp, x, ctx))
-                       goto err;
-               if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx))
-                       goto err;
-               if (!BN_GF2m_add(tmp, &group->a, tmp))
-                       goto err;
-               if (!BN_GF2m_add(tmp, x, tmp))
-                       goto err;
-               if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) {
-                       unsigned long err = ERR_peek_last_error();
-
-                       if (ERR_GET_LIB(err) == ERR_LIB_BN &&
-                           ERR_GET_REASON(err) == BN_R_NO_SOLUTION) {
-                               ERR_clear_error();
-                               ECerror(EC_R_INVALID_COMPRESSED_POINT);
-                       } else
-                               ECerror(ERR_R_BN_LIB);
-                       goto err;
-               }
-               z0 = (BN_is_odd(z)) ? 1 : 0;
-               if (!group->meth->field_mul(group, y, x, z, ctx))
-                       goto err;
-               if (z0 != y_bit) {
-                       if (!BN_GF2m_add(y, y, x))
-                               goto err;
-               }
-       }
-
-       if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
-               goto err;
-
-       ret = 1;
-
- err:
-       BN_CTX_end(ctx);
-
-       return ret;
-}
-
-
-/* Converts an EC_POINT to an octet string.
- * If buf is NULL, the encoded length will be returned.
- * If the length len of buf is smaller than required an error will be returned.
- */
-size_t
-ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
-    point_conversion_form_t form,
-    unsigned char *buf, size_t len, BN_CTX *ctx)
-{
-       BIGNUM *x, *y, *yxi;
-       size_t field_len, i, skip;
-       size_t ret;
-
-       if (form != POINT_CONVERSION_COMPRESSED &&
-           form != POINT_CONVERSION_UNCOMPRESSED &&
-           form != POINT_CONVERSION_HYBRID) {
-               ECerror(EC_R_INVALID_FORM);
-               return 0;
-       }
-
-       if (EC_POINT_is_at_infinity(group, point) > 0) {
-               /* encodes to a single 0 octet */
-               if (buf != NULL) {
-                       if (len < 1) {
-                               ECerror(EC_R_BUFFER_TOO_SMALL);
-                               return 0;
-                       }
-                       buf[0] = 0;
-               }
-               return 1;
-       }
-
-       BN_CTX_start(ctx);
-
-       /* ret := required output buffer length */
-       field_len = (EC_GROUP_get_degree(group) + 7) / 8;
-       ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len :
-           1 + 2 * field_len;
-
-       /* if 'buf' is NULL, just return required length */
-       if (buf != NULL) {
-               if (len < ret) {
-                       ECerror(EC_R_BUFFER_TOO_SMALL);
-                       goto err;
-               }
-
-               if ((x = BN_CTX_get(ctx)) == NULL)
-                       goto err;
-               if ((y = BN_CTX_get(ctx)) == NULL)
-                       goto err;
-               if ((yxi = BN_CTX_get(ctx)) == NULL)
-                       goto err;
-
-               if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
-                       goto err;
-
-               buf[0] = form;
-               if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) {
-                       if (!group->meth->field_div(group, yxi, y, x, ctx))
-                               goto err;
-                       if (BN_is_odd(yxi))
-                               buf[0]++;
-               }
-               i = 1;
-
-               skip = field_len - BN_num_bytes(x);
-               if (skip > field_len) {
-                       ECerror(ERR_R_INTERNAL_ERROR);
-                       goto err;
-               }
-               while (skip > 0) {
-                       buf[i++] = 0;
-                       skip--;
-               }
-               skip = BN_bn2bin(x, buf + i);
-               i += skip;
-               if (i != 1 + field_len) {
-                       ECerror(ERR_R_INTERNAL_ERROR);
-                       goto err;
-               }
-               if (form == POINT_CONVERSION_UNCOMPRESSED ||
-                   form == POINT_CONVERSION_HYBRID) {
-                       skip = field_len - BN_num_bytes(y);
-                       if (skip > field_len) {
-                               ECerror(ERR_R_INTERNAL_ERROR);
-                               goto err;
-                       }
-                       while (skip > 0) {
-                               buf[i++] = 0;
-                               skip--;
-                       }
-                       skip = BN_bn2bin(y, buf + i);
-                       i += skip;
-               }
-               if (i != ret) {
-                       ECerror(ERR_R_INTERNAL_ERROR);
-                       goto err;
-               }
-       }
-
- err:
-       BN_CTX_end(ctx);
-
-       return ret;
-}
-
-/*
- * Converts an octet string representation to an EC_POINT.
- * Note that the simple implementation only uses affine coordinates.
- */
-int
-ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
-    const unsigned char *buf, size_t len, BN_CTX *ctx)
-{
-       point_conversion_form_t form;
-       int y_bit;
-       BIGNUM *x, *y, *yxi;
-       size_t field_len, enc_len;
-       int ret = 0;
-
-       if (len == 0) {
-               ECerror(EC_R_BUFFER_TOO_SMALL);
-               return 0;
-       }
-
-       /*
-        * The first octet is the point conversion octet PC, see X9.62, page 4
-        * and section 4.4.2.  It must be:
-        *      0x00            for the point at infinity
-        *      0x02 or 0x03    for compressed form
-        *      0x04            for uncompressed form
-        *      0x06 or 0x07    for hybrid form.
-        * For compressed or hybrid forms, we store the last bit of buf[0] as
-        * y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*.
-        * We error if buf[0] contains any but the above values.
-        */
-       y_bit = buf[0] & 1;
-       form = buf[0] & ~1U;
-
-       if (form != 0 && form != POINT_CONVERSION_COMPRESSED &&
-           form != POINT_CONVERSION_UNCOMPRESSED &&
-           form != POINT_CONVERSION_HYBRID) {
-               ECerror(EC_R_INVALID_ENCODING);
-               return 0;
-       }
-       if (form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) {
-               if (y_bit != 0) {
-                       ECerror(EC_R_INVALID_ENCODING);
-                       return 0;
-               }
-       }
-
-       /* The point at infinity is represented by a single zero octet. */
-       if (form == 0) {
-               if (len != 1) {
-                       ECerror(EC_R_INVALID_ENCODING);
-                       return 0;
-               }
-               return EC_POINT_set_to_infinity(group, point);
-       }
-
-       field_len = (EC_GROUP_get_degree(group) + 7) / 8;
-       enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len :
-           1 + 2 * field_len;
-
-       if (len != enc_len) {
-               ECerror(EC_R_INVALID_ENCODING);
-               return 0;
-       }
-
-       BN_CTX_start(ctx);
-
-       if ((x = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((y = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((yxi = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (!BN_bin2bn(buf + 1, field_len, x))
-               goto err;
-       if (BN_ucmp(x, &group->field) >= 0) {
-               ECerror(EC_R_INVALID_ENCODING);
-               goto err;
-       }
-       if (form == POINT_CONVERSION_COMPRESSED) {
-               /*
-                * EC_POINT_set_compressed_coordinates checks that the
-                * point is on the curve as required by X9.62.
-                */
-               if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx))
-                       goto err;
-       } else {
-               if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
-                       goto err;
-               if (BN_ucmp(y, &group->field) >= 0) {
-                       ECerror(EC_R_INVALID_ENCODING);
-                       goto err;
-               }
-               if (form == POINT_CONVERSION_HYBRID) {
-                       /*
-                        * Check that the form in the encoding was set
-                        * correctly according to X9.62 4.4.2.a, 4(c),
-                        * see also first paragraph of X9.62 4.4.1.b.
-                        */
-                       if (BN_is_zero(x)) {
-                               if (y_bit != 0) {
-                                       ECerror(EC_R_INVALID_ENCODING);
-                                       goto err;
-                               }
-                       } else {
-                               if (!group->meth->field_div(group, yxi, y, x,
-                                   ctx))
-                                       goto err;
-                               if (y_bit != BN_is_odd(yxi)) {
-                                       ECerror(EC_R_INVALID_ENCODING);
-                                       goto err;
-                               }
-                       }
-               }
-               /*
-                * EC_POINT_set_affine_coordinates checks that the
-                * point is on the curve as required by X9.62.
-                */
-               if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
-                       goto err;
-       }
-
-       ret = 1;
-
- err:
-       BN_CTX_end(ctx);
-
-       return ret;
-}
-#endif

