kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
6ef1b64558
boringssl/crypto/fipsmodule
History
David Benjamin 6ef1b64558 Add a comment about ecp_nistz256_point_add_affine's limitations. 
ecp_nistz256_point_add_affine does not support the doubling case and,
unlike ecp_nistz256_point_add which does a tail call, computes the wrong
answer. Note TestPointAdd in the unit tests skips this case.

This works fine because we only use ecp_nistz256_point_add_affine for
the g_scalar term, which is fully computed before the p_scalar term.
(Additionally it requires that the windowing pattern never hit the
doubling case for single multiplication.)

But this is not obvious from reading the multiplication functions, so
leave a comment at the call site to point this out.

Change-Id: I08882466d98030cdc882a5be9e702ee404e80cce
Reviewed-on: https://boringssl-review.googlesource.com/c/33945
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
2019-01-02 23:33:31 +00:00
..
aes Patch out the XTS implementation in bsaes. 2018-12-12 22:27:13 +00:00
bn Remove cacheline striping in copy_from_prebuf. 2018-11-19 19:10:09 +00:00
cipher Eliminate |OPENSSL_ia32cap_P| in C code in the FIPS module. 2018-12-06 00:58:14 +00:00
des
digest Match OpenSSL's EVP_MD_CTX_reset return value. 2018-05-29 17:07:16 +00:00
ec Add a comment about ecp_nistz256_point_add_affine's limitations. 2019-01-02 23:33:31 +00:00
ecdh Clean up EC_POINT to byte conversions. 2018-11-13 17:27:59 +00:00
ecdsa Modernize OPENSSL_COMPILE_ASSERT, part 2. 2018-11-14 16:06:37 +00:00
hmac
md4
md5 Mark the C version of md5_block_data_order static. 2018-09-07 20:00:12 +00:00
modes Speculatively remove __STDC_*_MACROS. 2018-11-14 16:14:37 +00:00
policydocs Include details about latest FIPS certification. 2018-11-05 19:03:25 +00:00
rand Use thread-local storage for PRNG states if fork-unsafe buffering is enabled. 2018-12-28 18:05:18 +00:00
rsa Add start of infrastructure for checking constant-time properties. 2018-12-18 22:43:02 +00:00
self_check Always print some diagnostic information when POST fails. 2018-09-28 19:33:38 +00:00
sha Remove XOP code from sha512-x86_64.pl. 2018-12-04 01:10:32 +00:00
tls Fix include path. 2018-05-08 16:26:05 +00:00
bcm.c Always print some diagnostic information when POST fails. 2018-09-28 19:33:38 +00:00
CMakeLists.txt Revert "Revert "Speed up ECDSA verify on x86-64."" 2018-11-07 23:57:22 +00:00
delocate.h Use a pool of |rand_state| objects. 2018-07-06 21:25:37 +00:00
FIPS.md Include details about latest FIPS certification. 2018-11-05 19:03:25 +00:00
intcheck1.png
intcheck2.png
intcheck3.png
is_fips.c Add some more compatibility functions. 2018-05-08 20:51:15 +00:00