Change submitted files so that they compile (in particular,

use BN_CTX_start/get/end instead of accessing ctx->tos). Change indentation to "EAY" style.

Change submitted files so that they compile (in particular,
use BN_CTX_start/get/end instead of accessing ctx->tos). Change indentation to "EAY" style.
946cd9a5 · Bodo Möller · 0ac87024 · 946cd9a5 · 946cd9a5 · 946cd9a5
显示空白变更内容
内联并排

Showing with 391 addition and 374 deletion

crypto/bn/bn_modfs.c crypto/bn/bn_modfs.c +43 -43

crypto/ec/ec.h crypto/ec/ec.h +1 -1

crypto/ec/ec_point.c crypto/ec/ec_point.c +347 -330

未找到文件。
--- a/crypto/bn/bn_modfs.c
+++ b/crypto/bn/bn_modfs.c
@@ -20,24 +20,23 @@


 int BN_legendre(BIGNUM *a, BIGNUM *p, BN_CTX *ctx) 
-{
+	{
 	BIGNUM *x, *y, *y2;
 	BN_ULONG m;
 	int L;

 	assert(a != NULL && p != NULL && ctx != NULL);

-	x = ctx->bn[ctx->tos]; 
-	y = ctx->bn[ctx->tos + 1]; 
-	y2 = ctx->bn[ctx->tos + 2]; 
-
-	ctx->tos += 3;
+	BN_CTX_start(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	y2 = BN_CTX_get(ctx);
+	if (y2 == NULL) goto err;

 	if (!BN_nnmod(x, a, p, ctx)) goto err;
 	if (BN_is_zero(x)) 
 		{
-
-		ctx->tos -= 3;
+		BN_CTX_end(ctx);
 		return 0;
 		}

@@ -63,12 +62,12 @@ int BN_legendre(BIGNUM *a, BIGNUM *p, BN_CTX *ctx)
 			}
 		if (BN_is_one(x)) 
 			{
-			ctx->tos -= 3;
+			BN_CTX_end(ctx);
 			return L;
 			}
 		
 		if (BN_mod_word(x, 4) == 3 && BN_mod_word(y, 4) == 3) L = -L;
-		if (!BN_swap(x, y)) goto err;
+		BN_swap(x, y);

 		if (!BN_nnmod(x, x, y, ctx)) goto err;

@@ -76,14 +75,14 @@ int BN_legendre(BIGNUM *a, BIGNUM *p, BN_CTX *ctx)


 err:
-	ctx->tos -= 3;
+	BN_CTX_end(ctx);
 	return -2;

-}
+	}

 int BN_mod_sqrt(BIGNUM *x, BIGNUM *a, BIGNUM *p, BN_CTX *ctx) 
 /* x^2 = a (mod p) */
-{
+	{
 	int ret;
 	BIGNUM *n0, *n1, *r, *b, *m;
 	int max;
@@ -99,9 +98,10 @@ int BN_mod_sqrt(BIGNUM *x, BIGNUM *a, BIGNUM *p, BN_CTX *ctx)
 		return 1;
 		}

-	n0 = ctx->bn[ctx->tos]; 
-	n1 = ctx->bn[ctx->tos + 1]; 
-	ctx->tos += 2;
+	BN_CTX_start(ctx);
+	n0 = BN_CTX_get(ctx);
+	n1 = BN_CTX_get(ctx);
+	if (n1 == NULL) goto err;

 	if ((r = BN_new()) == NULL) goto err;
 	if ((b = BN_new()) == NULL) goto err;
@@ -116,13 +116,14 @@ int BN_mod_sqrt(BIGNUM *x, BIGNUM *a, BIGNUM *p, BN_CTX *ctx)

 	max = 0;