diff --git a/lib/libcrypto/ec/ec2_smpl.c b/lib/libcrypto/ec/ec2_smpl.c
deleted file mode 100644 (file)
index 850159c..0000000
--- a/lib/libcrypto/ec/ec2_smpl.c
+++ /dev/null
@@ -1,723 +0,0 @@
-/* $OpenBSD: ec2_smpl.c,v 1.35 2023/04/11 18:58:20 jsing Exp $ */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/err.h>
-
-#include "ec_local.h"
-
-#ifndef OPENSSL_NO_EC2M
-
-/*
- * Initialize a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_new.
- */
-static int
-ec_GF2m_simple_group_init(EC_GROUP *group)
-{
-       BN_init(&group->field);
-       BN_init(&group->a);
-       BN_init(&group->b);
-       return 1;
-}
-
-/*
- * Clear and free a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_free.
- */
-static void
-ec_GF2m_simple_group_finish(EC_GROUP *group)
-{
-       BN_free(&group->field);
-       BN_free(&group->a);
-       BN_free(&group->b);
-       group->poly[0] = 0;
-       group->poly[1] = 0;
-       group->poly[2] = 0;
-       group->poly[3] = 0;
-       group->poly[4] = 0;
-       group->poly[5] = -1;
-}
-
-/*
- * Copy a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_copy.
- */
-static int
-ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-{
-       int i;
-
-       if (!bn_copy(&dest->field, &src->field))
-               return 0;
-       if (!bn_copy(&dest->a, &src->a))
-               return 0;
-       if (!bn_copy(&dest->b, &src->b))
-               return 0;
-       dest->poly[0] = src->poly[0];
-       dest->poly[1] = src->poly[1];
-       dest->poly[2] = src->poly[2];
-       dest->poly[3] = src->poly[3];
-       dest->poly[4] = src->poly[4];
-       dest->poly[5] = src->poly[5];
-       if (!bn_expand(&dest->a, dest->poly[0]))
-               return 0;
-       if (!bn_expand(&dest->b, dest->poly[0]))
-               return 0;
-       for (i = dest->a.top; i < dest->a.dmax; i++)
-               dest->a.d[i] = 0;
-       for (i = dest->b.top; i < dest->b.dmax; i++)
-               dest->b.d[i] = 0;
-       return 1;
-}
-
-/* Set the curve parameters of an EC_GROUP structure. */
-static int
-ec_GF2m_simple_group_set_curve(EC_GROUP *group,
-    const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-{
-       int ret = 0, i;
-
-       /* group->field */
-       if (!bn_copy(&group->field, p))
-               goto err;
-       i = BN_GF2m_poly2arr(&group->field, group->poly, 6) - 1;
-       if ((i != 5) && (i != 3)) {
-               ECerror(EC_R_UNSUPPORTED_FIELD);
-               goto err;
-       }
-       /* group->a */
-       if (!BN_GF2m_mod_arr(&group->a, a, group->poly))
-               goto err;
-       if (!bn_expand(&group->a, group->poly[0]))
-               goto err;
-       for (i = group->a.top; i < group->a.dmax; i++)
-               group->a.d[i] = 0;
-
-       /* group->b */
-       if (!BN_GF2m_mod_arr(&group->b, b, group->poly))
-               goto err;
-       if (!bn_expand(&group->b, group->poly[0]))
-               goto err;
-       for (i = group->b.top; i < group->b.dmax; i++)
-               group->b.d[i] = 0;
-
-       ret = 1;
- err:
-       return ret;
-}
-
-/*
- * Get the curve parameters of an EC_GROUP structure.
- * If p, a, or b are NULL then there values will not be set but the method will return with success.
- */
-static int
-ec_GF2m_simple_group_get_curve(const EC_GROUP *group,
-    BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-{
-       int ret = 0;
-
-       if (p != NULL) {
-               if (!bn_copy(p, &group->field))
-                       return 0;
-       }
-       if (a != NULL) {
-               if (!bn_copy(a, &group->a))
-                       goto err;
-       }
-       if (b != NULL) {
-               if (!bn_copy(b, &group->b))
-                       goto err;
-       }
-       ret = 1;
-
- err:
-       return ret;
-}
-
-/* Gets the degree of the field.  For a curve over GF(2^m) this is the value m. */
-static int
-ec_GF2m_simple_group_get_degree(const EC_GROUP *group)
-{
-       return BN_num_bits(&group->field) - 1;
-}
-
-/*
- * Checks the discriminant of the curve.
- * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p)
- */
-static int
-ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
-{
-       BIGNUM *b;
-       int ret = 0;
-
-       BN_CTX_start(ctx);
-
-       if ((b = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (!BN_GF2m_mod_arr(b, &group->b, group->poly))
-               goto err;
-
-       /*
-        * check the discriminant: y^2 + x*y = x^3 + a*x^2 + b is an elliptic
-        * curve <=> b != 0 (mod p)
-        */
-       if (BN_is_zero(b))
-               goto err;
-
-       ret = 1;
-
- err:
-       BN_CTX_end(ctx);
-
-       return ret;
-}
-
-/* Initializes an EC_POINT. */
-static int
-ec_GF2m_simple_point_init(EC_POINT *point)
-{
-       BN_init(&point->X);
-       BN_init(&point->Y);
-       BN_init(&point->Z);
-       return 1;
-}
-
-/* Clears and frees an EC_POINT. */
-static void
-ec_GF2m_simple_point_finish(EC_POINT *point)
-{
-       BN_free(&point->X);
-       BN_free(&point->Y);
-       BN_free(&point->Z);
-       point->Z_is_one = 0;
-}
-
-/* Copy the contents of one EC_POINT into another.  Assumes dest is initialized. */
-static int
-ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
-{
-       if (!bn_copy(&dest->X, &src->X))
-               return 0;
-       if (!bn_copy(&dest->Y, &src->Y))
-               return 0;
-       if (!bn_copy(&dest->Z, &src->Z))
-               return 0;
-       dest->Z_is_one = src->Z_is_one;
-
-       return 1;
-}
-
-/*
- * Set an EC_POINT to the point at infinity.
- * A point at infinity is represented by having Z=0.
- */
-static int
-ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
-{
-       point->Z_is_one = 0;
-       BN_zero(&point->Z);
-       return 1;
-}
-
-/*
- * Set the coordinates of an EC_POINT using affine coordinates.
- * Note that the simple implementation only uses affine coordinates.
- */
-static int
-ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
-    const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-{
-       int ret = 0;
-       if (x == NULL || y == NULL) {
-               ECerror(ERR_R_PASSED_NULL_PARAMETER);
-               return 0;
-       }
-       if (!bn_copy(&point->X, x))
-               goto err;
-       BN_set_negative(&point->X, 0);
-       if (!bn_copy(&point->Y, y))
-               goto err;
-       BN_set_negative(&point->Y, 0);
-       if (!bn_copy(&point->Z, BN_value_one()))
-               goto err;
-       BN_set_negative(&point->Z, 0);
-       point->Z_is_one = 1;
-       ret = 1;
-
- err:
-       return ret;
-}
-
-/*
- * Gets the affine coordinates of an EC_POINT.
- * Note that the simple implementation only uses affine coordinates.
- */
-static int
-ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,
-    const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-{
-       int ret = 0;
-
-       if (EC_POINT_is_at_infinity(group, point) > 0) {
-               ECerror(EC_R_POINT_AT_INFINITY);
-               return 0;
-       }
-       if (BN_cmp(&point->Z, BN_value_one())) {
-               ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-               return 0;
-       }
-       if (x != NULL) {
-               if (!bn_copy(x, &point->X))
-                       goto err;
-               BN_set_negative(x, 0);
-       }
-       if (y != NULL) {
-               if (!bn_copy(y, &point->Y))
-                       goto err;
-               BN_set_negative(y, 0);
-       }
-       ret = 1;
-
- err:
-       return ret;
-}
-
-/*
- * Computes a + b and stores the result in r.  r could be a or b, a could be b.
- * Uses algorithm A.10.2 of IEEE P1363.
- */
-static int
-ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
-    const EC_POINT *b, BN_CTX *ctx)
-{
-       BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
-       int ret = 0;
-
-       if (EC_POINT_is_at_infinity(group, a) > 0) {
-               if (!EC_POINT_copy(r, b))
-                       return 0;
-               return 1;
-       }
-       if (EC_POINT_is_at_infinity(group, b) > 0) {
-               if (!EC_POINT_copy(r, a))
-                       return 0;
-               return 1;
-       }
-
-       BN_CTX_start(ctx);
-
-       if ((x0 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((y0 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((x1 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((y1 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((x2 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((y2 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((s = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((t = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (a->Z_is_one) {
-               if (!bn_copy(x0, &a->X))
-                       goto err;
-               if (!bn_copy(y0, &a->Y))
-                       goto err;
-       } else {
-               if (!EC_POINT_get_affine_coordinates(group, a, x0, y0, ctx))
-                       goto err;
-       }
-       if (b->Z_is_one) {
-               if (!bn_copy(x1, &b->X))
-                       goto err;
-               if (!bn_copy(y1, &b->Y))
-                       goto err;
-       } else {
-               if (!EC_POINT_get_affine_coordinates(group, b, x1, y1, ctx))
-                       goto err;
-       }
-
-       if (BN_GF2m_cmp(x0, x1)) {
-               if (!BN_GF2m_add(t, x0, x1))
-                       goto err;
-               if (!BN_GF2m_add(s, y0, y1))
-                       goto err;
-               if (!group->meth->field_div(group, s, s, t, ctx))
-                       goto err;
-               if (!group->meth->field_sqr(group, x2, s, ctx))
-                       goto err;
-               if (!BN_GF2m_add(x2, x2, &group->a))
-                       goto err;
-               if (!BN_GF2m_add(x2, x2, s))
-                       goto err;
-               if (!BN_GF2m_add(x2, x2, t))
-                       goto err;
-       } else {
-               if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) {
-                       if (!EC_POINT_set_to_infinity(group, r))
-                               goto err;
-                       ret = 1;
-                       goto err;
-               }
-               if (!group->meth->field_div(group, s, y1, x1, ctx))
-                       goto err;
-               if (!BN_GF2m_add(s, s, x1))
-                       goto err;
-
-               if (!group->meth->field_sqr(group, x2, s, ctx))
-                       goto err;
-               if (!BN_GF2m_add(x2, x2, s))
-                       goto err;
-               if (!BN_GF2m_add(x2, x2, &group->a))
-                       goto err;
-       }
-
-       if (!BN_GF2m_add(y2, x1, x2))
-               goto err;
-       if (!group->meth->field_mul(group, y2, y2, s, ctx))
-               goto err;
-       if (!BN_GF2m_add(y2, y2, x2))
-               goto err;
-       if (!BN_GF2m_add(y2, y2, y1))
-               goto err;
-
-       if (!EC_POINT_set_affine_coordinates(group, r, x2, y2, ctx))
-               goto err;
-
-       ret = 1;
-
- err:
-       BN_CTX_end(ctx);
-
-       return ret;
-}
-
-/*
- * Computes 2 * a and stores the result in r.  r could be a.
- * Uses algorithm A.10.2 of IEEE P1363.
- */
-static int
-ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
-    BN_CTX *ctx)
-{
-       return ec_GF2m_simple_add(group, r, a, a, ctx);
-}
-
-static int
-ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-{
-       if (EC_POINT_is_at_infinity(group, point) > 0 || BN_is_zero(&point->Y))
-               /* point is its own inverse */
-               return 1;
-
-       if (!EC_POINT_make_affine(group, point, ctx))
-               return 0;
-       return BN_GF2m_add(&point->Y, &point->X, &point->Y);
-}
-
-/* Indicates whether the given point is the point at infinity. */
-static int
-ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
-{
-       return BN_is_zero(&point->Z);
-}
-
-/*
- * Determines whether the given EC_POINT is an actual point on the curve defined
- * in the EC_GROUP.  A point is valid if it satisfies the Weierstrass equation:
- *      y^2 + x*y = x^3 + a*x^2 + b.
- */
-static int
-ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
-{
-       int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-       int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-       BIGNUM *lh, *y2;
-       int ret = -1;
-
-       if (EC_POINT_is_at_infinity(group, point) > 0)
-               return 1;
-
-       field_mul = group->meth->field_mul;
-       field_sqr = group->meth->field_sqr;
-
-       /* only support affine coordinates */
-       if (!point->Z_is_one)
-               return -1;
-
-       BN_CTX_start(ctx);
-
-       if ((y2 = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((lh = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       /*
-        * We have a curve defined by a Weierstrass equation y^2 + x*y = x^3
-        * + a*x^2 + b. <=> x^3 + a*x^2 + x*y + b + y^2 = 0 <=> ((x + a) * x
-        * + y ) * x + b + y^2 = 0
-        */
-       if (!BN_GF2m_add(lh, &point->X, &group->a))
-               goto err;
-       if (!field_mul(group, lh, lh, &point->X, ctx))
-               goto err;
-       if (!BN_GF2m_add(lh, lh, &point->Y))
-               goto err;
-       if (!field_mul(group, lh, lh, &point->X, ctx))
-               goto err;
-       if (!BN_GF2m_add(lh, lh, &group->b))
-               goto err;
-       if (!field_sqr(group, y2, &point->Y, ctx))
-               goto err;
-       if (!BN_GF2m_add(lh, lh, y2))
-               goto err;
-
-       ret = BN_is_zero(lh);
-
- err:
-       BN_CTX_end(ctx);
-
-       return ret;
-}
-
-/*
- * Indicates whether two points are equal.
- * Return values:
- *  -1   error
- *   0   equal (in affine coordinates)
- *   1   not equal
- */
-static int
-ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
-    const EC_POINT *b, BN_CTX *ctx)
-{
-       BIGNUM *aX, *aY, *bX, *bY;
-       int ret = -1;
-
-       if (EC_POINT_is_at_infinity(group, a) > 0)
-               return EC_POINT_is_at_infinity(group, b) > 0 ? 0 : 1;
-
-       if (EC_POINT_is_at_infinity(group, b) > 0)
-               return 1;
-
-       if (a->Z_is_one && b->Z_is_one)
-               return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
-
-       BN_CTX_start(ctx);
-
-       if ((aX = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((aY = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((bX = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((bY = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (!EC_POINT_get_affine_coordinates(group, a, aX, aY, ctx))
-               goto err;
-       if (!EC_POINT_get_affine_coordinates(group, b, bX, bY, ctx))
-               goto err;
-       ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
-
- err:
-       BN_CTX_end(ctx);
-
-       return ret;
-}
-
-/* Forces the given EC_POINT to internally use affine coordinates. */
-static int
-ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-{
-       BIGNUM *x, *y;
-       int ret = 0;
-
-       if (point->Z_is_one || EC_POINT_is_at_infinity(group, point) > 0)
-               return 1;
-
-       BN_CTX_start(ctx);
-
-       if ((x = BN_CTX_get(ctx)) == NULL)
-               goto err;
-       if ((y = BN_CTX_get(ctx)) == NULL)
-               goto err;
-
-       if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
-               goto err;
-       if (!bn_copy(&point->X, x))
-               goto err;
-       if (!bn_copy(&point->Y, y))
-               goto err;
-       if (!BN_one(&point->Z))
-               goto err;
-
-       ret = 1;
-
- err:
-       BN_CTX_end(ctx);
-
-       return ret;
-}
-
-/* Forces each of the EC_POINTs in the given array to use affine coordinates. */
-static int
-ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num,
-    EC_POINT *points[], BN_CTX *ctx)
-{
-       size_t i;
-
-       for (i = 0; i < num; i++) {
-               if (!group->meth->make_affine(group, points[i], ctx))
-                       return 0;
-       }
-
-       return 1;
-}
-
-/* Wrapper to simple binary polynomial field multiplication implementation. */
-static int
-ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *b, BN_CTX *ctx)
-{
-       return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx);
-}
-
-/* Wrapper to simple binary polynomial field squaring implementation. */
-static int
-ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
-    BN_CTX *ctx)
-{
-       return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx);
-}
-
-/* Wrapper to simple binary polynomial field division implementation. */
-static int
-ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *b, BN_CTX *ctx)
-{
-       return BN_GF2m_mod_div(r, a, b, &group->field, ctx);
-}
-
-static const EC_METHOD ec_GF2m_simple_method = {
-       .field_type = NID_X9_62_characteristic_two_field,
-       .group_init = ec_GF2m_simple_group_init,
-       .group_finish = ec_GF2m_simple_group_finish,
-       .group_copy = ec_GF2m_simple_group_copy,
-       .group_set_curve = ec_GF2m_simple_group_set_curve,
-       .group_get_curve = ec_GF2m_simple_group_get_curve,
-       .group_get_degree = ec_GF2m_simple_group_get_degree,
-       .group_order_bits = ec_group_simple_order_bits,
-       .group_check_discriminant = ec_GF2m_simple_group_check_discriminant,
-       .point_init = ec_GF2m_simple_point_init,
-       .point_finish = ec_GF2m_simple_point_finish,
-       .point_copy = ec_GF2m_simple_point_copy,
-       .point_set_to_infinity = ec_GF2m_simple_point_set_to_infinity,
-       .point_set_affine_coordinates =
-           ec_GF2m_simple_point_set_affine_coordinates,
-       .point_get_affine_coordinates =
-           ec_GF2m_simple_point_get_affine_coordinates,
-       .point_set_compressed_coordinates =
-           ec_GF2m_simple_set_compressed_coordinates,
-       .point2oct = ec_GF2m_simple_point2oct,
-       .oct2point = ec_GF2m_simple_oct2point,
-       .add = ec_GF2m_simple_add,
-       .dbl = ec_GF2m_simple_dbl,
-       .invert = ec_GF2m_simple_invert,
-       .is_at_infinity = ec_GF2m_simple_is_at_infinity,
-       .is_on_curve = ec_GF2m_simple_is_on_curve,
-       .point_cmp = ec_GF2m_simple_cmp,
-       .make_affine = ec_GF2m_simple_make_affine,
-       .points_make_affine = ec_GF2m_simple_points_make_affine,
-       .mul_generator_ct = ec_GFp_simple_mul_generator_ct,
-       .mul_single_ct = ec_GFp_simple_mul_single_ct,
-       .mul_double_nonct = ec_GFp_simple_mul_double_nonct,
-       .precompute_mult = ec_GF2m_precompute_mult,
-       .have_precompute_mult = ec_GF2m_have_precompute_mult,
-       .field_mul = ec_GF2m_simple_field_mul,
-       .field_sqr = ec_GF2m_simple_field_sqr,
-       .field_div = ec_GF2m_simple_field_div,
-       .blind_coordinates = NULL,
-};
-
-const EC_METHOD *
-EC_GF2m_simple_method(void)
-{
-       return &ec_GF2m_simple_method;
-}
-#endif

diff --git a/lib/libcrypto/ec/ec_asn1.c b/lib/libcrypto/ec/ec_asn1.c
index fb6a8e8..c62ba22 100644 (file)
--- a/lib/libcrypto/ec/ec_asn1.c
+++ b/lib/libcrypto/ec/ec_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_asn1.c,v 1.41 2023/03/08 05:45:31 jsing Exp $ */
+/* $OpenBSD: ec_asn1.c,v 1.42 2023/04/25 19:53:30 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -89,49 +89,6 @@ EC_GROUP_get_basis_type(const EC_GROUP *group)
                return 0;
 }
 
