diff options
| author | Billy Brumley <bbrumley@gmail.com> | 2018-04-24 16:00:08 +0300 |
|---|---|---|
| committer | Andy Polyakov <appro@openssl.org> | 2018-05-09 13:29:48 +0200 |
| commit | fe2d3975880e6a89702f18ec58881307bf862542 (patch) | |
| tree | 584e4788d2db332354cd5f1d912d1d27785ebd97 /crypto/ec/ec_mult.c | |
| parent | 06e0950d20d3110849dea28eb78cac4127618b48 (diff) | |
ECDSA: remove nonce padding (delegated to EC_POINT_mul)
* EC_POINT_mul is now responsible for constant time point multiplication
(for single fixed or variable point multiplication, when the scalar is
in the range [0,group_order), so we need to strip the nonce padding
from ECDSA.
* Entry added to CHANGES
* Updated EC_POINT_mul documentation
- Integrate existing EC_POINT_mul and EC_POINTs_mul entries in the
manpage to reflect the shift in constant-time expectations when
performing a single fixed or variable point multiplication;
- Add documentation to ec_method_st to reflect the updated "contract"
between callers and implementations of ec_method_st.mul.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6070)
Diffstat (limited to 'crypto/ec/ec_mult.c')
| -rw-r--r-- | crypto/ec/ec_mult.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 6b5553c9b2..1f34329182 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -113,9 +113,9 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre) * * At a high level, it is Montgomery ladder with conditional swaps. * - * It performs either a fixed scalar point multiplication + * It performs either a fixed point multiplication * (scalar * generator) - * when point is NULL, or a generic scalar point multiplication + * when point is NULL, or a variable point multiplication * (scalar * point) * when point is not NULL. * |