-	do{
+	do
+		{
 		if (max++ > MAX_ROUNDS) goto err; /* if p is not prime could never stop*/
 		if (!BN_add_word(m, 1)) goto err;
 		ret = BN_legendre(m, p, ctx);
 		if (ret < -1 || ret > 1) goto err;
-
-	}while(ret != -1);
+		}
+	while (ret != -1);

 	if (BN_copy(n1, p) == NULL) goto err;
 	if (!BN_sub_word(n1, 1)) goto err;
@@ -146,7 +147,6 @@ int BN_mod_sqrt(BIGNUM *x, BIGNUM *a, BIGNUM *p, BN_CTX *ctx)

 	while (!BN_is_one(b))
 		{
-		
 		if (!BN_one(m)) goto err;
 		if (!BN_mod_sqr(n1, b, p, ctx)) goto err;
 		while(!BN_is_one(n1))
@@ -181,12 +181,12 @@ int BN_mod_sqrt(BIGNUM *x, BIGNUM *a, BIGNUM *p, BN_CTX *ctx)
 	if (r != NULL) BN_clear_free(r);
 	if (b != NULL) BN_clear_free(b);
 	if (m != NULL) BN_clear_free(m);
-	ctx->tos -= 2;
+	BN_CTX_end(ctx);
 	return 1;
 err:
 	if (r != NULL) BN_clear_free(r);
 	if (b != NULL) BN_clear_free(b);
 	if (m != NULL) BN_clear_free(m);
-	ctx->tos -= 2;
+	BN_CTX_end(ctx);
 	return 0;
-}
+	}
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -15,7 +15,7 @@


 #include <openssl/bn.h>
-#include "bn_mont2.h"
+#include "../bn/bn_mont2.h" /* XXX */

 typedef struct bn_ec_struct		/* E: y^2 = x^3 + Ax + B  (mod p) */
 {

--- a/crypto/ec/ec_point.c
+++ b/crypto/ec/ec_point.c
@@ -16,12 +16,13 @@

 #include <openssl/bn.h>

-#include "bn_modfs.h"
-#include "bn_mont2.h"
+#include "../bn/bn_modfs.h" /* XXX */
+#include "../bn/bn_mont2.h" /* XXX */
 #include "ec.h"

+
 EC_POINT *ECP_new()
-{
+	{
 	EC_POINT *ret;

 	ret=(EC_POINT *)malloc(sizeof(EC_POINT));
@@ -40,10 +41,11 @@ EC_POINT *ECP_new()
 		return(NULL);
 		}
 	return(ret);
-}
+	}
+

 void ECP_clear_free(EC_POINT *P)
-{
+	{
 	if (P == NULL) return;
 	
 	P->is_in_mont = 0;
@@ -51,10 +53,11 @@ void ECP_clear_free(EC_POINT *P)
 	if (P->Y != NULL) BN_clear_free(P->Y);
 	if (P->Z != NULL) BN_clear_free(P->Z);
 	free(P);
-}
+	}
+

 void ECP_clear_free_precompute(ECP_PRECOMPUTE *prec)
-{
+	{
 	int i;
 	int max;

@@ -70,12 +73,14 @@ void ECP_clear_free_precompute(ECP_PRECOMPUTE *prec)
 			}
 		}
 	free(prec);
-}
+	}
+

 int ECP_is_on_ec(EC_POINT *P, EC *E, BN_CTX *ctx)
-{
+	{
 	BIGNUM *n0, *n1, *n2, *p;
 	int Pnorm;
+	int ret = -1;

 	assert(P != NULL);
 	assert(P->X != NULL && P->Y != NULL && P->Z != NULL);
@@ -89,11 +94,12 @@ int ECP_is_on_ec(EC_POINT *P, EC *E, BN_CTX *ctx)

 	if (ECP_is_infty(P)) return 1;
 	
-	n0 = ctx->bn[ctx->tos]; 
-	n1 = ctx->bn[ctx->tos + 1]; 
-	n2 = ctx->bn[ctx->tos + 2]; 
-	ctx->tos += 3;
-
+	BN_CTX_start(ctx);
+	n0 = BN_CTX_get(ctx);
+	n1 = BN_CTX_get(ctx);
+	n2 = BN_CTX_get(ctx);
+	if (n2 == NULL)
+		goto err;

 	p = E->p;