-#ifndef OPENSSL_NO_EC2M
-int
-EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
-{
-       if (group == NULL)
-               return 0;
-
-       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
-           NID_X9_62_characteristic_two_field
-           || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) {
-               ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-               return 0;
-       }
-       if (k)
-               *k = group->poly[1];
-
-       return 1;
-}
-
-int
-EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
-    unsigned int *k2, unsigned int *k3)
-{
-       if (group == NULL)
-               return 0;
-
-       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
-           NID_X9_62_characteristic_two_field
-           || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) {
-               ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-               return 0;
-       }
-       if (k1)
-               *k1 = group->poly[3];
-       if (k2)
-               *k2 = group->poly[2];
-       if (k3)
-               *k3 = group->poly[1];
-
-       return 1;
-}
-#endif
-
 /* some structures needed for the asn1 encoding */
 typedef struct x9_62_pentanomial_st {
        long k1;
@@ -719,77 +676,10 @@ ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
                        ECerror(ERR_R_ASN1_LIB);
                        goto err;
                }
-       } else                  /* nid == NID_X9_62_characteristic_two_field */
-#ifdef OPENSSL_NO_EC2M
-       {
+       } else {
                ECerror(EC_R_GF2M_NOT_SUPPORTED);
                goto err;
        }
-#else
-       {
-               int field_type;
-               X9_62_CHARACTERISTIC_TWO *char_two;
-
-               field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
-               char_two = field->p.char_two;
-
-               if (char_two == NULL) {
-                       ECerror(ERR_R_MALLOC_FAILURE);
-                       goto err;
-               }
-               char_two->m = (long) EC_GROUP_get_degree(group);
-
-               field_type = EC_GROUP_get_basis_type(group);
-
-               if (field_type == 0) {
-                       ECerror(ERR_R_EC_LIB);
-                       goto err;
-               }
-               /* set base type OID */
-               if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
-                       ECerror(ERR_R_OBJ_LIB);
-                       goto err;
-               }
-               if (field_type == NID_X9_62_tpBasis) {
-                       unsigned int k;
-
-                       if (!EC_GROUP_get_trinomial_basis(group, &k))
-                               goto err;
-
-                       char_two->p.tpBasis = ASN1_INTEGER_new();
-                       if (!char_two->p.tpBasis) {
-                               ECerror(ERR_R_MALLOC_FAILURE);
-                               goto err;
-                       }
-                       if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long) k)) {
-                               ECerror(ERR_R_ASN1_LIB);
-                               goto err;
-                       }
-               } else if (field_type == NID_X9_62_ppBasis) {
-                       unsigned int k1, k2, k3;
-
-                       if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
-                               goto err;
-
-                       char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
-                       if (!char_two->p.ppBasis) {
-                               ECerror(ERR_R_MALLOC_FAILURE);
-                               goto err;
-                       }
-                       /* set k? values */
-                       char_two->p.ppBasis->k1 = (long) k1;
-                       char_two->p.ppBasis->k2 = (long) k2;
-                       char_two->p.ppBasis->k3 = (long) k3;
-               } else {        /* field_type == NID_X9_62_onBasis */
-                       /* for ONB the parameters are (asn1) NULL */
-                       char_two->p.onBasis = ASN1_NULL_new();
-                       if (!char_two->p.onBasis) {
-                               ECerror(ERR_R_MALLOC_FAILURE);
-                               goto err;
-                       }
-               }
-       }
-#endif
 
        ok = 1;
 
@@ -1067,86 +957,10 @@ ec_asn1_parameters2group(const ECPARAMETERS *params)
        }
        /* get the field parameters */
        tmp = OBJ_obj2nid(params->fieldID->fieldType);
-       if (tmp == NID_X9_62_characteristic_two_field)
-#ifdef OPENSSL_NO_EC2M
-       {
+       if (tmp == NID_X9_62_characteristic_two_field) {
                ECerror(EC_R_GF2M_NOT_SUPPORTED);
                goto err;
-       }
-#else
-       {
-               X9_62_CHARACTERISTIC_TWO *char_two;
-
-               char_two = params->fieldID->p.char_two;
-
-               field_bits = char_two->m;
-               if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
-                       ECerror(EC_R_FIELD_TOO_LARGE);
-                       goto err;
-               }
-               if ((p = BN_new()) == NULL) {
-                       ECerror(ERR_R_MALLOC_FAILURE);
-                       goto err;
-               }
-               /* get the base type */
-               tmp = OBJ_obj2nid(char_two->type);
-
-               if (tmp == NID_X9_62_tpBasis) {
-                       long tmp_long;
-
-                       if (!char_two->p.tpBasis) {
-                               ECerror(EC_R_ASN1_ERROR);
-                               goto err;
-                       }
-                       tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
-
-                       if (!(char_two->m > tmp_long && tmp_long > 0)) {
-                               ECerror(EC_R_INVALID_TRINOMIAL_BASIS);
-                               goto err;
-                       }
-                       /* create the polynomial */
-                       if (!BN_set_bit(p, (int) char_two->m))
-                               goto err;
-                       if (!BN_set_bit(p, (int) tmp_long))
-                               goto err;
-                       if (!BN_set_bit(p, 0))
-                               goto err;
-               } else if (tmp == NID_X9_62_ppBasis) {
-                       X9_62_PENTANOMIAL *penta;
-
-                       penta = char_two->p.ppBasis;
-                       if (!penta) {
-                               ECerror(EC_R_ASN1_ERROR);
-                               goto err;
-                       }
-                       if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) {
-                               ECerror(EC_R_INVALID_PENTANOMIAL_BASIS);
-                               goto err;
-                       }
-                       /* create the polynomial */
-                       if (!BN_set_bit(p, (int) char_two->m))
-                               goto err;
-                       if (!BN_set_bit(p, (int) penta->k1))
-                               goto err;
-                       if (!BN_set_bit(p, (int) penta->k2))
-                               goto err;
-                       if (!BN_set_bit(p, (int) penta->k3))
-                               goto err;
-                       if (!BN_set_bit(p, 0))
-                               goto err;
-               } else if (tmp == NID_X9_62_onBasis) {
-                       ECerror(EC_R_NOT_IMPLEMENTED);
-                       goto err;
-               } else {        /* error */
-                       ECerror(EC_R_ASN1_ERROR);
-                       goto err;
-               }
-
-               /* create the EC_GROUP structure */
-               ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
-       }
-#endif
-       else if (tmp == NID_X9_62_prime_field) {
+       } else if (tmp == NID_X9_62_prime_field) {
                /* we have a curve over a prime field */
                /* extract the prime number */
                if (!params->fieldID->p.prime) {

diff --git a/lib/libcrypto/ec/ec_curve.c b/lib/libcrypto/ec/ec_curve.c
index 324abe8..898e233 100644 (file)
--- a/lib/libcrypto/ec/ec_curve.c
+++ b/lib/libcrypto/ec/ec_curve.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_curve.c,v 1.26 2023/03/04 14:53:23 jsing Exp $ */
+/* $OpenBSD: ec_curve.c,v 1.27 2023/04/25 19:53:30 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -861,1353 +861,6 @@ static const struct {
        }
 };
 
