eb9232f06f
Along the way, this allows us to tidy up the invariants associated with EC_SCALAR. They were fuzzy around ec_point_mul_scalar and some computations starting from the digest in ECDSA. The latter I've put into the type system with EC_LOOSE_SCALAR. As for the former, Andres points out that particular EC implementations are only good for scalars within a certain range, otherwise you may need extra work to avoid the doubling case. To simplify curve implementations, we reduce them fully rather than do the looser bit size check, so they can have the stronger precondition to work with. Change-Id: Iff9a0404f89adf8f7f914f8e8246c9f3136453f1 Reviewed-on: https://boringssl-review.googlesource.com/23664 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> |
||
---|---|---|
.. | ||
aes | ||
bn | ||
cipher | ||
des | ||
digest | ||
ec | ||
ecdsa | ||
hmac | ||
md4 | ||
md5 | ||
modes | ||
policydocs | ||
rand | ||
rsa | ||
sha | ||
bcm.c | ||
CMakeLists.txt | ||
delocate.h | ||
FIPS.md | ||
intcheck1.png | ||
intcheck2.png | ||
intcheck3.png | ||
is_fips.c |