@@ -133,26 +139,22 @@ int ECP_is_on_ec(EC_POINT *P, EC *E, BN_CTX *ctx)
 	if (!BN_mod_mul(n1, P->Y, P->Y, p, ctx)) goto err;

 	if (BN_cmp(n0, n1))
-	{ 
-		ctx->tos -= 3;
-		return 0;
-	}
-
-	ctx->tos -= 3;
-	return 1;
+		ret = 0;
+	else
+		ret = 1;

 err:
-	ctx->tos -= 3;
-	return -1;
-}
+	BN_CTX_end(ctx);
+	return ret;
+	}


 EC_POINT *ECP_generate(BIGNUM *x, BIGNUM *z,EC *E, BN_CTX *ctx)
 /* x == NULL || z = 0  -> point of infinity	*/
 /* z == NULL || z = 1  -> normalized		*/
-{
+	{
 	BIGNUM *n0, *n1;
-	EC_POINT *ret;
+	EC_POINT *ret = NULL;
 	int Pnorm, Pinfty, X0, A0;

 	assert(E != NULL);
@@ -186,12 +188,13 @@ EC_POINT *ECP_generate(BIGNUM *x, BIGNUM *z,EC *E, BN_CTX *ctx)

 	ret->is_in_mont = 0;

-	n0 = ctx->bn[ctx->tos]; 
-	n1 = ctx->bn[ctx->tos + 1]; 
-	if (!BN_zero(n0)) return NULL;
-	if (!BN_zero(n1)) return NULL;
+	BN_CTX_start(ctx);
+	n0 = BN_CTX_get(ctx);
+	n1 = BN_CTX_get(ctx);
+	if (n1 == NULL) goto err;

-	ctx->tos += 2;
+	if (!BN_zero(n0)) goto err;
+	if (!BN_zero(n1)) goto err;

 	if (!X0)
 		{
@@ -228,20 +231,21 @@ EC_POINT *ECP_generate(BIGNUM *x, BIGNUM *z,EC *E, BN_CTX *ctx)
 	if (!ECP_is_on_ec(ret, E, ctx)) goto err;
 #endif
 	
-	ctx->tos -= 2;
+	BN_CTX_end(ctx);
 	return ret;

 err:
 	if (ret != NULL) ECP_clear_free(ret);
-	ctx->tos -= 2;
+	BN_CTX_end(ctx);
 	return NULL;
-}
+	}
+

 int ECP_ecp2bin(EC_POINT *P, unsigned char *to, int form)
 /* form =	1 ... compressed
                2 ... uncompressed
                3 ... hybrid */
-{
+	{
 	int bytes, bx, by;

 	assert (P != NULL);
@@ -283,10 +287,11 @@ int ECP_ecp2bin(EC_POINT *P, unsigned char *to, int form)
 		}

 	return bytes;
-}
+	}
+

 int ECP_bin2ecp(unsigned char *from, int len, EC_POINT *P, EC *E, BN_CTX *ctx)
-{
+	{
 	int y;
 	BIGNUM *x;
 	EC_POINT *pp;
@@ -343,10 +348,11 @@ int ECP_bin2ecp(unsigned char *from, int len, EC_POINT *P, EC *E, BN_CTX *ctx)

 	if (!ECP_is_on_ec(P, E, ctx)) return 0;
 	return 1;
-}
+	}
+

 int ECP_normalize(EC_POINT *P, EC *E, BN_CTX *ctx)
-{
+	{
 	BIGNUM *z, *zm;

 	assert (P != NULL);
@@ -365,8 +371,9 @@ int ECP_normalize(EC_POINT *P, EC *E, BN_CTX *ctx)
 	assert(!P->is_in_mont);


-	z = ctx->bn[ctx->tos]; 
-	ctx->tos++;
+	BN_CTX_start(ctx);
+	z = BN_CTX_get(ctx);
+	if (z == NULL) goto err;

 	if (!BN_mod_mul(z, zm, zm, E->p, ctx)) goto err;
 	if (!BN_mod_mul(P->X, P->X, z, E->p, ctx)) goto err;
@@ -378,17 +385,18 @@ int ECP_normalize(EC_POINT *P, EC *E, BN_CTX *ctx)

 	if (zm != NULL) BN_clear_free(zm);

-	ctx->tos--;
+	BN_CTX_end(ctx);
 	return 1;

 err:
 	if (zm != NULL) BN_clear_free(zm);
-	ctx->tos--;
+	BN_CTX_end(ctx);
 	return 0;
-}
+	}
+

 int ECP_copy(EC_POINT *R, EC_POINT *P)
-{
+	{
 	assert(P != NULL);
 	assert(P->X != NULL && P->Y != NULL && P->Z != NULL);