-#ifndef OPENSSL_NO_EC2M
-
-/* characteristic two curves */
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 15 * 6];
-}
- _EC_SECG_CHAR2_113R1 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 15, 2
-       },
-       {
-               0x10, 0xE7, 0x23, 0xAB, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87,     /* seed */
-               0x56, 0x15, 0x17, 0x56, 0xFE, 0xBF, 0x8F, 0xCB, 0x49, 0xA9,
-
-               0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x02, 0x01,
-               0x00, 0x30, 0x88, 0x25, 0x0C, 0xA6, 0xE7, 0xC7, 0xFE, 0x64,     /* a */
-               0x9C, 0xE8, 0x58, 0x20, 0xF7,
-               0x00, 0xE8, 0xBE, 0xE4, 0xD3, 0xE2, 0x26, 0x07, 0x44, 0x18,     /* b */
-               0x8B, 0xE0, 0xE9, 0xC7, 0x23,
-               0x00, 0x9D, 0x73, 0x61, 0x6F, 0x35, 0xF4, 0xAB, 0x14, 0x07,     /* x */
-               0xD7, 0x35, 0x62, 0xC1, 0x0F,
-               0x00, 0xA5, 0x28, 0x30, 0x27, 0x79, 0x58, 0xEE, 0x84, 0xD1,     /* y */
-               0x31, 0x5E, 0xD3, 0x18, 0x86,
-               0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xD9, 0xCC,     /* order */
-               0xEC, 0x8A, 0x39, 0xE5, 0x6F
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 15 * 6];
-}
- _EC_SECG_CHAR2_113R2 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 15, 2
-       },
-       {
-               0x10, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE,     /* seed */
-               0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5D,
-
-               0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x02, 0x01,
-               0x00, 0x68, 0x99, 0x18, 0xDB, 0xEC, 0x7E, 0x5A, 0x0D, 0xD6,     /* a */
-               0xDF, 0xC0, 0xAA, 0x55, 0xC7,
-               0x00, 0x95, 0xE9, 0xA9, 0xEC, 0x9B, 0x29, 0x7B, 0xD4, 0xBF,     /* b */
-               0x36, 0xE0, 0x59, 0x18, 0x4F,
-               0x01, 0xA5, 0x7A, 0x6A, 0x7B, 0x26, 0xCA, 0x5E, 0xF5, 0x2F,     /* x */
-               0xCD, 0xB8, 0x16, 0x47, 0x97,
-               0x00, 0xB3, 0xAD, 0xC9, 0x4E, 0xD1, 0xFE, 0x67, 0x4C, 0x06,     /* y */
-               0xE6, 0x95, 0xBA, 0xBA, 0x1D,
-               0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x78,     /* order */
-               0x9B, 0x24, 0x96, 0xAF, 0x93
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 17 * 6];
-}
- _EC_SECG_CHAR2_131R1 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 17, 2
-       },
-       {
-               0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x98,     /* seed */
-               0x5B, 0xD3, 0xAD, 0xBA, 0xDA, 0x21, 0xB4, 0x3A, 0x97, 0xE2,
-
-               0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0D,
-               0x07, 0xA1, 0x1B, 0x09, 0xA7, 0x6B, 0x56, 0x21, 0x44, 0x41,     /* a */
-               0x8F, 0xF3, 0xFF, 0x8C, 0x25, 0x70, 0xB8,
-               0x02, 0x17, 0xC0, 0x56, 0x10, 0x88, 0x4B, 0x63, 0xB9, 0xC6,     /* b */
-               0xC7, 0x29, 0x16, 0x78, 0xF9, 0xD3, 0x41,
-               0x00, 0x81, 0xBA, 0xF9, 0x1F, 0xDF, 0x98, 0x33, 0xC4, 0x0F,     /* x */
-               0x9C, 0x18, 0x13, 0x43, 0x63, 0x83, 0x99,
-               0x07, 0x8C, 0x6E, 0x7E, 0xA3, 0x8C, 0x00, 0x1F, 0x73, 0xC8,     /* y */
-               0x13, 0x4B, 0x1B, 0x4E, 0xF9, 0xE1, 0x50,
-               0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x31,     /* order */
-               0x23, 0x95, 0x3A, 0x94, 0x64, 0xB5, 0x4D
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 17 * 6];
-}
- _EC_SECG_CHAR2_131R2 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 17, 2
-       },
-       {
-               0x98, 0x5B, 0xD3, 0xAD, 0xBA, 0xD4, 0xD6, 0x96, 0xE6, 0x76,     /* seed */
-               0x87, 0x56, 0x15, 0x17, 0x5A, 0x21, 0xB4, 0x3A, 0x97, 0xE3,
-
-               0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0D,
-               0x03, 0xE5, 0xA8, 0x89, 0x19, 0xD7, 0xCA, 0xFC, 0xBF, 0x41,     /* a */
-               0x5F, 0x07, 0xC2, 0x17, 0x65, 0x73, 0xB2,
-               0x04, 0xB8, 0x26, 0x6A, 0x46, 0xC5, 0x56, 0x57, 0xAC, 0x73,     /* b */
-               0x4C, 0xE3, 0x8F, 0x01, 0x8F, 0x21, 0x92,
-               0x03, 0x56, 0xDC, 0xD8, 0xF2, 0xF9, 0x50, 0x31, 0xAD, 0x65,     /* x */
-               0x2D, 0x23, 0x95, 0x1B, 0xB3, 0x66, 0xA8,
-               0x06, 0x48, 0xF0, 0x6D, 0x86, 0x79, 0x40, 0xA5, 0x36, 0x6D,     /* y */
-               0x9E, 0x26, 0x5D, 0xE9, 0xEB, 0x24, 0x0F,
-               0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x69,     /* order */
-               0x54, 0xA2, 0x33, 0x04, 0x9B, 0xA9, 0x8F
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 21 * 6];
-}
- _EC_NIST_CHAR2_163K = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 21, 2
-       },
-       {                       /* no seed */
-               0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0xC9,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x01,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* b */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x01,
-               0x02, 0xFE, 0x13, 0xC0, 0x53, 0x7B, 0xBC, 0x11, 0xAC, 0xAA,     /* x */
-               0x07, 0xD7, 0x93, 0xDE, 0x4E, 0x6D, 0x5E, 0x5C, 0x94, 0xEE,
-               0xE8,
-               0x02, 0x89, 0x07, 0x0F, 0xB0, 0x5D, 0x38, 0xFF, 0x58, 0x32,     /* y */
-               0x1F, 0x2E, 0x80, 0x05, 0x36, 0xD5, 0x38, 0xCC, 0xDA, 0xA3,
-               0xD9,
-               0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
-               0x02, 0x01, 0x08, 0xA2, 0xE0, 0xCC, 0x0D, 0x99, 0xF8, 0xA5,
-               0xEF
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 21 * 6];
-}
- _EC_SECG_CHAR2_163R1 = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 21, 2
-       },
-       {                       /* no seed */
-               0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0xC9,
-               0x07, 0xB6, 0x88, 0x2C, 0xAA, 0xEF, 0xA8, 0x4F, 0x95, 0x54,     /* a */
-               0xFF, 0x84, 0x28, 0xBD, 0x88, 0xE2, 0x46, 0xD2, 0x78, 0x2A,
-               0xE2,
-               0x07, 0x13, 0x61, 0x2D, 0xCD, 0xDC, 0xB4, 0x0A, 0xAB, 0x94,     /* b */
-               0x6B, 0xDA, 0x29, 0xCA, 0x91, 0xF7, 0x3A, 0xF9, 0x58, 0xAF,
-               0xD9,
-               0x03, 0x69, 0x97, 0x96, 0x97, 0xAB, 0x43, 0x89, 0x77, 0x89,     /* x */
-               0x56, 0x67, 0x89, 0x56, 0x7F, 0x78, 0x7A, 0x78, 0x76, 0xA6,
-               0x54,
-               0x00, 0x43, 0x5E, 0xDB, 0x42, 0xEF, 0xAF, 0xB2, 0x98, 0x9D,     /* y */
-               0x51, 0xFE, 0xFC, 0xE3, 0xC8, 0x09, 0x88, 0xF4, 0x1F, 0xF8,
-               0x83,
-               0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* order */
-               0xFF, 0x48, 0xAA, 0xB6, 0x89, 0xC2, 0x9C, 0xA7, 0x10, 0x27,
-               0x9B
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 21 * 6];
-}
- _EC_NIST_CHAR2_163B = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 21, 2
-       },
-       {                       /* no seed */
-               0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0xC9,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x01,
-               0x02, 0x0A, 0x60, 0x19, 0x07, 0xB8, 0xC9, 0x53, 0xCA, 0x14,     /* b */
-               0x81, 0xEB, 0x10, 0x51, 0x2F, 0x78, 0x74, 0x4A, 0x32, 0x05,
-               0xFD,
-               0x03, 0xF0, 0xEB, 0xA1, 0x62, 0x86, 0xA2, 0xD5, 0x7E, 0xA0,     /* x */
-               0x99, 0x11, 0x68, 0xD4, 0x99, 0x46, 0x37, 0xE8, 0x34, 0x3E,
-               0x36,
-               0x00, 0xD5, 0x1F, 0xBC, 0x6C, 0x71, 0xA0, 0x09, 0x4F, 0xA2,     /* y */
-               0xCD, 0xD5, 0x45, 0xB1, 0x1C, 0x5C, 0x0C, 0x79, 0x73, 0x24,
-               0xF1,
-               0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
-               0x02, 0x92, 0xFE, 0x77, 0xE7, 0x0C, 0x12, 0xA4, 0x23, 0x4C,
-               0x33
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 25 * 6];
-}
- _EC_SECG_CHAR2_193R1 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 25, 2
-       },
-       {
-               0x10, 0x3F, 0xAE, 0xC7, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75,     /* seed */
-               0x61, 0x51, 0x75, 0x77, 0x7F, 0xC5, 0xB1, 0x91, 0xEF, 0x30,
-
-               0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x80, 0x01,
-               0x00, 0x17, 0x85, 0x8F, 0xEB, 0x7A, 0x98, 0x97, 0x51, 0x69,     /* a */
-               0xE1, 0x71, 0xF7, 0x7B, 0x40, 0x87, 0xDE, 0x09, 0x8A, 0xC8,
-               0xA9, 0x11, 0xDF, 0x7B, 0x01,
-               0x00, 0xFD, 0xFB, 0x49, 0xBF, 0xE6, 0xC3, 0xA8, 0x9F, 0xAC,     /* b */
-               0xAD, 0xAA, 0x7A, 0x1E, 0x5B, 0xBC, 0x7C, 0xC1, 0xC2, 0xE5,
-               0xD8, 0x31, 0x47, 0x88, 0x14,
-               0x01, 0xF4, 0x81, 0xBC, 0x5F, 0x0F, 0xF8, 0x4A, 0x74, 0xAD,     /* x */
-               0x6C, 0xDF, 0x6F, 0xDE, 0xF4, 0xBF, 0x61, 0x79, 0x62, 0x53,
-               0x72, 0xD8, 0xC0, 0xC5, 0xE1,
-               0x00, 0x25, 0xE3, 0x99, 0xF2, 0x90, 0x37, 0x12, 0xCC, 0xF3,     /* y */
-               0xEA, 0x9E, 0x3A, 0x1A, 0xD1, 0x7F, 0xB0, 0xB3, 0x20, 0x1B,
-               0x6A, 0xF7, 0xCE, 0x1B, 0x05,
-               0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
-               0x00, 0x00, 0x00, 0xC7, 0xF3, 0x4A, 0x77, 0x8F, 0x44, 0x3A,
-               0xCC, 0x92, 0x0E, 0xBA, 0x49
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 25 * 6];
-}
- _EC_SECG_CHAR2_193R2 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 25, 2
-       },
-       {
-               0x10, 0xB7, 0xB4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15,     /* seed */
-               0x17, 0x51, 0x37, 0xC8, 0xA1, 0x6F, 0xD0, 0xDA, 0x22, 0x11,
-
-               0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x80, 0x01,
-               0x01, 0x63, 0xF3, 0x5A, 0x51, 0x37, 0xC2, 0xCE, 0x3E, 0xA6,     /* a */
-               0xED, 0x86, 0x67, 0x19, 0x0B, 0x0B, 0xC4, 0x3E, 0xCD, 0x69,
-               0x97, 0x77, 0x02, 0x70, 0x9B,
-               0x00, 0xC9, 0xBB, 0x9E, 0x89, 0x27, 0xD4, 0xD6, 0x4C, 0x37,     /* b */
-               0x7E, 0x2A, 0xB2, 0x85, 0x6A, 0x5B, 0x16, 0xE3, 0xEF, 0xB7,
-               0xF6, 0x1D, 0x43, 0x16, 0xAE,
-               0x00, 0xD9, 0xB6, 0x7D, 0x19, 0x2E, 0x03, 0x67, 0xC8, 0x03,     /* x */
-               0xF3, 0x9E, 0x1A, 0x7E, 0x82, 0xCA, 0x14, 0xA6, 0x51, 0x35,
-               0x0A, 0xAE, 0x61, 0x7E, 0x8F,
-               0x01, 0xCE, 0x94, 0x33, 0x56, 0x07, 0xC3, 0x04, 0xAC, 0x29,     /* y */
-               0xE7, 0xDE, 0xFB, 0xD9, 0xCA, 0x01, 0xF5, 0x96, 0xF9, 0x27,
-               0x22, 0x4C, 0xDE, 0xCF, 0x6C,
-               0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
-               0x00, 0x00, 0x01, 0x5A, 0xAB, 0x56, 0x1B, 0x00, 0x54, 0x13,
-               0xCC, 0xD4, 0xEE, 0x99, 0xD5
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 30 * 6];
-}
- _EC_NIST_CHAR2_233K = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 30, 4
-       },
-       {                       /* no seed */
-               0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* b */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-
-               0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1,     /* x */
-               0x29, 0xF2, 0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2,
-               0x6B, 0xF5, 0x0A, 0x4C, 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
-
-               0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F,     /* y */
-               0x55, 0x5A, 0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A,
-               0xEB, 0x9B, 0x56, 0xE0, 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3,
-
-               0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15,
-               0xBC, 0xD4, 0x6E, 0xFB, 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 30 * 6];
-}
- _EC_NIST_CHAR2_233B = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 30, 2
-       },
-       {
-               0x74, 0xD5, 0x9F, 0xF0, 0x7F, 0x6B, 0x41, 0x3D, 0x0E, 0xA1,     /* seed */
-               0x4B, 0x34, 0x4B, 0x20, 0xA2, 0xDB, 0x04, 0x9B, 0x50, 0xC3,
-
-               0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-
-               0x00, 0x66, 0x64, 0x7E, 0xDE, 0x6C, 0x33, 0x2C, 0x7F, 0x8C,     /* b */
-               0x09, 0x23, 0xBB, 0x58, 0x21, 0x3B, 0x33, 0x3B, 0x20, 0xE9,
-               0xCE, 0x42, 0x81, 0xFE, 0x11, 0x5F, 0x7D, 0x8F, 0x90, 0xAD,
-
-               0x00, 0xFA, 0xC9, 0xDF, 0xCB, 0xAC, 0x83, 0x13, 0xBB, 0x21,     /* x */
-               0x39, 0xF1, 0xBB, 0x75, 0x5F, 0xEF, 0x65, 0xBC, 0x39, 0x1F,
-               0x8B, 0x36, 0xF8, 0xF8, 0xEB, 0x73, 0x71, 0xFD, 0x55, 0x8B,
-
-               0x01, 0x00, 0x6A, 0x08, 0xA4, 0x19, 0x03, 0x35, 0x06, 0x78,     /* y */
-               0xE5, 0x85, 0x28, 0xBE, 0xBF, 0x8A, 0x0B, 0xEF, 0xF8, 0x67,
-               0xA7, 0xCA, 0x36, 0x71, 0x6F, 0x7E, 0x01, 0xF8, 0x10, 0x52,
-
-               0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0xE9, 0x74, 0xE7, 0x2F,
-               0x8A, 0x69, 0x22, 0x03, 0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 30 * 6];
-}
- _EC_SECG_CHAR2_239K1 = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 30, 4
-       },
-       {                       /* no seed */
-               0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* b */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-
-               0x29, 0xA0, 0xB6, 0xA8, 0x87, 0xA9, 0x83, 0xE9, 0x73, 0x09,     /* x */
-               0x88, 0xA6, 0x87, 0x27, 0xA8, 0xB2, 0xD1, 0x26, 0xC4, 0x4C,
-               0xC2, 0xCC, 0x7B, 0x2A, 0x65, 0x55, 0x19, 0x30, 0x35, 0xDC,
-
-               0x76, 0x31, 0x08, 0x04, 0xF1, 0x2E, 0x54, 0x9B, 0xDB, 0x01,     /* y */
-               0x1C, 0x10, 0x30, 0x89, 0xE7, 0x35, 0x10, 0xAC, 0xB2, 0x75,
-               0xFC, 0x31, 0x2A, 0x5D, 0xC6, 0xB7, 0x65, 0x53, 0xF0, 0xCA,
-
-               0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x5A, 0x79, 0xFE, 0xC6, 0x7C,
-               0xB6, 0xE9, 0x1F, 0x1C, 0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 36 * 6];
-}
- _EC_NIST_CHAR2_283K = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 36, 4
-       },
-       {                       /* no seed */
-               0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x10, 0xA1,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* b */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-               0x05, 0x03, 0x21, 0x3F, 0x78, 0xCA, 0x44, 0x88, 0x3F, 0x1A,     /* x */
-               0x3B, 0x81, 0x62, 0xF1, 0x88, 0xE5, 0x53, 0xCD, 0x26, 0x5F,
-               0x23, 0xC1, 0x56, 0x7A, 0x16, 0x87, 0x69, 0x13, 0xB0, 0xC2,
-               0xAC, 0x24, 0x58, 0x49, 0x28, 0x36,
-               0x01, 0xCC, 0xDA, 0x38, 0x0F, 0x1C, 0x9E, 0x31, 0x8D, 0x90,     /* y */
-               0xF9, 0x5D, 0x07, 0xE5, 0x42, 0x6F, 0xE8, 0x7E, 0x45, 0xC0,
-               0xE8, 0x18, 0x46, 0x98, 0xE4, 0x59, 0x62, 0x36, 0x4E, 0x34,
-               0x11, 0x61, 0x77, 0xDD, 0x22, 0x59,
-               0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* order */
-               0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE9, 0xAE,
-               0x2E, 0xD0, 0x75, 0x77, 0x26, 0x5D, 0xFF, 0x7F, 0x94, 0x45,
-               0x1E, 0x06, 0x1E, 0x16, 0x3C, 0x61
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 36 * 6];
-}
- _EC_NIST_CHAR2_283B = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 36, 2
-       },
-       {
-               0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D,     /* no seed */
-               0xD5, 0xB6, 0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE,
-
-               0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x10, 0xA1,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-               0x02, 0x7B, 0x68, 0x0A, 0xC8, 0xB8, 0x59, 0x6D, 0xA5, 0xA4,     /* b */
-               0xAF, 0x8A, 0x19, 0xA0, 0x30, 0x3F, 0xCA, 0x97, 0xFD, 0x76,
-               0x45, 0x30, 0x9F, 0xA2, 0xA5, 0x81, 0x48, 0x5A, 0xF6, 0x26,
-               0x3E, 0x31, 0x3B, 0x79, 0xA2, 0xF5,
-               0x05, 0xF9, 0x39, 0x25, 0x8D, 0xB7, 0xDD, 0x90, 0xE1, 0x93,     /* x */
-               0x4F, 0x8C, 0x70, 0xB0, 0xDF, 0xEC, 0x2E, 0xED, 0x25, 0xB8,
-               0x55, 0x7E, 0xAC, 0x9C, 0x80, 0xE2, 0xE1, 0x98, 0xF8, 0xCD,
-               0xBE, 0xCD, 0x86, 0xB1, 0x20, 0x53,
-               0x03, 0x67, 0x68, 0x54, 0xFE, 0x24, 0x14, 0x1C, 0xB9, 0x8F,     /* y */
-               0xE6, 0xD4, 0xB2, 0x0D, 0x02, 0xB4, 0x51, 0x6F, 0xF7, 0x02,
-               0x35, 0x0E, 0xDD, 0xB0, 0x82, 0x67, 0x79, 0xC8, 0x13, 0xF0,
-               0xDF, 0x45, 0xBE, 0x81, 0x12, 0xF4,
-               0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* order */
-               0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEF, 0x90,
-               0x39, 0x96, 0x60, 0xFC, 0x93, 0x8A, 0x90, 0x16, 0x5B, 0x04,
-               0x2A, 0x7C, 0xEF, 0xAD, 0xB3, 0x07
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 52 * 6];
-}
- _EC_NIST_CHAR2_409K = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 52, 4
-       },
-       {                       /* no seed */
-               0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x01,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* b */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x01,
-               0x00, 0x60, 0xF0, 0x5F, 0x65, 0x8F, 0x49, 0xC1, 0xAD, 0x3A,     /* x */
-               0xB1, 0x89, 0x0F, 0x71, 0x84, 0x21, 0x0E, 0xFD, 0x09, 0x87,
-               0xE3, 0x07, 0xC8, 0x4C, 0x27, 0xAC, 0xCF, 0xB8, 0xF9, 0xF6,
-               0x7C, 0xC2, 0xC4, 0x60, 0x18, 0x9E, 0xB5, 0xAA, 0xAA, 0x62,
-               0xEE, 0x22, 0x2E, 0xB1, 0xB3, 0x55, 0x40, 0xCF, 0xE9, 0x02,
-               0x37, 0x46,
-               0x01, 0xE3, 0x69, 0x05, 0x0B, 0x7C, 0x4E, 0x42, 0xAC, 0xBA,     /* y */
-               0x1D, 0xAC, 0xBF, 0x04, 0x29, 0x9C, 0x34, 0x60, 0x78, 0x2F,
-               0x91, 0x8E, 0xA4, 0x27, 0xE6, 0x32, 0x51, 0x65, 0xE9, 0xEA,
-               0x10, 0xE3, 0xDA, 0x5F, 0x6C, 0x42, 0xE9, 0xC5, 0x52, 0x15,
-               0xAA, 0x9C, 0xA2, 0x7A, 0x58, 0x63, 0xEC, 0x48, 0xD8, 0xE0,
-               0x28, 0x6B,
-               0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* order */
-               0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-               0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0x5F, 0x83, 0xB2,
-               0xD4, 0xEA, 0x20, 0x40, 0x0E, 0xC4, 0x55, 0x7D, 0x5E, 0xD3,
-               0xE3, 0xE7, 0xCA, 0x5B, 0x4B, 0x5C, 0x83, 0xB8, 0xE0, 0x1E,
-               0x5F, 0xCF
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 52 * 6];
-}
- _EC_NIST_CHAR2_409B = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 52, 2
-       },
-       {
-               0x40, 0x99, 0xB5, 0xA4, 0x57, 0xF9, 0xD6, 0x9F, 0x79, 0x21,     /* seed */
-               0x3D, 0x09, 0x4C, 0x4B, 0xCD, 0x4D, 0x42, 0x62, 0x21, 0x0B,
-
-               0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x01,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x01,
-               0x00, 0x21, 0xA5, 0xC2, 0xC8, 0xEE, 0x9F, 0xEB, 0x5C, 0x4B,     /* b */
-               0x9A, 0x75, 0x3B, 0x7B, 0x47, 0x6B, 0x7F, 0xD6, 0x42, 0x2E,
-               0xF1, 0xF3, 0xDD, 0x67, 0x47, 0x61, 0xFA, 0x99, 0xD6, 0xAC,
-               0x27, 0xC8, 0xA9, 0xA1, 0x97, 0xB2, 0x72, 0x82, 0x2F, 0x6C,
-               0xD5, 0x7A, 0x55, 0xAA, 0x4F, 0x50, 0xAE, 0x31, 0x7B, 0x13,
-               0x54, 0x5F,
-               0x01, 0x5D, 0x48, 0x60, 0xD0, 0x88, 0xDD, 0xB3, 0x49, 0x6B,     /* x */
-               0x0C, 0x60, 0x64, 0x75, 0x62, 0x60, 0x44, 0x1C, 0xDE, 0x4A,
-               0xF1, 0x77, 0x1D, 0x4D, 0xB0, 0x1F, 0xFE, 0x5B, 0x34, 0xE5,
-               0x97, 0x03, 0xDC, 0x25, 0x5A, 0x86, 0x8A, 0x11, 0x80, 0x51,
-               0x56, 0x03, 0xAE, 0xAB, 0x60, 0x79, 0x4E, 0x54, 0xBB, 0x79,
-               0x96, 0xA7,
-               0x00, 0x61, 0xB1, 0xCF, 0xAB, 0x6B, 0xE5, 0xF3, 0x2B, 0xBF,     /* y */
-               0xA7, 0x83, 0x24, 0xED, 0x10, 0x6A, 0x76, 0x36, 0xB9, 0xC5,
-               0xA7, 0xBD, 0x19, 0x8D, 0x01, 0x58, 0xAA, 0x4F, 0x54, 0x88,
-               0xD0, 0x8F, 0x38, 0x51, 0x4F, 0x1F, 0xDF, 0x4B, 0x4F, 0x40,
-               0xD2, 0x18, 0x1B, 0x36, 0x81, 0xC3, 0x64, 0xBA, 0x02, 0x73,
-               0xC7, 0x06,
-               0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xE2, 0xAA, 0xD6,
