From 5c2ef100a8bcc0ffbe2e4f53557b4df8d80d25b6 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@chromium.org>
Date: Tue, 26 Jul 2022 07:16:53 +0000
Subject: [PATCH] Fix possible ODR violations for ecp_nistz256_from_mont

p256-armv8-asm.pl defined ecp_nistz256_[to|from]_mont as global
functions, but p256-nistz.h defined them as static inlines.
Additionally, ecp_nistz256_to_mont was never used.

This change drops the assembly versions and drops ecp_nistz256_to_mont
completely.

Change-Id: Ie2cc5bf4adc423f72f61cf227be0e93c9a6e2031
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53606
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
---
 crypto/fipsmodule/ec/asm/p256-armv8-asm.pl | 50 ----------------------
 crypto/fipsmodule/ec/p256-nistz.h          | 10 -----
 2 files changed, 60 deletions(-)

diff --git a/crypto/fipsmodule/ec/asm/p256-armv8-asm.pl b/crypto/fipsmodule/ec/asm/p256-armv8-asm.pl
index f2926b8ee..0d628e73c 100644
--- a/crypto/fipsmodule/ec/asm/p256-armv8-asm.pl
+++ b/crypto/fipsmodule/ec/asm/p256-armv8-asm.pl
@@ -72,56 +72,6 @@ $code.=<<___;
 .quad	0xccd1c8aaee00bc4f
 .asciz	"ECP_NISTZ256 for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
 
-// void	ecp_nistz256_to_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
-.globl	ecp_nistz256_to_mont
-.type	ecp_nistz256_to_mont,%function
-.align	6
-ecp_nistz256_to_mont:
-	AARCH64_SIGN_LINK_REGISTER
-	stp	x29,x30,[sp,#-32]!
-	add	x29,sp,#0
-	stp	x19,x20,[sp,#16]
-
-	ldr	$bi,.LRR		// bp[0]
-	ldp	$a0,$a1,[$ap]
-	ldp	$a2,$a3,[$ap,#16]
-	ldr	$poly1,.Lpoly+8
-	ldr	$poly3,.Lpoly+24
-	adr	$bp,.LRR		// &bp[0]
-
-	bl	__ecp_nistz256_mul_mont
-
-	ldp	x19,x20,[sp,#16]
-	ldp	x29,x30,[sp],#32
-	AARCH64_VALIDATE_LINK_REGISTER
-	ret
-.size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
-
-// void	ecp_nistz256_from_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
-.globl	ecp_nistz256_from_mont
-.type	ecp_nistz256_from_mont,%function
-.align	4
-ecp_nistz256_from_mont:
-	AARCH64_SIGN_LINK_REGISTER
-	stp	x29,x30,[sp,#-32]!
-	add	x29,sp,#0
-	stp	x19,x20,[sp,#16]
-
-	mov	$bi,#1			// bp[0]
-	ldp	$a0,$a1,[$ap]
-	ldp	$a2,$a3,[$ap,#16]
-	ldr	$poly1,.Lpoly+8
-	ldr	$poly3,.Lpoly+24
-	adr	$bp,.Lone		// &bp[0]
-
-	bl	__ecp_nistz256_mul_mont
-
-	ldp	x19,x20,[sp,#16]
-	ldp	x29,x30,[sp],#32
-	AARCH64_VALIDATE_LINK_REGISTER
-	ret
-.size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
-
 // void	ecp_nistz256_mul_mont(BN_ULONG x0[4],const BN_ULONG x1[4],
 //					     const BN_ULONG x2[4]);
 .globl	ecp_nistz256_mul_mont
diff --git a/crypto/fipsmodule/ec/p256-nistz.h b/crypto/fipsmodule/ec/p256-nistz.h
index 0d0a6bea4..3f5ea0210 100644
--- a/crypto/fipsmodule/ec/p256-nistz.h
+++ b/crypto/fipsmodule/ec/p256-nistz.h
@@ -64,16 +64,6 @@ static inline void ecp_nistz256_from_mont(BN_ULONG res[P256_LIMBS],
   ecp_nistz256_mul_mont(res, in, ONE);
 }
 
-// ecp_nistz256_to_mont sets |res| to |in|, converted to Montgomery domain
-// by multiplying with RR = 2^512 mod P precomputed for NIST P256 curve.
-static inline void ecp_nistz256_to_mont(BN_ULONG res[P256_LIMBS],
-                                        const BN_ULONG in[P256_LIMBS]) {
-  static const BN_ULONG RR[P256_LIMBS] = {
-      TOBN(0x00000000, 0x00000003), TOBN(0xfffffffb, 0xffffffff),
-      TOBN(0xffffffff, 0xfffffffe), TOBN(0x00000004, 0xfffffffd)};
-  ecp_nistz256_mul_mont(res, in, RR);
-}
-
 
 // P-256 scalar operations.
 //