@@ -401,10 +409,11 @@ int ECP_copy(EC_POINT *R, EC_POINT *P)
 	R->is_in_mont = P->is_in_mont;

 	return 1;
-}
+	}
+

 EC_POINT *ECP_dup(EC_POINT *P)
-{
+	{
 	EC_POINT *ret;

 	ret = ECP_new();
@@ -417,11 +426,11 @@ EC_POINT *ECP_dup(EC_POINT *P)
 		}

 	return(ret);
-}
+	}


 EC_POINT *ECP_minus(EC_POINT *P, BIGNUM *p) /* mont || non-mont */
-{
+	{
 	EC_POINT *ret;

 	assert(P != NULL);
@@ -443,7 +452,7 @@ EC_POINT *ECP_minus(EC_POINT *P, BIGNUM *p) /* mont || non-mont */
 		}

 	return ret;
-}
+	}


 #ifdef SIMPLE
@@ -454,7 +463,7 @@ int ECP_cmp(EC_POINT *P, EC_POINT *Q, BIGNUM *p, BN_CTX *ctx)
 	-1 ... P = -Q
 	 1 ... else
 */
-{
+	{
 	BIGNUM *n0, *n1, *n2, *n3, *n4;
 	int Pnorm, Qnorm;

@@ -477,12 +486,13 @@ int ECP_cmp(EC_POINT *P, EC_POINT *Q, BIGNUM *p, BN_CTX *ctx)
 	Pnorm = (ECP_is_norm(P));
 	Qnorm = (ECP_is_norm(Q));
 	
-	n0 = ctx->bn[ctx->tos]; 
-	n1 = ctx->bn[ctx->tos + 1]; 
-	n2 = ctx->bn[ctx->tos + 2]; 
-	n3 = ctx->bn[ctx->tos + 3]; 
-	n4 = ctx->bn[ctx->tos + 4]; 
-	ctx->tos += 5;
+	BN_CTX_start(ctx);
+	n0 = BN_CTX_get(ctx);
+	n1 = BN_CTX_get(ctx);
+	n2 = BN_CTX_get(ctx);
+	n3 = BN_CTX_get(ctx);
+	n4 = BN_CTX_get(ctx);
+	if (n4 == NULL) goto err;
 	
 	if (Qnorm)
 		{
@@ -516,7 +526,7 @@ int ECP_cmp(EC_POINT *P, EC_POINT *Q, BIGNUM *p, BN_CTX *ctx)

 	if (!BN_is_zero(n0))
 		{
-		ctx->tos -= 5;
+		BN_CTX_end(ctx);
 		return 1;
 		}
 	
@@ -524,21 +534,22 @@ int ECP_cmp(EC_POINT *P, EC_POINT *Q, BIGNUM *p, BN_CTX *ctx)

 	if (!BN_is_zero(n0))
 		{
-		ctx->tos -= 5;
+		BN_CTX_end(ctx);
 		return -1;
 		}

-	ctx->tos -= 5;
+	BN_CTX_end(ctx);
 	return 0;

 err:
-	ctx->tos -= 5;
+	BN_CTX_end(ctx);
 	return -2;
-}
+	}
+

 int ECP_double(EC_POINT *R, EC_POINT *P, EC *E, BN_CTX *ctx)
 /* R <- 2P (on E) */
-{
+	{
 	BIGNUM *n0, *n1, *n2, *n3, *p;
 	int Pnorm, A0;

@@ -564,11 +575,12 @@ int ECP_double(EC_POINT *R, EC_POINT *P, EC *E, BN_CTX *ctx)
 	Pnorm = (ECP_is_norm(P));
 	A0 = (BN_is_zero(E->A));

-	n0 = ctx->bn[ctx->tos]; 
-	n1 = ctx->bn[ctx->tos + 1]; 
-	n2 = ctx->bn[ctx->tos + 2]; 
-	n3 = ctx->bn[ctx->tos + 3]; 
-	ctx->tos += 4;
+	BN_CTX_start(ctx);
+	n0 = BN_CTX_get(ctx);
+	n1 = BN_CTX_get(ctx);
+	n2 = BN_CTX_get(ctx);
+	n3 = BN_CTX_get(ctx);
+	if (n3 == NULL) goto err;

 	p = E->p;

@@ -628,17 +640,18 @@ int ECP_double(EC_POINT *R, EC_POINT *P, EC *E, BN_CTX *ctx)
 	if (!ECP_is_on_ec(R, E, ctx)) return 0;
 #endif