-               0xA6, 0x12, 0xF3, 0x33, 0x07, 0xBE, 0x5F, 0xA4, 0x7C, 0x3C,
-               0x9E, 0x05, 0x2F, 0x83, 0x81, 0x64, 0xCD, 0x37, 0xD9, 0xA2,
-               0x11, 0x73
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 72 * 6];
-}
- _EC_NIST_CHAR2_571K = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 72, 4
-       },
-       {                       /* no seed */
-               0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x04, 0x25,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* b */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x01,
-               0x02, 0x6E, 0xB7, 0xA8, 0x59, 0x92, 0x3F, 0xBC, 0x82, 0x18,     /* x */
-               0x96, 0x31, 0xF8, 0x10, 0x3F, 0xE4, 0xAC, 0x9C, 0xA2, 0x97,
-               0x00, 0x12, 0xD5, 0xD4, 0x60, 0x24, 0x80, 0x48, 0x01, 0x84,
-               0x1C, 0xA4, 0x43, 0x70, 0x95, 0x84, 0x93, 0xB2, 0x05, 0xE6,
-               0x47, 0xDA, 0x30, 0x4D, 0xB4, 0xCE, 0xB0, 0x8C, 0xBB, 0xD1,
-               0xBA, 0x39, 0x49, 0x47, 0x76, 0xFB, 0x98, 0x8B, 0x47, 0x17,
-               0x4D, 0xCA, 0x88, 0xC7, 0xE2, 0x94, 0x52, 0x83, 0xA0, 0x1C,
-               0x89, 0x72,
-               0x03, 0x49, 0xDC, 0x80, 0x7F, 0x4F, 0xBF, 0x37, 0x4F, 0x4A,     /* y */
-               0xEA, 0xDE, 0x3B, 0xCA, 0x95, 0x31, 0x4D, 0xD5, 0x8C, 0xEC,
-               0x9F, 0x30, 0x7A, 0x54, 0xFF, 0xC6, 0x1E, 0xFC, 0x00, 0x6D,
-               0x8A, 0x2C, 0x9D, 0x49, 0x79, 0xC0, 0xAC, 0x44, 0xAE, 0xA7,
-               0x4F, 0xBE, 0xBB, 0xB9, 0xF7, 0x72, 0xAE, 0xDC, 0xB6, 0x20,
-               0xB0, 0x1A, 0x7B, 0xA7, 0xAF, 0x1B, 0x32, 0x04, 0x30, 0xC8,
-               0x59, 0x19, 0x84, 0xF6, 0x01, 0xCD, 0x4C, 0x14, 0x3E, 0xF1,
-               0xC7, 0xA3,
-               0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x18, 0x50, 0xE1,
-               0xF1, 0x9A, 0x63, 0xE4, 0xB3, 0x91, 0xA8, 0xDB, 0x91, 0x7F,
-               0x41, 0x38, 0xB6, 0x30, 0xD8, 0x4B, 0xE5, 0xD6, 0x39, 0x38,
-               0x1E, 0x91, 0xDE, 0xB4, 0x5C, 0xFE, 0x77, 0x8F, 0x63, 0x7C,
-               0x10, 0x01
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 72 * 6];
-}
- _EC_NIST_CHAR2_571B = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 72, 2
-       },
-       {
-               0x2A, 0xA0, 0x58, 0xF7, 0x3A, 0x0E, 0x33, 0xAB, 0x48, 0x6B,     /* seed */
-               0x0F, 0x61, 0x04, 0x10, 0xC5, 0x3A, 0x7F, 0x13, 0x23, 0x10,
-
-               0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x04, 0x25,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x01,
-               0x02, 0xF4, 0x0E, 0x7E, 0x22, 0x21, 0xF2, 0x95, 0xDE, 0x29,     /* b */
-               0x71, 0x17, 0xB7, 0xF3, 0xD6, 0x2F, 0x5C, 0x6A, 0x97, 0xFF,
-               0xCB, 0x8C, 0xEF, 0xF1, 0xCD, 0x6B, 0xA8, 0xCE, 0x4A, 0x9A,
-               0x18, 0xAD, 0x84, 0xFF, 0xAB, 0xBD, 0x8E, 0xFA, 0x59, 0x33,
-               0x2B, 0xE7, 0xAD, 0x67, 0x56, 0xA6, 0x6E, 0x29, 0x4A, 0xFD,
-               0x18, 0x5A, 0x78, 0xFF, 0x12, 0xAA, 0x52, 0x0E, 0x4D, 0xE7,
-               0x39, 0xBA, 0xCA, 0x0C, 0x7F, 0xFE, 0xFF, 0x7F, 0x29, 0x55,
-               0x72, 0x7A,
-               0x03, 0x03, 0x00, 0x1D, 0x34, 0xB8, 0x56, 0x29, 0x6C, 0x16,     /* x */
-               0xC0, 0xD4, 0x0D, 0x3C, 0xD7, 0x75, 0x0A, 0x93, 0xD1, 0xD2,
-               0x95, 0x5F, 0xA8, 0x0A, 0xA5, 0xF4, 0x0F, 0xC8, 0xDB, 0x7B,
-               0x2A, 0xBD, 0xBD, 0xE5, 0x39, 0x50, 0xF4, 0xC0, 0xD2, 0x93,
-               0xCD, 0xD7, 0x11, 0xA3, 0x5B, 0x67, 0xFB, 0x14, 0x99, 0xAE,
-               0x60, 0x03, 0x86, 0x14, 0xF1, 0x39, 0x4A, 0xBF, 0xA3, 0xB4,
-               0xC8, 0x50, 0xD9, 0x27, 0xE1, 0xE7, 0x76, 0x9C, 0x8E, 0xEC,
-               0x2D, 0x19,
-               0x03, 0x7B, 0xF2, 0x73, 0x42, 0xDA, 0x63, 0x9B, 0x6D, 0xCC,     /* y */
-               0xFF, 0xFE, 0xB7, 0x3D, 0x69, 0xD7, 0x8C, 0x6C, 0x27, 0xA6,
-               0x00, 0x9C, 0xBB, 0xCA, 0x19, 0x80, 0xF8, 0x53, 0x39, 0x21,
-               0xE8, 0xA6, 0x84, 0x42, 0x3E, 0x43, 0xBA, 0xB0, 0x8A, 0x57,
-               0x62, 0x91, 0xAF, 0x8F, 0x46, 0x1B, 0xB2, 0xA8, 0xB3, 0x53,
-               0x1D, 0x2F, 0x04, 0x85, 0xC1, 0x9B, 0x16, 0xE2, 0xF1, 0x51,
-               0x6E, 0x23, 0xDD, 0x3C, 0x1A, 0x48, 0x27, 0xAF, 0x1B, 0x8A,
-               0xC1, 0x5B,
-               0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* order */
-               0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-               0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-               0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE6, 0x61, 0xCE, 0x18,
-               0xFF, 0x55, 0x98, 0x73, 0x08, 0x05, 0x9B, 0x18, 0x68, 0x23,
-               0x85, 0x1E, 0xC7, 0xDD, 0x9C, 0xA1, 0x16, 0x1D, 0xE9, 0x3D,
-               0x51, 0x74, 0xD6, 0x6E, 0x83, 0x82, 0xE9, 0xBB, 0x2F, 0xE8,
-               0x4E, 0x47
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 21 * 6];
-}
- _EC_X9_62_CHAR2_163V1 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 21, 2
-       },
-       {
-               0xD2, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE,
-               0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x54,     /* seed */
-
-               0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-               0x07,
-               0x07, 0x25, 0x46, 0xB5, 0x43, 0x52, 0x34, 0xA4, 0x22, 0xE0,     /* a */
-               0x78, 0x96, 0x75, 0xF4, 0x32, 0xC8, 0x94, 0x35, 0xDE, 0x52,
-               0x42,
-               0x00, 0xC9, 0x51, 0x7D, 0x06, 0xD5, 0x24, 0x0D, 0x3C, 0xFF,     /* b */
-               0x38, 0xC7, 0x4B, 0x20, 0xB6, 0xCD, 0x4D, 0x6F, 0x9D, 0xD4,
-               0xD9,
-               0x07, 0xAF, 0x69, 0x98, 0x95, 0x46, 0x10, 0x3D, 0x79, 0x32,     /* x */
-               0x9F, 0xCC, 0x3D, 0x74, 0x88, 0x0F, 0x33, 0xBB, 0xE8, 0x03,
-               0xCB,
-               0x01, 0xEC, 0x23, 0x21, 0x1B, 0x59, 0x66, 0xAD, 0xEA, 0x1D,     /* y */
-               0x3F, 0x87, 0xF7, 0xEA, 0x58, 0x48, 0xAE, 0xF0, 0xB7, 0xCA,
-               0x9F,
-               0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
-               0x01, 0xE6, 0x0F, 0xC8, 0x82, 0x1C, 0xC7, 0x4D, 0xAE, 0xAF,
-               0xC1
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 21 * 6];
-}
- _EC_X9_62_CHAR2_163V2 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 21, 2
-       },
-       {
-               0x53, 0x81, 0x4C, 0x05, 0x0D, 0x44, 0xD6, 0x96, 0xE6, 0x76,     /* seed */
-               0x87, 0x56, 0x15, 0x17, 0x58, 0x0C, 0xA4, 0xE2, 0x9F, 0xFD,
-
-               0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-               0x07,
-               0x01, 0x08, 0xB3, 0x9E, 0x77, 0xC4, 0xB1, 0x08, 0xBE, 0xD9,     /* a */
-               0x81, 0xED, 0x0E, 0x89, 0x0E, 0x11, 0x7C, 0x51, 0x1C, 0xF0,
-               0x72,
-               0x06, 0x67, 0xAC, 0xEB, 0x38, 0xAF, 0x4E, 0x48, 0x8C, 0x40,     /* b */
-               0x74, 0x33, 0xFF, 0xAE, 0x4F, 0x1C, 0x81, 0x16, 0x38, 0xDF,
-               0x20,
-               0x00, 0x24, 0x26, 0x6E, 0x4E, 0xB5, 0x10, 0x6D, 0x0A, 0x96,     /* x */
-               0x4D, 0x92, 0xC4, 0x86, 0x0E, 0x26, 0x71, 0xDB, 0x9B, 0x6C,
-               0xC5,
-               0x07, 0x9F, 0x68, 0x4D, 0xDF, 0x66, 0x84, 0xC5, 0xCD, 0x25,     /* y */
-               0x8B, 0x38, 0x90, 0x02, 0x1B, 0x23, 0x86, 0xDF, 0xD1, 0x9F,
-               0xC5,
-               0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* order */
-               0xFD, 0xF6, 0x4D, 0xE1, 0x15, 0x1A, 0xDB, 0xB7, 0x8F, 0x10,
-               0xA7
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 21 * 6];
-}
- _EC_X9_62_CHAR2_163V3 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 21, 2
-       },
-       {
-               0x50, 0xCB, 0xF1, 0xD9, 0x5C, 0xA9, 0x4D, 0x69, 0x6E, 0x67,     /* seed */
-               0x68, 0x75, 0x61, 0x51, 0x75, 0xF1, 0x6A, 0x36, 0xA3, 0xB8,
-
-               0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-               0x07,
-               0x07, 0xA5, 0x26, 0xC6, 0x3D, 0x3E, 0x25, 0xA2, 0x56, 0xA0,     /* a */
-               0x07, 0x69, 0x9F, 0x54, 0x47, 0xE3, 0x2A, 0xE4, 0x56, 0xB5,
-               0x0E,
-               0x03, 0xF7, 0x06, 0x17, 0x98, 0xEB, 0x99, 0xE2, 0x38, 0xFD,     /* b */
-               0x6F, 0x1B, 0xF9, 0x5B, 0x48, 0xFE, 0xEB, 0x48, 0x54, 0x25,
-               0x2B,
-               0x02, 0xF9, 0xF8, 0x7B, 0x7C, 0x57, 0x4D, 0x0B, 0xDE, 0xCF,     /* x */
-               0x8A, 0x22, 0xE6, 0x52, 0x47, 0x75, 0xF9, 0x8C, 0xDE, 0xBD,
-               0xCB,
-               0x05, 0xB9, 0x35, 0x59, 0x0C, 0x15, 0x5E, 0x17, 0xEA, 0x48,     /* y */
-               0xEB, 0x3F, 0xF3, 0x71, 0x8B, 0x89, 0x3D, 0xF5, 0x9A, 0x05,
-               0xD0,
-               0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* order */
-               0xFE, 0x1A, 0xEE, 0x14, 0x0F, 0x11, 0x0A, 0xFF, 0x96, 0x13,
-               0x09
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 23 * 6];
-}
- _EC_X9_62_CHAR2_176V1 = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 23, 0xFF6E
-       },
-       {                       /* no seed */
-               0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00,
-               0x00, 0x00, 0x07,
-               0x00, 0xE4, 0xE6, 0xDB, 0x29, 0x95, 0x06, 0x5C, 0x40, 0x7D,     /* a */
-               0x9D, 0x39, 0xB8, 0xD0, 0x96, 0x7B, 0x96, 0x70, 0x4B, 0xA8,
-               0xE9, 0xC9, 0x0B,
-               0x00, 0x5D, 0xDA, 0x47, 0x0A, 0xBE, 0x64, 0x14, 0xDE, 0x8E,     /* b */
-               0xC1, 0x33, 0xAE, 0x28, 0xE9, 0xBB, 0xD7, 0xFC, 0xEC, 0x0A,
-               0xE0, 0xFF, 0xF2,
-               0x00, 0x8D, 0x16, 0xC2, 0x86, 0x67, 0x98, 0xB6, 0x00, 0xF9,     /* x */
-               0xF0, 0x8B, 0xB4, 0xA8, 0xE8, 0x60, 0xF3, 0x29, 0x8C, 0xE0,
-               0x4A, 0x57, 0x98,
-               0x00, 0x6F, 0xA4, 0x53, 0x9C, 0x2D, 0xAD, 0xDD, 0xD6, 0xBA,     /* y */
-               0xB5, 0x16, 0x7D, 0x61, 0xB4, 0x36, 0xE1, 0xD9, 0x2B, 0xB1,
-               0x6A, 0x56, 0x2C,
-               0x00, 0x00, 0x01, 0x00, 0x92, 0x53, 0x73, 0x97, 0xEC, 0xA4,     /* order */
-               0xF6, 0x14, 0x57, 0x99, 0xD6, 0x2B, 0x0A, 0x19, 0xCE, 0x06,
-               0xFE, 0x26, 0xAD
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 24 * 6];
-}
- _EC_X9_62_CHAR2_191V1 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 24, 2
-       },
-       {
-               0x4E, 0x13, 0xCA, 0x54, 0x27, 0x44, 0xD6, 0x96, 0xE6, 0x76,     /* seed */
-               0x87, 0x56, 0x15, 0x17, 0x55, 0x2F, 0x27, 0x9A, 0x8C, 0x84,
-
-               0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x02, 0x01,
-               0x28, 0x66, 0x53, 0x7B, 0x67, 0x67, 0x52, 0x63, 0x6A, 0x68,     /* a */
-               0xF5, 0x65, 0x54, 0xE1, 0x26, 0x40, 0x27, 0x6B, 0x64, 0x9E,
-               0xF7, 0x52, 0x62, 0x67,
-               0x2E, 0x45, 0xEF, 0x57, 0x1F, 0x00, 0x78, 0x6F, 0x67, 0xB0,     /* b */
-               0x08, 0x1B, 0x94, 0x95, 0xA3, 0xD9, 0x54, 0x62, 0xF5, 0xDE,
-               0x0A, 0xA1, 0x85, 0xEC,
-               0x36, 0xB3, 0xDA, 0xF8, 0xA2, 0x32, 0x06, 0xF9, 0xC4, 0xF2,     /* x */
-               0x99, 0xD7, 0xB2, 0x1A, 0x9C, 0x36, 0x91, 0x37, 0xF2, 0xC8,
-               0x4A, 0xE1, 0xAA, 0x0D,
-               0x76, 0x5B, 0xE7, 0x34, 0x33, 0xB3, 0xF9, 0x5E, 0x33, 0x29,     /* y */
-               0x32, 0xE7, 0x0E, 0xA2, 0x45, 0xCA, 0x24, 0x18, 0xEA, 0x0E,
-               0xF9, 0x80, 0x18, 0xFB,
-               0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
-               0x00, 0x00, 0x04, 0xA2, 0x0E, 0x90, 0xC3, 0x90, 0x67, 0xC8,
-               0x93, 0xBB, 0xB9, 0xA5
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 24 * 6];
-}
- _EC_X9_62_CHAR2_191V2 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 24, 4
-       },
-       {
-               0x08, 0x71, 0xEF, 0x2F, 0xEF, 0x24, 0xD6, 0x96, 0xE6, 0x76,     /* seed */
-               0x87, 0x56, 0x15, 0x17, 0x58, 0xBE, 0xE0, 0xD9, 0x5C, 0x15,
-
-               0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x02, 0x01,
-               0x40, 0x10, 0x28, 0x77, 0x4D, 0x77, 0x77, 0xC7, 0xB7, 0x66,     /* a */
-               0x6D, 0x13, 0x66, 0xEA, 0x43, 0x20, 0x71, 0x27, 0x4F, 0x89,
-               0xFF, 0x01, 0xE7, 0x18,
-               0x06, 0x20, 0x04, 0x8D, 0x28, 0xBC, 0xBD, 0x03, 0xB6, 0x24,     /* b */
-               0x9C, 0x99, 0x18, 0x2B, 0x7C, 0x8C, 0xD1, 0x97, 0x00, 0xC3,
-               0x62, 0xC4, 0x6A, 0x01,
-               0x38, 0x09, 0xB2, 0xB7, 0xCC, 0x1B, 0x28, 0xCC, 0x5A, 0x87,     /* x */
-               0x92, 0x6A, 0xAD, 0x83, 0xFD, 0x28, 0x78, 0x9E, 0x81, 0xE2,
-               0xC9, 0xE3, 0xBF, 0x10,
-               0x17, 0x43, 0x43, 0x86, 0x62, 0x6D, 0x14, 0xF3, 0xDB, 0xF0,     /* y */
-               0x17, 0x60, 0xD9, 0x21, 0x3A, 0x3E, 0x1C, 0xF3, 0x7A, 0xEC,
-               0x43, 0x7D, 0x66, 0x8A,
-               0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
-               0x00, 0x00, 0x50, 0x50, 0x8C, 0xB8, 0x9F, 0x65, 0x28, 0x24,
-               0xE0, 0x6B, 0x81, 0x73
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 24 * 6];
-}
- _EC_X9_62_CHAR2_191V3 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 24, 6
-       },
-       {
-               0xE0, 0x53, 0x51, 0x2D, 0xC6, 0x84, 0xD6, 0x96, 0xE6, 0x76,     /* seed */
-               0x87, 0x56, 0x15, 0x17, 0x50, 0x67, 0xAE, 0x78, 0x6D, 0x1F,
-
-               0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x02, 0x01,
-               0x6C, 0x01, 0x07, 0x47, 0x56, 0x09, 0x91, 0x22, 0x22, 0x10,     /* a */
-               0x56, 0x91, 0x1C, 0x77, 0xD7, 0x7E, 0x77, 0xA7, 0x77, 0xE7,
-               0xE7, 0xE7, 0x7F, 0xCB,
-               0x71, 0xFE, 0x1A, 0xF9, 0x26, 0xCF, 0x84, 0x79, 0x89, 0xEF,     /* b */
-               0xEF, 0x8D, 0xB4, 0x59, 0xF6, 0x63, 0x94, 0xD9, 0x0F, 0x32,
-               0xAD, 0x3F, 0x15, 0xE8,
-               0x37, 0x5D, 0x4C, 0xE2, 0x4F, 0xDE, 0x43, 0x44, 0x89, 0xDE,     /* x */
-               0x87, 0x46, 0xE7, 0x17, 0x86, 0x01, 0x50, 0x09, 0xE6, 0x6E,
-               0x38, 0xA9, 0x26, 0xDD,
-               0x54, 0x5A, 0x39, 0x17, 0x61, 0x96, 0x57, 0x5D, 0x98, 0x59,     /* y */
-               0x99, 0x36, 0x6E, 0x6A, 0xD3, 0x4C, 0xE0, 0xA7, 0x7C, 0xD7,
-               0x12, 0x7B, 0x06, 0xBE,
-               0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,     /* order */
-               0x55, 0x55, 0x61, 0x0C, 0x0B, 0x19, 0x68, 0x12, 0xBF, 0xB6,
-               0x28, 0x8A, 0x3E, 0xA3
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 27 * 6];
-}
- _EC_X9_62_CHAR2_208W1 = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 27, 0xFE48
-       },
-       {                       /* no seed */
-               0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0xC8, 0x61, 0x9E, 0xD4, 0x5A, 0x62, 0xE6, 0x21, 0x2E,     /* b */
-               0x11, 0x60, 0x34, 0x9E, 0x2B, 0xFA, 0x84, 0x44, 0x39, 0xFA,
-               0xFC, 0x2A, 0x3F, 0xD1, 0x63, 0x8F, 0x9E,
-               0x00, 0x89, 0xFD, 0xFB, 0xE4, 0xAB, 0xE1, 0x93, 0xDF, 0x95,     /* x */
-               0x59, 0xEC, 0xF0, 0x7A, 0xC0, 0xCE, 0x78, 0x55, 0x4E, 0x27,
-               0x84, 0xEB, 0x8C, 0x1E, 0xD1, 0xA5, 0x7A,
-               0x00, 0x0F, 0x55, 0xB5, 0x1A, 0x06, 0xE7, 0x8E, 0x9A, 0xC3,     /* y */
-               0x8A, 0x03, 0x5F, 0xF5, 0x20, 0xD8, 0xB0, 0x17, 0x81, 0xBE,
-               0xB1, 0xA6, 0xBB, 0x08, 0x61, 0x7D, 0xE3,
-               0x00, 0x00, 0x01, 0x01, 0xBA, 0xF9, 0x5C, 0x97, 0x23, 0xC5,     /* order */
-               0x7B, 0x6C, 0x21, 0xDA, 0x2E, 0xFF, 0x2D, 0x5E, 0xD5, 0x88,
-               0xBD, 0xD5, 0x71, 0x7E, 0x21, 0x2F, 0x9D
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 30 * 6];
-}
- _EC_X9_62_CHAR2_239V1 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 30, 4
-       },
-       {
-               0xD3, 0x4B, 0x9A, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,     /* seed */
-               0x51, 0x75, 0xCA, 0x71, 0xB9, 0x20, 0xBF, 0xEF, 0xB0, 0x5D,
-
-               0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x01,
-
-               0x32, 0x01, 0x08, 0x57, 0x07, 0x7C, 0x54, 0x31, 0x12, 0x3A,     /* a */
-               0x46, 0xB8, 0x08, 0x90, 0x67, 0x56, 0xF5, 0x43, 0x42, 0x3E,
-               0x8D, 0x27, 0x87, 0x75, 0x78, 0x12, 0x57, 0x78, 0xAC, 0x76,
-
-               0x79, 0x04, 0x08, 0xF2, 0xEE, 0xDA, 0xF3, 0x92, 0xB0, 0x12,     /* b */
-               0xED, 0xEF, 0xB3, 0x39, 0x2F, 0x30, 0xF4, 0x32, 0x7C, 0x0C,
-               0xA3, 0xF3, 0x1F, 0xC3, 0x83, 0xC4, 0x22, 0xAA, 0x8C, 0x16,
-
-               0x57, 0x92, 0x70, 0x98, 0xFA, 0x93, 0x2E, 0x7C, 0x0A, 0x96,     /* x */
-               0xD3, 0xFD, 0x5B, 0x70, 0x6E, 0xF7, 0xE5, 0xF5, 0xC1, 0x56,
-               0xE1, 0x6B, 0x7E, 0x7C, 0x86, 0x03, 0x85, 0x52, 0xE9, 0x1D,
-
-               0x61, 0xD8, 0xEE, 0x50, 0x77, 0xC3, 0x3F, 0xEC, 0xF6, 0xF1,     /* y */
-               0xA1, 0x6B, 0x26, 0x8D, 0xE4, 0x69, 0xC3, 0xC7, 0x74, 0x4E,
-               0xA9, 0xA9, 0x71, 0x64, 0x9F, 0xC7, 0xA9, 0x61, 0x63, 0x05,
-
-               0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* order */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x0F, 0x4D, 0x42, 0xFF, 0xE1,
-               0x49, 0x2A, 0x49, 0x93, 0xF1, 0xCA, 0xD6, 0x66, 0xE4, 0x47
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 30 * 6];
-}
- _EC_X9_62_CHAR2_239V2 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 30, 6
-       },
-       {
-               0x2A, 0xA6, 0x98, 0x2F, 0xDF, 0xA4, 0xD6, 0x96, 0xE6, 0x76,     /* seed */
-               0x87, 0x56, 0x15, 0x17, 0x5D, 0x26, 0x67, 0x27, 0x27, 0x7D,
-
-               0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x01,
-
-               0x42, 0x30, 0x01, 0x77, 0x57, 0xA7, 0x67, 0xFA, 0xE4, 0x23,     /* a */
-               0x98, 0x56, 0x9B, 0x74, 0x63, 0x25, 0xD4, 0x53, 0x13, 0xAF,
-               0x07, 0x66, 0x26, 0x64, 0x79, 0xB7, 0x56, 0x54, 0xE6, 0x5F,
-
-               0x50, 0x37, 0xEA, 0x65, 0x41, 0x96, 0xCF, 0xF0, 0xCD, 0x82,     /* b */
-               0xB2, 0xC1, 0x4A, 0x2F, 0xCF, 0x2E, 0x3F, 0xF8, 0x77, 0x52,
-               0x85, 0xB5, 0x45, 0x72, 0x2F, 0x03, 0xEA, 0xCD, 0xB7, 0x4B,
-
-               0x28, 0xF9, 0xD0, 0x4E, 0x90, 0x00, 0x69, 0xC8, 0xDC, 0x47,     /* x */
-               0xA0, 0x85, 0x34, 0xFE, 0x76, 0xD2, 0xB9, 0x00, 0xB7, 0xD7,
-               0xEF, 0x31, 0xF5, 0x70, 0x9F, 0x20, 0x0C, 0x4C, 0xA2, 0x05,
-
-               0x56, 0x67, 0x33, 0x4C, 0x45, 0xAF, 0xF3, 0xB5, 0xA0, 0x3B,     /* y */
-               0xAD, 0x9D, 0xD7, 0x5E, 0x2C, 0x71, 0xA9, 0x93, 0x62, 0x56,
-               0x7D, 0x54, 0x53, 0xF7, 0xFA, 0x6E, 0x22, 0x7E, 0xC8, 0x33,
-
-               0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,     /* order */
-               0x55, 0x55, 0x55, 0x55, 0x55, 0x3C, 0x6F, 0x28, 0x85, 0x25,
-               0x9C, 0x31, 0xE3, 0xFC, 0xDF, 0x15, 0x46, 0x24, 0x52, 0x2D
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 30 * 6];
-}
- _EC_X9_62_CHAR2_239V3 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 30, 0xA
-       },
-       {
-               0x9E, 0x07, 0x6F, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,     /* seed */
-               0x51, 0x75, 0xE1, 0x1E, 0x9F, 0xDD, 0x77, 0xF9, 0x20, 0x41,
-
-               0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x01,
-
-               0x01, 0x23, 0x87, 0x74, 0x66, 0x6A, 0x67, 0x76, 0x6D, 0x66,     /* a */
-               0x76, 0xF7, 0x78, 0xE6, 0x76, 0xB6, 0x69, 0x99, 0x17, 0x66,
-               0x66, 0xE6, 0x87, 0x66, 0x6D, 0x87, 0x66, 0xC6, 0x6A, 0x9F,
-
-               0x6A, 0x94, 0x19, 0x77, 0xBA, 0x9F, 0x6A, 0x43, 0x51, 0x99,     /* b */
-               0xAC, 0xFC, 0x51, 0x06, 0x7E, 0xD5, 0x87, 0xF5, 0x19, 0xC5,
-               0xEC, 0xB5, 0x41, 0xB8, 0xE4, 0x41, 0x11, 0xDE, 0x1D, 0x40,
-
-               0x70, 0xF6, 0xE9, 0xD0, 0x4D, 0x28, 0x9C, 0x4E, 0x89, 0x91,     /* x */
-               0x3C, 0xE3, 0x53, 0x0B, 0xFD, 0xE9, 0x03, 0x97, 0x7D, 0x42,
-               0xB1, 0x46, 0xD5, 0x39, 0xBF, 0x1B, 0xDE, 0x4E, 0x9C, 0x92,
-
-               0x2E, 0x5A, 0x0E, 0xAF, 0x6E, 0x5E, 0x13, 0x05, 0xB9, 0x00,     /* y */
-               0x4D, 0xCE, 0x5C, 0x0E, 0xD7, 0xFE, 0x59, 0xA3, 0x56, 0x08,
-               0xF3, 0x38, 0x37, 0xC8, 0x16, 0xD8, 0x0B, 0x79, 0xF4, 0x61,
-
-               0x0C, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,     /* order */
-               0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xAC, 0x49, 0x12, 0xD2, 0xD9,
