boringssl/crypto/fipsmodule
David Benjamin eb9232f06f Fully reduce scalars in EC_POINT_mul.
Along the way, this allows us to tidy up the invariants associated with
EC_SCALAR. They were fuzzy around ec_point_mul_scalar and some
computations starting from the digest in ECDSA. The latter I've put into
the type system with EC_LOOSE_SCALAR.

As for the former, Andres points out that particular EC implementations
are only good for scalars within a certain range, otherwise you may need
extra work to avoid the doubling case. To simplify curve
implementations, we reduce them fully rather than do the looser bit size
check, so they can have the stronger precondition to work with.

Change-Id: Iff9a0404f89adf8f7f914f8e8246c9f3136453f1
Reviewed-on: https://boringssl-review.googlesource.com/23664
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-12-08 17:55:54 +00:00
..
aes es/asm/{aes-armv4|bsaes-armv7}.pl: make it work with binutils-2.29. 2017-11-08 16:53:04 +00:00
bn bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2. 2017-12-07 16:54:32 +00:00
cipher Add more compatibility symbols for Node. 2017-11-03 01:31:50 +00:00
des Explicit fallthrough on switch 2017-09-20 19:58:25 +00:00
digest Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
ec Fully reduce scalars in EC_POINT_mul. 2017-12-08 17:55:54 +00:00
ecdsa Fully reduce scalars in EC_POINT_mul. 2017-12-08 17:55:54 +00:00
hmac Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
md4 Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
md5 Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
modes Appease UBSan on pointer alignment. 2017-11-10 21:07:03 +00:00
policydocs Update FIPS documentation with pointer to the cert and security policy. 2017-07-20 03:32:08 +00:00
rand Remove CTR_DRBG_STATE alignment marker. 2017-09-18 19:17:52 +00:00
rsa Add some missing OpenSSL 1.1.0 accessors. 2017-11-22 18:43:38 +00:00
sha Revert assembly changes in "Hide CPU capability symbols in C." 2017-10-30 20:39:57 +00:00
bcm.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
CMakeLists.txt Convert example_mul to GTest. 2017-07-10 19:28:29 +00:00
delocate.h Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
FIPS.md Update FIPS documentation with pointer to the cert and security policy. 2017-07-20 03:32:08 +00:00
intcheck1.png
intcheck2.png Inject FIPS hash without running module. 2017-04-12 23:09:38 +00:00
intcheck3.png
is_fips.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00