-	ctx->tos -= 4;
+	BN_CTX_end(ctx);
 	return 1;

 err:
-	ctx->tos -= 4;
+	BN_CTX_end(ctx);
 	return 0;
-}
+	}
+

 int ECP_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_CTX *ctx)
 /* R <- P + Q (on E) */
-{
+	{
 	BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6, *p;
 	int Pnorm, Qnorm;

@@ -668,14 +681,16 @@ int ECP_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_CTX *ctx)
 	Pnorm = (ECP_is_norm(P));
 	Qnorm = (ECP_is_norm(Q));
 	
-	n0 = ctx->bn[ctx->tos]; 
-	n1 = ctx->bn[ctx->tos + 1]; 
-	n2 = ctx->bn[ctx->tos + 2]; 
-	n3 = ctx->bn[ctx->tos + 3]; 
-	n4 = ctx->bn[ctx->tos + 4]; 
-	n5 = ctx->bn[ctx->tos + 5]; 
-	n6 = ctx->bn[ctx->tos + 6]; 
-	ctx->tos += 7;
+	BN_CTX_start(ctx);
+	n0 = BN_CTX_get(ctx);
+	n1 = BN_CTX_get(ctx);
+	n2 = BN_CTX_get(ctx);
+	n3 = BN_CTX_get(ctx);
+	n4 = BN_CTX_get(ctx);
+	n5 = BN_CTX_get(ctx);
+	n6 = BN_CTX_get(ctx);
+	if (n6 == NULL) goto err;
+
 	p = E->p;
 	
 	/* L1; L2 */
@@ -717,12 +732,12 @@ int ECP_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_CTX *ctx)
 		{
 		if (BN_is_zero(n6))	/* P = Q => P + Q = 2P */
 			{
-			ctx->tos -= 7;
+			BN_CTX_end(ctx);
 			return ECP_double(R, P, E, ctx);
 			}
 		else				 /* P = -Q => P + Q = \infty */
 			{
-			ctx->tos -= 7;
+			BN_CTX_end(ctx);
 			if (!BN_zero(R->Z)) return 0;
 			return 1;
 			}
@@ -766,17 +781,17 @@ int ECP_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_CTX *ctx)
 	if (!ECP_is_on_ec(R, E, ctx)) return 0;
 #endif

-	ctx->tos -= 7;
+	BN_CTX_end(ctx);
 	return 1;

 err:
-	ctx->tos -= 7;
+	BN_CTX_end(cxt);
 	return 0;
-}
+	}


 ECP_PRECOMPUTE *ECP_precompute(int r, EC_POINT *P, EC *E, BN_CTX *ctx)
-{
+	{
 	ECP_PRECOMPUTE *ret;
 	EC_POINT *P2;
 	int i, max;
@@ -822,11 +837,12 @@ err:
 	ECP_clear_free(P2);
 	ECP_clear_free_precompute(ret);
 	return NULL;
-}
+	}
+

 int ECP_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_CTX *ctx)
 /* R = [k]P */
-{
+	{
 	int j;
 	int t, nextw, h, r;

@@ -873,9 +889,7 @@ int ECP_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_CTX *ct
 			if (nextw < -1) nextw = -1;
 			t = nextw + 1;			
 			while(!BN_is_bit_set(k, t))
-			{
 				t++;
-			}

 			if (!ECP_double(R, R, E, ctx)) return 0;

@@ -905,15 +919,15 @@ int ECP_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_CTX *ct
 		}
 	
 	return 1;
-}
+	}

 #endif /* SIMPLE */

+
 #ifdef MONTGOMERY

 int ECP_to_montgomery(EC_POINT *P, BN_MONTGOMERY *mont, BN_CTX *ctx)
-{
-
+	{
 	assert(P != NULL);
 	assert(P->X != NULL && P->Y != NULL && P->Z != NULL);

@@ -935,11 +949,11 @@ int ECP_to_montgomery(EC_POINT *P, BN_MONTGOMERY *mont, BN_CTX *ctx)

 	P->is_in_mont = 1;
 	return 1;
-}
+	}


 int ECP_from_montgomery(EC_POINT *P, BN_MONTGOMERY *mont, BN_CTX *ctx)
-{
+	{

 	assert(P != NULL);
 	assert(P->X != NULL && P->Y != NULL && P->Z != NULL);
@@ -957,7 +971,8 @@ int ECP_from_montgomery(EC_POINT *P, BN_MONTGOMERY *mont, BN_CTX *ctx)