-               0xDF, 0x90, 0x3E, 0xF9, 0x88, 0x8B, 0x8A, 0x0E, 0x4C, 0xFF
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 35 * 6];
-}
- _EC_X9_62_CHAR2_272W1 = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 35, 0xFF06
-       },
-       {                       /* no seed */
-               0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x0B,
-               0x00, 0x91, 0xA0, 0x91, 0xF0, 0x3B, 0x5F, 0xBA, 0x4A, 0xB2,     /* a */
-               0xCC, 0xF4, 0x9C, 0x4E, 0xDD, 0x22, 0x0F, 0xB0, 0x28, 0x71,
-               0x2D, 0x42, 0xBE, 0x75, 0x2B, 0x2C, 0x40, 0x09, 0x4D, 0xBA,
-               0xCD, 0xB5, 0x86, 0xFB, 0x20,
-               0x00, 0x71, 0x67, 0xEF, 0xC9, 0x2B, 0xB2, 0xE3, 0xCE, 0x7C,     /* b */
-               0x8A, 0xAA, 0xFF, 0x34, 0xE1, 0x2A, 0x9C, 0x55, 0x70, 0x03,
-               0xD7, 0xC7, 0x3A, 0x6F, 0xAF, 0x00, 0x3F, 0x99, 0xF6, 0xCC,
-               0x84, 0x82, 0xE5, 0x40, 0xF7,
-               0x00, 0x61, 0x08, 0xBA, 0xBB, 0x2C, 0xEE, 0xBC, 0xF7, 0x87,     /* x */
-               0x05, 0x8A, 0x05, 0x6C, 0xBE, 0x0C, 0xFE, 0x62, 0x2D, 0x77,
-               0x23, 0xA2, 0x89, 0xE0, 0x8A, 0x07, 0xAE, 0x13, 0xEF, 0x0D,
-               0x10, 0xD1, 0x71, 0xDD, 0x8D,
-               0x00, 0x10, 0xC7, 0x69, 0x57, 0x16, 0x85, 0x1E, 0xEF, 0x6B,     /* y */
-               0xA7, 0xF6, 0x87, 0x2E, 0x61, 0x42, 0xFB, 0xD2, 0x41, 0xB8,
-               0x30, 0xFF, 0x5E, 0xFC, 0xAC, 0xEC, 0xCA, 0xB0, 0x5E, 0x02,
-               0x00, 0x5D, 0xDE, 0x9D, 0x23,
-               0x00, 0x00, 0x01, 0x00, 0xFA, 0xF5, 0x13, 0x54, 0xE0, 0xE3,     /* order */
-               0x9E, 0x48, 0x92, 0xDF, 0x6E, 0x31, 0x9C, 0x72, 0xC8, 0x16,
-               0x16, 0x03, 0xFA, 0x45, 0xAA, 0x7B, 0x99, 0x8A, 0x16, 0x7B,
-               0x8F, 0x1E, 0x62, 0x95, 0x21
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 39 * 6];
-}
- _EC_X9_62_CHAR2_304W1 = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 39, 0xFE2E
-       },
-       {                       /* no seed */
-               0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x07,
-               0x00, 0xFD, 0x0D, 0x69, 0x31, 0x49, 0xA1, 0x18, 0xF6, 0x51,     /* a */
-               0xE6, 0xDC, 0xE6, 0x80, 0x20, 0x85, 0x37, 0x7E, 0x5F, 0x88,
-               0x2D, 0x1B, 0x51, 0x0B, 0x44, 0x16, 0x00, 0x74, 0xC1, 0x28,
-               0x80, 0x78, 0x36, 0x5A, 0x03, 0x96, 0xC8, 0xE6, 0x81,
-               0x00, 0xBD, 0xDB, 0x97, 0xE5, 0x55, 0xA5, 0x0A, 0x90, 0x8E,     /* b */
-               0x43, 0xB0, 0x1C, 0x79, 0x8E, 0xA5, 0xDA, 0xA6, 0x78, 0x8F,
-               0x1E, 0xA2, 0x79, 0x4E, 0xFC, 0xF5, 0x71, 0x66, 0xB8, 0xC1,
-               0x40, 0x39, 0x60, 0x1E, 0x55, 0x82, 0x73, 0x40, 0xBE,
-               0x00, 0x19, 0x7B, 0x07, 0x84, 0x5E, 0x9B, 0xE2, 0xD9, 0x6A,     /* x */
-               0xDB, 0x0F, 0x5F, 0x3C, 0x7F, 0x2C, 0xFF, 0xBD, 0x7A, 0x3E,
-               0xB8, 0xB6, 0xFE, 0xC3, 0x5C, 0x7F, 0xD6, 0x7F, 0x26, 0xDD,
-               0xF6, 0x28, 0x5A, 0x64, 0x4F, 0x74, 0x0A, 0x26, 0x14,
-               0x00, 0xE1, 0x9F, 0xBE, 0xB7, 0x6E, 0x0D, 0xA1, 0x71, 0x51,     /* y */
-               0x7E, 0xCF, 0x40, 0x1B, 0x50, 0x28, 0x9B, 0xF0, 0x14, 0x10,
-               0x32, 0x88, 0x52, 0x7A, 0x9B, 0x41, 0x6A, 0x10, 0x5E, 0x80,
-               0x26, 0x0B, 0x54, 0x9F, 0xDC, 0x1B, 0x92, 0xC0, 0x3B,
-               0x00, 0x00, 0x01, 0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC,     /* order */
-               0x80, 0x01, 0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC, 0x80,
-               0x01, 0x02, 0x2D, 0x5C, 0x91, 0xDD, 0x17, 0x3F, 0x8F, 0xB5,
-               0x61, 0xDA, 0x68, 0x99, 0x16, 0x44, 0x43, 0x05, 0x1D
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[20 + 45 * 6];
-}
- _EC_X9_62_CHAR2_359V1 = {
-       {
-               NID_X9_62_characteristic_two_field, 20, 45, 0x4C
-       },
-       {
-               0x2B, 0x35, 0x49, 0x20, 0xB7, 0x24, 0xD6, 0x96, 0xE6, 0x76,     /* seed */
-               0x87, 0x56, 0x15, 0x17, 0x58, 0x5B, 0xA1, 0x33, 0x2D, 0xC6,
-
-               0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x01,
-               0x56, 0x67, 0x67, 0x6A, 0x65, 0x4B, 0x20, 0x75, 0x4F, 0x35,     /* a */
-               0x6E, 0xA9, 0x20, 0x17, 0xD9, 0x46, 0x56, 0x7C, 0x46, 0x67,
-               0x55, 0x56, 0xF1, 0x95, 0x56, 0xA0, 0x46, 0x16, 0xB5, 0x67,
-               0xD2, 0x23, 0xA5, 0xE0, 0x56, 0x56, 0xFB, 0x54, 0x90, 0x16,
-               0xA9, 0x66, 0x56, 0xA5, 0x57,
-               0x24, 0x72, 0xE2, 0xD0, 0x19, 0x7C, 0x49, 0x36, 0x3F, 0x1F,     /* b */
-               0xE7, 0xF5, 0xB6, 0xDB, 0x07, 0x5D, 0x52, 0xB6, 0x94, 0x7D,
-               0x13, 0x5D, 0x8C, 0xA4, 0x45, 0x80, 0x5D, 0x39, 0xBC, 0x34,
-               0x56, 0x26, 0x08, 0x96, 0x87, 0x74, 0x2B, 0x63, 0x29, 0xE7,
-               0x06, 0x80, 0x23, 0x19, 0x88,
-               0x3C, 0x25, 0x8E, 0xF3, 0x04, 0x77, 0x67, 0xE7, 0xED, 0xE0,     /* x */
-               0xF1, 0xFD, 0xAA, 0x79, 0xDA, 0xEE, 0x38, 0x41, 0x36, 0x6A,
-               0x13, 0x2E, 0x16, 0x3A, 0xCE, 0xD4, 0xED, 0x24, 0x01, 0xDF,
-               0x9C, 0x6B, 0xDC, 0xDE, 0x98, 0xE8, 0xE7, 0x07, 0xC0, 0x7A,
-               0x22, 0x39, 0xB1, 0xB0, 0x97,
-               0x53, 0xD7, 0xE0, 0x85, 0x29, 0x54, 0x70, 0x48, 0x12, 0x1E,     /* y */
-               0x9C, 0x95, 0xF3, 0x79, 0x1D, 0xD8, 0x04, 0x96, 0x39, 0x48,
-               0xF3, 0x4F, 0xAE, 0x7B, 0xF4, 0x4E, 0xA8, 0x23, 0x65, 0xDC,
-               0x78, 0x68, 0xFE, 0x57, 0xE4, 0xAE, 0x2D, 0xE2, 0x11, 0x30,
-               0x5A, 0x40, 0x71, 0x04, 0xBD,
-               0x01, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1,     /* order */
-               0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1, 0xAF,
-               0x28, 0x6B, 0xC9, 0xFB, 0x8F, 0x6B, 0x85, 0xC5, 0x56, 0x89,
-               0x2C, 0x20, 0xA7, 0xEB, 0x96, 0x4F, 0xE7, 0x71, 0x9E, 0x74,
-               0xF4, 0x90, 0x75, 0x8D, 0x3B
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 47 * 6];
-}
- _EC_X9_62_CHAR2_368W1 = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 47, 0xFF70
-       },
-       {                       /* no seed */
-               0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
-               0x00, 0xE0, 0xD2, 0xEE, 0x25, 0x09, 0x52, 0x06, 0xF5, 0xE2,     /* a */
-               0xA4, 0xF9, 0xED, 0x22, 0x9F, 0x1F, 0x25, 0x6E, 0x79, 0xA0,
-               0xE2, 0xB4, 0x55, 0x97, 0x0D, 0x8D, 0x0D, 0x86, 0x5B, 0xD9,
-               0x47, 0x78, 0xC5, 0x76, 0xD6, 0x2F, 0x0A, 0xB7, 0x51, 0x9C,
-               0xCD, 0x2A, 0x1A, 0x90, 0x6A, 0xE3, 0x0D,
-               0x00, 0xFC, 0x12, 0x17, 0xD4, 0x32, 0x0A, 0x90, 0x45, 0x2C,     /* b */
-               0x76, 0x0A, 0x58, 0xED, 0xCD, 0x30, 0xC8, 0xDD, 0x06, 0x9B,
-               0x3C, 0x34, 0x45, 0x38, 0x37, 0xA3, 0x4E, 0xD5, 0x0C, 0xB5,
-               0x49, 0x17, 0xE1, 0xC2, 0x11, 0x2D, 0x84, 0xD1, 0x64, 0xF4,
-               0x44, 0xF8, 0xF7, 0x47, 0x86, 0x04, 0x6A,
-               0x00, 0x10, 0x85, 0xE2, 0x75, 0x53, 0x81, 0xDC, 0xCC, 0xE3,     /* x */
-               0xC1, 0x55, 0x7A, 0xFA, 0x10, 0xC2, 0xF0, 0xC0, 0xC2, 0x82,
-               0x56, 0x46, 0xC5, 0xB3, 0x4A, 0x39, 0x4C, 0xBC, 0xFA, 0x8B,
-               0xC1, 0x6B, 0x22, 0xE7, 0xE7, 0x89, 0xE9, 0x27, 0xBE, 0x21,
-               0x6F, 0x02, 0xE1, 0xFB, 0x13, 0x6A, 0x5F,
-               0x00, 0x7B, 0x3E, 0xB1, 0xBD, 0xDC, 0xBA, 0x62, 0xD5, 0xD8,     /* y */
-               0xB2, 0x05, 0x9B, 0x52, 0x57, 0x97, 0xFC, 0x73, 0x82, 0x2C,
-               0x59, 0x05, 0x9C, 0x62, 0x3A, 0x45, 0xFF, 0x38, 0x43, 0xCE,
-               0xE8, 0xF8, 0x7C, 0xD1, 0x85, 0x5A, 0xDA, 0xA8, 0x1E, 0x2A,
-               0x07, 0x50, 0xB8, 0x0F, 0xDA, 0x23, 0x10,
-               0x00, 0x00, 0x01, 0x00, 0x90, 0x51, 0x2D, 0xA9, 0xAF, 0x72,     /* order */
-               0xB0, 0x83, 0x49, 0xD9, 0x8A, 0x5D, 0xD4, 0xC7, 0xB0, 0x53,
-               0x2E, 0xCA, 0x51, 0xCE, 0x03, 0xE2, 0xD1, 0x0F, 0x3B, 0x7A,
-               0xC5, 0x79, 0xBD, 0x87, 0xE9, 0x09, 0xAE, 0x40, 0xA6, 0xF1,
-               0x31, 0xE9, 0xCF, 0xCE, 0x5B, 0xD9, 0x67
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 54 * 6];
-}
- _EC_X9_62_CHAR2_431R1 = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 54, 0x2760
-       },
-       {                       /* no seed */
-               0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x01,
-               0x1A, 0x82, 0x7E, 0xF0, 0x0D, 0xD6, 0xFC, 0x0E, 0x23, 0x4C,     /* a */
-               0xAF, 0x04, 0x6C, 0x6A, 0x5D, 0x8A, 0x85, 0x39, 0x5B, 0x23,
-               0x6C, 0xC4, 0xAD, 0x2C, 0xF3, 0x2A, 0x0C, 0xAD, 0xBD, 0xC9,
-               0xDD, 0xF6, 0x20, 0xB0, 0xEB, 0x99, 0x06, 0xD0, 0x95, 0x7F,
-               0x6C, 0x6F, 0xEA, 0xCD, 0x61, 0x54, 0x68, 0xDF, 0x10, 0x4D,
-               0xE2, 0x96, 0xCD, 0x8F,
-               0x10, 0xD9, 0xB4, 0xA3, 0xD9, 0x04, 0x7D, 0x8B, 0x15, 0x43,     /* b */
-               0x59, 0xAB, 0xFB, 0x1B, 0x7F, 0x54, 0x85, 0xB0, 0x4C, 0xEB,
-               0x86, 0x82, 0x37, 0xDD, 0xC9, 0xDE, 0xDA, 0x98, 0x2A, 0x67,
-               0x9A, 0x5A, 0x91, 0x9B, 0x62, 0x6D, 0x4E, 0x50, 0xA8, 0xDD,
-               0x73, 0x1B, 0x10, 0x7A, 0x99, 0x62, 0x38, 0x1F, 0xB5, 0xD8,
-               0x07, 0xBF, 0x26, 0x18,
-               0x12, 0x0F, 0xC0, 0x5D, 0x3C, 0x67, 0xA9, 0x9D, 0xE1, 0x61,     /* x */
-               0xD2, 0xF4, 0x09, 0x26, 0x22, 0xFE, 0xCA, 0x70, 0x1B, 0xE4,
-               0xF5, 0x0F, 0x47, 0x58, 0x71, 0x4E, 0x8A, 0x87, 0xBB, 0xF2,
-               0xA6, 0x58, 0xEF, 0x8C, 0x21, 0xE7, 0xC5, 0xEF, 0xE9, 0x65,
-               0x36, 0x1F, 0x6C, 0x29, 0x99, 0xC0, 0xC2, 0x47, 0xB0, 0xDB,
-               0xD7, 0x0C, 0xE6, 0xB7,
-               0x20, 0xD0, 0xAF, 0x89, 0x03, 0xA9, 0x6F, 0x8D, 0x5F, 0xA2,     /* y */
-               0xC2, 0x55, 0x74, 0x5D, 0x3C, 0x45, 0x1B, 0x30, 0x2C, 0x93,
-               0x46, 0xD9, 0xB7, 0xE4, 0x85, 0xE7, 0xBC, 0xE4, 0x1F, 0x6B,
-               0x59, 0x1F, 0x3E, 0x8F, 0x6A, 0xDD, 0xCB, 0xB0, 0xBC, 0x4C,
-               0x2F, 0x94, 0x7A, 0x7D, 0xE1, 0xA8, 0x9B, 0x62, 0x5D, 0x6A,
-               0x59, 0x8B, 0x37, 0x60,
-               0x00, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34,     /* order */
-               0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03,
-               0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x23,
-               0xC3, 0x13, 0xFA, 0xB5, 0x05, 0x89, 0x70, 0x3B, 0x5E, 0xC6,
-               0x8D, 0x35, 0x87, 0xFE, 0xC6, 0x0D, 0x16, 0x1C, 0xC1, 0x49,
-               0xC1, 0xAD, 0x4A, 0x91
-       }
-};
-
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 15 * 6];
-}
- _EC_WTLS_1 = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 15, 2
-       },
-       {                       /* no seed */
-               0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x02, 0x01,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x01,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* b */
-               0x00, 0x00, 0x00, 0x00, 0x01,
-               0x01, 0x66, 0x79, 0x79, 0xA4, 0x0B, 0xA4, 0x97, 0xE5, 0xD5,     /* x */
-               0xC2, 0x70, 0x78, 0x06, 0x17,
-               0x00, 0xF4, 0x4B, 0x4A, 0xF1, 0xEC, 0xC2, 0x63, 0x0E, 0x08,     /* y */
-               0x78, 0x5C, 0xEB, 0xCC, 0x15,
-               0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xBF,     /* order */
-               0x91, 0xAF, 0x6D, 0xEA, 0x73
-       }
-};
-
-/* IPsec curves */
-/* NOTE: The of curves over a extension field of non prime degree
- * is not recommended (Weil-descent).
- * As the group order is not a prime this curve is not suitable
- * for ECDSA.
- */
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 20 * 6];
-}
- _EC_IPSEC_155_ID3 = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 20, 3
-       },
-       {                       /* no seed */
-               0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* b */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x33, 0x8f,
-
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,
-
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* y */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc8,
-
-               0x02, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,     /* order */
-               0xC7, 0xF3, 0xC7, 0x88, 0x1B, 0xD0, 0x86, 0x8F, 0xA8, 0x6C
-       }
-};
-
-/* NOTE: The of curves over a extension field of non prime degree
- * is not recommended (Weil-descent).
- * As the group order is not a prime this curve is not suitable
- * for ECDSA.
- */
-static const struct {
-       EC_CURVE_DATA h;
-       unsigned char data[0 + 24 * 6];
-}
- _EC_IPSEC_185_ID4 = {
-       {
-               NID_X9_62_characteristic_two_field, 0, 24, 2
-       },
-       {                       /* no seed */
-               0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* p */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x01,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* a */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* b */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x1e, 0xe9,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* x */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x18,
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,     /* y */
-               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x0d,
-               0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,     /* order */
-               0xFF, 0xFF, 0xED, 0xF9, 0x7C, 0x44, 0xDB, 0x9F, 0x24, 0x20,
-               0xBA, 0xFC, 0xA7, 0x5E
-       }
-};
-
-#endif
-
 /* These curves were added by Annie Yousar <a.yousar@informatik.hu-berlin.de>
  * For the definition of RFC 5639 curves see
  * https://www.ietf.org/rfc/rfc5639.txt
@@ -3196,69 +1849,11 @@ static const ec_list_element curve_list[] = {
        {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, "X9.62 curve over a 239 bit prime field"},
        {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, "X9.62 curve over a 239 bit prime field"},
        {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, 0, "X9.62/SECG curve over a 256 bit prime field"},
-#ifndef OPENSSL_NO_EC2M
-       /* characteristic two field curves */
-       /* NIST/SECG curves */
-       {NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0, "SECG curve over a 113 bit binary field"},
-       {NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0, "SECG curve over a 113 bit binary field"},
-       {NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0, "SECG/WTLS curve over a 131 bit binary field"},
-       {NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0, "SECG curve over a 131 bit binary field"},
-       {NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0, "NIST/SECG/WTLS curve over a 163 bit binary field"},
-       {NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, 0, "SECG curve over a 163 bit binary field"},
-       {NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0, "NIST/SECG curve over a 163 bit binary field"},
-       {NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, 0, "SECG curve over a 193 bit binary field"},
-       {NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, 0, "SECG curve over a 193 bit binary field"},
-       {NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field"},
-       {NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field"},
-       {NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, 0, "SECG curve over a 239 bit binary field"},
-       {NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0, "NIST/SECG curve over a 283 bit binary field"},
-       {NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0, "NIST/SECG curve over a 283 bit binary field"},
-       {NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0, "NIST/SECG curve over a 409 bit binary field"},
-       {NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0, "NIST/SECG curve over a 409 bit binary field"},
-       {NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0, "NIST/SECG curve over a 571 bit binary field"},
-       {NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0, "NIST/SECG curve over a 571 bit binary field"},
-       /* X9.62 curves */
-       {NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, 0, "X9.62 curve over a 163 bit binary field"},
-       {NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, 0, "X9.62 curve over a 163 bit binary field"},
-       {NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, 0, "X9.62 curve over a 163 bit binary field"},
-       {NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, 0, "X9.62 curve over a 176 bit binary field"},
-       {NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, 0, "X9.62 curve over a 191 bit binary field"},
-       {NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, 0, "X9.62 curve over a 191 bit binary field"},
-       {NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, 0, "X9.62 curve over a 191 bit binary field"},
-       {NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, 0, "X9.62 curve over a 208 bit binary field"},
-       {NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, 0, "X9.62 curve over a 239 bit binary field"},
-       {NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, 0, "X9.62 curve over a 239 bit binary field"},
-       {NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, 0, "X9.62 curve over a 239 bit binary field"},
-       {NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, 0, "X9.62 curve over a 272 bit binary field"},
-       {NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, 0, "X9.62 curve over a 304 bit binary field"},
-       {NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, 0, "X9.62 curve over a 359 bit binary field"},
-       {NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, 0, "X9.62 curve over a 368 bit binary field"},
-       {NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0, "X9.62 curve over a 431 bit binary field"},
-       /*
-        * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
-        * from X9.62]
-        */
-       {NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0, "WTLS curve over a 113 bit binary field"},
-       {NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0, "NIST/SECG/WTLS curve over a 163 bit binary field"},
-       {NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0, "SECG curve over a 113 bit binary field"},
-       {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, "X9.62 curve over a 163 bit binary field"},
-#endif
        {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, "SECG/WTLS curve over a 112 bit prime field"},
        {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0, "SECG/WTLS curve over a 160 bit prime field"},
        {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0, "WTLS curve over a 112 bit prime field"},
        {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, "WTLS curve over a 160 bit prime field"},
-#ifndef OPENSSL_NO_EC2M
-       {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field"},
-       {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field"},
-#endif
        {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, "WTLS curve over a 224 bit prime field"},
-#ifndef OPENSSL_NO_EC2M
-       /* IPSec curves */
-       {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
-       "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
-       {NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0, "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"
-       "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
-#endif
        /* RFC 5639 curves */
        {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0, "RFC 5639 curve over a 160 bit prime field"},
        {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0, "RFC 5639 curve over a 160 bit prime field"},
@@ -3339,15 +1934,6 @@ ec_group_new_from_data(const ec_list_element curve)
                        goto err;
                }
        }
-#ifndef OPENSSL_NO_EC2M
-       else {                  /* field_type ==
-                                * NID_X9_62_characteristic_two_field */
-               if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
-                       ECerror(ERR_R_EC_LIB);
-                       goto err;
-               }
-       }
-#endif
 
