diff options
author | Billy Brumley <bbrumley@gmail.com> | 2018-04-24 16:00:08 +0300 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2018-05-09 13:29:48 +0200 |
commit | fe2d3975880e6a89702f18ec58881307bf862542 (patch) | |
tree | 584e4788d2db332354cd5f1d912d1d27785ebd97 /CHANGES | |
parent | 06e0950d20d3110849dea28eb78cac4127618b48 (diff) |
ECDSA: remove nonce padding (delegated to EC_POINT_mul)
* EC_POINT_mul is now responsible for constant time point multiplication
(for single fixed or variable point multiplication, when the scalar is
in the range [0,group_order), so we need to strip the nonce padding
from ECDSA.
* Entry added to CHANGES
* Updated EC_POINT_mul documentation
- Integrate existing EC_POINT_mul and EC_POINTs_mul entries in the
manpage to reflect the shift in constant-time expectations when
performing a single fixed or variable point multiplication;
- Add documentation to ec_method_st to reflect the updated "contract"
between callers and implementations of ec_method_st.mul.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6070)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -9,6 +9,10 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Remove ECDSA nonce padding: EC_POINT_mul is now responsible for + constant time fixed point multiplication. + [Billy Bob Brumley] + *) Updated CONTRIBUTING [Rich Salz] |