 	P->is_in_mont = 0;
 	return 1;
-}
+	}
+

 int ECP_mont_cmp(EC_POINT *P, EC_POINT *Q, BN_MONTGOMERY *mont, BN_CTX *ctx)
 /* return values:
@@ -966,7 +981,7 @@ int ECP_mont_cmp(EC_POINT *P, EC_POINT *Q, BN_MONTGOMERY *mont, BN_CTX *ctx)
 	-1 ... P = -Q
 	 1 ... else
 */
-{
+	{
 	BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *p;

 	assert(P != NULL);
@@ -991,13 +1006,15 @@ int ECP_mont_cmp(EC_POINT *P, EC_POINT *Q, BN_MONTGOMERY *mont, BN_CTX *ctx)
 	if (ECP_is_infty(P) || ECP_is_infty(Q)) return 1;

 	
-	n0 = ctx->bn[ctx->tos]; 
-	n1 = ctx->bn[ctx->tos + 1]; 
-	n2 = ctx->bn[ctx->tos + 2]; 
-	n3 = ctx->bn[ctx->tos + 3]; 
-	n4 = ctx->bn[ctx->tos + 4]; 
-	n5 = ctx->bn[ctx->tos + 5]; 
-	ctx->tos += 6;
+	BN_CTX_start(ctx);
+	n0 = BN_CTX_get(ctx);
+	n1 = BN_CTX_get(ctx);
+	n2 = BN_CTX_get(ctx);
+	n3 = BN_CTX_get(ctx);
+	n4 = BN_CTX_get(ctx);
+	n5 = BN_CTX_get(ctx);
+	if (n5 == 0) goto err;
+

 	p = mont->p;
 	
@@ -1019,7 +1036,7 @@ int ECP_mont_cmp(EC_POINT *P, EC_POINT *Q, BN_MONTGOMERY *mont, BN_CTX *ctx)

 	if (!BN_is_zero(n0))
 		{
-		ctx->tos -= 6;
+		BN_CTX_end(ctx);
 		return 1;
 		}
 	
@@ -1027,22 +1044,22 @@ int ECP_mont_cmp(EC_POINT *P, EC_POINT *Q, BN_MONTGOMERY *mont, BN_CTX *ctx)

 	if (!BN_is_zero(n0))
 		{
-		ctx->tos -= 6;
+		BN_CTX_end(ctx);
 		return -1;
 		}

-	ctx->tos -= 6;
+	BN_CTX_end(ctx);
 	return 0;

 err:
-	ctx->tos -= 6;
+	BN_CTX_end(ctx);
 	return -2;
-}
+	}


 int ECP_mont_double(EC_POINT *R, EC_POINT *P, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
 /* R <- 2P (on E) */
-{
+	{
 	BIGNUM *n0, *n1, *n2, *n3, *p;

 	assert(P != NULL);
@@ -1071,12 +1088,12 @@ int ECP_mont_double(EC_POINT *R, EC_POINT *P, EC *E, BN_MONTGOMERY *mont, BN_CTX
 		}


-	n0 = ctx->bn[ctx->tos]; 
-	n1 = ctx->bn[ctx->tos + 1]; 
-	n2 = ctx->bn[ctx->tos + 2]; 
-	n3 = ctx->bn[ctx->tos + 3]; 
-
-	ctx->tos += 4;
+	BN_CTX_start(ctx);
+	n0 = BN_CTX_get(ctx);
+	n1 = BN_CTX_get(ctx);
+	n2 = BN_CTX_get(ctx);
+	n3 = BN_CTX_get(ctx);
+	if (n3 == 0) goto err;

 	p = E->p;

@@ -1113,18 +1130,18 @@ int ECP_mont_double(EC_POINT *R, EC_POINT *P, EC *E, BN_MONTGOMERY *mont, BN_CTX
 	if (!BN_mont_mod_mul(n0, n1, n2, mont, ctx)) goto err;
 	if (!BN_mod_sub_quick(R->Y, n0, n3, p)) goto err;		/* Y = L1 * (L2 - X) - L3 */