        if ((P = EC_POINT_new(group)) == NULL) {
                ECerror(ERR_R_EC_LIB);

diff --git a/lib/libcrypto/ec/ec_cvt.c b/lib/libcrypto/ec/ec_cvt.c
index 30e843e..90e7400 100644 (file)
--- a/lib/libcrypto/ec/ec_cvt.c
+++ b/lib/libcrypto/ec/ec_cvt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_cvt.c,v 1.10 2023/03/08 07:15:42 jsing Exp $ */
+/* $OpenBSD: ec_cvt.c,v 1.11 2023/04/25 19:53:30 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -100,12 +100,3 @@ EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b,
 {
        return ec_group_new_curve(EC_GFp_mont_method(), p, a, b, ctx);
 }
-
-#ifndef OPENSSL_NO_EC2M
-EC_GROUP *
-EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b,
-    BN_CTX *ctx)
-{
-       return ec_group_new_curve(EC_GF2m_simple_method(), p, a, b, ctx);
-}
-#endif

diff --git a/lib/libcrypto/ec/ec_lib.c b/lib/libcrypto/ec/ec_lib.c
index 683c49f..f560aa9 100644 (file)
--- a/lib/libcrypto/ec/ec_lib.c
+++ b/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.55 2023/04/13 07:44:12 tb Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.56 2023/04/25 19:53:30 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -549,22 +549,6 @@ EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
        return EC_GROUP_get_curve(group, p, a, b, ctx);
 }
 
-#ifndef OPENSSL_NO_EC2M
-int
-EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
-    const BIGNUM *b, BN_CTX *ctx)
-{
-       return EC_GROUP_set_curve(group, p, a, b, ctx);
-}
-
-int
-EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
-    BIGNUM *b, BN_CTX *ctx)
-{
-       return EC_GROUP_get_curve(group, p, a, b, ctx);
-}
-#endif
-
 int
 EC_GROUP_get_degree(const EC_GROUP *group)
 {
@@ -1072,15 +1056,6 @@ EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
        return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
 }
 
-#ifndef OPENSSL_NO_EC2M
-int
-EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
-    const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-{
-       return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
-}
-#endif
-
 int
 EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
     BIGNUM *x, BIGNUM *y, BN_CTX *ctx_in)
@@ -1117,15 +1092,6 @@ EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point
        return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
 }
 
-#ifndef OPENSSL_NO_EC2M
-int
-EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point,
-    BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-{
-       return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
-}
-#endif
-
 int
 EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
     const EC_POINT *b, BN_CTX *ctx_in)

diff --git a/lib/libcrypto/ec/ec_oct.c b/lib/libcrypto/ec/ec_oct.c
index b1c9e6a..ee2ae0f 100644 (file)
--- a/lib/libcrypto/ec/ec_oct.c
+++ b/lib/libcrypto/ec/ec_oct.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_oct.c,v 1.11 2023/04/11 18:58:20 jsing Exp $ */
+/* $OpenBSD: ec_oct.c,v 1.12 2023/04/25 19:53:30 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -107,15 +107,6 @@ EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
        return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
 }
 
-#ifndef OPENSSL_NO_EC2M
-int
-EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
-    const BIGNUM *x, int y_bit, BN_CTX *ctx)
-{
-       return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
-}
-#endif
-
 size_t
 EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
     point_conversion_form_t form, unsigned char *buf, size_t len,