-	ctx->tos -= 4;
+	BN_CTX_end(ctx);
 	return 1;

 err:
-	ctx->tos -= 4;
+	BN_CTX_end(ctx);
 	return 0;
-}
+	}


 int ECP_mont_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
 /* R <- P + Q (on E) */
-{
+	{
 	BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6, *p;

 	assert(P != NULL);
@@ -1157,14 +1174,15 @@ int ECP_mont_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_MONTGOMERY *mo
 	if (ECP_is_infty(Q)) return ECP_copy(R, P);
 	

-	n0 = ctx->bn[ctx->tos]; 
-	n1 = ctx->bn[ctx->tos + 1]; 
-	n2 = ctx->bn[ctx->tos + 2]; 
-	n3 = ctx->bn[ctx->tos + 3]; 
-	n4 = ctx->bn[ctx->tos + 4]; 
-	n5 = ctx->bn[ctx->tos + 5]; 
-	n6 = ctx->bn[ctx->tos + 6]; 
-	ctx->tos += 7;
+	BN_CTX_start(ctx);
+	n0 = BN_CTX_get(ctx);
+	n1 = BN_CTX_get(ctx);
+	n2 = BN_CTX_get(ctx);
+	n3 = BN_CTX_get(ctx);
+	n4 = BN_CTX_get(ctx);
+	n5 = BN_CTX_get(ctx);
+	n6 = BN_CTX_get(ctx);
+	if (n6 == NULL) goto err;


 	p = E->p;
@@ -1197,12 +1215,12 @@ int ECP_mont_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_MONTGOMERY *mo
 		{
 		if (BN_is_zero(n6))  /* P = Q => P + Q = 2P */
 			{
-			ctx->tos -= 7;
+			BN_CTX_end(ctx);
 			return ECP_mont_double(R, P, E, mont, ctx);
 			}
 		else				 /* P = -Q => P + Q = \infty */
 			{
-			ctx->tos -= 7;
+			BN_CTX_end(ctx);
 			if (!BN_zero(R->Z)) return 0;
 			return 1;
 			}
@@ -1238,17 +1256,17 @@ int ECP_mont_add(EC_POINT *R, EC_POINT *P, EC_POINT *Q, EC *E, BN_MONTGOMERY *mo
 	if (!BN_mont_mod_mul(R->Y, n0, E->h, mont, ctx)) goto err;	/* Y = (L6 * L9 - L8 * L5^3) / 2 */


-	ctx->tos -= 7;
+	BN_CTX_end(ctx);
 	return 1;

 err:
-	ctx->tos -= 7;
+	BN_CTX_end(ctx);
 	return 0;
-}
+	}


 ECP_PRECOMPUTE *ECP_mont_precompute(int r, EC_POINT *P, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
-{
+	{
 	ECP_PRECOMPUTE *ret;
 	EC_POINT *P2;
 	int i, max;
@@ -1301,11 +1319,12 @@ err:
 	ECP_clear_free(P2);
 	ECP_clear_free_precompute(ret);
 	return NULL;
-}
+	}
+

 int ECP_mont_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
 /* R = [k]P   P = prec->Pi[0]*/
-{
+	{
 	int j;
 	int t, nextw, h, r;

@@ -1356,9 +1375,7 @@ int ECP_mont_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_MO
 			if (nextw < -1) nextw = -1;
 			t = nextw + 1;			
 			while(!BN_is_bit_set(k, t))
-			{
 				t++;
-			}

 			if (!ECP_mont_double(R, R, E, mont, ctx)) return 0;

@@ -1388,12 +1405,12 @@ int ECP_mont_multiply(EC_POINT *R, BIGNUM *k, ECP_PRECOMPUTE *prec, EC *E, BN_MO
 		}

 	return 1;
-}
+	}


 int ECP_mont_multiply2(EC_POINT *R, BIGNUM *k, EC_POINT *P, EC *E, BN_MONTGOMERY *mont, BN_CTX *ctx)
 /* R = [k]P */
-{
+	{
 	int j, hj, kj;
 	BIGNUM *h;
 	EC_POINT *mP;
@@ -1456,6 +1473,6 @@ err:
 	if (h != NULL) BN_free(h);
 	if (mP != NULL) ECP_clear_free(mP);
 	return 0;
-}
+	}

 #endif /* MONTGOMERY */